com.aliyun.sdk.service.sas20181203.models

类 DescribeSuspEventsResponseBody.SuspEvents.Builder

java.lang.Object

com.aliyun.sdk.service.sas20181203.models.DescribeSuspEventsResponseBody.SuspEvents.Builder

封闭类:

DescribeSuspEventsResponseBody.SuspEvents

public static final class DescribeSuspEventsResponseBody.SuspEvents.Builder
extends Object

方法概要

限定符和类型	方法和说明
DescribeSuspEventsResponseBody.SuspEvents.Builder	advanced(Boolean advanced) Indicates whether the alert event was analyzed offline.
DescribeSuspEventsResponseBody.SuspEvents.Builder	alarmEventName(String alarmEventName) The name of the alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	alarmEventNameDisplay(String alarmEventNameDisplay) The name of the alert.
DescribeSuspEventsResponseBody.SuspEvents.Builder	alarmEventType(String alarmEventType) The type of the alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	alarmEventTypeDisplay(String alarmEventTypeDisplay) The display name of the type of the alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	alarmUniqueInfo(String alarmUniqueInfo) The unique ID of the alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	appName(String appName) The name of the application to which the alert event belongs.
DescribeSuspEventsResponseBody.SuspEvents.Builder	autoBreaking(Boolean autoBreaking) Indicates whether automatic defense is enabled.
DescribeSuspEventsResponseBody.SuspEvents	build()
DescribeSuspEventsResponseBody.SuspEvents.Builder	canBeDealOnLine(Boolean canBeDealOnLine) Indicates whether you can handle the alert event online, such as quarantining the source file of the malicious process.
DescribeSuspEventsResponseBody.SuspEvents.Builder	canCancelFault(Boolean canCancelFault) Indicates whether you can cancel marking the alert event as a false positive.
DescribeSuspEventsResponseBody.SuspEvents.Builder	clusterId(String clusterId) The ID of the cluster.
DescribeSuspEventsResponseBody.SuspEvents.Builder	containerId(String containerId) The ID of the container.
DescribeSuspEventsResponseBody.SuspEvents.Builder	containerImageId(String containerImageId) The ID of the container image.
DescribeSuspEventsResponseBody.SuspEvents.Builder	containerImageName(String containerImageName) The name of the container image.
DescribeSuspEventsResponseBody.SuspEvents.Builder	containHwMode(Boolean containHwMode) Indicates whether the safeguard mode for major activities is enabled for the server.
DescribeSuspEventsResponseBody.SuspEvents.Builder	dataSource(String dataSource) The source of data.
DescribeSuspEventsResponseBody.SuspEvents.Builder	desc(String desc) The impact of the alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	details(List<DescribeSuspEventsResponseBody.Details> details) The details of the alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	detectSource(String detectSource) DetectSource.
DescribeSuspEventsResponseBody.SuspEvents.Builder	displaySandboxResult(Boolean displaySandboxResult) Indicates whether the alert event can be detected by cloud sandbox.
DescribeSuspEventsResponseBody.SuspEvents.Builder	eventNotes(List<DescribeSuspEventsResponseBody.EventNotes> eventNotes) The note information about the alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	eventStatus(Integer eventStatus) The status of the alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	eventSubType(String eventSubType) The subtype of the alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	hasTraceInfo(Boolean hasTraceInfo) Indicates whether the alert event has tracing information.
DescribeSuspEventsResponseBody.SuspEvents.Builder	id(Long id) The unique ID of the alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	imageUuid(String imageUuid) The UUID of the image.
DescribeSuspEventsResponseBody.SuspEvents.Builder	instanceId(String instanceId) The instance ID of the affected asset.
DescribeSuspEventsResponseBody.SuspEvents.Builder	instanceName(String instanceName) The name of the associated instance.
DescribeSuspEventsResponseBody.SuspEvents.Builder	internetIp(String internetIp) The public IP address of the associated instance.
DescribeSuspEventsResponseBody.SuspEvents.Builder	intranetIp(String intranetIp) The private IP address of the associated instance.
DescribeSuspEventsResponseBody.SuspEvents.Builder	k8sClusterId(String k8sClusterId) The ID of the Kubernetes cluster.
DescribeSuspEventsResponseBody.SuspEvents.Builder	k8sClusterName(String k8sClusterName) The name of the Kubernetes cluster.
DescribeSuspEventsResponseBody.SuspEvents.Builder	k8sNamespace(String k8sNamespace) The namespace of the Kubernetes cluster.
DescribeSuspEventsResponseBody.SuspEvents.Builder	k8sNodeId(String k8sNodeId) The ID of the Kubernetes node.
DescribeSuspEventsResponseBody.SuspEvents.Builder	k8sNodeName(String k8sNodeName) The name of the Kubernetes node.
DescribeSuspEventsResponseBody.SuspEvents.Builder	k8sPodName(String k8sPodName) The name of the Kubernetes pod.
DescribeSuspEventsResponseBody.SuspEvents.Builder	largeModel(Boolean largeModel) Indicates whether the large model analysis tag is supported.
DescribeSuspEventsResponseBody.SuspEvents.Builder	lastTime(String lastTime) The time when the alert event was last detected.
DescribeSuspEventsResponseBody.SuspEvents.Builder	lastTimeStamp(Long lastTimeStamp) The timestamp when the alert event was last detected.
DescribeSuspEventsResponseBody.SuspEvents.Builder	level(String level) The severity of the alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	maliciousRuleStatus(String maliciousRuleStatus) The status of the malicious behavior defense rule.
DescribeSuspEventsResponseBody.SuspEvents.Builder	markList(List<String> markList) The tags of the alert events.
DescribeSuspEventsResponseBody.SuspEvents.Builder	markMisRules(String markMisRules) The advanced whitelist rule.
DescribeSuspEventsResponseBody.SuspEvents.Builder	name(String name) The complete name of the alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	occurrenceTime(String occurrenceTime) The time when the alert event was first detected.
DescribeSuspEventsResponseBody.SuspEvents.Builder	occurrenceTimeStamp(Long occurrenceTimeStamp) The timestamp when the alert event was first detected.
DescribeSuspEventsResponseBody.SuspEvents.Builder	operateErrorCode(String operateErrorCode) The handling result code of the alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	operateMsg(String operateMsg) The handing result message of the alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	operateTime(Long operateTime) The handling timestamp of the alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	saleVersion(String saleVersion) The edition of Security Center in which the alert event can be detected.
DescribeSuspEventsResponseBody.SuspEvents.Builder	securityEventIds(String securityEventIds) The ID of the associated alert event.
DescribeSuspEventsResponseBody.SuspEvents.Builder	sourceAliUid(Long sourceAliUid) The ID of the Alibaba Cloud account within which an alert is generated.
DescribeSuspEventsResponseBody.SuspEvents.Builder	stages(String stages) The stage at which the attack is detected.
DescribeSuspEventsResponseBody.SuspEvents.Builder	supportOperateCode(String supportOperateCode) Supported alarm operation types: AI.false_positive: Suspected false positive AI.real_attack: Real attack AI.Insufficient_information_to_evaluate: Insufficient information to evaluate example: AI.real_attack
DescribeSuspEventsResponseBody.SuspEvents.Builder	tacticItems(List<DescribeSuspEventsResponseBody.TacticItems> tacticItems) The display name of the attack stage.
DescribeSuspEventsResponseBody.SuspEvents.Builder	uniqueInfo(String uniqueInfo) The unique key of the alert.
DescribeSuspEventsResponseBody.SuspEvents.Builder	uuid(String uuid) The unique ID of the associated instance.

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

方法详细资料

advanced

public DescribeSuspEventsResponseBody.SuspEvents.Builder advanced(Boolean advanced)

Indicates whether the alert event was analyzed offline.

example:

true

alarmEventName

public DescribeSuspEventsResponseBody.SuspEvents.Builder alarmEventName(String alarmEventName)

The name of the alert event.

example:

login_common_location

alarmEventNameDisplay

public DescribeSuspEventsResponseBody.SuspEvents.Builder alarmEventNameDisplay(String alarmEventNameDisplay)

The name of the alert.

example:

Login with unusual location

alarmEventType

public DescribeSuspEventsResponseBody.SuspEvents.Builder alarmEventType(String alarmEventType)

The type of the alert event.

example:

Unusual Logon

alarmEventTypeDisplay

public DescribeSuspEventsResponseBody.SuspEvents.Builder alarmEventTypeDisplay(String alarmEventTypeDisplay)

The display name of the type of the alert event.

example:

Unusual Logon

alarmUniqueInfo

public DescribeSuspEventsResponseBody.SuspEvents.Builder alarmUniqueInfo(String alarmUniqueInfo)

The unique ID of the alert event.

example:

8df914418f****

appName

public DescribeSuspEventsResponseBody.SuspEvents.Builder appName(String appName)

The name of the application to which the alert event belongs.

example:

pro-deploy-tibasic

autoBreaking

public DescribeSuspEventsResponseBody.SuspEvents.Builder autoBreaking(Boolean autoBreaking)

Indicates whether automatic defense is enabled.

example:

true

canBeDealOnLine

public DescribeSuspEventsResponseBody.SuspEvents.Builder canBeDealOnLine(Boolean canBeDealOnLine)

Indicates whether you can handle the alert event online, such as quarantining the source file of the malicious process. Valid values:

• true
• false

example:

true

canCancelFault

public DescribeSuspEventsResponseBody.SuspEvents.Builder canCancelFault(Boolean canCancelFault)

Indicates whether you can cancel marking the alert event as a false positive. Valid values:

• true
• false

example:

false

containHwMode

public DescribeSuspEventsResponseBody.SuspEvents.Builder containHwMode(Boolean containHwMode)

Indicates whether the safeguard mode for major activities is enabled for the server. Valid values:

• true
• false

example:

false

containerId

public DescribeSuspEventsResponseBody.SuspEvents.Builder containerId(String containerId)

The ID of the container.

example:

container_1648601865161_14925_02_000****

containerImageId

public DescribeSuspEventsResponseBody.SuspEvents.Builder containerImageId(String containerImageId)

The ID of the container image.

example:

sha256:2e5a3b0ae5f452b3cb458789a9a7542ef40035a84318469a8528c5e444db1****

containerImageName

public DescribeSuspEventsResponseBody.SuspEvents.Builder containerImageName(String containerImageName)

The name of the container image.

example:

centos7_apache:v1.0.1

dataSource

public DescribeSuspEventsResponseBody.SuspEvents.Builder dataSource(String dataSource)

The source of data. This parameter can be ignored.

example:

aegis_suspicious_****

desc

public DescribeSuspEventsResponseBody.SuspEvents.Builder desc(String desc)

The impact of the alert event.

example:

webshell

details

public DescribeSuspEventsResponseBody.SuspEvents.Builder details(List<DescribeSuspEventsResponseBody.Details> details)

The details of the alert event.

detectSource

public DescribeSuspEventsResponseBody.SuspEvents.Builder detectSource(String detectSource)

DetectSource.

displaySandboxResult

public DescribeSuspEventsResponseBody.SuspEvents.Builder displaySandboxResult(Boolean displaySandboxResult)

Indicates whether the alert event can be detected by cloud sandbox. Valid values:

• true
• false

example:

true

eventNotes

public DescribeSuspEventsResponseBody.SuspEvents.Builder eventNotes(List<DescribeSuspEventsResponseBody.EventNotes> eventNotes)

The note information about the alert event.

eventStatus

public DescribeSuspEventsResponseBody.SuspEvents.Builder eventStatus(Integer eventStatus)

The status of the alert event. Valid values:

• 1: pending handling
• 2: ignored
• 4: confirmed
• 8: marked as a false positive
• 16: handling
• 32: handled
• 64: expired
• 604: marked as a false positive by the system

example:

1

eventSubType

public DescribeSuspEventsResponseBody.SuspEvents.Builder eventSubType(String eventSubType)

The subtype of the alert event.

example:

login_common_location

hasTraceInfo

public DescribeSuspEventsResponseBody.SuspEvents.Builder hasTraceInfo(Boolean hasTraceInfo)

Indicates whether the alert event has tracing information. Valid values:

• true
• false

example:

true

id

public DescribeSuspEventsResponseBody.SuspEvents.Builder id(Long id)

The unique ID of the alert event.

example:

1000

imageUuid

public DescribeSuspEventsResponseBody.SuspEvents.Builder imageUuid(String imageUuid)

The UUID of the image.

example:

70489fb520cea585ad9761d5a842****

instanceId

public DescribeSuspEventsResponseBody.SuspEvents.Builder instanceId(String instanceId)

The instance ID of the affected asset.

example:

i-9dp6dwsxdl9z5u1e2f****

instanceName

public DescribeSuspEventsResponseBody.SuspEvents.Builder instanceName(String instanceName)

The name of the associated instance.

example:

nginx

internetIp

public DescribeSuspEventsResponseBody.SuspEvents.Builder internetIp(String internetIp)

The public IP address of the associated instance.

example:

1.2.XX.XX

intranetIp

public DescribeSuspEventsResponseBody.SuspEvents.Builder intranetIp(String intranetIp)

The private IP address of the associated instance.

example:

100.100.XX.XX

k8sClusterId

public DescribeSuspEventsResponseBody.SuspEvents.Builder k8sClusterId(String k8sClusterId)

The ID of the Kubernetes cluster.

example:

c517b37e1401e4961b3951863a49a****

k8sClusterName

public DescribeSuspEventsResponseBody.SuspEvents.Builder k8sClusterName(String k8sClusterName)

The name of the Kubernetes cluster.

example:

k8s-daily

k8sNamespace

public DescribeSuspEventsResponseBody.SuspEvents.Builder k8sNamespace(String k8sNamespace)

The namespace of the Kubernetes cluster.

example:

default

k8sNodeId

public DescribeSuspEventsResponseBody.SuspEvents.Builder k8sNodeId(String k8sNodeId)

The ID of the Kubernetes node.

example:

i-bp14a1ay8e0aa9t0****

k8sNodeName

public DescribeSuspEventsResponseBody.SuspEvents.Builder k8sNodeName(String k8sNodeName)

The name of the Kubernetes node.

example:

N/A

k8sPodName

public DescribeSuspEventsResponseBody.SuspEvents.Builder k8sPodName(String k8sPodName)

The name of the Kubernetes pod.

example:

myapp-pod

largeModel

public DescribeSuspEventsResponseBody.SuspEvents.Builder largeModel(Boolean largeModel)

Indicates whether the large model analysis tag is supported. Valid values:

• true
• false

example:

true

lastTime

public DescribeSuspEventsResponseBody.SuspEvents.Builder lastTime(String lastTime)

The time when the alert event was last detected.

example:

2018-09-26 01:51:01

lastTimeStamp

public DescribeSuspEventsResponseBody.SuspEvents.Builder lastTimeStamp(Long lastTimeStamp)

The timestamp when the alert event was last detected. Unit: milliseconds.

example:

1631699497000

level

public DescribeSuspEventsResponseBody.SuspEvents.Builder level(String level)

The severity of the alert event. Valid values:

• serious
• suspicious
• remind

example:

serious

maliciousRuleStatus

public DescribeSuspEventsResponseBody.SuspEvents.Builder maliciousRuleStatus(String maliciousRuleStatus)

The status of the malicious behavior defense rule. Valid values:

• open
• close

example:

open

markList

public DescribeSuspEventsResponseBody.SuspEvents.Builder markList(List<String> markList)

The tags of the alert events.

markMisRules

public DescribeSuspEventsResponseBody.SuspEvents.Builder markMisRules(String markMisRules)

The advanced whitelist rule.

example:

[{"uuid":"ALL","field":"gmtModified","operate":"contains","fieldValue":"222"}]

name

public DescribeSuspEventsResponseBody.SuspEvents.Builder name(String name)

The complete name of the alert event.

example:

Unusual Logon-Login with unusual location

occurrenceTime

public DescribeSuspEventsResponseBody.SuspEvents.Builder occurrenceTime(String occurrenceTime)

The time when the alert event was first detected.

example:

2018-09-26 01:51:01

occurrenceTimeStamp

public DescribeSuspEventsResponseBody.SuspEvents.Builder occurrenceTimeStamp(Long occurrenceTimeStamp)

The timestamp when the alert event was first detected. Unit: milliseconds.

example:

1631699497000

operateErrorCode

public DescribeSuspEventsResponseBody.SuspEvents.Builder operateErrorCode(String operateErrorCode)

The handling result code of the alert event.

example:

kill_and_quara.Success

operateMsg

public DescribeSuspEventsResponseBody.SuspEvents.Builder operateMsg(String operateMsg)

The handing result message of the alert event.

example:

success

operateTime

public DescribeSuspEventsResponseBody.SuspEvents.Builder operateTime(Long operateTime)

The handling timestamp of the alert event. Unit: milliseconds.

example:

1631699497000

saleVersion

public DescribeSuspEventsResponseBody.SuspEvents.Builder saleVersion(String saleVersion)

The edition of Security Center in which the alert event can be detected. Valid values:

• 0: Basic edition
• 1: Enterprise edition

example:

1

securityEventIds

public DescribeSuspEventsResponseBody.SuspEvents.Builder securityEventIds(String securityEventIds)

The ID of the associated alert event.

example:

270789

sourceAliUid

public DescribeSuspEventsResponseBody.SuspEvents.Builder sourceAliUid(Long sourceAliUid)

The ID of the Alibaba Cloud account within which an alert is generated.

example:

196072141348****

stages

public DescribeSuspEventsResponseBody.SuspEvents.Builder stages(String stages)

The stage at which the attack is detected.

example:

"["authority_maintenance"]"

supportOperateCode

public DescribeSuspEventsResponseBody.SuspEvents.Builder supportOperateCode(String supportOperateCode)

Supported alarm operation types:

• AI.false_positive: Suspected false positive
• AI.real_attack: Real attack
• AI.Insufficient_information_to_evaluate: Insufficient information to evaluate

example:

AI.real_attack

tacticItems

public DescribeSuspEventsResponseBody.SuspEvents.Builder tacticItems(List<DescribeSuspEventsResponseBody.TacticItems> tacticItems)

The display name of the attack stage.

uniqueInfo

public DescribeSuspEventsResponseBody.SuspEvents.Builder uniqueInfo(String uniqueInfo)

The unique key of the alert.

example:

e17e****

uuid

public DescribeSuspEventsResponseBody.SuspEvents.Builder uuid(String uuid)

The unique ID of the associated instance.

example:

bf6b30d3-eea8-4924-9f0a-****

clusterId

public DescribeSuspEventsResponseBody.SuspEvents.Builder clusterId(String clusterId)

The ID of the cluster.

example:

c2051775877374cccbf68af596e6****

build

public DescribeSuspEventsResponseBody.SuspEvents build()