com.aliyun.sdk.service.sas20181203.models

类 HandleSecurityEventsRequest.Builder

java.lang.Object

com.aliyun.sdk.service.sas20181203.models.HandleSecurityEventsRequest.Builder

所有已实现的接口:

darabonba.core.RequestModel.Builder<HandleSecurityEventsRequest,HandleSecurityEventsRequest.Builder>

封闭类:

HandleSecurityEventsRequest

public static final class HandleSecurityEventsRequest.Builder
extends Object

方法概要

限定符和类型	方法和说明
HandleSecurityEventsRequest	build()
HandleSecurityEventsRequest.Builder	markBatch(String markBatch) Specifies whether to add multiple alert events to the whitelist at a time.
HandleSecurityEventsRequest.Builder	markMissParam(String markMissParam) The whitelist rule.
HandleSecurityEventsRequest.Builder	operationCode(String operationCode) The operation that you want to perform to handle the alert events.
HandleSecurityEventsRequest.Builder	operationParams(String operationParams) The configuration of the operation that you want to perform to handle the alert events.
HandleSecurityEventsRequest.Builder	securityEventIds(List<String> securityEventIds) The IDs of the alert events.
HandleSecurityEventsRequest.Builder	sourceIp(String sourceIp) The source IP address of the request.

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

方法详细资料

markBatch

public HandleSecurityEventsRequest.Builder markBatch(String markBatch)

Specifies whether to add multiple alert events to the whitelist at a time. Valid values:

* **true**: yes * **false**: no

markMissParam

public HandleSecurityEventsRequest.Builder markMissParam(String markMissParam)

The whitelist rule. The value of this parameter is in the JSON format and contains the following fields:

* **field**: The field based on which alert events are added to the whitelist. * **operate**: The method that is used to added alert events to the whitelist. Valid values: * **notContains**: does not contain * **contains**: contains * **regex**: matches by regular expression * **strEqual**: equals * **strNotEqual**: does not equal * **fieldValue**: The value of the field based on which alert events are added to the whitelist. * **uuid**: The application scope of the whitelist rule. Valid values: * **part**: the current asset * **ALL**: all assets > You can call the [DescribeSecurityEventOperations](~~DescribeSecurityEventOperations~~) operation to obtain the fields that you can specify for **field**.

operationCode

public HandleSecurityEventsRequest.Builder operationCode(String operationCode)

The operation that you want to perform to handle the alert events. Valid values:

* **block_ip**: blocks the source IP address. * **advance\_mark\_mis_info**: adds the alert events to the whitelist. * **ignore**: ignores the alert events. * **manual_handled**: marks the alert events as manually handled. * **kill_process**: terminates the malicious process. * **cleanup**: performs in-depth virus detection and removal. * **kill\_and_quara**: kills the malicious processes and quarantines the source file. * **disable\_malicious_defense**: stops the container on which the alerting files or processes exist. * **client\_problem_check**: performs troubleshooting. * **quara**: quarantines the source file of the malicious process.

operationParams

public HandleSecurityEventsRequest.Builder operationParams(String operationParams)

The configuration of the operation that you want to perform to handle the alert events.

> If you set OperationCode to `kill_and_quara` or `block_ip`, you must specify OperationParams. If you set OperationCode to other values, you can leave OperationParams empty.

securityEventIds

public HandleSecurityEventsRequest.Builder securityEventIds(List<String> securityEventIds)

The IDs of the alert events.

sourceIp

public HandleSecurityEventsRequest.Builder sourceIp(String sourceIp)

The source IP address of the request.

build

public HandleSecurityEventsRequest build()