产品动态
引擎更新动态
产品公告
Access control list rule
Used by actions: DescribeAcLists.
| Name | Type | Description |
|---|---|---|
| Id | Integer | Rule ID |
| SourceIp | String | Access source Note: This field may return null, indicating that no valid value was found. |
| TargetIp | String | Access destination Note: This field may return null, indicating that no valid value was found. |
| Protocol | String | Protocol Note: This field may return null, indicating that no valid value was found. |
| Port | String | Port Note: This field may return null, indicating that no valid value was found. |
| Strategy | Integer | Policy Note: This field may return null, indicating that no valid value was found. |
| Detail | String | Description Note: This field may return null, indicating that no valid value was found. |
| Count | Integer | Hit count |
| OrderIndex | Integer | Priority |
| LogId | String | Alert rule ID Note: This field may return null, indicating that no valid value was found. |
AssetZone
Used by actions: DescribeSourceAsset.
| Name | Type | Description |
|---|---|---|
| Zone | String | Region |
| ZoneEng | String | Region |
Instance associated with an enterprise security group
Used by actions: DescribeAssociatedInstanceList.
| Name | Type | Required | Description |
|---|---|---|---|
| InstanceId | String | Yes | Instance ID Note: This field may return null, indicating that no valid value was found. |
| InstanceName | String | Yes | Instance name Note: This field may return null, indicating that no valid value was found. |
| Type | Integer | Yes | Instance type. 3: CVM instance; 4: CLB instance; 5: ENI instance; 6: Cloud database Note: This field may return null, indicating that no valid value was found. |
| VpcId | String | Yes | VPC ID Note: This field may return null, indicating that no valid value was found. |
| VpcName | String | Yes | VPC name Note: This field may return null, indicating that no valid value was found. |
| PublicIp | String | Yes | Public IP Note: This field may return null, indicating that no valid value was found. |
| Ip | String | Yes | Private IP Note: This field may return null, indicating that no valid value was found. |
| SecurityGroupCount | Integer | Yes | The number of associated security groups Note: This field may return null, indicating that no valid value was found. |
Canary publish information of the rule
Used by actions: DescribeNatAcRule, DescribeVpcAcRule.
| Name | Type | Required | Description |
|---|---|---|---|
| TaskId | Integer | No | Task ID. Note: This field may return null, indicating that no valid values can be obtained. |
| TaskName | String | No | Task name. Note: This field may return null, indicating that no valid values can be obtained. |
| LastTime | String | No | Last execution time Note: This field may return null, indicating that no valid values can be obtained. |
Allowlist or blocklist for intrusion prevention
Used by actions: DescribeBlockIgnoreList.
| Name | Type | Description |
|---|---|---|
| Domain | String | Domain name. Note: This field may return null, indicating that no valid values can be obtained. |
| Ioc | String | Rule IP. Note: This field may return null, indicating that no valid values can be obtained. |
| Level | String | Threat level. Note: This field may return null, indicating that no valid values can be obtained. |
| EventName | String | Source event name. Note: This field may return null, indicating that no valid values can be obtained. |
| Direction | Integer | Direction. Valid values: 0: outbound; 1: inbound. Note: This field may return null, indicating that no valid values can be obtained. |
| Protocol | String | Protocol. Note: This field may return null, indicating that no valid values can be obtained. |
| Address | String | Address. Note: This field may return null, indicating that no valid values can be obtained. |
| Action | Integer | Rule type. Valid values: 1: block; 2: allow. Note: This field may return null, indicating that no valid values can be obtained. |
| StartTime | String | Time when a rule starts to take effect. Note: This field may return null, indicating that no valid values can be obtained. |
| EndTime | String | Time when a rule expires. Note: This field may return null, indicating that no valid values can be obtained. |
| IgnoreReason | String | Reason for ignoring. Note: This field may return null, indicating that no valid values can be obtained. |
| Source | String | Security event source. Note: This field may return null, indicating that no valid values can be obtained. |
| UniqueId | String | Rule ID. Note: This field may return null, indicating that no valid values can be obtained. |
| MatchTimes | Integer | Number of rule matching times. Note: This field may return null, indicating that no valid values can be obtained. |
| Country | String | Country. Note: This field may return null, indicating that no valid values can be obtained. |
| Comment | String | Remarks |
NAT firewall DNAT rules
Used by actions: SetNatFwDnatRule.
| Name | Type | Required | Description |
|---|---|---|---|
| IpProtocol | String | Yes | Network protocol. Valid values: TCP or UDP. |
| PublicIpAddress | String | Yes | Elastic IP. |
| PublicPort | Integer | Yes | Public port. |
| PrivateIpAddress | String | Yes | Private address. |
| PrivatePort | Integer | Yes | Private port. |
| Description | String | Yes | The description of NAT firewall forwarding rules. |
Common filters for search
Used by actions: DescribeNatAcRule, DescribeVpcAcRule.
| Name | Type | Required | Description |
|---|---|---|---|
| Name | String | Yes | Search key. |
| Values | Array of String | Yes | Search values. |
| OperatorType | Integer | Yes | Enum of integers that represent relations between Name and Values. enum FilterOperatorType { // Invalid FILTER_OPERATOR_TYPE_INVALID = 0; // Equal to FILTER_OPERATOR_TYPE_EQUAL = 1; // Greater than FILTER_OPERATOR_TYPE_GREATER = 2; // Less than FILTER_OPERATOR_TYPE_LESS = 3; // Greater than or equal to FILTER_OPERATOR_TYPE_GREATER_EQ = 4; // Less than or equal to FILTER_OPERATOR_TYPE_LESS_EQ = 5; // Not equal to FILTER_OPERATOR_TYPE_NO_EQ = 6; // In (contained in the array) FILTER_OPERATOR_TYPE_IN = 7; // Not in FILTER_OPERATOR_TYPE_NOT_IN = 8; // Fuzzily matched FILTER_OPERATOR_TYPE_FUZZINESS = 9; // Existing FILTER_OPERATOR_TYPE_EXIST = 10; // Not existing FILTER_OPERATOR_TYPE_NOT_EXIST = 11; // Regular FILTER_OPERATOR_TYPE_REGULAR = 12; } |
Parameters for creating an NAT access control rule
Used by actions: AddNatAcRule, ModifyNatAcRule.
| Name | Type | Required | Description |
|---|---|---|---|
| SourceContent | String | Yes | Access source. Example: net: IP/CIDR(192.168.0.2) |
| SourceType | String | Yes | Access source type. Values for inbound rules: ip, net, template, and location. Values for outbound rules: ip, net, template, instance, group, and tag. |
| TargetContent | String | Yes | Access target. Example: `net: IP/CIDR(192.168.0.2); domain: domain name rule, e.g., *.qq.com |
| TargetType | String | Yes | Access target type. Values for inbound rules: ip, net, template, instance, group, and tag. Values for outbound rules: ip, net, domain, template, and location. |
| Protocol | String | Yes | Protocol. Values: TCP, UDP, ICMP, ANY, HTTP, HTTPS, HTTP/HTTPS, SMTP, SMTPS, SMTP/SMTPS, FTP, and DNS. |
| RuleAction | String | Yes | Specify how the CFW instance deals with the traffic hit the access control rule. Values: accept (allow), drop (reject), and log (observe). |
| Port | String | Yes | The port of the access control rule. Values: -1/-1 (all ports) and 80 (Port 80) |
| Direction | Integer | Yes | Rule direction. Values: 1 (Inbound) and 0 (Outbound) |
| OrderIndex | Integer | Yes | Rule sequence number |
| Enable | String | Yes | Rule status. true (Enabled); false (Disabled) |
| Uuid | Integer | No | The unique ID of the rule, which is not required when you create a rule. |
| Description | String | No | Description |
Item in the access control list. Each item represents an access control rule.
Used by actions: DescribeNatAcRule.
| Name | Type | Description |
|---|---|---|
| SourceContent | String | Access source. Note: This field may return null, indicating that no valid values can be obtained. |
| TargetContent | String | Access destination. Note: This field may return null, indicating that no valid values can be obtained. |
| Protocol | String | Protocol. Note: This field may return null, indicating that no valid values can be obtained. |
| Port | String | Port. Note: This field may return null, indicating that no valid values can be obtained. |
| RuleAction | String | Action that Cloud Firewall performs on the traffic. Valid values: accept (allow), drop (reject), and log (monitor). Note: This field may return null, indicating that no valid values can be obtained. |
| Description | String | Description. Note: This field may return null, indicating that no valid values can be obtained. |
| Count | Integer | Number of rule matching times. |
| OrderIndex | Integer | Rule sequence number. |
| SourceType | String | Access source type. Valid values for an inbound rule: ip, net, template, and location; valid values for an outbound rule: ip, net, template, instance, group, and tag. Note: This field may return null, indicating that no valid values can be obtained. |
| TargetType | String | Access destination type. Valid values for an inbound rule: ip, net, template, instance, group, and tag; valid values for an outbound rule: ip, net, domain, template, and location. Note: This field may return null, indicating that no valid values can be obtained. |
| Uuid | Integer | Unique ID of the rule. Note: This field may return null, indicating that no valid values can be obtained. |
| Invalid | Integer | Rule validity. Note: This field may return null, indicating that no valid values can be obtained. |
| IsRegion | Integer | Valid values: 0: common rules; 1: regional rules. Note: This field may return null, indicating that no valid values can be obtained. |
| CountryCode | Integer | Country ID. Note: This field may return null, indicating that no valid values can be obtained. |
| CityCode | Integer | City ID. Note: This field may return null, indicating that no valid values can be obtained. |
| CountryName | String | Country name. Note: This field may return null, indicating that no valid values can be obtained. |
| CityName | String | City name. Note: This field may return null, indicating that no valid values can be obtained. |
| CloudCode | String | Cloud provider code. Note: This field may return null, indicating that no valid values can be obtained. |
| IsCloud | Integer | Valid values: 0: common rules; 1: cloud provider rules. Note: This field may return null, indicating that no valid values can be obtained. |
| Enable | String | Rule status. Valid values: true: enabled; false: disabled. Note: This field may return null, indicating that no valid values can be obtained. |
| Direction | Integer | Rule direction. Valid values: 1: inbound; 0: outbound. Note: This field may return null, indicating that no valid values can be obtained. |
| InstanceName | String | Instance name. Note: This field may return null, indicating that no valid values can be obtained. |
| InternalUuid | Integer | UUID for internal use. Generally, this field is not required. Note: This field may return null, indicating that no valid values can be obtained. |
| Status | Integer | Rule status. This field is valid when you query rule matching details. Valid values: 0: new; 1: deleted; 2: edited and deleted. Note: This field may return null, indicating that no valid values can be obtained. |
| BetaList | Array of BetaInfoByACL | Details of associated tasks Note: This field may return null, indicating that no valid values can be obtained. |
Sets the VPC DNS toggle of the NAT firewall
Used by actions: ModifyNatFwVpcDnsSwitch.
| Name | Type | Required | Description |
|---|---|---|---|
| VpcId | String | Yes | VPC ID |
| Status | Integer | Yes | 0: off; 1: on |
Firewall IP range information
Used by actions: CreateNatFwInstance, CreateNatFwInstanceWithDomain, ModifyNatFwReSelect.
| Name | Type | Required | Description |
|---|---|---|---|
| FwCidrType | String | Yes | The IP range type of the firewall. Values: VpcSelf (VPC IP range preferred); Assis (Secondary IP range preferred); Custom (Custom IP range) |
| FwCidrLst | Array of FwVpcCidr | No | The IP segment assigned for each VPC. |
| ComFwCidr | String | No | The IP segment used by other firewalls. Specify this if you want to assign a dedicated segment for the firewall. |
Firewall IP range of the VPC
Used by actions: CreateNatFwInstance, CreateNatFwInstanceWithDomain, ModifyNatFwReSelect.
| Name | Type | Required | Description |
|---|---|---|---|
| VpcId | String | Yes | VPC ID |
| FwCidr | String | Yes | IP range of the firewall. The mask must be at least /24. |
IP protection status
Used by actions: DescribeIPStatusList.
| Name | Type | Description |
|---|---|---|
| IP | String | IP address |
| Status | Integer | Protection status. 1: enabled; -1: incorrect address; others: disabled |
// InstanceInfo instance details result
type InstanceInfo struct {
AppID string json:"AppId" gorm:"column:appid"
Region string json:"Region" gorm:"column:region"
VPCID string json:"VpcId" gorm:"column:vpc_id"
SubNetID string json:"SubnetId" gorm:"column:subnet_id"
InstanceID string json:"InstanceId" gorm:"column:instance_id"
InstanceName string json:"InstanceName" gorm:"column:instance_name"
//InsType common.CVM 3 is CVM instance, 4 is CLB instance, 5 is ENI instance, 6 is MySQL, 7 is Redis, 8 is NAT, 9 is VPN, 10 is ES, 11 is MariaDB, and 12 is Kafka
InsType int json:"InsType" gorm:"column:instance_type"
PublicIP string json:"PublicIp" gorm:"column:public_ip"
PrivateIP string json:"PrivateIp" gorm:"column:ip"
// It is not required for rule publishing and is used for frontend display
PortNum string <code>json:"PortNum" gorm:"column:port_num"</code>
LeakNum string <code>json:"LeakNum" gorm:"column:leak_num"</code>
ResourceGroupNum int <code>json:"ResourceGroupNum"</code>
VPCName string <code>json:"VPCName" gorm:"column:VPCName"</code>}
Used by actions: DescribeSourceAsset.
| Name | Type | Description |
|---|---|---|
| AppId | String | App ID |
| Region | String | Region |
| VpcId | String | VPC ID |
| VPCName | String | VPC name |
| SubnetId | String | Subnet ID |
| InstanceId | String | Asset ID |
| InstanceName | String | Asset name |
| InsType | Integer | Asset type 3: CVM instance; 4: CLB instance; 5: ENI instance; 6: MySQL; 7: Redis; 8: NAT; 9: VPN; 10: ES; 11: MariaDB; 12: Kafka; 13: NATFW |
| PublicIp | String | Public IP |
| PrivateIp | String | Private IP |
| PortNum | String | Number of ports |
| LeakNum | String | Number of vulnerabilities |
| InsSource | String | 1: public network; 2: private network |
| ResourcePath | Array of String | [a,b] Note: This field may return null, indicating that no valid value was found. |
Blocklist, allowlist, IOC list
Used by actions: ModifyBlockIgnoreList.
| Name | Type | Required | Description |
|---|---|---|---|
| IP | String | Yes | IP address to be handled. Either IP or Domain is required. |
| Direction | Integer | Yes | 0 or 1. 0: outbound; 1: inbound |
| Domain | String | No | Domain name to be handled. Either IP or Domain is required. |
Statistical line graph general structure
Used by actions: DescribeBlockByIpTimesList.
| Name | Type | Description |
|---|---|---|
| Num | Integer | Value |
| StatTime | String | Time shown on the x-axis of the line graph |
The filter list displayed by the NAT firewall instance
Used by actions: DescribeNatFwInstancesInfo.
| Name | Type | Required | Description |
|---|---|---|---|
| FilterType | String | Yes | Filter type, e.g., instance ID |
| FilterContent | String | Yes | Filtered content, separated with "," |
NAT instance type
Used by actions: DescribeNatFwInstance, DescribeNatFwInstanceWithRegion.
| Name | Type | Description |
|---|---|---|
| NatinsId | String | NAT instance ID |
| NatinsName | String | NAT instance name |
| Region | String | Instance region Note: This field may return null, indicating that no valid value was found. |
| FwMode | Integer | 0: create new; 1: use existing Note: This field may return null, indicating that no valid value was found. |
| Status | Integer | 0: normal; 1: creating Note: This field may return null, indicating that no valid value was found. |
| NatIp | String | NAT public IP Note: This field may return null, indicating that no valid value was found. |
NAT instance card details
Used by actions: DescribeNatFwInstancesInfo.
| Name | Type | Description |
|---|---|---|
| NatinsId | String | NAT instance ID |
| NatinsName | String | NAT instance name |
| Region | String | Instance region |
| FwMode | Integer | 0: create new; 1: use existing |
| BandWidth | Integer | Instance bandwidth (Mbps) |
| InFlowMax | Integer | Inbound traffic peak bandwidth (bps) |
| OutFlowMax | Integer | Outbound traffic peak bandwidth (bps) |
| RegionZh | String | Chinese region information |
| EipAddress | Array of String | Public IP array Note: This field may return null, indicating that no valid value was found. |
| VpcIp | Array of String | Array of internal and external IPs Note: This field may return null, indicating that no valid value was found. |
| Subnets | Array of String | Array of subnets associated with an instance Note: This field may return null, indicating that no valid value was found. |
| Status | Integer | 0: normal 1: initializing Note: This field may return null, indicating that no valid value was found. |
| RegionDetail | String | Region information Note: This field may return null, indicating that no valid values can be obtained. |
| ZoneZh | String | Availability zone of the instance Note: This field may return null, indicating that no valid values can be obtained. |
| ZoneZhBak | String | Availability zone of the instance Note: This field may return null, indicating that no valid values can be obtained. |
| RuleUsed | Integer | Number of used rules. Note: This field may return null, indicating that no valid values can be obtained. |
| RuleMax | Integer | The maximum number of rules allowed in the instance. Note: This field may return null, indicating that no valid values can be obtained. |
Parameters passed for the Create New mode
Used by actions: CreateNatFwInstance, CreateNatFwInstanceWithDomain.
| Name | Type | Required | Description |
|---|---|---|---|
| VpcList | Array of String | Yes | VPC list for the Create New mode |
| Eips | Array of String | No | The list of egress public EIPs bound for the Create New mode. Either Eips or AddCount is required. |
| AddCount | Integer | No | The number of egress public EIPs newly bound for the Create New mode. Either Eips or AddCount is required. |
Changes of the rule sequence number.
Used by actions: ModifyNatSequenceRules.
| Name | Type | Required | Description |
|---|---|---|---|
| OrderIndex | Integer | Yes | Original sequence number |
| NewOrderIndex | Integer | Yes | New sequence number |
Rule input object
Used by actions: CreateAcRules, ModifyAcRule.
| Name | Type | Required | Description |
|---|---|---|---|
| OrderIndex | Integer | Yes | Priority |
| SourceIp | String | Yes | Access source |
| TargetIp | String | Yes | Access destination |
| Protocol | String | Yes | Protocol |
| Strategy | String | Yes | Policy. 0: observe; 1: block; 2: allow |
| SourceType | Integer | Yes | Access source type. 1: IP; 3: domain name; 4: IP address template; 5: domain name address template |
| Direction | Integer | Yes | Direction. 0: outbound; 1: inbound |
| Detail | String | Yes | Description |
| TargetType | Integer | Yes | Access destination type. 1: IP, 3: domain name; 4: IP address template; 5: domain name address template |
| Port | String | No | Port |
| Id | Integer | No | ID value |
| LogId | String | No | Log ID, required when an alert log is created |
| City | Integer | No | City code |
| Country | Integer | No | Country code |
| CloudCode | String | No | Cloud vendor. Multiple vendors are supported and separated with commas. 1: Tencent Cloud (only in Hong Kong, China and overseas); 2: Alibaba Cloud; 3: Amazon Cloud; 4: Huawei Cloud; 5: Microsoft Cloud |
| IsRegion | Integer | No | Indicates whether it is a region |
| CityName | String | No | City name |
| CountryName | String | No | Country name |
Getting started on scanning information
Used by actions: DescribeGuideScanInfo.
| Name | Type | Description |
|---|---|---|
| ScanResultInfo | ScanResultInfo | Scanning result information |
| ScanStatus | Integer | Scanning status. 0: scanning; 1: completed; 2: auto scanning unselected |
| ScanPercent | Float | Progress |
| ScanTime | String | Estimated completion time |
Getting started on scanning result information PortNum int
LeakNum int
IPNum int
IPStatus bool
IdpStatus bool
BanStatus bool
Used by actions: DescribeGuideScanInfo.
| Name | Type | Description |
|---|---|---|
| LeakNum | Integer | Number of vulnerability exploits |
| IPNum | Integer | Number of protected IPs |
| PortNum | Integer | Number of exposed ports |
| IPStatus | Boolean | Protection status |
| IdpStatus | Boolean | Attack blocking status |
| BanStatus | Boolean | Port blocking status |
Two-way enterprise security group rules
Used by actions: CreateSecurityGroupRules, DescribeSecurityGroupList.
| Name | Type | Required | Description |
|---|---|---|---|
| OrderIndex | Integer | Yes | Priority Note: This field may return null, indicating that no valid value was found. |
| SourceId | String | Yes | Access source Note: This field may return null, indicating that no valid value was found. |
| SourceType | Integer | Yes | Access source type. Default: 0. 0: IP; 1: VPC; 2: SUBNET; 3: CVM; 4: CLB; 5: ENI; 6: CDB; 7: Parameter template. 100: asset group Note: This field may return null, indicating that no valid value was found. |
| TargetId | String | Yes | Access destination Note: This field may return null, indicating that no valid value was found. |
| TargetType | Integer | Yes | Access destination type. Default: 0. 0: IP; 1: VPC; 2: SUBNET; 3: CVM; 4: CLB; 5: ENI; 6: CDB; 7: Parameter template. 100: asset group Note: This field may return null, indicating that no valid value was found. |
| Protocol | String | Yes | Protocol Note: This field may return null, indicating that no valid value was found. |
| Port | String | Yes | Destination port Note: This field may return null, indicating that no valid value was found. |
| Strategy | Integer | Yes | Policy. 1: block; 2: allow Note: This field may return null, indicating that no valid value was found. |
| Direction | Integer | Yes | Direction. 0: outbound; 1: inbound. 1 by default Note: This field may return null, indicating that no valid value was found. |
| Region | String | Yes | Region |
| Detail | String | No | Description Note: This field may return null, indicating that no valid value was found. |
| Status | Integer | No | Toggle status. 0: off; 1: on Note: This field may return null, indicating that no valid value was found. |
| IsNew | Integer | No | Indicates whether the rule is normal. 0: normal; 1: abnormal Note: This field may return null, indicating that no valid value was found. |
| BothWay | Integer | No | One-way/two-way. 0: one-way; 1: two-way Note: This field may return null, indicating that no valid value was found. |
| VpcId | String | No | VPC ID Note: This field may return null, indicating that no valid value was found. |
| SubnetId | String | No | Subnet ID Note: This field may return null, indicating that no valid value was found. |
| InstanceName | String | No | Instance name Note: This field may return null, indicating that no valid value was found. |
| PublicIp | String | No | Public IP. Multiple IPs are separated by commas. Note: This field may return null, indicating that no valid value was found. |
| PrivateIp | String | No | Private IP. Multiple IPs are separated by commas. Note: This field may return null, indicating that no valid value was found. |
| Cidr | String | No | Masked address. Multiple addresses are separated by commas. Note: This field may return null, indicating that no valid value was found. |
| ServiceTemplateId | String | No | Port protocol template ID Note: This field may return null, indicating that no valid value was found. |
| ProtocolPortType | Integer | No | Indicates whether to use the port protocol template. 0: no; 1: yes |
Security group list data
Used by actions: CreateSecurityGroupRules, DescribeSecurityGroupList.
| Name | Type | Required | Description |
|---|---|---|---|
| OrderIndex | Integer | Yes | Priority |
| SourceId | String | Yes | Access source |
| SourceType | Integer | Yes | Access source type. Default: 0. 1: VPC; 2: SUBNET; 3: CVM; 4: CLB; 5: ENI; 6: CDB; 7: Parameter template. 100: Resource group |
| TargetId | String | Yes | Access destination |
| TargetType | Integer | Yes | Access destination type. Default: 0. 1: VPC; 2: SUBNET; 3: CVM; 4: CLB; 5: ENI; 6: CDB; 7: Parameter template; 100: resource group |
| Protocol | String | Yes | Protocol |
| Port | String | Yes | Destination port |
| Strategy | Integer | Yes | Policy. 1: block; 2: allow |
| Detail | String | Yes | Description |
| BothWay | Integer | Yes | One-way/two-way. 0: one-way; 1: two-way |
| Id | Integer | No | Rule ID |
| Status | Integer | No | Toggle status. 0: off; 1: on |
| IsNew | Integer | No | Indicates whether the rule is normal. 0: normal; 1: abnormal |
| VpcId | String | No | VPC ID Note: This field may return null, indicating that no valid value was found. |
| SubnetId | String | No | Subnet ID Note: This field may return null, indicating that no valid value was found. |
| InstanceName | String | No | Instance name Note: This field may return null, indicating that no valid value was found. |
| PublicIp | String | No | Public IP. Multiple IPs are separated by commas. Note: This field may return null, indicating that no valid value was found. |
| PrivateIp | String | No | Private IP. Multiple IPs are separated by commas. Note: This field may return null, indicating that no valid value was found. |
| Cidr | String | No | Masked address. Multiple addresses are separated by commas. Note: This field may return null, indicating that no valid value was found. |
| ServiceTemplateId | String | No | Port protocol template ID Note: This field may return null, indicating that no valid value was found. |
| BothWayInfo | Array of SecurityGroupBothWayInfo | No | Two-way rules Note: This field may return null, indicating that no valid value was found. |
| Direction | Integer | No | Direction. 0: outbound; 1: inbound. 1 by default |
| ProtocolPortType | Integer | No | Indicates whether to use the port protocol template. 0: no; 1: yes |
Change priority of enterprise security group rules
Used by actions: ModifySecurityGroupSequenceRules.
| Name | Type | Required | Description |
|---|---|---|---|
| OrderIndex | Integer | Yes | Current priority of enterprise security group rules |
| NewOrderIndex | Integer | Yes | New priority of enterprise security group rules |
Security group rules
Used by actions: AddEnterpriseSecurityGroupRules, DescribeEnterpriseSecurityGroupRule, ModifyEnterpriseSecurityGroupRule.
| Name | Type | Required | Description |
|---|---|---|---|
| SourceContent | String | Yes | Source example: net: IP/CIDR (192.168.0.2) template: parameter template (ipm-dyodhpby) instance: asset instance (ins-123456) resourcegroup: asset group (/all groups/group 1/subgroup 1) tag: resource tag ({"Key":"tag key","Value":"tag value"}) region: region (ap-gaungzhou) |
| SourceType | String | Yes | Access source type. Valid values: net |
| DestContent | String | Yes | Destination example: net: IP/CIDR (192.168.0.2) template: parameter template (ipm-dyodhpby) instance: asset instance (ins-123456) resourcegroup: asset group (/all groups/group 1/subgroup 1) tag: resource tag ({"Key":"tag key","Value":"tag value"}) region: region (ap-gaungzhou) |
| DestType | String | Yes | Access destination type. Valid values: net |
| RuleAction | String | Yes | The action that Cloud Firewall performs on the traffic. Valid values: accept: allow drop: deny |
| Description | String | Yes | Description |
| OrderIndex | String | Yes | Rule priority. -1: lowest; 1: highest |
| Protocol | String | No | Protocol. TCP/UDP/ICMP/ANY Note: This field may return null, indicating that no valid value was found. |
| Port | String | No | The port to apply access control rules. Valid values: -1/-1: all ports 80: port 80 Note: This field may return null, indicating that no valid value was found. |
| ServiceTemplateId | String | No | Parameter template ID of port and protocol type; mutually exclusive with Protocol and Port Note: This field may return null, indicating that no valid value was found. |
| Id | String | No | The unique ID of the rule |
| Enable | String | No | Rule status. true: enabled; false: disabled |
Priority
Used by actions: ModifySequenceRules.
| Name | Type | Required | Description |
|---|---|---|---|
| Id | Integer | Yes | Rule ID |
| OrderIndex | Integer | Yes | Rule priority before change |
| NewOrderIndex | Integer | Yes | Rule priority after change |
Most frequent attacker statistics
Used by actions: DescribeBlockStaticList, DescribeTLogIpList.
| Name | Type | Description |
|---|---|---|
| Num | Integer | Number |
| Port | String | Port |
| Ip | String | IP |
| Address | String | Address |
| InsID | String | Asset ID |
| InsName | String | Asset name |
Firewall status list
Used by actions: DescribeSwitchLists.
| Name | Type | Description |
|---|---|---|
| PublicIp | String | Public IP Note: This field may return null, indicating that no valid value was found. |
| IntranetIp | String | Private IP Note: This field may return null, indicating that no valid value was found. |
| InstanceName | String | Instance name Note: This field may return null, indicating that no valid value was found. |
| InstanceId | String | Instance ID Note: This field may return null, indicating that no valid value was found. |
| AssetType | String | Asset type |
| Area | String | Region Note: This field may return null, indicating that no valid value was found. |
| Switch | Integer | Firewall toggle |
| Id | Integer | ID value |
| PublicIpType | Integer | Public IP type Note: This field may return null, indicating that no valid value was found. |
| PortTimes | Integer | Number of risky ports Note: This field may return null, indicating that no valid value was found. |
| LastTime | String | Last scan time Note: This field may return null, indicating that no valid value was found. |
| ScanMode | String | Scan mode Note: This field may return null, indicating that no valid value was found. |
| ScanStatus | Integer | Scan status Note: This field may return null, indicating that no valid value was found. |
Alert monitoring data
Used by actions: DescribeTLogInfo.
| Name | Type | Description |
|---|---|---|
| OutNum | Integer | Compromised servers |
| HandleNum | Integer | Unhandled alerts |
| VulNum | Integer | Vulnerability attacks |
| NetworkNum | Integer | Detected networks |
| BanNum | Integer | Blocklist |
| BruteForceNum | Integer | Brute force attacks |
Unhandled event details
Used by actions: DescribeUnHandleEventTabList.
| Name | Type | Description |
|---|---|---|
| EventTableListStruct | Array of UnHandleEventDetail | Unhandled event type |
| BaseLineUser | Integer | 1: yes; 0: no |
| BaseLineInSwitch | Integer | 1: on; 0: off |
| BaseLineOutSwitch | Integer | 1: on; 0: off |
| VpcFwCount | Integer | Number of inter-VPC firewall instances Note: This field may return null, indicating that no valid value was found. |
Unhandled event statistics
Used by actions: DescribeUnHandleEventTabList.
| Name | Type | Description |
|---|---|---|
| EventName | String | Security event name |
| Total | Integer | Number of unhandled events |
VPC DNS status of NAT firewall
Used by actions: DescribeNatFwVpcDnsLst.
| Name | Type | Description |
|---|---|---|
| VpcId | String | VPC ID |
| VpcName | String | VPC name |
| FwMode | Integer | NAT firewall mode. 0: Create new; 1: Use existing |
| VpcIpv4Cidr | String | VPC IPv4 CIDR block (Classless Inter-Domain Routing) |
| DNSEip | String | Public EIP, which is the firewall DNS resolution address |
| NatInsId | String | NAT gateway ID Note: This field may return null, indicating that no valid value was found. |
| NatInsName | String | NAT gateway name Note: This field may return null, indicating that no valid value was found. |
| SwitchStatus | Integer | 0: off; 1: on |
VPC Private Network Rules
Used by actions: DescribeVpcAcRule.
| Name | Type | Required | Description |
|---|---|---|---|
| SourceContent | String | Yes | Access source example: net: IP/CIDR (192.168.0.2) |
| SourceType | String | Yes | Access source type, which can be: net |
| DestContent | String | Yes | Access destination example: net: IP/CIDR (192.168.0.2) domain: domain name rules, for example *.qq.com |
| DestType | String | Yes | Access destination type, which can be: net, domain, dnsparse |
| Protocol | String | Yes | Protocol, optional values: TCP UDP ICMP ANY HTTP HTTPS HTTP/HTTPS SMTP SMTPS SMTP/SMTPS FTP DNS TLS/SSL |
| RuleAction | String | Yes | How traffic set in the access control policy passes through CFW. Values: accept: allow drop: deny log: observe |
| Port | String | Yes | Access control policy ports. Values: -1/-1: all ports 80: port 80 |
| Description | String | Yes | Description |
| OrderIndex | Integer | Yes | Rule order, where -1 indicates the lowest and 1 indicates the highest. |
| Enable | String | Yes | Rule status, where true indicates enabled and false indicates disabled. |
| EdgeId | String | Yes | The scope of effect for the rule, specifying whether it applies between a specific pair of VPCs or across all VPCs. |
| Uuid | Integer | No | The unique id corresponding to the rule. This field is ignored when adding a rule; when modifying the rule, the Uuid needs to be filled in. This parameter will be returned in query results. |
| DetectedTimes | Integer | No | The hit count of the rule. This parameter does not need to be passed during CRUD operations and is mainly used for returning query result data. |
| EdgeName | String | No | Description of the firewall between the pair of VPCs corresponding to EdgeId |
| InternalUuid | Integer | No | Internal-use uuid, generally not used |
| Deleted | Integer | No | Rule deletion status: 1 indicates deleted; 0 indicates not deleted |
| FwGroupId | String | No | The firewall instance ID where the rule takes effect |
| FwGroupName | String | No | Firewall name |
| BetaList | Array of BetaInfoByACL | No | beta task details |
| ParamTemplateId | String | No | Port Protocol Group ID |
| ParamTemplateName | String | No | Port Protocol Group Name |
| TargetName | String | No | Access destination name |
| SourceName | String | No | Access source name |
| IpVersion | Integer | No | Ip version, 0: IPv4, 1: IPv6, default is IPv4 |
| Invalid | Integer | No | Whether the rule is invalid, where 0 indicates a valid rule and 1 indicates an invalid rule, used in output parameters. |
文档反馈