Domain name for API request: tcss.intl.tencentcloudapi.com.
This API is used to query the list of reverse shell events at runtime.
A maximum of 20 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: DescribeReverseShellEvents. |
| Version | Yes | String | Common Params. The value used for this API: 2020-11-01. |
| Region | No | String | Common Params. This parameter is not required. |
| Limit | No | Integer | Number of results to be returned. Default value: 10. Maximum value: 100. |
| Offset | No | Integer | Offset. Default value: 0. |
| Filters.N | No | Array of RunTimeFilters | Filter parametersInnerNetAlarmShow - int - Required: Values: 1 (show private network alert); 0 (do not show) |
| Order | No | String | Valid values: asc, desc. |
| By | No | String | Sorting field |
| Parameter Name | Type | Description |
|---|---|---|
| TotalCount | Integer | Total number of events |
| EventSet | Array of ReverseShellEventInfo | Array of reverse shells |
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
Runtime reverse shell list.
https://tcss.intl.tencentcloudapi.com/?Action=DescribeReverseShellEvents
&Limit=10
&Offset=0
&<Common request parameters>
{
"Response": {
"EventSet": [
{
"ClusterID": "cls-dfw3e***",
"ClusterName": "clsfoo***",
"ContainerId": "b49a9fd917d30b736e76bff07a81e016bb1ced7bd9428b5d076628c80f8c62fd",
"ContainerIsolateOperationSrc": "Runtime security/Virus scanning"
"ContainerName": "policy",
"ContainerNetStatus": "NORMAL",
"ContainerNetSubStatus": "NONE",
"ContainerStatus": "RUNNING",
"Description": "policy1",
"DstAddress": "10.*.*.27:9000",
"EventCount": 1,
"EventId": "5075001",
"FoundTime": "2024-10-24 08:38:49",
"HostID": "0c4f6c1d-8215-43e2-8dcf-a4fb1db12f41",
"HostIP": "10.*.*.152",
"ImageId": "sha256:8415e883970de94c3131ff24ffaf9943ea81b3eca0c3d8d747b98581730bcdb6",
"ImageName": "registry-cn-shanghai-vpc.ack.aliyuncs.com/acs/terway:v1.8.13",
"LatestFoundTime": "2020-10-24 08:38:49",
"NodeID": "mix-GOmf****",
"NodeName": "i-node***",
"NodeType": "NORMAL",
"NodeUniqueID": "d41d8cd98f00b204e9800998ecf8427e",
"PProcessName": "socat",
"PodIP": "10.*.*.92",
"PodName": "agent-test-2zrp7",
"ProcessName": "dash",
"ProcessPath": "/usr/bin/dash",
"PublicIP": "10.*.*.92",
"Remark": "myremark***",
"Solution": "Clean up reverse shell processes in the container, and check for risks such as vulnerabilities and weak passwords in the container services."
"Status": "EVENT_UNDEAL"
},
{
"ClusterID": "cls-dfw3e***",
"ClusterName": "clsfoo***",
"ContainerId": "b15e610a7f62b5873902923dfeee2d3ab642f76bd7f1777b3f628158c5b39586",
"ContainerIsolateOperationSrc": "Runtime security/Virus scanning"
"ContainerName": "policy",
"ContainerNetStatus": "NORMAL",
"ContainerNetSubStatus": "NONE",
"ContainerStatus": "RUNNING",
"Description": "policy1",
"DstAddress": "100.*.*.*:10556",
"EventCount": 1,
"EventId": "5067003",
"FoundTime": "2020-10-24 08:03:10",
"HostID": "fc472648-37ed-4946-a4c9-d72c75e162c4",
"HostIP": "10.*.*.213",
"ImageId": "sha256:41481aae5e2d135b2624fc09aa1875eb84c6472eaa0929f6d827699e67edd041",
"ImageName": "registry",
"LatestFoundTime": "2020-10-24 08:03:10",
"NodeID": "mix-GOmf****",
"NodeName": "i-node***",
"NodeType": "NORMAL",
"NodeUniqueID": "d41d8cd98f00b204e9800998ecf8427e",
"PProcessName": "socat",
"PodIP": "10.*.*.92",
"PodName": "agent-test-2zrp7",
"ProcessName": "dash",
"ProcessPath": "/usr/bin/dash",
"PublicIP": "10.*.*.92",
"Remark": "myremark***",
"Solution": "Clean up rebound shell processes in the container, and check whether the service has risks such as vulnerability or weak password."
"Status": "EVENT_UNDEAL"
}
],
"RequestId": "c73a7252-0f68-4203-8b18-52037ab5efd1",
"TotalCount": 253
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| AuthFailure | A CAM signature/authentication error occurred. |
| InternalError | An internal error occurred. |
| InvalidParameter | The parameter is incorrect. |
| ResourceNotFound | The resource does not exist. |
Esta página foi útil?
Você também pode entrar em contato com a Equipe de vendas ou Enviar um tíquete em caso de ajuda.
comentários