Querying the Protection Policy List of Ransomware

Function

This API is used to query the the protection policy list of ransomware.

URI

GET /v5/{project_id}/ransomware/protection/policy

Table 1 Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID

Table 2 Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Enterprise project ID. To query all enterprise projects, set this parameter to all_granted_eps.
offset	No	Integer	Offset, which specifies the start position of the record to be returned.
limit	No	Integer	Number of records displayed on each page.
policy_name	No	String	Policy name
protect_policy_id	No	String	Policy ID
operating_system	No	String	OSs supported by the policy. The options are as follows: Windows Linux

Request Parameters

Table 3 Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.
region	Yes	String	Region ID

Response Parameters

Status code: 200

Table 4 Response body parameters
Parameter	Type	Description
total_num	Integer	Total number of policies
data_list	Array of ProtectionPolicyInfo objects	Query the list of policies.

Table 5 ProtectionPolicyInfo
Parameter	Type	Description
policy_id	String	Policy ID
policy_name	String	Policy name
protection_mode	String	Action. Its value can be: alarm_and_isolation: Report an alarm and isolate. alarm_only: Only report alarms.
bait_protection_status	String	Whether to enable honeypot protection. By default, the protection is enabled. Its value can be: opened closed
deploy_mode	String	Whether to enable honeypot protection. The options are as follows. By default, dynamic honeypot protection is disabled. opened closed
protection_directory	String	Protected directory
protection_type	String	Protected file type, for example, .docx, .txt, and .avi.
exclude_directory	String	(Optional) excluded directory
runtime_detection_status	String	Whether to perform runtime checks. The options are as follows. Currently, it can only be disabled. This field is reserved. opened closed
runtime_detection_directory	String	Directory to be checked during running. This field is reserved.
count_associated_server	Integer	Number of associated servers
operating_system	String	OS type. Linux Windows
process_whitelist	Array of TrustProcessInfo objects	Process whitelist
default_policy	Integer	Indicates whether the policy is the default policy. The options are as follows: 0: non-default policy 1: default policy

Table 6 TrustProcessInfo
Parameter	Type	Description
path	String	Indicates the process path.
hash	String	Process hash

Example Requests

Query the protection policy list of ransomware. If limit is not specified, 10 records are returned by default.

GET https://{endpoint}/v5/{project_id}/ransomware/protection/policy

Example Responses

Status code: 200

Request succeeded.

{
  "total_num" : 1,
  "data_list" : [ {
    "bait_protection_status" : "opened",
    "exclude_directory" : "/opt",
    "count_associated_server" : 0,
    "operating_system" : "Linux",
    "protection_mode" : "alarm_only",
    "policy_id" : "4117d16-074b-41ae-b7d7-9cc25ee258",
    "policy_name" : "test",
    "protection_directory" : "/dd",
    "protection_type" : "docx",
    "runtime_detection_status" : "closed"
  } ]
}

Status Codes

Status Code	Description
200	Request succeeded.

Error Codes

See Error Codes.

Parent topic: Ransomware Prevention

Предыдущая статья

Querying the Servers Protected Against Ransomware

Следующая статья

Modifying Ransomware Protection Policies

Была ли эта статья полезна?

Поддержка Юридические документы