Back to Details

alibabacloud-sas-overview

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

SAS Overview Data Query

SAS 总览数据查询

Retrieves the 5 core modules of the Security Center (SAS) overview dashboard:
  1. Security Overview — score, fixed vulns, baseline risk, handled alerts
  2. Usage Info — service days, asset scale, uninstalled clients
  3. Security Operations — risk governance (AI risk, CSPM, key config, system vulns), security protection (WAF blocks), security response
  4. Asset Risk Trend — host/container/cloud product risk ratios + trend chart
  5. Billing & Subscription — post-pay switches, subscription validity, bills
Execution Scope: Each module and data item can be queried independently. Match the scope to the user's request:
  • Single data item — e.g., "What is my security score?" → only command 1a
  • Single module — e.g., "Show asset risk trend" → all of Module 4
  • Full overview — e.g., "SAS overview" → all 5 modules
Architecture: 
SAS + WAF + BssOpenApi
可获取安全中心(SAS)总览仪表盘的5个核心模块数据:
  1. 安全总览 — 评分、已修复漏洞、基线风险、已处理告警
  2. 使用信息 — 服务时长、资产规模、未安装客户端的资产
  3. 安全运营 — 风险治理(AI风险、CSPM、关键配置、系统漏洞)、安全防护(WAF拦截)、安全响应
  4. 资产风险趋势 — 主机/容器/云产品风险占比 + 趋势图
  5. 账单与订阅 — 按量付费开关、订阅有效期、账单
执行范围:每个模块和数据项都可独立查询。 需匹配用户请求的查询范围:
  • 单个数据项 — 例如:"我的安全评分是多少?" → 仅执行命令1a
  • 单个模块 — 例如:"展示资产风险趋势" → 执行模块4的全部内容
  • 完整总览 — 例如:"SAS overview" → 执行全部5个模块
架构
SAS + WAF + BssOpenApi

Prerequisites

前置条件

Pre-check: Aliyun CLI >= 3.3.1 required Run 
aliyun version
to verify >= 3.3.1. If not installed or version too low, see 
references/cli-installation-guide.md
for installation instructions. Then run 
aliyun configure set --auto-plugin-install true
to enable automatic plugin installation.
Install required CLI plugins:
bash
aliyun plugin install --names aliyun-cli-sas aliyun-cli-waf-openapi aliyun-cli-bssopenapi
Pre-check: Alibaba Cloud Credentials Required
Security Rules:
  • NEVER read, echo, or print AK/SK values (e.g., 
    echo $ALIBABA_CLOUD_ACCESS_KEY_ID
    is FORBIDDEN)
  • NEVER ask the user to input AK/SK directly in the conversation or command line
  • NEVER use 
    aliyun configure set
    with literal credential values
  • ONLY use 
    aliyun configure list
    to check credential status
bash
aliyun configure list
Check the output for a valid profile (AK, STS, or OAuth identity).
If no valid profile exists, STOP here.
  1. Obtain credentials from Alibaba Cloud Console
  2. Configure credentials outside of this session (via 
    aliyun configure
    in terminal or environment variables in shell profile)
  3. Return and re-run after 
    aliyun configure list
    shows a valid profile
前置检查:要求Aliyun CLI版本 >= 3.3.1 运行
aliyun version
确认版本>=3.3.1。如果未安装或版本过低,请参考
references/cli-installation-guide.md
的安装指引。 然后运行
aliyun configure set --auto-plugin-install true
开启自动安装插件功能。
安装所需的CLI插件:
bash
aliyun plugin install --names aliyun-cli-sas aliyun-cli-waf-openapi aliyun-cli-bssopenapi
前置检查:需要阿里云凭证
安全规则:
  • 严禁读取、回显或打印AK/SK值(例如禁止执行
    echo $ALIBABA_CLOUD_ACCESS_KEY_ID
  • 严禁要求用户在对话或命令行中直接输入AK/SK
  • 严禁
    aliyun configure set
    命令中使用明文凭证值
  • 仅可使用
    aliyun configure list
    检查凭证状态
bash
undefined
aliyun configure list
检查输出是否存在有效的配置项(AK、STS或OAuth身份)。

**如果不存在有效配置项,请停止后续操作。**
1. 从[阿里云控制台](https://ram.console.aliyun.com/manage/ak)获取凭证
2. **在当前会话外**配置凭证(可通过终端执行`aliyun configure`或在Shell配置文件中设置环境变量)
3. 待`aliyun configure list`显示有效配置项后,返回重新执行操作

Parameters

参数

IMPORTANT: Parameter Confirmation — Before executing any command or API call, ALL user-customizable parameters (e.g., RegionId, WAF InstanceId, BillingCycle, etc.) MUST be confirmed with the user. Do NOT assume or use default values without explicit user approval.
ParameterRequiredDescriptionDefault
RegionsYesSAS regions to aggregate data from
cn-shanghai
, 
ap-southeast-1
WAF Instance IDAuto-fetchedAuto-fetched via WAF 
DescribeInstance
for 
DescribeFlowChart
Auto
Billing CycleOnly for billingBilling month in 
YYYY-MM
format		Current month
Time RangeNoDays of history for score/trend queries
7
(last 7 days)
重要提示:参数确认 — 执行任何命令或API调用前,所有用户可自定义参数(例如RegionId、WAF InstanceId、BillingCycle等)必须与用户确认。未经用户明确许可,不得假设或使用默认值。
参数必填说明默认值
Regions需要聚合数据的SAS地域
cn-shanghai
, 
ap-southeast-1
WAF Instance ID自动获取通过WAF 
DescribeInstance
接口自动获取,用于调用
DescribeFlowChart
自动
Billing Cycle仅账单查询需要账单月份,格式为
YYYY-MM
当前月份
Time Range评分/趋势查询的历史天数
7
(最近7天)

RAM Permissions

RAM权限

See references/ram-policies.md for the full RAM policy JSON.
Required: 
AliyunYundunSASReadOnlyAccess
, 
AliyunWAFReadOnlyAccess
, 
AliyunBSSReadOnlyAccess
.
完整RAM策略JSON请参考references/ram-policies.md
所需权限:
AliyunYundunSASReadOnlyAccess
AliyunWAFReadOnlyAccess
AliyunBSSReadOnlyAccess

Core Workflow

核心工作流

Based on the user's query, execute the relevant module(s) below. Each module — and each data item within a module — can be executed independently. For APIs marked multi-region, always query both 
cn-shanghai
and 
ap-southeast-1
, then sum the results.
根据用户查询,执行下方对应的模块。每个模块以及模块内的每个数据项都可独立执行。标注为多地域的API,必须同时查询
cn-shanghai
ap-southeast-1
两个地域,然后对结果进行求和

Module 1: Security Overview

模块1:安全总览

bash
undefined
bash
undefined

1a. Security Score (region-agnostic)

1a. 安全评分(地域无关)

aliyun sas describe-secure-suggestion --cal-type home_security_score --user-agent AlibabaCloud-Agent-Skills
aliyun sas describe-secure-suggestion --cal-type home_security_score --user-agent AlibabaCloud-Agent-Skills

Extract: Score field from response as current security score

提取:响应中的Score字段作为当前安全评分

NOTE: DescribeScreenScoreThread is currently unavailable (CalType not supported).

注意:DescribeScreenScoreThread当前不可用(不支持该CalType)

Once supported, switch to the command below for score + historical trend:

待接口可用后,切换为下方命令获取评分+历史趋势:

START=$(python3 -c "import time; print(int((time.time()-86400*7)*1000))")

START=$(python3 -c "import time; print(int((time.time()-86400*7)*1000))")

END=$(python3 -c "import time; print(int(time.time()*1000))")

END=$(python3 -c "import time; print(int(time.time()*1000))")

aliyun sas describe-screen-score-thread \

aliyun sas describe-screen-score-thread \

--cal-type home_security_score \

--cal-type home_security_score \

--start-time "$START" --end-time "$END" \

--start-time "$START" --end-time "$END" \

--user-agent AlibabaCloud-Agent-Skills

--user-agent AlibabaCloud-Agent-Skills

Extract: Data.SocreThread[-1] = current score, full SocreThread list = historical trend

提取:Data.SocreThread[-1] = 当前评分,完整SocreThread列表 = 历史趋势

1b. Fixed Vulnerabilities (multi-region: sum FixTotal)

1b. 已修复漏洞(多地域:对FixTotal求和)

aliyun sas describe-vul-fix-statistics --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills aliyun sas describe-vul-fix-statistics --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills
aliyun sas describe-vul-fix-statistics --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills aliyun sas describe-vul-fix-statistics --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills

1c. Baseline Risk Statistics (multi-region: sum each Summary field)

1c. 基线风险统计(多地域:对每个Summary字段求和)

aliyun sas get-check-risk-statistics --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills aliyun sas get-check-risk-statistics --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills
aliyun sas get-check-risk-statistics --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills aliyun sas get-check-risk-statistics --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills

Extract: Summary.RiskCheckCnt, Summary.RiskWarningCnt,

提取:Summary.RiskCheckCnt、Summary.RiskWarningCnt、

Summary.HandledCheckTotal, Summary.HandledCheckToday

Summary.HandledCheckTotal、Summary.HandledCheckToday

Sum each field across regions

对跨地域的每个字段结果求和

1d. Handled Alerts (multi-region: sum SuspiciousDealtCount)

1d. 已处理告警(多地域:对SuspiciousDealtCount求和)

aliyun sas get-defence-count --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills aliyun sas get-defence-count --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills
undefined
aliyun sas get-defence-count --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills aliyun sas get-defence-count --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills
undefined

Module 2: Usage Info

模块2:使用信息

bash
undefined
bash
undefined

2a. Service Duration + Subscription (region-agnostic)

2a. 服务时长+订阅信息(地域无关)

aliyun sas describe-version-config --user-agent AlibabaCloud-Agent-Skills
aliyun sas describe-version-config --user-agent AlibabaCloud-Agent-Skills

Check IsPaidUser first:

先检查IsPaidUser字段:

IsPaidUser == true → Extract CreateTime, calculate (now - CreateTime) as days

IsPaidUser == true → 提取CreateTime,计算(当前时间 - CreateTime)得到服务天数

IsPaidUser == false → Service duration not applicable, display N/A

IsPaidUser == false → 不适用服务时长,显示N/A

Extract: ReleaseTime → subscription expiry (pre-pay only)

提取:ReleaseTime → 订阅到期时间(仅预付费用户)

2b. Host Asset Info (multi-region: sum TotalCount and Cores)

2b. 主机资产信息(多地域:对TotalCount和Cores求和)

aliyun sas describe-cloud-center-instances
--region cn-shanghai --machine-types ecs --current-page 1 --page-size 20
--user-agent AlibabaCloud-Agent-Skills aliyun sas describe-cloud-center-instances
--region ap-southeast-1 --machine-types ecs --current-page 1 --page-size 20
--user-agent AlibabaCloud-Agent-Skills
aliyun sas describe-cloud-center-instances
--region cn-shanghai --machine-types ecs --current-page 1 --page-size 20
--user-agent AlibabaCloud-Agent-Skills aliyun sas describe-cloud-center-instances
--region ap-southeast-1 --machine-types ecs --current-page 1 --page-size 20
--user-agent AlibabaCloud-Agent-Skills

Extract: PageInfo.TotalCount (sum across regions) for host count

提取:跨地域的PageInfo.TotalCount求和得到主机数量

Extract: Sum all instances' Cores field for total core count

提取:所有实例的Cores字段求和得到总核数

Optionally list host details if user requests

如果用户要求,可额外列出主机详情

2c. Uninstalled Clients (multi-region: sum TotalCount)

2c. 未安装客户端的资产(多地域:对TotalCount求和)

aliyun sas list-uninstall-aegis-machines --region cn-shanghai --current-page 1 --page-size 1 --user-agent AlibabaCloud-Agent-Skills aliyun sas list-uninstall-aegis-machines --region ap-southeast-1 --current-page 1 --page-size 1 --user-agent AlibabaCloud-Agent-Skills
undefined
aliyun sas list-uninstall-aegis-machines --region cn-shanghai --current-page 1 --page-size 1 --user-agent AlibabaCloud-Agent-Skills aliyun sas list-uninstall-aegis-machines --region ap-southeast-1 --current-page 1 --page-size 1 --user-agent AlibabaCloud-Agent-Skills
undefined

Module 3: Security Operations

模块3:安全运营

3a. Risk Governance (region-agnostic, single API call)

3a. 风险治理(地域无关,单次API调用)

bash
aliyun sas describe-secure-suggestion --cal-type home_security_score --user-agent AlibabaCloud-Agent-Skills
bash
aliyun sas describe-secure-suggestion --cal-type home_security_score --user-agent AlibabaCloud-Agent-Skills

Process Suggestions[] by SuggestType:

按SuggestType处理Suggestions[]数组:

SS_AI_RISK → AI Risk (SubType not fixed, e.g. SSI_AISPM_RISK; analyze Description for unknown SubTypes)

SS_AI_RISK → AI风险(SubType不固定,例如SSI_AISPM_RISK;未知SubType可分析Description字段)

Aggregate riskCount by region

按地域聚合riskCount

SS_SAS_CLOUD_HC → CSPM risks (aggregate by HIGH/MEDIUM/LOW and region)

SS_SAS_CLOUD_HC → CSPM风险(按高/中/低危和地域聚合)

Cloud: SSI_SAS_CLOUD_HC_HIGH / MEDIUM / LOW

云产品:SSI_SAS_CLOUD_HC_HIGH / MEDIUM / LOW

Host: SSI_SAS_HOST_HC_HIGH / MEDIUM / LOW

主机:SSI_SAS_HOST_HC_HIGH / MEDIUM / LOW

SS_KEY_CONFIG → Key Config (SubType not fixed; analyze Description for unknown SubTypes)

SS_KEY_CONFIG → 关键配置(SubType不固定;未知SubType可分析Description字段)

Aggregate RiskCount by region

按地域聚合RiskCount

SS_SAS_SYS_VUL → System Vulns (aggregate by HIGH/MEDIUM/LOW and region)

SS_SAS_SYS_VUL → 系统漏洞(按高/中/低危和地域聚合)

SSI_SAS_SYS_VUL_HIGH / SSI_SAS_SYS_VUL_MEDIUM / SSI_SAS_SYS_VUL_LOW

SSI_SAS_SYS_VUL_HIGH / SSI_SAS_SYS_VUL_MEDIUM / SSI_SAS_SYS_VUL_LOW

undefined
undefined

3b. Security Protection — WAF Blocks (multi-region, two-step)

3b. 安全防护 — WAF拦截(多地域,两步执行)

bash
undefined
bash
undefined

Step 1: Get WAF Instance ID (per region)

步骤1:获取WAF实例ID(每个地域单独获取)

aliyun waf-openapi describe-instance --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills aliyun waf-openapi describe-instance --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills
aliyun waf-openapi describe-instance --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills aliyun waf-openapi describe-instance --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills

Extract: InstanceId from each region's response

提取:每个地域响应中的InstanceId

Step 2: Query WAF flow chart using each region's InstanceId

步骤2:使用每个地域的InstanceId查询WAF流量数据

START_SEC=$(python3 -c "import time; print(int(time.time()-86400*7))") aliyun waf-openapi describe-flow-chart
--region cn-shanghai
--instance-id "<InstanceId from cn-shanghai>"
--start-timestamp "$START_SEC"
--interval 3600
--user-agent AlibabaCloud-Agent-Skills aliyun waf-openapi describe-flow-chart
--region ap-southeast-1
--instance-id "<InstanceId from ap-southeast-1>"
--start-timestamp "$START_SEC"
--interval 3600
--user-agent AlibabaCloud-Agent-Skills
START_SEC=$(python3 -c "import time; print(int(time.time()-86400*7))") aliyun waf-openapi describe-flow-chart
--region cn-shanghai
--instance-id "<InstanceId from cn-shanghai>"
--start-timestamp "$START_SEC"
--interval 3600
--user-agent AlibabaCloud-Agent-Skills aliyun waf-openapi describe-flow-chart
--region ap-southeast-1
--instance-id "<InstanceId from ap-southeast-1>"
--start-timestamp "$START_SEC"
--interval 3600
--user-agent AlibabaCloud-Agent-Skills

Sum all WafBlockSum values from both regions

对两个地域返回的所有WafBlockSum值求和

undefined
undefined

3c. Security Response

3c. 安全响应

bash
undefined
bash
undefined

Currently no data (N/A)

当前无数据(N/A)

undefined
undefined

Module 4: Asset Risk Trend

模块4:资产风险趋势

bash
undefined
bash
undefined

4a. Host Assets (multi-region)

4a. 主机资产(多地域)

aliyun sas describe-cloud-center-instances
--region cn-shanghai --machine-types ecs --current-page 1 --page-size 1
--user-agent AlibabaCloud-Agent-Skills
aliyun sas describe-cloud-center-instances
--region cn-shanghai --machine-types ecs --current-page 1 --page-size 1
--user-agent AlibabaCloud-Agent-Skills

Extract: PageInfo.TotalCount

提取:PageInfo.TotalCount

aliyun sas describe-field-statistics
--region cn-shanghai
--user-agent AlibabaCloud-Agent-Skills
aliyun sas describe-field-statistics
--region cn-shanghai
--user-agent AlibabaCloud-Agent-Skills

Extract: GroupedFields.RiskInstanceCount

提取:GroupedFields.RiskInstanceCount

Repeat for ap-southeast-1, sum both

重复执行ap-southeast-1地域查询,对两个结果求和

4b. Container Assets (multi-region)

4b. 容器资产(多地域)

aliyun sas describe-container-field-statistics
--region cn-shanghai
--user-agent AlibabaCloud-Agent-Skills
aliyun sas describe-container-field-statistics
--region cn-shanghai
--user-agent AlibabaCloud-Agent-Skills

Extract: ClusterCount, RiskClusterCount

提取:ClusterCount、RiskClusterCount

Repeat for ap-southeast-1, sum both

重复执行ap-southeast-1地域查询,对两个结果求和

4c. Cloud Product Assets (multi-region)

4c. 云产品资产(多地域)

aliyun sas get-cloud-asset-summary
--region cn-shanghai
--user-agent AlibabaCloud-Agent-Skills
aliyun sas get-cloud-asset-summary
--region cn-shanghai
--user-agent AlibabaCloud-Agent-Skills

Extract: GroupedFields.InstanceCountTotal, GroupedFields.InstanceRiskCountTotal

提取:GroupedFields.InstanceCountTotal、GroupedFields.InstanceRiskCountTotal

Repeat for ap-southeast-1, sum both

重复执行ap-southeast-1地域查询,对两个结果求和

4d. Trend Chart Data (multi-region)

4d. 趋势图数据(多地域)

START_MS=$(python3 -c "import time; print(int((time.time()-86400*7)*1000))") END_MS=$(python3 -c "import time; print(int(time.time()*1000))") aliyun sas describe-chart-data
--region cn-shanghai
--chart-id CID_ASSET_RISK_TREND
--report-id -1
--time-start "$START_MS" --time-end "$END_MS"
--user-agent AlibabaCloud-Agent-Skills
START_MS=$(python3 -c "import time; print(int((time.time()-86400*7)*1000))") END_MS=$(python3 -c "import time; print(int(time.time()*1000))") aliyun sas describe-chart-data
--region cn-shanghai
--chart-id CID_ASSET_RISK_TREND
--report-id -1
--time-start "$START_MS" --time-end "$END_MS"
--user-agent AlibabaCloud-Agent-Skills

Returns time series: host / container / cloud risk counts

返回时间序列数据:主机/容器/云产品风险计数

undefined
undefined

Module 5: Billing & Subscription

模块5:账单与订阅

bash
undefined
bash
undefined

5a. Query billing mode (from Module 2a response, can reuse cached result)

5a. 查询计费模式(可复用模块2a的缓存响应结果)

aliyun sas describe-version-config --user-agent AlibabaCloud-Agent-Skills
aliyun sas describe-version-config --user-agent AlibabaCloud-Agent-Skills

Check IsPaidUser field to determine billing mode:

检查IsPaidUser字段判断计费模式:

If IsPaidUser == true → Pre-pay (subscription) user:

若IsPaidUser == true → 预付费(订阅)用户:

Extract CreateTime → purchase date (convert ms timestamp to YYYY-MM-DD)

提取CreateTime → 购买日期(将毫秒时间戳转换为YYYY-MM-DD格式)

Extract ReleaseTime → expiry date (convert ms timestamp to YYYY-MM-DD)

提取ReleaseTime → 到期日期(将毫秒时间戳转换为YYYY-MM-DD格式)

If IsPaidUser == false → Post-pay user:

若IsPaidUser == false → 后付费用户:

Extract PostPayModuleSwitch (JSON string — must parse)

提取PostPayModuleSwitch(JSON字符串 — 必须先解析)

Map codes to product names using the table below:

使用下方表格将编码映射为产品名称:

POST_HOST → Host and Container Security

POST_HOST → 主机与容器安全

VUL → Vulnerability Fixing

VUL → 漏洞修复

CSPM → CSPM

CSPM → CSPM

CTDR → Agentic SOC

CTDR → Agentic SOC

AGENTLESS → Agentless Detection

AGENTLESS → 无Agent检测

SERVERLESS → Serverless Asset Protection

SERVERLESS → 无服务器资产防护

RASP → Application Protection

RASP → 应用防护

SDK → Malicious File Detection

SDK → 恶意文件检测

CTDR_STORAGE → Log Management

CTDR_STORAGE → 日志管理

ANTI_RANSOMWARE → Anti-ransomware

ANTI_RANSOMWARE → 反勒索

Value 1 = Enabled, 0 = Disabled

值为1表示已启用,0表示未启用

5c. Billing Details (try each region, skip on permission error)

5c. 账单详情(逐个地域尝试查询,权限不足则跳过)

BILLING_CYCLE=$(date +%Y-%m) aliyun bssopenapi query-bill
--region cn-shanghai
--billing-cycle "$BILLING_CYCLE" --product-code sas
--user-agent AlibabaCloud-Agent-Skills
BILLING_CYCLE=$(date +%Y-%m) aliyun bssopenapi query-bill
--region cn-shanghai
--billing-cycle "$BILLING_CYCLE" --product-code sas
--user-agent AlibabaCloud-Agent-Skills

If the above returns a permission error, skip cn-shanghai and continue

如果上述请求返回权限错误,跳过cn-shanghai继续执行

aliyun bssopenapi query-bill
--region ap-southeast-1
--billing-cycle "$BILLING_CYCLE" --product-code sas
--user-agent AlibabaCloud-Agent-Skills
aliyun bssopenapi query-bill
--region ap-southeast-1
--billing-cycle "$BILLING_CYCLE" --product-code sas
--user-agent AlibabaCloud-Agent-Skills

If the above returns a permission error, skip ap-southeast-1 and continue

如果上述请求返回权限错误,跳过ap-southeast-1继续执行

Aggregate results from whichever regions succeeded

聚合所有查询成功的地域的结果

undefined
undefined

Product Code Mapping

产品编码映射

Product NameCodeStatus Values
Host and Container Security
POST_HOST
1
: Enabled, 
0
: Disabled
Vulnerability Fixing
VUL
1
: Enabled, 
0
: Disabled
CSPM
CSPM
1
: Enabled, 
0
: Disabled
Agentic SOC
CTDR
1
: Enabled, 
0
: Disabled
Agentless Detection
AGENTLESS
1
: Enabled, 
0
: Disabled
Serverless Asset Protection
SERVERLESS
1
: Enabled, 
0
: Disabled
Application Protection
RASP
1
: Enabled, 
0
: Disabled
Malicious File Detection
SDK
1
: Enabled, 
0
: Disabled
Log Management
CTDR_STORAGE
1
: Enabled, 
0
: Disabled
Anti-ransomware
ANTI_RANSOMWARE
1
: Enabled, 
0
: Disabled
产品名称编码状态值
主机与容器安全
POST_HOST
1
: 已启用, 
0
: 未启用
漏洞修复
VUL
1
: 已启用, 
0
: 未启用
CSPM
CSPM
1
: 已启用, 
0
: 未启用
Agentic SOC
CTDR
1
: 已启用, 
0
: 未启用
无Agent检测
AGENTLESS
1
: 已启用, 
0
: 未启用
无服务器资产防护
SERVERLESS
1
: 已启用, 
0
: 未启用
应用防护
RASP
1
: 已启用, 
0
: 未启用
恶意文件检测
SDK
1
: 已启用, 
0
: 未启用
日志管理
CTDR_STORAGE
1
: 已启用, 
0
: 未启用
反勒索
ANTI_RANSOMWARE
1
: 已启用, 
0
: 未启用

Data Processing Rules

数据处理规则

  1. Multi-region aggregation: APIs requiring regions must query 
    cn-shanghai
    + 
    ap-southeast-1
    separately, then sum the numeric results.
  2. Timestamps: SAS APIs use millisecond timestamps. WAF APIs use second timestamps.
  3. PostPayModuleSwitch: Is a JSON string — must 
    JSON.parse()
    / 
    json.loads()
    before reading.
  4. Score extraction: Use 
    Score
    field from 
    DescribeSecureSuggestion
    response as current score. Note: 
    DescribeScreenScoreThread
    is currently unavailable (CalType not supported); once supported, switch to using the last element of 
    Data.SocreThread[]
    as current score and the full list as historical trend.
  5. N/A fields: Security Response Events have no data — display "N/A".
  6. Timestamp formatting: Convert ms timestamps to 
    YYYY-MM-DD HH:mm:ss
    for display.
  1. 多地域聚合:要求指定地域的API必须分别查询
    cn-shanghai
    + 
    ap-southeast-1
    ,然后对数值结果求和
  2. 时间戳:SAS API使用毫秒时间戳,WAF API使用时间戳。
  3. PostPayModuleSwitch:为JSON字符串 — 读取前必须执行
    JSON.parse()
    / 
    json.loads()
    解析。
  4. 评分提取:使用
    DescribeSecureSuggestion
    响应中的
    Score
    字段作为当前评分。注意:
    DescribeScreenScoreThread
    当前不可用(不支持该CalType);待接口可用后,切换为使用
    Data.SocreThread[]
    最后一个元素作为当前评分,完整列表作为历史趋势。
  5. N/A字段:安全响应事件无数据 — 显示"N/A"。
  6. 时间戳格式化:将毫秒时间戳转换为
    YYYY-MM-DD HH:mm:ss
    格式展示。

Success Verification

成功验证

See references/verification-method.md for step-by-step verification commands.
逐步骤验证命令请参考references/verification-method.md

Cleanup

清理

This skill is read-only (query operations only). No resources are created, so no cleanup is needed.
本技能为只读权限(仅执行查询操作),不会创建任何资源,因此无需清理。

Best Practices

最佳实践

  1. Always query both 
    cn-shanghai
    and 
    ap-southeast-1
    for multi-region APIs before aggregating.
  2. Cache the 
    DescribeVersionConfig
    response — it is used by both Module 2 and Module 5.
  3. Use 
    --cli-query
    (JMESPath) to extract specific fields and reduce output noise.
  4. Set 
    --page-size 1
    when only 
    TotalCount
    is needed (e.g., 
    ListUninstallAegisMachines
    ).
  5. WAF 
    DescribeFlowChart
    requires a valid WAF instance ID — auto-fetch via 
    DescribeInstance
    first; query both 
    cn-shanghai
    and 
    ap-southeast-1
    .
  6. Billing queries (
    QueryBill
    ) require 
    --region
    — try each region (
    cn-shanghai
    , 
    ap-southeast-1
    ) in turn; skip any region that returns a permission error.
  7. All timestamps returned by SAS are in milliseconds — divide by 1000 for human-readable conversion.
  1. 多地域API在聚合结果前,必须同时查询
    cn-shanghai
    ap-southeast-1
    两个地域。
  2. 缓存
    DescribeVersionConfig
    响应结果 — 模块2和模块5都会使用该数据。
  3. 使用
    --cli-query
    (JMESPath)提取特定字段,减少输出冗余。
  4. 仅需要
    TotalCount
    时设置
    --page-size 1
    (例如
    ListUninstallAegisMachines
    接口)。
  5. WAF 
    DescribeFlowChart
    需要有效的WAF实例ID — 先通过
    DescribeInstance
    自动获取;同时查询
    cn-shanghai
    ap-southeast-1
    两个地域。
  6. 账单查询(
    QueryBill
    )需要指定
    --region
    — 依次尝试每个地域(
    cn-shanghai
    ap-southeast-1
    );权限不足的地域直接跳过。
  7. SAS返回的所有时间戳均为毫秒 — 转换为可读格式时需除以1000。

Reference Links

参考链接

DocumentContent
references/related-apis.mdFull API and CLI command reference table
references/ram-policies.mdRequired RAM permissions and policies
references/verification-method.mdStep-by-step verification commands
references/acceptance-criteria.mdCorrect/incorrect CLI patterns
references/cli-installation-guide.mdCLI installation guide
overview-sop.mdOriginal SOP document with full data mapping
文档内容
references/related-apis.md完整API和CLI命令参考表
references/ram-policies.md所需RAM权限和策略
references/verification-method.md逐步骤验证命令
references/acceptance-criteria.mdCLI使用正确/错误示例
references/cli-installation-guide.mdCLI安装指引
overview-sop.md包含完整数据映射的原始SOP文档