nhncloud-security-tickets
Query security monitoring tickets from NHN Cloud.
Syntax
nhncloud-security-tickets [profile=PROFILE] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [detail=DETAIL] [sort=SORT]
Options
- profile=PROFILE
- Optional. NHN Cloud connect profile code
- duration=NUM{mon|w|d|h|m|s}
- Optional. Scan only recent data. Use s(second), m(minute), h(hour), d(day), mon(month) time unit.
- from=yyyyMMddHHmmss
- Optional. Start time of range. yyyyMMddHHmmss format.
- to=yyyyMMddHHmmss
- Optional. End time of range. yyyyMMddHHmmss format.
- detail=DETAIL
- Optional. Fetch ticket detail for each ticket. t or f (default: f)
- sort=SORT
- Optional. Sort order by detection time. asc or desc (default: desc)
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| profile | String | Profile | e.g. myprofile |
| event_time | Date | Detected | e.g. 2020-02-03 16:49:00 |
| verdict | String | Verdict | e.g. True Positive |
| status | String | Status | e.g. Completed |
| category | String | Category | e.g. Network Intrusion |
| src_ip | IP address | Source IP | e.g. 120.24.86.122 |
| ticket_id | String | Ticket ID | e.g. 567567 |
| dst_ip | IP address | Destination IP | e.g. 103.243.201.11 |
| ticket_type | String | Ticket Type | e.g. Incident |
| title | String | Title | e.g. K047_NHN_WebShell_Alert |
| summary | String | Summary | e.g. Ticket resolved |
| analysis | String | Analysis | e.g. True positive deep analysis |
| description | String | Description |