Alibaba Cloud Data Security Center Risk Event Query and Handling This skill uses Alibaba Cloud Python Common SDK (generic invocation) to query security risk events from the Data Security Center and handle them. Architecture Installation Or install packages individually: [MUST] CLI User-Agent — Every CLI command invocation must include: Pre-check: Aliyun CLI = 3.3.3 required Run to verify = 3.3.3. If not installed or version too low, run to update, or see for installation instructions. Pre-check: Aliyun CLI plugin update required [MUST] run to enable automatic plugin installation. [MUST] run t…

)\n\n# Timeout configuration (milliseconds)\nCONNECT_TIMEOUT_MS = 10000 # Connection timeout 10 seconds\nREAD_TIMEOUT_MS = 30000 # Read timeout 30 seconds\n\n\ndef create_runtime_options():\n \"\"\"Create RuntimeOptions with timeout configuration\"\"\"\n runtime = util_models.RuntimeOptions()\n runtime.connect_timeout = CONNECT_TIMEOUT_MS\n runtime.read_timeout = READ_TIMEOUT_MS\n return runtime\n\n\ndef validate_risk_id(risk_id_str):\n \"\"\"\n Validate risk_id parameter\n - Must be a valid positive integer format\n - Must be within valid range\n Returns: (is_valid, risk_id_int_or_error_msg)\n \"\"\"\n # Format validation: must be numeric only\n if not risk_id_str or not risk_id_str.strip().isdigit():\n return False, \"risk_id must be a positive integer\"\n \n try:\n risk_id = int(risk_id_str.strip())\n except ValueError:\n return False, \"risk_id conversion failed, please enter a valid integer\"\n \n # Range validation\n if risk_id \u003c RISK_ID_MIN or risk_id > RISK_ID_MAX:\n return False, f\"risk_id is out of valid range ({RISK_ID_MIN} - {RISK_ID_MAX})\"\n \n return True, risk_id\n\n\ndef validate_handle_detail(handle_detail):\n \"\"\"\n Validate handle_detail parameter\n - Length limit\n - Special character filtering (prevent command injection)\n Returns: (is_valid, sanitized_detail_or_error_msg)\n \"\"\"\n if not handle_detail or not handle_detail.strip():\n return False, \"handle_detail cannot be empty\"\n \n detail = handle_detail.strip()\n \n # Length validation\n if len(detail) > HANDLE_DETAIL_MAX_LENGTH:\n return False, f\"handle_detail length cannot exceed {HANDLE_DETAIL_MAX_LENGTH} characters\"\n \n # Special character validation (prevent command injection)\n if not HANDLE_DETAIL_PATTERN.match(detail):\n return False, \"handle_detail contains invalid characters, only Chinese, English, numbers and common punctuation are allowed\"\n \n return True, detail\n\n\ndef create_client():\n credential = CredentialClient()\n config = open_api_models.Config(credential=credential)\n config.endpoint = 'sddp.cn-zhangjiakou.aliyuncs.com'\n config.user_agent = 'AlibabaCloud-Agent-Skills/alibabacloud-dsc-audit'\n return OpenApiClient(config)\n\n\ndef describe_risk_rules(current_page=1, page_size=20):\n \"\"\"Query unprocessed security risk events\"\"\"\n client = create_client()\n params = open_api_models.Params(\n action='DescribeRiskRules',\n version='2019-01-03',\n protocol='HTTPS',\n method='POST',\n auth_type='AK',\n style='RPC',\n pathname='/',\n req_body_type='json',\n body_type='json'\n )\n queries = {\n 'CurrentPage': current_page,\n 'PageSize': page_size,\n 'HandleStatus': 'UNPROCESSED'\n }\n request = open_api_models.OpenApiRequest(query=OpenApiUtilClient.query(queries))\n runtime = create_runtime_options()\n return client.call_api(params, request, runtime)\n\n\ndef find_risk_in_unprocessed(risk_id):\n \"\"\"Find specified RiskId in unprocessed risk events list, supports pagination\"\"\"\n current_page = 1\n page_size = 50\n \n while True:\n response = describe_risk_rules(current_page, page_size)\n status_code = response.get('statusCode')\n body = response.get('body', {})\n \n if status_code != 200:\n return False\n \n items = body.get('Items', [])\n total_count = body.get('TotalCount', 0)\n \n # Search for target RiskId in current page\n for item in items:\n if item.get('RiskId') == risk_id:\n return True\n \n # Check if there are more pages\n if current_page * page_size >= total_count:\n break\n current_page += 1\n \n return False\n\n\ndef handle_audit_risk(risk_id, handle_detail):\n \"\"\"Handle security risk event\"\"\"\n client = create_client()\n \n params = open_api_models.Params(\n action='PreHandleAuditRisk',\n version='2019-01-03',\n protocol='HTTPS',\n method='POST',\n auth_type='AK',\n style='RPC',\n pathname='/',\n req_body_type='json',\n body_type='json'\n )\n \n # Use flat mode for complex objects\n queries = {\n 'RiskId': risk_id,\n 'HandleInfoList.1.HandleType': 'Manual',\n 'HandleInfoList.1.HandleContent': json.dumps({\n 'HandleMethod': 0,\n 'HandleDetail': handle_detail\n })\n }\n \n request = open_api_models.OpenApiRequest(query=OpenApiUtilClient.query(queries))\n runtime = create_runtime_options()\n return client.call_api(params, request, runtime)\n\n\nif __name__ == '__main__':\n import sys\n \n if len(sys.argv) \u003c 3:\n print(\"Usage: python3 handle_risk.py \u003cRiskID> \u003cHandleDetail>\")\n print(\"Example: python3 handle_risk.py 66718695 'Confirmed as false positive, closing alert'\")\n sys.exit(1)\n \n # Input validation\n is_valid, result = validate_risk_id(sys.argv[1])\n if not is_valid:\n print(f\"❌ Parameter error: {result}\")\n sys.exit(1)\n risk_id = result\n \n is_valid, result = validate_handle_detail(sys.argv[2])\n if not is_valid:\n print(f\"❌ Parameter error: {result}\")\n sys.exit(1)\n handle_detail = result\n \n # Pre-handling validation: check if risk event exists in unprocessed list\n print(f\"Validating risk event...\")\n if not find_risk_in_unprocessed(risk_id):\n print(f\"❌ No handleable risk event found: RiskId={risk_id}\")\n sys.exit(1)\n \n print(f\"✓ Risk event confirmed to exist in unprocessed list\")\n print(f\"Handling risk event...\")\n print(f\"Risk ID: {risk_id}\")\n print(f\"Handle Detail: {handle_detail}\")\n print(\"-\" * 50)\n \n response = handle_audit_risk(risk_id, handle_detail)\n status_code = response.get('statusCode')\n body = response.get('body', {})\n \n if status_code == 200:\n print(\"✅ Handling successful!\")\n print(f\"RequestId: {body.get('RequestId')}\")\n else:\n print(f\"❌ Handling failed: {json.dumps(body, indent=2, ensure_ascii=False)}\")\n","content_type":"text/x-python; charset=utf-8","language":"python","size":6841,"content_sha256":"41e8ce60b4aec4582f5ad69b08d3eefb5b7152ed38913746707e2776f29c8b0f"},{"filename":"scripts/query_risk.py","content":"# -*- coding: utf-8 -*-\nimport json\nfrom alibabacloud_tea_openapi.client import Client as OpenApiClient\nfrom alibabacloud_credentials.client import Client as CredentialClient\nfrom alibabacloud_tea_openapi import models as open_api_models\nfrom alibabacloud_tea_util import models as util_models\nfrom alibabacloud_openapi_util.client import Client as OpenApiUtilClient\n\n# Timeout configuration (milliseconds)\nCONNECT_TIMEOUT_MS = 10000 # Connection timeout 10 seconds\nREAD_TIMEOUT_MS = 30000 # Read timeout 30 seconds\n\n\ndef create_runtime_options():\n \"\"\"Create RuntimeOptions with timeout configuration\"\"\"\n runtime = util_models.RuntimeOptions()\n runtime.connect_timeout = CONNECT_TIMEOUT_MS\n runtime.read_timeout = READ_TIMEOUT_MS\n return runtime\n\n\ndef create_client():\n credential = CredentialClient()\n config = open_api_models.Config(credential=credential)\n config.endpoint = 'sddp.cn-zhangjiakou.aliyuncs.com'\n config.user_agent = 'AlibabaCloud-Agent-Skills/alibabacloud-dsc-audit'\n return OpenApiClient(config)\n\n\ndef describe_risk_rules(current_page=1, page_size=20, handle_status='UNPROCESSED'):\n client = create_client()\n params = open_api_models.Params(\n action='DescribeRiskRules',\n version='2019-01-03',\n protocol='HTTPS',\n method='POST',\n auth_type='AK',\n style='RPC',\n pathname='/',\n req_body_type='json',\n body_type='json'\n )\n queries = {\n 'CurrentPage': current_page,\n 'PageSize': page_size,\n 'HandleStatus': handle_status\n }\n request = open_api_models.OpenApiRequest(query=OpenApiUtilClient.query(queries))\n runtime = create_runtime_options()\n return client.call_api(params, request, runtime)\n\n\nif __name__ == '__main__':\n response = describe_risk_rules()\n status_code = response.get('statusCode')\n body = response.get('body', {})\n \n if status_code == 200:\n total_count = body.get('TotalCount', 0)\n items = body.get('Items', [])\n \n print(f\"Found {total_count} unprocessed security risk events\")\n print(\"=\" * 80)\n \n if items:\n for item in items:\n print(f\"Risk ID: {item.get('RiskId')}\")\n print(f\"Rule Name: {item.get('RuleName')}\")\n print(f\"Risk Level: {item.get('WarnLevelName')}\")\n print(f\"Product Type: {item.get('ProductCode')}\")\n print(f\"Alert Count: {item.get('AlarmCount')}\")\n print(f\"Asset Count: {item.get('InstanceCount')}\")\n print(f\"Rule Category: {item.get('RuleCategoryName')}\")\n print(\"-\" * 80)\n else:\n print(\"No unprocessed security risk events found\")\n else:\n print(f\"Query failed: {json.dumps(body, indent=2, ensure_ascii=False)}\")\n","content_type":"text/x-python; charset=utf-8","language":"python","size":2827,"content_sha256":"f68f15bc653e7dc726a29c6213717add188aa2d128abdf581949a22b43e3fdb1"},{"filename":"scripts/requirements.txt","content":"# Alibaba Cloud Python Common SDK dependencies\n# Required for generic API invocation to Data Security Center (Sddp)\n\nalibabacloud_tea_openapi==0.4.3\nalibabacloud_credentials==1.0.8\nalibabacloud_tea_util==0.3.14\nalibabacloud_openapi_util==0.2.4\n","content_type":"text/plain; charset=utf-8","language":null,"size":244,"content_sha256":"597e9256074972e3d2a16d5237742151d23594ecf2cf36591ffea2f533a5aefe"}],"content_json":{"type":"doc","content":[{"type":"heading","attrs":{"level":1},"content":[{"text":"Alibaba Cloud Data Security Center Risk Event Query and Handling","type":"text"}]},{"type":"paragraph","content":[{"text":"This skill uses Alibaba Cloud Python Common SDK (generic invocation) to query security risk events from the Data Security Center and handle them.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Architecture","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"User → Python Common SDK → Data Security Center (Sddp) API\n ├── DescribeRiskRules (Query risk events)\n └── PreHandleAuditRisk (Handle risk events)","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Installation","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"pip3 install -r scripts/requirements.txt","type":"text"}]},{"type":"paragraph","content":[{"text":"Or install packages individually:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"pip3 install alibabacloud_tea_openapi==0.4.3 alibabacloud_credentials==1.0.8 alibabacloud_tea_util==0.3.14 alibabacloud_openapi_util==0.2.4","type":"text"}]},{"type":"paragraph","content":[{"text":"[MUST] CLI User-Agent","type":"text","marks":[{"type":"strong"}]},{"text":" — Every ","type":"text"},{"text":"aliyun","type":"text","marks":[{"type":"code_inline"}]},{"text":" CLI command invocation must include: ","type":"text"},{"text":"--user-agent AlibabaCloud-Agent-Skills/alibabacloud-dsc-audit","type":"text","marks":[{"type":"code_inline"}]}]},{"type":"blockquote","content":[{"type":"paragraph","content":[{"text":"Pre-check: Aliyun CLI >= 3.3.3 required","type":"text","marks":[{"type":"strong"}]},{"text":" Run ","type":"text"},{"text":"aliyun version","type":"text","marks":[{"type":"code_inline"}]},{"text":" to verify >= 3.3.3. If not installed or version too low, run ","type":"text"},{"text":"curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash","type":"text","marks":[{"type":"code_inline"}]},{"text":" to update, or see ","type":"text"},{"text":"references/cli-installation-guide.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" for installation instructions.","type":"text"}]}]},{"type":"blockquote","content":[{"type":"paragraph","content":[{"text":"Pre-check: Aliyun CLI plugin update required","type":"text","marks":[{"type":"strong"}]},{"text":" [MUST] run ","type":"text"},{"text":"aliyun configure set --auto-plugin-install true","type":"text","marks":[{"type":"code_inline"}]},{"text":" to enable automatic plugin installation. [MUST] run ","type":"text"},{"text":"aliyun plugin update","type":"text","marks":[{"type":"code_inline"}]},{"text":" to ensure that any existing plugins are always up-to-date.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"At the ","type":"text"},{"text":"start","type":"text","marks":[{"type":"strong"}]},{"text":" of the Core Workflow (before any CLI invocation): ","type":"text"},{"text":"[MUST] Enable AI-Mode","type":"text","marks":[{"type":"strong"}]},{"text":" — AI-mode is required for Agent Skill execution. Run the following commands before any CLI invocation:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"aliyun configure ai-mode enable\naliyun configure ai-mode set-user-agent --user-agent \"AlibabaCloud-Agent-Skills/alibabacloud-dsc-audit\"","type":"text"}]},{"type":"paragraph","content":[{"text":"[MUST] Disable AI-Mode at EVERY exit point","type":"text","marks":[{"type":"strong"}]},{"text":" — Before delivering the final response for ANY reason, always disable AI-mode first. This applies to ALL exit paths: workflow success, workflow failure, error/exception, user cancellation, session end, or any other scenario where no further CLI commands will be executed. AI-mode is only used for Agent Skill invocation scenarios and MUST NOT remain enabled after the skill stops running.","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"aliyun configure ai-mode disable","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Authentication","type":"text"}]},{"type":"blockquote","content":[{"type":"paragraph","content":[{"text":"Pre-check: Alibaba Cloud Credentials Required","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"Security Rules:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"NEVER","type":"text","marks":[{"type":"strong"}]},{"text":" read, echo, or print AK/SK values (e.g., ","type":"text"},{"text":"echo $ALIBABA_CLOUD_ACCESS_KEY_ID","type":"text","marks":[{"type":"code_inline"}]},{"text":" is FORBIDDEN)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"NEVER","type":"text","marks":[{"type":"strong"}]},{"text":" ask the user to input AK/SK directly in the conversation or command line","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"NEVER","type":"text","marks":[{"type":"strong"}]},{"text":" use ","type":"text"},{"text":"aliyun configure set","type":"text","marks":[{"type":"code_inline"}]},{"text":" with literal credential values","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"ONLY","type":"text","marks":[{"type":"strong"}]},{"text":" use ","type":"text"},{"text":"aliyun configure list","type":"text","marks":[{"type":"code_inline"}]},{"text":" to check credential status","type":"text"}]}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"aliyun configure list","type":"text"}]},{"type":"paragraph","content":[{"text":"Check the output for a valid profile (AK, STS, or OAuth identity).","type":"text"}]},{"type":"paragraph","content":[{"text":"If no valid profile exists, STOP here.","type":"text","marks":[{"type":"strong"}]}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Obtain credentials from ","type":"text"},{"text":"Alibaba Cloud Console","type":"text","marks":[{"type":"link","attrs":{"href":"https://ram.console.aliyun.com/manage/ak","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Configure credentials ","type":"text"},{"text":"outside of this session","type":"text","marks":[{"type":"strong"}]},{"text":" (via ","type":"text"},{"text":"aliyun configure","type":"text","marks":[{"type":"code_inline"}]},{"text":" in terminal or environment variables in shell profile)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Return and re-run after ","type":"text"},{"text":"aliyun configure list","type":"text","marks":[{"type":"code_inline"}]},{"text":" shows a valid profile","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"RAM Permissions","type":"text"}]},{"type":"paragraph","content":[{"text":"Before using this skill, ensure the current user has the required RAM permissions. For detailed permission lists and policy configurations, refer to ","type":"text"},{"text":"references/ram-policies.md","type":"text","marks":[{"type":"link","attrs":{"href":"references/ram-policies.md","title":null}}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Parameter Confirmation","type":"text"}]},{"type":"blockquote","content":[{"type":"paragraph","content":[{"text":"IMPORTANT: Parameter Confirmation","type":"text","marks":[{"type":"strong"}]},{"text":" — Before executing any command or API call, ALL user-customizable parameters (e.g., RegionId, instance names, CIDR blocks, passwords, domain names, resource specifications, etc.) MUST be confirmed with the user. Do NOT assume or use default values without explicit user approval.","type":"text"}]}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Parameter","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Required/Optional","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Default","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"CurrentPage","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Current page number","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"1","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"PageSize","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Records per page","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"10","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"HandleStatus","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Processing status, PROCESSED means handled, UNPROCESSED means not handled","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"UNPROCESSED","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"RiskId","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Required for handling","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Risk event ID","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"-","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"HandleDetail","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Required for handling","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Handling details description","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"-","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Core Workflow","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 1: Query Unprocessed Security Risk Events","type":"text"}]},{"type":"paragraph","content":[{"text":"Use the ","type":"text"},{"text":"scripts/query_risk.py","type":"text","marks":[{"type":"code_inline"}]},{"text":" script to query unprocessed security risk events. This is a paginated API that returns the first 20 records by default.","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"python3 scripts/query_risk.py","type":"text"}]},{"type":"paragraph","content":[{"text":"Example output:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"Found 31 unprocessed security risk events\n================================================================================\nRisk ID: 75110196\nRule Name: jiangyu_test_mysqldump\nRisk Level: High Risk\nProduct Type: RDS\nAlert Count: 20\nAsset Count: 2\nRule Category: Database Dump Attack\n--------------------------------------------------------------------------------","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Query Result Field Descriptions","type":"text"}]},{"type":"paragraph","content":[{"text":"The query results return the following key fields. ","type":"text"},{"text":"Risk Event ID (RiskId) is a required parameter for handling","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Field","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"RiskId","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Risk event ID, ","type":"text"},{"text":"required for handling","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"RuleName","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Rule name","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"WarnLevelName","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Risk level (High Risk/Medium Risk/Low Risk)","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"ProductCode","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Product type (RDS/OSS, etc.)","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"AlarmCount","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Alert count","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"InstanceCount","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Number of affected assets","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"FirstAlarmTime","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"First discovery time","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"LastAlarmTime","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Last discovery time","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 2: Handle Security Risk Events","type":"text"}]},{"type":"paragraph","content":[{"text":"Use the ","type":"text"},{"text":"scripts/handle_risk.py","type":"text","marks":[{"type":"code_inline"}]},{"text":" script to handle specified risk events.","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"python3 scripts/handle_risk.py \u003cRiskID> \u003cHandleDetail>","type":"text"}]},{"type":"paragraph","content":[{"text":"Example:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"python3 scripts/handle_risk.py 75110196 \"Confirmed as false positive, closing this alert\"","type":"text"}]},{"type":"paragraph","content":[{"text":"Example output:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"Handling risk event...\nRisk ID: 75110196\nHandle Detail: Confirmed as false positive, closing this alert\n--------------------------------------------------\n✅ Handling successful!\nRequestId: C34D813F-A234-5D66-842D-504D84D5C680","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Handling Parameter Descriptions","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Parameter","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"RiskId","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Risk event ID, obtained from ","type":"text"},{"text":"DescribeRiskRules","type":"text","marks":[{"type":"code_inline"}]},{"text":" API","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"HandleType","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Handling type, fixed as ","type":"text"},{"text":"Manual","type":"text","marks":[{"type":"code_inline"}]},{"text":" (manual handling)","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"HandleMethod","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Handling method, fixed as ","type":"text"},{"text":"0","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"HandleDetail","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Handling details, ","type":"text"},{"text":"requires user to input specific handling description","type":"text","marks":[{"type":"strong"}]}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Success Verification","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Verify Query Operation","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"After executing the query code, check if the returned ","type":"text"},{"text":"statusCode","type":"text","marks":[{"type":"code_inline"}]},{"text":" is ","type":"text"},{"text":"200","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Check if the returned ","type":"text"},{"text":"body","type":"text","marks":[{"type":"code_inline"}]},{"text":" contains the ","type":"text"},{"text":"Items","type":"text","marks":[{"type":"code_inline"}]},{"text":" list","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Verify that ","type":"text"},{"text":"TotalCount","type":"text","marks":[{"type":"code_inline"}]},{"text":" matches the actual number of returned records","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Verify Handling Operation","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"After executing the handling code, check if the returned ","type":"text"},{"text":"statusCode","type":"text","marks":[{"type":"code_inline"}]},{"text":" is ","type":"text"},{"text":"200","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Call ","type":"text"},{"text":"DescribeRiskRules","type":"text","marks":[{"type":"code_inline"}]},{"text":" again to query the ","type":"text"},{"text":"RiskId","type":"text","marks":[{"type":"code_inline"}]},{"text":" and confirm the status has changed","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Cleanup","type":"text"}]},{"type":"paragraph","content":[{"text":"This skill is primarily used for query and handling operations, does not involve resource creation, and requires no cleanup.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"API and Command Reference","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Product","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"API Action","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Script","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Sddp","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"DescribeRiskRules","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"scripts/query_risk.py","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Query security risk events","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Sddp","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"PreHandleAuditRisk","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"scripts/handle_risk.py","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Handle security risk events","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Script Usage","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Script","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Usage","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"query_risk.py","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"python3 scripts/query_risk.py","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Execute directly, no parameters required","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"handle_risk.py","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"python3 scripts/handle_risk.py \u003cRiskID> \u003cHandleDetail>","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Requires Risk ID and handling description","type":"text"}]}]}]}]},{"type":"paragraph","content":[{"text":"For detailed API information, refer to ","type":"text"},{"text":"references/related-apis.md","type":"text","marks":[{"type":"link","attrs":{"href":"references/related-apis.md","title":null}}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Best Practices","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Paginated Query","type":"text","marks":[{"type":"strong"}]},{"text":": When using paginated APIs, increment the ","type":"text"},{"text":"CurrentPage","type":"text","marks":[{"type":"code_inline"}]},{"text":" parameter until all records are retrieved","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Record RiskId","type":"text","marks":[{"type":"strong"}]},{"text":": The ","type":"text"},{"text":"RiskId","type":"text","marks":[{"type":"code_inline"}]},{"text":" in query results is a required parameter for handling operations, make sure to record it","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Handle Description","type":"text","marks":[{"type":"strong"}]},{"text":": Provide a clear ","type":"text"},{"text":"HandleDetail","type":"text","marks":[{"type":"code_inline"}]},{"text":" description when handling for subsequent auditing","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Error Handling","type":"text","marks":[{"type":"strong"}]},{"text":": Implement retry mechanisms for temporary errors like ","type":"text"},{"text":"Throttling","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Credential Security","type":"text","marks":[{"type":"strong"}]},{"text":": Use ","type":"text"},{"text":"CredentialClient","type":"text","marks":[{"type":"code_inline"}]},{"text":" to manage credentials, do not hardcode AK/SK","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Reference Links","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Reference Document","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"references/related-apis.md","type":"text","marks":[{"type":"link","attrs":{"href":"references/related-apis.md","title":null}}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"API detailed documentation","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"references/ram-policies.md","type":"text","marks":[{"type":"link","attrs":{"href":"references/ram-policies.md","title":null}}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"RAM permission configuration","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"references/cli-installation-guide.md","type":"text","marks":[{"type":"link","attrs":{"href":"references/cli-installation-guide.md","title":null}}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"CLI installation guide","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"references/acceptance-criteria.md","type":"text","marks":[{"type":"link","attrs":{"href":"references/acceptance-criteria.md","title":null}}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Acceptance criteria","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Generic Invocation Documentation","type":"text","marks":[{"type":"link","attrs":{"href":"https://help.aliyun.com/zh/sdk/developer-reference/generalized-call-python","title":null}}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Alibaba Cloud Python SDK generic invocation documentation","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Important Notes","type":"text"}]},{"type":"blockquote","content":[{"type":"paragraph","content":[{"text":"Warning","type":"text","marks":[{"type":"strong"}]},{"text":": This skill ","type":"text"},{"text":"only","type":"text","marks":[{"type":"strong"}]},{"text":" uses the Data Security Center's ","type":"text"},{"text":"DescribeRiskRules","type":"text","marks":[{"type":"code_inline"}]},{"text":" and ","type":"text"},{"text":"PreHandleAuditRisk","type":"text","marks":[{"type":"code_inline"}]},{"text":" APIs. If these two APIs cannot be found, report an error. ","type":"text"},{"text":"Do NOT call other OpenAPIs without authorization","type":"text","marks":[{"type":"strong"}]},{"text":". Do not use Alibaba Cloud CLI tools to call APIs.","type":"text"}]}]},{"type":"hr","attrs":{"markup":"---"}}]},"metadata":{"date":"2026-06-05","name":"alibabacloud-dsc-audit","author":"@skillopedia","source":{"stars":133,"repo_name":"alibabacloud-aiops-skills","origin_url":"https://github.com/aliyun/alibabacloud-aiops-skills/blob/HEAD/skills/security/sddp/alibabacloud-dsc-audit/SKILL.md","repo_owner":"aliyun","body_sha256":"a6526d60c1e72bda0f05bd5738ead815d102eb3a96a5db62ce7895e151242fef","cluster_key":"d25d000c1373d041bb2c1b9cbdc66d03d42b6358c897d18ba03b72a206e8caea","clean_bundle":{"format":"clean-skill-bundle-v1","source":"aliyun/alibabacloud-aiops-skills/skills/security/sddp/alibabacloud-dsc-audit/SKILL.md","attachments":[{"id":"3f0b2597-9790-5350-866e-7b1fdc4ff7c8","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/3f0b2597-9790-5350-866e-7b1fdc4ff7c8/attachment.md","path":"references/acceptance-criteria.md","size":6148,"sha256":"a6d1200c8743d870cf31aa7b47c3041d4d28c3de93ec9075308234b292484cd4","contentType":"text/markdown; charset=utf-8"},{"id":"215c376b-9468-56f7-9959-6b0c4249860b","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/215c376b-9468-56f7-9959-6b0c4249860b/attachment.md","path":"references/cli-installation-guide.md","size":11618,"sha256":"7ca9724d2550c4d230183a550224263a5a2cfe51b4356f1b4d4ada41ec17edf9","contentType":"text/markdown; charset=utf-8"},{"id":"80a76df0-fd36-5fef-9259-c99b61b085c8","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/80a76df0-fd36-5fef-9259-c99b61b085c8/attachment.md","path":"references/ram-policies.md","size":2140,"sha256":"2e1b969514226f4807a480a504da8db10085db9fbf67c64dd55d9bbad198b2a4","contentType":"text/markdown; charset=utf-8"},{"id":"1a5ea079-c9f9-5714-8644-b6ade1bc130b","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/1a5ea079-c9f9-5714-8644-b6ade1bc130b/attachment.md","path":"references/related-apis.md","size":5646,"sha256":"8afc6f93b11ac16b0edb8927be11243cd653eee566b3a951b87dabbd8dee856b","contentType":"text/markdown; charset=utf-8"},{"id":"b7954e5d-70bd-5a58-a9c7-fd4255165780","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/b7954e5d-70bd-5a58-a9c7-fd4255165780/attachment.py","path":"scripts/handle_risk.py","size":6841,"sha256":"41e8ce60b4aec4582f5ad69b08d3eefb5b7152ed38913746707e2776f29c8b0f","contentType":"text/x-python; charset=utf-8"},{"id":"f309e830-6fc2-5758-948e-59286a194e6a","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/f309e830-6fc2-5758-948e-59286a194e6a/attachment.py","path":"scripts/query_risk.py","size":2827,"sha256":"f68f15bc653e7dc726a29c6213717add188aa2d128abdf581949a22b43e3fdb1","contentType":"text/x-python; charset=utf-8"},{"id":"03f86dd6-8155-5c47-80d7-86d6804d0619","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/03f86dd6-8155-5c47-80d7-86d6804d0619/attachment.txt","path":"scripts/requirements.txt","size":244,"sha256":"597e9256074972e3d2a16d5237742151d23594ecf2cf36591ffea2f533a5aefe","contentType":"text/plain; charset=utf-8"}],"bundle_sha256":"529dc2d303a1ba52671a5df306974ef7d0b18d04646fc9d5e27ea37efcf18fea","attachment_count":7,"text_attachments":7,"attachment_storage":"skillopedia-attachments-v1","binary_attachments":0,"excluded_attachments":[]},"cluster_size":1,"skill_md_path":"skills/security/sddp/alibabacloud-dsc-audit/SKILL.md","import_metadata":{"date":"2026-06-05","author":"@skillopedia","version":"v1","category":"security","category_label":"Security"},"exact_dupes_collapsed_into_this":0},"version":"v1","category":"security","import_tag":"clean-skills-v1","description":"Query and handle security risk events from Alibaba Cloud Data Security Center. Supports viewing the list of unprocessed risk events and performing manual handling operations on risk events.\nTrigger words: \"Data Security Center\", \"security risk events\", \"DSC\", \"risk handling\", \"DescribeRiskRules\", \"PreHandleAuditRisk\"\n"}},"renderedAt":1782981684787}

Alibaba Cloud Data Security Center Risk Event Query and Handling This skill uses Alibaba Cloud Python Common SDK (generic invocation) to query security risk events from the Data Security Center and handle them. Architecture Installation Or install packages individually: [MUST] CLI User-Agent — Every CLI command invocation must include: Pre-check: Aliyun CLI = 3.3.3 required Run to verify = 3.3.3. If not installed or version too low, run to update, or see for installation instructions. Pre-check: Aliyun CLI plugin update required [MUST] run to enable automatic plugin installation. [MUST] run t…