SAS Overview Data Query

Retrieves the 5 core modules of the Security Center (SAS) overview dashboard:

1. 1. Security Overview — score, fixed vulns, baseline risk, handled alerts
2. Usage Info — service days, asset scale, uninstalled clients
3. Security Operations — risk governance (AI risk, CSPM, key config, system vulns), security protection (WAF blocks), security response
4. Asset Risk Trend — host/container/cloud product risk ratios + trend chart
5. Billing & Subscription — post-pay switches, subscription validity, bills

Execution Scope: Each module and data item can be queried independently.
Match the scope to the user's request:

• - Single data item — e.g., "What is my security score?" → only command 1a
• Single module — e.g., "Show asset risk trend" → all of Module 4
• Full overview — e.g., "SAS overview" → all 5 modules

Architecture: INLINECODE0

Prerequisites

Pre-check: Aliyun CLI >= 3.3.1 required
Run aliyun version to verify >= 3.3.1. If not installed or version too low,
see references/cli-installation-guide.md for installation instructions.
Then run aliyun configure set --auto-plugin-install true to enable automatic plugin installation.

Install required CLI plugins:

CODEBLOCK0

Pre-check: Alibaba Cloud Credentials Required
Security Rules:

• - NEVER read, echo, or print AK/SK values (e.g., echo $ALIBABA_CLOUD_ACCESS_KEY_ID is FORBIDDEN)
• NEVER ask the user to input AK/SK directly in the conversation or command line
• NEVER use aliyun configure set with literal credential values
• ONLY use aliyun configure list to check credential status

> aliyun configure list
> 

Check the output for a valid profile (AK, STS, or OAuth identity).
If no valid profile exists, STOP here.

1. 1. Obtain credentials from Alibaba Cloud Console
2. Configure credentials outside of this session (via aliyun configure in terminal or environment variables in shell profile)
3. Return and re-run after aliyun configure list shows a valid profile

Parameters

IMPORTANT: Parameter Confirmation — Before executing any command or API call,
ALL user-customizable parameters (e.g., RegionId, WAF InstanceId, BillingCycle, etc.)
MUST be confirmed with the user. Do NOT assume or use default values without explicit user approval.

RAM Permissions

See references/ram-policies.md for the full RAM policy JSON.

Required: AliyunYundunSASReadOnlyAccess, AliyunWAFReadOnlyAccess, AliyunBSSReadOnlyAccess.

Core Workflow

Based on the user's query, execute the relevant module(s) below. Each module — and each data item within a module — can be executed independently. For APIs marked multi-region, always query both cn-shanghai and ap-southeast-1, then sum the results.

Module 1: Security Overview

CODEBLOCK2

Module 2: Usage Info

CODEBLOCK3

Module 3: Security Operations

3a. Risk Governance (region-agnostic, single API call)

CODEBLOCK4

3b. Security Protection — WAF Blocks (multi-region, two-step)

CODEBLOCK5

3c. Security Response

CODEBLOCK6

Module 4: Asset Risk Trend

CODEBLOCK7

Module 5: Billing & Subscription

CODEBLOCK8

Product Code Mapping

Data Processing Rules

1. 1. Multi-region aggregation: APIs requiring regions must query cn-shanghai + ap-southeast-1 separately, then sum the numeric results.
2. Timestamps: SAS APIs use millisecond timestamps. WAF APIs use second timestamps.
3. PostPayModuleSwitch: Is a JSON string — must JSON.parse() / json.loads() before reading.
4. Score extraction: Use Score field from DescribeSecureSuggestion response as current score. Note: DescribeScreenScoreThread is currently unavailable (CalType not supported); once supported, switch to using the last element of Data.SocreThread[] as current score and the full list as historical trend.
5. N/A fields: Security Response Events have no data — display "N/A".
6. Timestamp formatting: Convert ms timestamps to YYYY-MM-DD HH:mm:ss for display.

Success Verification

See references/verification-method.md for step-by-step verification commands.

Cleanup

This skill is read-only (query operations only). No resources are created, so no cleanup is needed.

Best Practices

1. 1. Always query both cn-shanghai and ap-southeast-1 for multi-region APIs before aggregating.
2. Cache the DescribeVersionConfig response — it is used by both Module 2 and Module 5.
3. Use --cli-query (JMESPath) to extract specific fields and reduce output noise.
4. Set --page-size 1 when only TotalCount is needed (e.g., ListUninstallAegisMachines).
5. WAF DescribeFlowChart requires a valid WAF instance ID — auto-fetch via DescribeInstance first; query both cn-shanghai and ap-southeast-1.
6. Billing queries (QueryBill) require --region — try each region (cn-shanghai, ap-southeast-1) in turn; skip any region that returns a permission error.
7. All timestamps returned by SAS are in milliseconds — divide by 1000 for human-readable conversion.

Reference Links