ai-security-xdr/haobang-security-dm/syslog-consumer/target/classes/com/common/service/DataTransformer.class

Êþº¾4™
Æ













Ï
 

!
Ï
"

#
$

%
&

%
'

(
)

*
+

(
,

-

(
.

/
Ï
0

(
1

2

3
Ï
4

(
5

6

(
7

(
8
&
9

(
:

;

(
<

=

(
>

?

(
@
A

(
B

C

(
D

(
E
Ï
F

(
G

H

(
I

(
J

(
K

(
L
M

(
N
Ï
O

(
P

(
Q

R
Ï
S

(
T

(
U

V

(
W

X

(
Y

(
Z

(
[

\

(
]

^

(
_

`
Ï
a

(
b

c

(
d

(
e

(
f

(
g

(
h

(
i

(
j

(
k

(
l

(
m

(
n

(
o

(
p

(
q

(
r

(
s

(
t

(
u

(
v

(
w

(
x

(
y

(
z
{

(
|

(
}

~


€

(
�

(
‚

ƒ
„

(
…

(
†

(
‡

ˆ

(
‰

Š

(
‹

Œ

(
�

Ž

(
�

(
�
‘	Ï
’
“
”
•

–
—

˜
™

˜
š

˜
›

˜
œ

˜
�

˜
ž

˜
Ÿ

˜
 

˜
¡

˜
¢

˜
£

˜
¤

˜
¥

˜
¦

˜
§

˜
¨

˜
©

˜
ª

˜
«

˜
¬

˜
­

˜
®

˜
¯

˜
°

˜
±

˜
²

˜
³

˜
´

˜
µ

˜
¶

˜
·

˜
¸

˜
¹

˜
º

˜
»

˜
¼

˜
½

˜
¾

˜
¿

˜
À

˜
Á

˜
Â

˜
Ã

˜
Ä

˜
Å

˜
Æ

˜
Ç

˜
È

˜
É

˜
Ê

˜
Ë

˜
Ì

˜
Í

˜
Î

˜
Ï

˜
Ð

˜
Ñ

˜
Ò

˜
Ó

˜
Ô

˜
Õ

˜
Ö

˜
×

˜
Ø

˜
Ù

˜
Ú

Û
Ü
Ý

Þ

ß

à

á

â
ã
ä

Û
å
æ
ç
è
Ï
é

Û
ê
&
€
ë
ì
í
î
ï
ð

ñ
ò
log
Lorg/slf4j/Logger;
<init>
()V
Code
LineNumberTable
LocalVariableTable
this
$Lcom/common/service/DataTransformer;
transformGroupedData
"(Ljava/util/List;)Ljava/util/List;
alarm
Lcom/common/entity/Alarm;
groupedData
%Lcom/common/entity/GroupedSyslogData;
groupedDataList
Ljava/util/List;
	alarmList
LocalVariableTypeTable
7Ljava/util/List<Lcom/common/entity/GroupedSyslogData;>;
+Ljava/util/List<Lcom/common/entity/Alarm;>;

StackMapTable
ó
ô
	Signature
d(Ljava/util/List<Lcom/common/entity/GroupedSyslogData;>;)Ljava/util/List<Lcom/common/entity/Alarm;>;
transformGroupedDataVisit
Lcom/common/entity/AlarmVisit;
0Ljava/util/List<Lcom/common/entity/AlarmVisit;>;
i(Ljava/util/List<Lcom/common/entity/GroupedSyslogData;>;)Ljava/util/List<Lcom/common/entity/AlarmVisit;>;
transformSingleGroupedData
@(Lcom/common/entity/GroupedSyslogData;)Lcom/common/entity/Alarm;

e
Ljava/lang/Exception;
‘
transformSingleGroupedDataVisit
E(Lcom/common/entity/GroupedSyslogData;)Lcom/common/entity/AlarmVisit;
getAlarmType
8(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
firstEventType
Ljava/lang/String;
	eventType
õ
determineAttackResult
:(Lcom/common/entity/GroupedSyslogData;)Ljava/lang/Integer;
result
Ljava/lang/Integer;
ö
extractPayloadSample
([[B)[B
payloadSamples
[[B
buildComment
9(Lcom/common/entity/GroupedSyslogData;)Ljava/lang/String;
victimIpsStr
convertAlarmLevel
'(Ljava/lang/Integer;)Ljava/lang/String;

eventLevel
convertHttpStatus
'([Ljava/lang/String;)Ljava/lang/String;
httpStatusCodes
[Ljava/lang/String;
convertAttackIps
	attackIps
<clinit>

SourceFile
DataTransformer.java
RuntimeVisibleAnnotations
*Lorg/springframework/stereotype/Component;ÓÔ
java/util/ArrayList
ó
÷
øÓ
ù
ú
û
ô
ü
ý
þ
ÿ
#com/common/entity/GroupedSyslogDataïð
ôõ	



	ö÷ !"#$%&'$(&)$*&
java/lang/Integer+,-./,0&

12$3&45"6"
研判å�Žå¤„ç½®7üý8"9":;


<=>,?.@,A.B,CDEFGHI$

JKLMNOPQRSTUVWXYZ[\"]^_`ab
othercdefgh
øi"j"klmnonpnq$r&s$t&u$v&w$x&yz
java/lang/ExceptionÑÒ
转æ�¢åˆ†ç»„æ•°æ�®å¤±è´¥: {}{|}~€�
‚ƒ‚‚‚‚‚!„%…(…*…+†/†0…1‚3…4‚5„6„7‚8„9„<‡>†@†B†C‚D‚FƒHƒJ‚L‚M‚N‚O‚P‚Q‚R‚S‚T‚U‚V‚W‚X‚Y‚Z‚[‚\„]‚^ƒ_‚`‚a‚bƒc‚dƒi„j„mˆoˆpˆr…t…v…x…y‰
õŠ
ý
‹Œ�.Ž��‘

,’“
未知
_24�时内，检测到%s上产生%s告警：
告警�称：%s
攻击IP：%s
攻击结果：%d
java/lang/Object

”•
安全(无��)
低�
中�
高�
超�
"com/common/service/DataTransformer–—˜
java/util/List
java/util/Iterator
java/lang/String
[Ljava/lang/Integer;
size
()I
(I)V
iterator
()Ljava/util/Iterator;
hasNext
()Z
next
()Ljava/lang/Object;
add
(Ljava/lang/Object;)Z
com/common/entity/Alarm
builder
AlarmBuilder
InnerClasses
(()Lcom/common/entity/Alarm$AlarmBuilder;
java/util/UUID

randomUUID
()Ljava/util/UUID;
toString
()Ljava/lang/String;
$com/common/entity/Alarm$AlarmBuilder
id
:(Ljava/lang/String;)Lcom/common/entity/Alarm$AlarmBuilder;
java/time/LocalDateTime
now
()Ljava/time/LocalDateTime;
	createdAt
A(Ljava/time/LocalDateTime;)Lcom/common/entity/Alarm$AlarmBuilder;
getOriginEventName
	alarmName
getMaxEventLevel
()Ljava/lang/Integer;

alarmLevel
getFirstEventType
getMinEventType
	alarmType
getEventType
alarmMajorType
alarmMinorType
valueOf
(I)Ljava/lang/Integer;
alarmAreaId
;(Ljava/lang/Integer;)Lcom/common/entity/Alarm$AlarmBuilder;
getAttackIps
()[Ljava/lang/String;
attackIp
;([Ljava/lang/String;)Lcom/common/entity/Alarm$AlarmBuilder;
getVictimIps
victimIp
getVictimWebUrls
victimWebUrl
attackChainPhase
<([Ljava/lang/Integer;)Lcom/common/entity/Alarm$AlarmBuilder;
getDeviceIds
()[Ljava/lang/Integer;
deviceId
tag
comment
getOriginLogIds
originLogIds
queryId
judgedState

disposedState
dispositionAdvice
attackResult
fall
getPayloadSamples
()[[B
payload
*([B)Lcom/common/entity/Alarm$AlarmBuilder;
operateEvent
getAttackPorts

attackPort
getVictimPorts

victimPort
attackMethod
businessExt

getMinLogTime

logStartAt

getMaxLogTime
logEndAt
getHttpStatusCodes

httpStatus

getDnsInfo
dnsInfo
accountInfo
attackerInfo

victimInfo
suspiciousAction
vulnInfo
weakPwd
complianceBaseline
fileInfo
fileTags
endpointInfo
endpointProtection

originInfo
protocolInfo
	emailInfo

sensitiveData
hitIntelligence

windowTime
	updatedAt

engineType
attackIpPic
victimIpPic
operationAt
attackDirection
etlTime
getLogCount
()Ljava/lang/Long;
java/lang/Long
intValue
logCount

isAssetHit
java/lang/Boolean
(Z)Ljava/lang/Boolean;
focused
;(Ljava/lang/Boolean;)Lcom/common/entity/Alarm$AlarmBuilder;
baseFocused
	isUpdated
getHttpReqHeaders