925 lines
64 KiB
XML
925 lines
64 KiB
XML
|
<?xml version="1.0" encoding="UTF-8" ?>
|
||
|
|
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
||
|
|
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
|
||
|
|
<mapper namespace="com.common.mapper.SyslogNormalDataMapper">
|
||
|
|
<!-- 定义部分字段的结果映射 -->
|
||
|
|
<resultMap id="requiredFieldsMap" type="com.common.entity.SyslogNormalData">
|
||
|
|
<!-- 基础字段 -->
|
||
|
|
<id property="id" column="id" jdbcType="VARCHAR"/>
|
||
|
|
<result property="createdAt" column="created_at"
|
||
|
|
typeHandler="com.Modules.etl.handler.TimestamptzTypeHandler"/>
|
||
|
|
<result property="logTime" column="log_time"
|
||
|
|
typeHandler="com.Modules.etl.handler.TimestamptzTypeHandler"/>
|
||
|
|
|
||
|
|
<!-- 构建请求体所需的字段 -->
|
||
|
|
<result property="deviceIp" column="device_ip" jdbcType="VARCHAR"/>
|
||
|
|
<result property="destIp" column="dest_ip" jdbcType="VARCHAR"/>
|
||
|
|
<result property="destPort" column="dest_port" jdbcType="BIGINT"/>
|
||
|
|
<result property="destMac" column="dest_mac" jdbcType="VARCHAR"/>
|
||
|
|
<result property="srcIp" column="src_ip" jdbcType="VARCHAR"/>
|
||
|
|
<result property="srcPort" column="src_port" jdbcType="BIGINT"/>
|
||
|
|
<result property="srcMac" column="src_mac" jdbcType="VARCHAR"/>
|
||
|
|
<result property="hostFilePath" column="host_file_path" jdbcType="VARCHAR"/>
|
||
|
|
<result property="fileMd5" column="file_md5" jdbcType="VARCHAR"/>
|
||
|
|
<result property="fileName" column="file_name" jdbcType="VARCHAR"/>
|
||
|
|
<result property="destCity" column="dest_city" jdbcType="VARCHAR"/>
|
||
|
|
<result property="destCountry" column="dest_country" jdbcType="VARCHAR"/>
|
||
|
|
<result property="destLat" column="dest_lat" jdbcType="VARCHAR"/>
|
||
|
|
<result property="destLon" column="dest_lon" jdbcType="VARCHAR"/>
|
||
|
|
<result property="srcCity" column="src_city" jdbcType="VARCHAR"/>
|
||
|
|
<result property="srcCountry" column="src_country" jdbcType="VARCHAR"/>
|
||
|
|
<result property="srcCountryCode" column="src_country_code" jdbcType="VARCHAR"/>
|
||
|
|
<result property="srcLat" column="src_lat" jdbcType="VARCHAR"/>
|
||
|
|
<result property="srcLon" column="src_lon" jdbcType="VARCHAR"/>
|
||
|
|
<result property="httpHost" column="http_host" jdbcType="VARCHAR"/>
|
||
|
|
<result property="hostFileMd5" column="host_file_md5" jdbcType="VARCHAR"/>
|
||
|
|
<result property="httpReqHeaderRaw" column="http_req_header_raw" jdbcType="VARCHAR"/>
|
||
|
|
<result property="httpMethod" column="http_method" jdbcType="VARCHAR"/>
|
||
|
|
<result property="httpRespContentType" column="http_resp_content_type" jdbcType="VARCHAR"/>
|
||
|
|
<result property="proto" column="proto" jdbcType="VARCHAR"/>
|
||
|
|
<result property="httpReferer" column="http_referer" jdbcType="VARCHAR"/>
|
||
|
|
<result property="httpUrl" column="http_url" jdbcType="VARCHAR"/>
|
||
|
|
<result property="httpStatusCode" column="http_status_code" jdbcType="BIGINT"/>
|
||
|
|
<result property="vlanId" column="vlan_id" jdbcType="VARCHAR"/>
|
||
|
|
|
||
|
|
<!-- 其他可能需要的字段(可选) -->
|
||
|
|
<result property="eventDate" column="event_date"
|
||
|
|
typeHandler="com.Modules.etl.handler.TimestamptzTypeHandler"/>
|
||
|
|
<result property="attackResult" column="attack_result" jdbcType="INTEGER"/>
|
||
|
|
<result property="engineType" column="engine_type" jdbcType="VARCHAR"/>
|
||
|
|
<result property="syslogUuid" column="syslog_uuid" jdbcType="VARCHAR"/>
|
||
|
|
<result property="syslogTopic" column="syslog_topic" jdbcType="VARCHAR"/>
|
||
|
|
</resultMap>
|
||
|
|
|
||
|
|
<!-- 只查询构建API请求体所需的字段 -->
|
||
|
|
<select id="findRequiredFieldsAfterTime" resultMap="requiredFieldsMap">
|
||
|
|
SELECT
|
||
|
|
id,
|
||
|
|
created_at,
|
||
|
|
log_time,
|
||
|
|
device_ip,
|
||
|
|
dest_ip,
|
||
|
|
dest_port,
|
||
|
|
dest_mac,
|
||
|
|
src_ip,
|
||
|
|
src_port,
|
||
|
|
src_mac,
|
||
|
|
host_file_path,
|
||
|
|
file_md5,
|
||
|
|
file_name,
|
||
|
|
dest_city,
|
||
|
|
dest_country,
|
||
|
|
dest_lat,
|
||
|
|
dest_lon,
|
||
|
|
src_city,
|
||
|
|
src_country,
|
||
|
|
src_country_code,
|
||
|
|
src_lat,
|
||
|
|
src_lon,
|
||
|
|
http_host,
|
||
|
|
host_file_md5,
|
||
|
|
http_req_header_raw,
|
||
|
|
http_method,
|
||
|
|
http_resp_content_type,
|
||
|
|
proto,
|
||
|
|
http_referer,
|
||
|
|
http_url,
|
||
|
|
http_status_code,
|
||
|
|
-- 可选字段
|
||
|
|
event_date,
|
||
|
|
attack_result,
|
||
|
|
engine_type,
|
||
|
|
syslog_uuid,
|
||
|
|
syslog_topic
|
||
|
|
FROM syslog_normal_data
|
||
|
|
WHERE created_at >= #{startTime}
|
||
|
|
ORDER BY created_at ASC
|
||
|
|
<!-- LIMIT 1000 -->
|
||
|
|
</select>
|
||
|
|
|
||
|
|
<!-- 分页查询版本 -->
|
||
|
|
<select id="findRequiredFieldsByPage" resultMap="requiredFieldsMap">
|
||
|
|
SELECT
|
||
|
|
id,
|
||
|
|
created_at,
|
||
|
|
log_time,
|
||
|
|
device_ip,
|
||
|
|
dest_ip,
|
||
|
|
dest_port,
|
||
|
|
dest_mac,
|
||
|
|
src_ip,
|
||
|
|
src_port,
|
||
|
|
src_mac,
|
||
|
|
host_file_path,
|
||
|
|
file_md5,
|
||
|
|
file_name,
|
||
|
|
dest_city,
|
||
|
|
dest_country,
|
||
|
|
dest_lat,
|
||
|
|
dest_lon,
|
||
|
|
src_city,
|
||
|
|
src_country,
|
||
|
|
src_country_code,
|
||
|
|
src_lat,
|
||
|
|
src_lon,
|
||
|
|
http_host,
|
||
|
|
host_file_md5,
|
||
|
|
http_req_header_raw,
|
||
|
|
http_method,
|
||
|
|
http_resp_content_type,
|
||
|
|
proto,
|
||
|
|
http_referer,
|
||
|
|
http_url,
|
||
|
|
http_status_code,
|
||
|
|
vlan_id
|
||
|
|
FROM syslog_normal_data
|
||
|
|
WHERE created_at >= #{startTime}
|
||
|
|
ORDER BY created_at ASC
|
||
|
|
<!-- LIMIT #{limit} OFFSET #{offset} -->
|
||
|
|
|
||
|
|
</select>
|
||
|
|
|
||
|
|
<insert id="insertDynamic" parameterType="map">
|
||
|
|
INSERT INTO syslog_normal_data
|
||
|
|
<trim prefix="(" suffix=")" suffixOverrides=",">
|
||
|
|
<if test="dataMap.id != null">id,</if>
|
||
|
|
<if test="dataMap.created_at != null">created_at,</if>
|
||
|
|
<if test="dataMap.log_time != null">log_time,</if>
|
||
|
|
<if test="dataMap.device_id != null">device_id,</if>
|
||
|
|
<if test="dataMap.webshell_type != null">webshell_type,</if>
|
||
|
|
<if test="dataMap.vuirs_type != null">vuirs_type,</if>
|
||
|
|
<if test="dataMap.vuirs_url != null">vuirs_url,</if>
|
||
|
|
<if test="dataMap.class_filename != null">class_filename,</if>
|
||
|
|
<if test="dataMap.class_path != null">class_path,</if>
|
||
|
|
<if test="dataMap.parent_class != null">parent_class,</if>
|
||
|
|
<if test="dataMap.jar_path != null">jar_path,</if>
|
||
|
|
<if test="dataMap.class_md5 != null">class_md5,</if>
|
||
|
|
<if test="dataMap.class_loader != null">class_loader,</if>
|
||
|
|
<if test="dataMap.class_hashcode != null">class_hashcode,</if>
|
||
|
|
<if test="dataMap.class_loader_hashcode != null">class_loader_hashcode,</if>
|
||
|
|
<if test="dataMap.tc_nameip != null">tc_nameip,</if>
|
||
|
|
<if test="dataMap.perform_sql != null">perform_sql,</if>
|
||
|
|
<if test="dataMap.tc_account != null">tc_account,</if>
|
||
|
|
<if test="dataMap.tc_appname != null">tc_appname,</if>
|
||
|
|
<if test="dataMap.process_uname != null">process_uname,</if>
|
||
|
|
<if test="dataMap.p_process_uname != null">p_process_uname,</if>
|
||
|
|
<if test="dataMap.container_name != null">container_name,</if>
|
||
|
|
<if test="dataMap.container_id != null">container_id,</if>
|
||
|
|
<if test="dataMap.http_resp_server != null">http_resp_server,</if>
|
||
|
|
<if test="dataMap.srcip_id != null">srcip_id,</if>
|
||
|
|
<if test="dataMap.cdnip != null">cdnip,</if>
|
||
|
|
<if test="dataMap.natip != null">natip,</if>
|
||
|
|
<if test="dataMap.mail_sender != null">mail_sender,</if>
|
||
|
|
<if test="dataMap.mail_receiver != null">mail_receiver,</if>
|
||
|
|
<if test="dataMap.vpn_mac != null">vpn_mac,</if>
|
||
|
|
<if test="dataMap.vpn_os != null">vpn_os,</if>
|
||
|
|
<if test="dataMap.vpn_user != null">vpn_user,</if>
|
||
|
|
<if test="dataMap.vpn_groupname != null">vpn_groupname,</if>
|
||
|
|
<if test="dataMap.vpn_access_ip != null">vpn_access_ip,</if>
|
||
|
|
<if test="dataMap.dest_ip_apt != null">dest_ip_apt,</if>
|
||
|
|
<if test="dataMap.origin_attack_result != null">origin_attack_result,</if>
|
||
|
|
<if test="dataMap.description != null">description,</if>
|
||
|
|
<if test="dataMap.solution != null">solution,</if>
|
||
|
|
<if test="dataMap.attack_cause != null">attack_cause,</if>
|
||
|
|
<if test="dataMap.username != null">username,</if>
|
||
|
|
<if test="dataMap.tc_flow_id != null">tc_flow_id,</if>
|
||
|
|
<if test="dataMap.login_result != null">login_result,</if>
|
||
|
|
<if test="dataMap.cmdline != null">cmdline,</if>
|
||
|
|
<if test="dataMap.origin_attack_action != null">origin_attack_action,</if>
|
||
|
|
<if test="dataMap.victim_domain != null">victim_domain,</if>
|
||
|
|
<if test="dataMap.vpn_deviceid != null">vpn_deviceid,</if>
|
||
|
|
<if test="dataMap.vpn_access_action != null">vpn_access_action,</if>
|
||
|
|
<if test="dataMap.file_access_time != null">file_access_time,</if>
|
||
|
|
<if test="dataMap.file_name != null">file_name,</if>
|
||
|
|
<if test="dataMap.tc_class != null">tc_class,</if>
|
||
|
|
<if test="dataMap.tc_name2 != null">tc_name2,</if>
|
||
|
|
<if test="dataMap.login_lasttime != null">login_lasttime,</if>
|
||
|
|
<if test="dataMap.origin_permissions != null">origin_permissions,</if>
|
||
|
|
<if test="dataMap.begin_permissions != null">begin_permissions,</if>
|
||
|
|
<if test="dataMap.print_time != null">print_time,</if>
|
||
|
|
<if test="dataMap.printer != null">printer,</if>
|
||
|
|
<if test="dataMap.printer_type != null">printer_type,</if>
|
||
|
|
<if test="dataMap.print_pages != null">print_pages,</if>
|
||
|
|
<if test="dataMap.print_copies != null">print_copies,</if>
|
||
|
|
<if test="dataMap.src_device != null">src_device,</if>
|
||
|
|
<if test="dataMap.dst_device != null">dst_device,</if>
|
||
|
|
<if test="dataMap.src_file != null">src_file,</if>
|
||
|
|
<if test="dataMap.src_file_type != null">src_file_type,</if>
|
||
|
|
<if test="dataMap.src_file_path != null">src_file_path,</if>
|
||
|
|
<if test="dataMap.dst_file != null">dst_file,</if>
|
||
|
|
<if test="dataMap.dst_file_type != null">dst_file_type,</if>
|
||
|
|
<if test="dataMap.dst_file_path != null">dst_file_path,</if>
|
||
|
|
<if test="dataMap.dlp_policy_name != null">dlp_policy_name,</if>
|
||
|
|
<if test="dataMap.dlp_policy_type != null">dlp_policy_type,</if>
|
||
|
|
<if test="dataMap.dst_upload_url != null">dst_upload_url,</if>
|
||
|
|
<if test="dataMap.process_uuid != null">process_uuid,</if>
|
||
|
|
<if test="dataMap.p_process_uuid != null">p_process_uuid,</if>
|
||
|
|
<if test="dataMap.env != null">env,</if>
|
||
|
|
<if test="dataMap.brute_force_service != null">brute_force_service,</if>
|
||
|
|
<if test="dataMap.vuirs_name != null">vuirs_name,</if>
|
||
|
|
<if test="dataMap.http_req_length != null">http_req_length,</if>
|
||
|
|
<if test="dataMap.http_req_content_type != null">http_req_content_type,</if>
|
||
|
|
<if test="dataMap.tc_scan_port != null">tc_scan_port,</if>
|
||
|
|
<if test="dataMap.tc_labels != null">tc_labels,</if>
|
||
|
|
<if test="dataMap.http_resp_content_type != null">http_resp_content_type,</if>
|
||
|
|
<if test="dataMap.dns_msg_type != null">dns_msg_type,</if>
|
||
|
|
<if test="dataMap.dns_answer_length != null">dns_answer_length,</if>
|
||
|
|
<if test="dataMap.dns_ioc != null">dns_ioc,</if>
|
||
|
|
<if test="dataMap.tx_bytes != null">tx_bytes,</if>
|
||
|
|
<if test="dataMap.rx_bytes != null">rx_bytes,</if>
|
||
|
|
<if test="dataMap.all_bytes != null">all_bytes,</if>
|
||
|
|
<if test="dataMap.duration_time != null">duration_time,</if>
|
||
|
|
<if test="dataMap.mail_attach_name != null">mail_attach_name,</if>
|
||
|
|
<if test="dataMap.mail_subject != null">mail_subject,</if>
|
||
|
|
<if test="dataMap.mail_message != null">mail_message,</if>
|
||
|
|
<if test="dataMap.mail_send_server != null">mail_send_server,</if>
|
||
|
|
<if test="dataMap.mail_agent != null">mail_agent,</if>
|
||
|
|
<if test="dataMap.tls_version != null">tls_version,</if>
|
||
|
|
<if test="dataMap.tls_server_cert != null">tls_server_cert,</if>
|
||
|
|
<if test="dataMap.tls_server_suite != null">tls_server_suite,</if>
|
||
|
|
<if test="dataMap.tls_client_suites_len != null">tls_client_suites_len,</if>
|
||
|
|
<if test="dataMap.tls_ja3 != null">tls_ja3,</if>
|
||
|
|
<if test="dataMap.tls_ja3s != null">tls_ja3s,</if>
|
||
|
|
<if test="dataMap.vpn_access_port != null">vpn_access_port,</if>
|
||
|
|
<if test="dataMap.log_topic != null">log_topic,</if>
|
||
|
|
<if test="dataMap.collect_time != null">collect_time,</if>
|
||
|
|
<if test="dataMap.src_is_intranetip != null">src_is_intranetip,</if>
|
||
|
|
<if test="dataMap.src_ip_ioc != null">src_ip_ioc,</if>
|
||
|
|
<if test="dataMap.src_ip_apt != null">src_ip_apt,</if>
|
||
|
|
<if test="dataMap.srcip_name != null">srcip_name,</if>
|
||
|
|
<if test="dataMap.tc_client != null">tc_client,</if>
|
||
|
|
<if test="dataMap.srcip_organization_id != null">srcip_organization_id,</if>
|
||
|
|
<if test="dataMap.dest_ip_intranetip != null">dest_ip_intranetip,</if>
|
||
|
|
<if test="dataMap.dest_ip_ioc != null">dest_ip_ioc,</if>
|
||
|
|
<if test="dataMap.desip_id != null">desip_id,</if>
|
||
|
|
<if test="dataMap.desip_name != null">desip_name,</if>
|
||
|
|
<if test="dataMap.tc_hostip != null">tc_hostip,</if>
|
||
|
|
<if test="dataMap.desip_organization_id != null">desip_organization_id,</if>
|
||
|
|
<if test="dataMap.origin_confidence != null">origin_confidence,</if>
|
||
|
|
<if test="dataMap.origin_malscore != null">origin_malscore,</if>
|
||
|
|
<if test="dataMap.attacker_icampaign != null">attacker_icampaign,</if>
|
||
|
|
<if test="dataMap.attacker_host_asset_id != null">attacker_host_asset_id,</if>
|
||
|
|
<if test="dataMap.attacker_organization_id != null">attacker_organization_id,</if>
|
||
|
|
<if test="dataMap.victim_host_asset_id != null">victim_host_asset_id,</if>
|
||
|
|
<if test="dataMap.victim_organization_id != null">victim_organization_id,</if>
|
||
|
|
<if test="dataMap.logout_time != null">logout_time,</if>
|
||
|
|
<if test="dataMap.http_req_line != null">http_req_line,</if>
|
||
|
|
<if test="dataMap.desip_security_scope_id != null">desip_security_scope_id,</if>
|
||
|
|
<if test="dataMap.srcip_security_scope_id != null">srcip_security_scope_id,</if>
|
||
|
|
<if test="dataMap.http_resp_length != null">http_resp_length,</if>
|
||
|
|
<if test="dataMap.tc_attack_type != null">tc_attack_type,</if>
|
||
|
|
<if test="dataMap.tc_realip != null">tc_realip,</if>
|
||
|
|
<if test="dataMap.attacker_ip_lists != null">attacker_ip_lists,</if>
|
||
|
|
<if test="dataMap.login_password != null">login_password,</if>
|
||
|
|
<if test="dataMap.detail != null">detail,</if>
|
||
|
|
<if test="dataMap.attacker_country_code != null">attacker_country_code,</if>
|
||
|
|
<if test="dataMap.attacker_region_code != null">attacker_region_code,</if>
|
||
|
|
<if test="dataMap.victim_region_code != null">victim_region_code,</if>
|
||
|
|
<if test="dataMap.payload != null">payload,</if>
|
||
|
|
<if test="dataMap.http_referer != null">http_referer,</if>
|
||
|
|
<if test="dataMap.http_user_agent != null">http_user_agent,</if>
|
||
|
|
<if test="dataMap.http_session != null">http_session,</if>
|
||
|
|
<if test="dataMap.http_query_string != null">http_query_string,</if>
|
||
|
|
<if test="dataMap.file_path != null">file_path,</if>
|
||
|
|
<if test="dataMap.file_permission != null">file_permission,</if>
|
||
|
|
<if test="dataMap.login_abnormal_type != null">login_abnormal_type,</if>
|
||
|
|
<if test="dataMap.file_tag != null">file_tag,</if>
|
||
|
|
<if test="dataMap.file_platform != null">file_platform,</if>
|
||
|
|
<if test="dataMap.target_ip != null">target_ip,</if>
|
||
|
|
<if test="dataMap.collect_date != null">collect_date,</if>
|
||
|
|
<if test="dataMap.tc_client_ip != null">tc_client_ip,</if>
|
||
|
|
<if test="dataMap.tc_server_ip != null">tc_server_ip,</if>
|
||
|
|
<if test="dataMap.tc_externalip != null">tc_externalip,</if>
|
||
|
|
<if test="dataMap.http_status_code != null">http_status_code,</if>
|
||
|
|
<if test="dataMap.device_domian != null">device_domian,</if>
|
||
|
|
<if test="dataMap.src_ip_str != null">src_ip_str,</if>
|
||
|
|
<if test="dataMap.src_port_str != null">src_port_str,</if>
|
||
|
|
<if test="dataMap.dest_ip_str != null">dest_ip_str,</if>
|
||
|
|
<if test="dataMap.dest_port_str != null">dest_port_str,</if>
|
||
|
|
<if test="dataMap.pcap != null">pcap,</if>
|
||
|
|
<if test="dataMap.ioc != null">ioc,</if>
|
||
|
|
<if test="dataMap.malicious_family != null">malicious_family,</if>
|
||
|
|
<if test="dataMap.vuln_cve != null">vuln_cve,</if>
|
||
|
|
<if test="dataMap.aliyun_type != null">aliyun_type,</if>
|
||
|
|
<if test="dataMap.attacker_host_asset_name != null">attacker_host_asset_name,</if>
|
||
|
|
<if test="dataMap.attacker_organization_name != null">attacker_organization_name,</if>
|
||
|
|
<if test="dataMap.ct_id != null">ct_id,</if>
|
||
|
|
<if test="dataMap.cve_list != null">cve_list,</if>
|
||
|
|
<if test="dataMap.desip_organization_name != null">desip_organization_name,</if>
|
||
|
|
<if test="dataMap.dest_ip_group != null">dest_ip_group,</if>
|
||
|
|
<if test="dataMap.file_gid != null">file_gid,</if>
|
||
|
|
<if test="dataMap.file_owner != null">file_owner,</if>
|
||
|
|
<if test="dataMap.file_ownergroup != null">file_ownergroup,</if>
|
||
|
|
<if test="dataMap.file_uid != null">file_uid,</if>
|
||
|
|
<if test="dataMap.http_resp_cookie != null">http_resp_cookie,</if>
|
||
|
|
<if test="dataMap.origin_rule_id != null">origin_rule_id,</if>
|
||
|
|
<if test="dataMap.origin_rule_name != null">origin_rule_name,</if>
|
||
|
|
<if test="dataMap.service_name != null">service_name,</if>
|
||
|
|
<if test="dataMap.src_ip_asset_group != null">src_ip_asset_group,</if>
|
||
|
|
<if test="dataMap.srcip_organization_name != null">srcip_organization_name,</if>
|
||
|
|
<if test="dataMap.victim_host_asset_name != null">victim_host_asset_name,</if>
|
||
|
|
<if test="dataMap.http_resp_codes != null">http_resp_codes,</if>
|
||
|
|
<if test="dataMap.victim_organization_name != null">victim_organization_name,</if>
|
||
|
|
<if test="dataMap.tc_type != null">tc_type,</if>
|
||
|
|
<if test="dataMap.direction != null">direction,</if>
|
||
|
|
<if test="dataMap.http_req_cookie != null">http_req_cookie,</if>
|
||
|
|
<if test="dataMap.http_req_protocol != null">http_req_protocol,</if>
|
||
|
|
<if test="dataMap.http_req_header_raw != null">http_req_header_raw,</if>
|
||
|
|
<if test="dataMap.http_url != null">http_url,</if>
|
||
|
|
<if test="dataMap.uname != null">uname,</if>
|
||
|
|
<if test="dataMap.origin_hostname != null">origin_hostname,</if>
|
||
|
|
<if test="dataMap.origin_os != null">origin_os,</if>
|
||
|
|
<if test="dataMap.origin_agent_mac != null">origin_agent_mac,</if>
|
||
|
|
<if test="dataMap.origin_host_id != null">origin_host_id,</if>
|
||
|
|
<if test="dataMap.origin_agent_version != null">origin_agent_version,</if>
|
||
|
|
<if test="dataMap.origin_agent_id != null">origin_agent_id,</if>
|
||
|
|
<if test="dataMap.origin_agent_name != null">origin_agent_name,</if>
|
||
|
|
<if test="dataMap.origin_work_group != null">origin_work_group,</if>
|
||
|
|
<if test="dataMap.origin_asset_group != null">origin_asset_group,</if>
|
||
|
|
<if test="dataMap.origin_local_port != null">origin_local_port,</if>
|
||
|
|
<if test="dataMap.origin_agent_ip != null">origin_agent_ip,</if>
|
||
|
|
<if test="dataMap.origin_internal_ip != null">origin_internal_ip,</if>
|
||
|
|
<if test="dataMap.origin_external_ip != null">origin_external_ip,</if>
|
||
|
|
<if test="dataMap.origin_local_addr != null">origin_local_addr,</if>
|
||
|
|
<if test="dataMap.agent_id != null">agent_id,</if>
|
||
|
|
<if test="dataMap.agent_name != null">agent_name,</if>
|
||
|
|
<if test="dataMap.tc_title != null">tc_title,</if>
|
||
|
|
<if test="dataMap.log_id != null">log_id,</if>
|
||
|
|
<if test="dataMap.event_date != null">event_date,</if>
|
||
|
|
<if test="dataMap.event_time_ts != null">event_time_ts,</if>
|
||
|
|
<if test="dataMap.event_level != null">event_level,</if>
|
||
|
|
<if test="dataMap.src_ip != null">src_ip ,</if>
|
||
|
|
<if test="dataMap.src_port != null">src_port,</if>
|
||
|
|
<if test="dataMap.dest_ip != null">dest_ip,</if>
|
||
|
|
<if test="dataMap.dest_port != null">dest_port,</if>
|
||
|
|
<if test="dataMap.event_time != null">event_time,</if>
|
||
|
|
<if test="dataMap.attacker_country != null">attacker_country,</if>
|
||
|
|
<if test="dataMap.src_mac != null">src_mac,</if>
|
||
|
|
<if test="dataMap.dest_mac != null">dest_mac,</if>
|
||
|
|
<if test="dataMap.proto != null">proto,</if>
|
||
|
|
<if test="dataMap.dev_id != null">dev_id,</if>
|
||
|
|
<if test="dataMap.created_time != null">created_time,</if>
|
||
|
|
<if test="dataMap.src_country != null">src_country,</if>
|
||
|
|
<if test="dataMap.src_country_code != null">src_country_code,</if>
|
||
|
|
<if test="dataMap.src_region != null">src_region,</if>
|
||
|
|
<if test="dataMap.src_region_code != null">src_region_code,</if>
|
||
|
|
<if test="dataMap.src_city != null">src_city,</if>
|
||
|
|
<if test="dataMap.src_lon != null">src_lon,</if>
|
||
|
|
<if test="dataMap.http_method != null">http_method,</if>
|
||
|
|
<if test="dataMap.http_host != null">http_host,</if>
|
||
|
|
<if test="dataMap.http_req_header != null">http_req_header,</if>
|
||
|
|
<if test="dataMap.http_req_body != null">http_req_body,</if>
|
||
|
|
<if test="dataMap.http_resp_header != null">http_resp_header,</if>
|
||
|
|
<if test="dataMap.http_resp_body != null">http_resp_body,</if>
|
||
|
|
<if test="dataMap.file_type != null">file_type,</if>
|
||
|
|
<if test="dataMap.file_md5 != null">file_md5,</if>
|
||
|
|
<if test="dataMap.file_size != null">file_size,</if>
|
||
|
|
<if test="dataMap.process != null">process,</if>
|
||
|
|
<if test="dataMap.start_time != null">start_time,</if>
|
||
|
|
<if test="dataMap.action != null">action,</if>
|
||
|
|
<if test="dataMap.attacker_region != null">attacker_region,</if>
|
||
|
|
<if test="dataMap.end_time != null">end_time,</if>
|
||
|
|
<if test="dataMap.file_created_time != null">file_created_time,</if>
|
||
|
|
<if test="dataMap.file_modified_time != null">file_modified_time,</if>
|
||
|
|
<if test="dataMap.tc_miguan_scan_port != null">tc_miguan_scan_port,</if>
|
||
|
|
<if test="dataMap.process_path != null">process_path,</if>
|
||
|
|
<if test="dataMap.parent_process_path != null">parent_process_path,</if>
|
||
|
|
<if test="dataMap.gname != null">gname,</if>
|
||
|
|
<if test="dataMap.exe_name != null">exe_name,</if>
|
||
|
|
<if test="dataMap.exe_path != null">exe_path,</if>
|
||
|
|
<if test="dataMap.login_time != null">login_time,</if>
|
||
|
|
<if test="dataMap.login_times != null">login_times,</if>
|
||
|
|
<if test="dataMap.check_item != null">check_item,</if>
|
||
|
|
<if test="dataMap.check_type != null">check_type,</if>
|
||
|
|
<if test="dataMap.attacker_ip != null">attacker_ip,</if>
|
||
|
|
<if test="dataMap.attacker_port != null">attacker_port,</if>
|
||
|
|
<if test="dataMap.victim_ip != null">victim_ip,</if>
|
||
|
|
<if test="dataMap.victim_port != null">victim_port,</if>
|
||
|
|
<if test="dataMap.attacker_city != null">attacker_city,</if>
|
||
|
|
<if test="dataMap.attacker_lon != null">attacker_lon,</if>
|
||
|
|
<if test="dataMap.attacker_lat != null">attacker_lat,</if>
|
||
|
|
<if test="dataMap.victim_country != null">victim_country,</if>
|
||
|
|
<if test="dataMap.victim_region != null">victim_region,</if>
|
||
|
|
<if test="dataMap.victim_city != null">victim_city,</if>
|
||
|
|
<if test="dataMap.victim_lon != null">victim_lon,</if>
|
||
|
|
<if test="dataMap.victim_lat != null">victim_lat,</if>
|
||
|
|
<if test="dataMap.origin_event_id != null">origin_event_id,</if>
|
||
|
|
<if test="dataMap.origin_event_name != null">origin_event_name,</if>
|
||
|
|
<if test="dataMap.origin_event_category != null">origin_event_category,</if>
|
||
|
|
<if test="dataMap.origin_event_level != null">origin_event_level,</if>
|
||
|
|
<if test="dataMap.origin_attack_chain != null">origin_attack_chain,</if>
|
||
|
|
<if test="dataMap.engine_type != null">engine_type,</if>
|
||
|
|
<if test="dataMap.evil_payload != null">evil_payload,</if>
|
||
|
|
<if test="dataMap.http_resp_status != null">http_resp_status,</if>
|
||
|
|
<if test="dataMap.dns_query != null">dns_query,</if>
|
||
|
|
<if test="dataMap.dns_query_type != null">dns_query_type,</if>
|
||
|
|
<if test="dataMap.dns_ttl != null">dns_ttl,</if>
|
||
|
|
<if test="dataMap.dns_answer != null">dns_answer,</if>
|
||
|
|
<if test="dataMap.dns_subdomains != null">dns_subdomains,</if>
|
||
|
|
<if test="dataMap.file_sha256 != null">file_sha256,</if>
|
||
|
|
<if test="dataMap.file_ssdeep != null">file_ssdeep,</if>
|
||
|
|
<if test="dataMap.victim_country_code != null">victim_country_code,</if>
|
||
|
|
<if test="dataMap.http_xff_ip != null">http_xff_ip,</if>
|
||
|
|
<if test="dataMap.tc_miguan_class != null">tc_miguan_class,</if>
|
||
|
|
<if test="dataMap.pid != null">pid,</if>
|
||
|
|
<if test="dataMap.ppid != null">ppid,</if>
|
||
|
|
<if test="dataMap.process_name != null">process_name,</if>
|
||
|
|
<if test="dataMap.backdoor_type != null">backdoor_type,</if>
|
||
|
|
<if test="dataMap.tty != null">tty,</if>
|
||
|
|
<if test="dataMap.sudo_user != null">sudo_user,</if>
|
||
|
|
<if test="dataMap.sudo_group != null">sudo_group,</if>
|
||
|
|
<if test="dataMap.origin_event_type != null">origin_event_type,</if>
|
||
|
|
<if test="dataMap.dest_domain != null">dest_domain,</if>
|
||
|
|
<if test="dataMap.shell_cmdline != null">shell_cmdline,</if>
|
||
|
|
<if test="dataMap.parent_cmdline != null">parent_cmdline,</if>
|
||
|
|
<if test="dataMap.attack_chain != null">attack_chain,</if>
|
||
|
|
<if test="dataMap.process_tree != null">process_tree,</if>
|
||
|
|
<if test="dataMap.host_file_sha256 != null">host_file_sha256,</if>
|
||
|
|
<if test="dataMap.host_file_md5 != null">host_file_md5,</if>
|
||
|
|
<if test="dataMap.host_file_size != null">host_file_size,</if>
|
||
|
|
<if test="dataMap.host_file_type != null">host_file_type,</if>
|
||
|
|
<if test="dataMap.dest_country != null">dest_country,</if>
|
||
|
|
<if test="dataMap.dest_country_code != null">dest_country_code,</if>
|
||
|
|
<if test="dataMap.log_origin != null">log_origin,</if>
|
||
|
|
<if test="dataMap.dest_region != null">dest_region,</if>
|
||
|
|
<if test="dataMap.src_lat != null">src_lat,</if>
|
||
|
|
<if test="dataMap.dest_region_code != null">dest_region_code,</if>
|
||
|
|
<if test="dataMap.dest_city != null">dest_city,</if>
|
||
|
|
<if test="dataMap.dest_lon != null">dest_lon,</if>
|
||
|
|
<if test="dataMap.dest_lat != null">dest_lat,</if>
|
||
|
|
<if test="dataMap.event_category != null">event_category,</if>
|
||
|
|
<if test="dataMap.attack_result != null">attack_result,</if>
|
||
|
|
<if test="dataMap.probe_ip != null">probe_ip,</if>
|
||
|
|
<if test="dataMap.device_ip != null">device_ip,</if>
|
||
|
|
<if test="dataMap.device_manufacturer != null">device_manufacturer,</if>
|
||
|
|
<if test="dataMap.device_name != null">device_name,</if>
|
||
|
|
<if test="dataMap.product_name != null">product_name,</if>
|
||
|
|
<if test="dataMap.__id != null">__id,</if>
|
||
|
|
<if test="dataMap.__count != null">__count,</if>
|
||
|
|
<if test="dataMap.__count_reason != null">__count_reason,</if>
|
||
|
|
<if test="dataMap.event_type != null">event_type,</if>
|
||
|
|
<if test="dataMap.protocol != null">protocol,</if>
|
||
|
|
<if test="dataMap.shell_cmd != null">shell_cmd,</if>
|
||
|
|
<if test="dataMap.parent_name != null">parent_name,</if>
|
||
|
|
<if test="dataMap.host_file_path != null">host_file_path,</if>
|
||
|
|
<if test="dataMap.uid != null">uid,</if>
|
||
|
|
<if test="dataMap.fall != null">fall,</if>
|
||
|
|
<if test="dataMap.tc_miguan_server_ip != null">tc_miguan_server_ip,</if>
|
||
|
|
<if test="dataMap.dev_type != null">dev_type,</if>
|
||
|
|
<if test="dataMap.collect_method != null">collect_method,</if>
|
||
|
|
<if test="dataMap.field_cate_id != null">field_cate_id,</if>
|
||
|
|
<if test="dataMap.device_type != null">device_type,</if>
|
||
|
|
<if test="dataMap.tc_miguan_client_ip != null">tc_miguan_client_ip,</if>
|
||
|
|
<if test="dataMap.tc_miguan_name != null">tc_miguan_name,</if>
|
||
|
|
<if test="dataMap.origin_total_packages != null">origin_total_packages,</if>
|
||
|
|
<if test="dataMap.origin_total_bytes != null">origin_total_bytes,</if>
|
||
|
|
<if test="dataMap.origin_peak_packages_rate != null">origin_peak_packages_rate,</if>
|
||
|
|
<if test="dataMap.origin_peak_bytes_rate != null">origin_peak_bytes_rate,</if>
|
||
|
|
<if test="dataMap.origin_peak_flows_rate != null">origin_peak_flows_rate,</if>
|
||
|
|
<if test="dataMap.apt_orgname != null">apt_orgname,</if>
|
||
|
|
<if test="dataMap.apt_orgmsg != null">apt_orgmsg,</if>
|
||
|
|
<if test="dataMap.mail_message_id != null">mail_message_id,</if>
|
||
|
|
<if test="dataMap.mail_bcc != null">mail_bcc,</if>
|
||
|
|
<if test="dataMap.mail_size != null">mail_size,</if>
|
||
|
|
<if test="dataMap.mail_attach_hashcode != null">mail_attach_hashcode,</if>
|
||
|
|
<if test="dataMap.mail_url != null">mail_url,</if>
|
||
|
|
<if test="dataMap.mail_cc != null">mail_cc,</if>
|
||
|
|
<if test="dataMap.algorithm != null">algorithm,</if>
|
||
|
|
<if test="dataMap.miningpool_ip != null">miningpool_ip,</if>
|
||
|
|
<if test="dataMap.process_md5 != null">process_md5,</if>
|
||
|
|
<if test="dataMap.pprocess_md5 != null">pprocess_md5,</if>
|
||
|
|
<if test="dataMap.source_servername != null">source_servername,</if>
|
||
|
|
<if test="dataMap.origin_source_servername != null">origin_source_servername,</if>
|
||
|
|
<if test="dataMap.mail_filename != null">mail_filename,</if>
|
||
|
|
<if test="dataMap.dst_upload_appname != null">dst_upload_appname,</if>
|
||
|
|
<if test="dataMap.target_port != null">target_port,</if>
|
||
|
|
<if test="dataMap.gid != null">gid,</if>
|
||
|
|
<if test="dataMap.origin_uid != null">origin_uid,</if>
|
||
|
|
<if test="dataMap.origin_gid != null">origin_gid,</if>
|
||
|
|
<if test="dataMap.target_ports != null">target_ports,</if>
|
||
|
|
<if test="dataMap.tc_miguan_name1 != null">tc_miguan_name1,</if>
|
||
|
|
<if test="dataMap.tc_miguan_class1 != null">tc_miguan_class1,</if>
|
||
|
|
<if test="dataMap.etl_time != null">etl_time,</if>
|
||
|
|
<if test="dataMap.tc_miguan_scan_port2 != null">tc_miguan_scan_port2,</if>
|
||
|
|
<if test="dataMap.desip_security_scope != null">desip_security_scope,</if>
|
||
|
|
<if test="dataMap.srcip_security_scope != null">srcip_security_scope,</if>
|
||
|
|
<if test="dataMap.collect_time_ts != null">collect_time_ts,</if>
|
||
|
|
<if test="dataMap.tc_miguan_scan_port1 != null">tc_miguan_scan_port1,</if>
|
||
|
|
<if test="dataMap.src_dev_name != null">src_dev_name,</if>
|
||
|
|
<if test="dataMap.collect_protocol != null">collect_protocol,</if>
|
||
|
|
<if test="dataMap.destination_system_type != null">destination_system_type,</if>
|
||
|
|
<if test="dataMap.destination_system != null">destination_system,</if>
|
||
|
|
<if test="dataMap.etl_host != null">etl_host,</if>
|
||
|
|
<if test="dataMap.normalize_rule_id != null">normalize_rule_id,</if>
|
||
|
|
<if test="dataMap.normalize_rule_name != null">normalize_rule_name,</if>
|
||
|
|
<if test="dataMap.syslog_uuid != null">syslog_uuid,</if>
|
||
|
|
<if test="dataMap.syslog_topic != null">syslog_topic,</if>
|
||
|
|
</trim>
|
||
|
|
VALUES
|
||
|
|
<trim prefix="(" suffix=")" suffixOverrides=",">
|
||
|
|
<if test="dataMap.id != null">#{dataMap.id},</if>
|
||
|
|
<if test="dataMap.created_at != null">#{dataMap.created_at},</if>
|
||
|
|
<if test="dataMap.log_time != null">#{dataMap.log_time},</if>
|
||
|
|
<if test="dataMap.device_id != null">#{dataMap.device_id},</if>
|
||
|
|
<if test="dataMap.webshell_type != null">#{dataMap.webshell_type},</if>
|
||
|
|
<if test="dataMap.vuirs_type != null">#{dataMap.vuirs_type},</if>
|
||
|
|
<if test="dataMap.vuirs_url != null">#{dataMap.vuirs_url},</if>
|
||
|
|
<if test="dataMap.class_filename != null">#{dataMap.class_filename},</if>
|
||
|
|
<if test="dataMap.class_path != null">#{dataMap.class_path},</if>
|
||
|
|
<if test="dataMap.parent_class != null">#{dataMap.parent_class},</if>
|
||
|
|
<if test="dataMap.jar_path != null">#{dataMap.jar_path},</if>
|
||
|
|
<if test="dataMap.class_md5 != null">#{dataMap.class_md5},</if>
|
||
|
|
<if test="dataMap.class_loader != null">#{dataMap.class_loader},</if>
|
||
|
|
<if test="dataMap.class_hashcode != null">#{dataMap.class_hashcode},</if>
|
||
|
|
<if test="dataMap.class_loader_hashcode != null">#{dataMap.class_loader_hashcode},</if>
|
||
|
|
<if test="dataMap.tc_nameip != null">#{dataMap.tc_nameip},</if>
|
||
|
|
<if test="dataMap.perform_sql != null">#{dataMap.perform_sql},</if>
|
||
|
|
<if test="dataMap.tc_account != null">#{dataMap.tc_account},</if>
|
||
|
|
<if test="dataMap.tc_appname != null">#{dataMap.tc_appname},</if>
|
||
|
|
<if test="dataMap.process_uname != null">#{dataMap.process_uname},</if>
|
||
|
|
<if test="dataMap.p_process_uname != null">#{dataMap.p_process_uname},</if>
|
||
|
|
<if test="dataMap.container_name != null">#{dataMap.container_name},</if>
|
||
|
|
<if test="dataMap.container_id != null">#{dataMap.container_id},</if>
|
||
|
|
<if test="dataMap.http_resp_server != null">#{dataMap.http_resp_server},</if>
|
||
|
|
<if test="dataMap.srcip_id != null">#{dataMap.srcip_id}::int8,</if>
|
||
|
|
<if test="dataMap.cdnip != null">#{dataMap.cdnip}::inet,</if>
|
||
|
|
<if test="dataMap.natip != null">#{dataMap.natip}::inet,</if>
|
||
|
|
<if test="dataMap.mail_sender != null">#{dataMap.mail_sender},</if>
|
||
|
|
<if test="dataMap.mail_receiver != null">#{dataMap.mail_receiver},</if>
|
||
|
|
<if test="dataMap.vpn_mac != null">#{dataMap.vpn_mac},</if>
|
||
|
|
<if test="dataMap.vpn_os != null">#{dataMap.vpn_os},</if>
|
||
|
|
<if test="dataMap.vpn_user != null">#{dataMap.vpn_user},</if>
|
||
|
|
<if test="dataMap.vpn_groupname != null">#{dataMap.vpn_groupname},</if>
|
||
|
|
<if test="dataMap.vpn_access_ip != null">#{dataMap.vpn_access_ip},</if>
|
||
|
|
<if test="dataMap.dest_ip_apt != null">#{dataMap.dest_ip_apt},</if>
|
||
|
|
<if test="dataMap.origin_attack_result != null">#{dataMap.origin_attack_result},</if>
|
||
|
|
<if test="dataMap.description != null">#{dataMap.description},</if>
|
||
|
|
<if test="dataMap.solution != null">#{dataMap.solution},</if>
|
||
|
|
<if test="dataMap.attack_cause != null">#{dataMap.attack_cause},</if>
|
||
|
|
<if test="dataMap.username != null">#{dataMap.username},</if>
|
||
|
|
<if test="dataMap.tc_flow_id != null">#{dataMap.tc_flow_id},</if>
|
||
|
|
<if test="dataMap.login_result != null">#{dataMap.login_result},</if>
|
||
|
|
<if test="dataMap.cmdline != null">#{dataMap.cmdline},</if>
|
||
|
|
<if test="dataMap.origin_attack_action != null">#{dataMap.origin_attack_action},</if>
|
||
|
|
<if test="dataMap.victim_domain != null">#{dataMap.victim_domain},</if>
|
||
|
|
<if test="dataMap.vpn_deviceid != null">#{dataMap.vpn_deviceid},</if>
|
||
|
|
<if test="dataMap.vpn_access_action != null">#{dataMap.vpn_access_action},</if>
|
||
|
|
<if test="dataMap.file_access_time != null">#{dataMap.file_access_time},</if>
|
||
|
|
<if test="dataMap.file_name != null">#{dataMap.file_name},</if>
|
||
|
|
<if test="dataMap.tc_class != null">#{dataMap.tc_class},</if>
|
||
|
|
<if test="dataMap.tc_name2 != null">#{dataMap.tc_name2},</if>
|
||
|
|
<if test="dataMap.login_lasttime != null">#{dataMap.login_lasttime},</if>
|
||
|
|
<if test="dataMap.origin_permissions != null">#{dataMap.origin_permissions},</if>
|
||
|
|
<if test="dataMap.begin_permissions != null">#{dataMap.begin_permissions},</if>
|
||
|
|
<if test="dataMap.print_time != null">#{dataMap.print_time},</if>
|
||
|
|
<if test="dataMap.printer != null">#{dataMap.printer},</if>
|
||
|
|
<if test="dataMap.printer_type != null">#{dataMap.printer_type},</if>
|
||
|
|
<if test="dataMap.print_pages != null">#{dataMap.print_pages}::int8,</if>
|
||
|
|
<if test="dataMap.print_copies != null">#{dataMap.print_copies}::int8,</if>
|
||
|
|
<if test="dataMap.src_device != null">#{dataMap.src_device},</if>
|
||
|
|
<if test="dataMap.dst_device != null">#{dataMap.dst_device},</if>
|
||
|
|
<if test="dataMap.src_file != null">#{dataMap.src_file},</if>
|
||
|
|
<if test="dataMap.src_file_type != null">#{dataMap.src_file_type},</if>
|
||
|
|
<if test="dataMap.src_file_path != null">#{dataMap.src_file_path},</if>
|
||
|
|
<if test="dataMap.dst_file != null">#{dataMap.dst_file},</if>
|
||
|
|
<if test="dataMap.dst_file_type != null">#{dataMap.dst_file_type},</if>
|
||
|
|
<if test="dataMap.dst_file_path != null">#{dataMap.dst_file_path},</if>
|
||
|
|
<if test="dataMap.dlp_policy_name != null">#{dataMap.dlp_policy_name},</if>
|
||
|
|
<if test="dataMap.dlp_policy_type != null">#{dataMap.dlp_policy_type},</if>
|
||
|
|
<if test="dataMap.dst_upload_url != null">#{dataMap.dst_upload_url},</if>
|
||
|
|
<if test="dataMap.process_uuid != null">#{dataMap.process_uuid},</if>
|
||
|
|
<if test="dataMap.p_process_uuid != null">#{dataMap.p_process_uuid},</if>
|
||
|
|
<if test="dataMap.env != null">#{dataMap.env},</if>
|
||
|
|
<if test="dataMap.brute_force_service != null">#{dataMap.brute_force_service},</if>
|
||
|
|
<if test="dataMap.vuirs_name != null">#{dataMap.vuirs_name},</if>
|
||
|
|
<if test="dataMap.http_req_length != null">#{dataMap.http_req_length}::int8,</if>
|
||
|
|
<if test="dataMap.http_req_content_type != null">#{dataMap.http_req_content_type},</if>
|
||
|
|
<if test="dataMap.tc_scan_port != null">#{dataMap.tc_scan_port}::inet,</if>
|
||
|
|
<if test="dataMap.tc_labels != null">#{dataMap.tc_labels}::inet,</if>
|
||
|
|
<if test="dataMap.http_resp_content_type != null">#{dataMap.http_resp_content_type},</if>
|
||
|
|
<if test="dataMap.dns_msg_type != null">#{dataMap.dns_msg_type},</if>
|
||
|
|
<if test="dataMap.dns_answer_length != null">#{dataMap.dns_answer_length},</if>
|
||
|
|
<if test="dataMap.dns_ioc != null">#{dataMap.dns_ioc},</if>
|
||
|
|
<if test="dataMap.tx_bytes != null">#{dataMap.tx_bytes}::double precision,</if>
|
||
|
|
<if test="dataMap.rx_bytes != null">#{dataMap.rx_bytes}::double precision,</if>
|
||
|
|
<if test="dataMap.all_bytes != null">#{dataMap.all_bytes}::double precision,</if>
|
||
|
|
<if test="dataMap.duration_time != null">#{dataMap.duration_time}::int8,</if>
|
||
|
|
<if test="dataMap.mail_attach_name != null">#{dataMap.mail_attach_name},</if>
|
||
|
|
<if test="dataMap.mail_subject != null">#{dataMap.mail_subject},</if>
|
||
|
|
<if test="dataMap.mail_message != null">#{dataMap.mail_message},</if>
|
||
|
|
<if test="dataMap.mail_send_server != null">#{dataMap.mail_send_server},</if>
|
||
|
|
<if test="dataMap.mail_agent != null">#{dataMap.mail_agent},</if>
|
||
|
|
<if test="dataMap.tls_version != null">#{dataMap.tls_version},</if>
|
||
|
|
<if test="dataMap.tls_server_cert != null">#{dataMap.tls_server_cert},</if>
|
||
|
|
<if test="dataMap.tls_server_suite != null">#{dataMap.tls_server_suite},</if>
|
||
|
|
<if test="dataMap.tls_client_suites_len != null">#{dataMap.tls_client_suites_len},</if>
|
||
|
|
<if test="dataMap.tls_ja3 != null">#{dataMap.tls_ja3},</if>
|
||
|
|
<if test="dataMap.tls_ja3s != null">#{dataMap.tls_ja3s},</if>
|
||
|
|
<if test="dataMap.vpn_access_port != null">#{dataMap.vpn_access_port},</if>
|
||
|
|
<if test="dataMap.log_topic != null">#{dataMap.log_topic},</if>
|
||
|
|
<if test="dataMap.collect_time != null">#{dataMap.collect_time},</if>
|
||
|
|
<if test="dataMap.src_is_intranetip != null">#{dataMap.src_is_intranetip},</if>
|
||
|
|
<if test="dataMap.src_ip_ioc != null">#{dataMap.src_ip_ioc},</if>
|
||
|
|
<if test="dataMap.src_ip_apt != null">#{dataMap.src_ip_apt},</if>
|
||
|
|
<if test="dataMap.srcip_name != null">#{dataMap.srcip_name},</if>
|
||
|
|
<if test="dataMap.tc_client != null">#{dataMap.tc_client},</if>
|
||
|
|
<if test="dataMap.srcip_organization_id != null">#{dataMap.srcip_organization_id}::int8,</if>
|
||
|
|
<if test="dataMap.dest_ip_intranetip != null">#{dataMap.dest_ip_intranetip},</if>
|
||
|
|
<if test="dataMap.dest_ip_ioc != null">#{dataMap.dest_ip_ioc},</if>
|
||
|
|
<if test="dataMap.desip_id != null">#{dataMap.desip_id}::int8,</if>
|
||
|
|
<if test="dataMap.desip_name != null">#{dataMap.desip_name},</if>
|
||
|
|
<if test="dataMap.tc_hostip != null">#{dataMap.tc_hostip}::inet,</if>
|
||
|
|
<if test="dataMap.desip_organization_id != null">#{dataMap.desip_organization_id}::int8,</if>
|
||
|
|
<if test="dataMap.origin_confidence != null">#{dataMap.origin_confidence},</if>
|
||
|
|
<if test="dataMap.origin_malscore != null">#{dataMap.origin_malscore},</if>
|
||
|
|
<if test="dataMap.attacker_icampaign != null">#{dataMap.attacker_icampaign},</if>
|
||
|
|
<if test="dataMap.attacker_host_asset_id != null">#{dataMap.attacker_host_asset_id}::int8,</if>
|
||
|
|
<if test="dataMap.attacker_organization_id != null">#{dataMap.attacker_organization_id}::int8,</if>
|
||
|
|
<if test="dataMap.victim_host_asset_id != null">#{dataMap.victim_host_asset_id}::int8,</if>
|
||
|
|
<if test="dataMap.victim_organization_id != null">#{dataMap.victim_organization_id}::int8,</if>
|
||
|
|
<if test="dataMap.logout_time != null">#{dataMap.logout_time},</if>
|
||
|
|
<if test="dataMap.http_req_line != null">#{dataMap.http_req_line},</if>
|
||
|
|
<if test="dataMap.desip_security_scope_id != null">#{dataMap.desip_security_scope_id},</if>
|
||
|
|
<if test="dataMap.srcip_security_scope_id != null">#{dataMap.srcip_security_scope_id},</if>
|
||
|
|
<if test="dataMap.http_resp_length != null">#{dataMap.http_resp_length}::int8,</if>
|
||
|
|
<if test="dataMap.tc_attack_type != null">#{dataMap.tc_attack_type},</if>
|
||
|
|
<if test="dataMap.tc_realip != null">#{dataMap.tc_realip}::inet,</if>
|
||
|
|
<if test="dataMap.attacker_ip_lists != null">#{dataMap.attacker_ip_lists},</if>
|
||
|
|
<if test="dataMap.login_password != null">#{dataMap.login_password},</if>
|
||
|
|
<if test="dataMap.detail != null">#{dataMap.detail},</if>
|
||
|
|
<if test="dataMap.attacker_country_code != null">#{dataMap.attacker_country_code},</if>
|
||
|
|
<if test="dataMap.attacker_region_code != null">#{dataMap.attacker_region_code},</if>
|
||
|
|
<if test="dataMap.victim_region_code != null">#{dataMap.victim_region_code},</if>
|
||
|
|
<if test="dataMap.payload != null">#{dataMap.payload},</if>
|
||
|
|
<if test="dataMap.http_referer != null">#{dataMap.http_referer},</if>
|
||
|
|
<if test="dataMap.http_user_agent != null">#{dataMap.http_user_agent},</if>
|
||
|
|
<if test="dataMap.http_session != null">#{dataMap.http_session},</if>
|
||
|
|
<if test="dataMap.http_query_string != null">#{dataMap.http_query_string},</if>
|
||
|
|
<if test="dataMap.file_path != null">#{dataMap.file_path},</if>
|
||
|
|
<if test="dataMap.file_permission != null">#{dataMap.file_permission},</if>
|
||
|
|
<if test="dataMap.login_abnormal_type != null">#{dataMap.login_abnormal_type},</if>
|
||
|
|
<if test="dataMap.file_tag != null">#{dataMap.file_tag},</if>
|
||
|
|
<if test="dataMap.file_platform != null">#{dataMap.file_platform},</if>
|
||
|
|
<if test="dataMap.target_ip != null">#{dataMap.target_ip}::inet,</if>
|
||
|
|
<if test="dataMap.collect_date != null">#{dataMap.collect_date},</if>
|
||
|
|
<if test="dataMap.tc_client_ip != null">#{dataMap.tc_client_ip}::inet,</if>
|
||
|
|
<if test="dataMap.tc_server_ip != null">#{dataMap.tc_server_ip}::inet,</if>
|
||
|
|
<if test="dataMap.tc_externalip != null">#{dataMap.tc_externalip}::inet,</if>
|
||
|
|
<if test="dataMap.http_status_code != null">#{dataMap.http_status_code}::int8,</if>
|
||
|
|
<if test="dataMap.device_domian != null">#{dataMap.device_domian},</if>
|
||
|
|
<if test="dataMap.src_ip_str != null">#{dataMap.src_ip_str},</if>
|
||
|
|
<if test="dataMap.src_port_str != null">#{dataMap.src_port_str},</if>
|
||
|
|
<if test="dataMap.dest_ip_str != null"> #{dataMap.dest_ip_str} ,</if>
|
||
|
|
<if test="dataMap.dest_port_str != null">CAST(#{dataMap.dest_port_str} AS text),</if>
|
||
|
|
<if test="dataMap.pcap != null">#{dataMap.pcap},</if>
|
||
|
|
<if test="dataMap.ioc != null">#{dataMap.ioc},</if>
|
||
|
|
<if test="dataMap.malicious_family != null">#{dataMap.malicious_family},</if>
|
||
|
|
<if test="dataMap.vuln_cve != null">#{dataMap.vuln_cve},</if>
|
||
|
|
<if test="dataMap.aliyun_type != null">#{dataMap.aliyun_type},</if>
|
||
|
|
<if test="dataMap.attacker_host_asset_name != null">#{dataMap.attacker_host_asset_name},</if>
|
||
|
|
<if test="dataMap.attacker_organization_name != null">#{dataMap.attacker_organization_name},</if>
|
||
|
|
<if test="dataMap.ct_id != null">#{dataMap.ct_id},</if>
|
||
|
|
<if test="dataMap.cve_list != null">#{dataMap.cve_list},</if>
|
||
|
|
<if test="dataMap.desip_organization_name != null">#{dataMap.desip_organization_name},</if>
|
||
|
|
<if test="dataMap.dest_ip_group != null">#{dataMap.dest_ip_group},</if>
|
||
|
|
<if test="dataMap.file_gid != null">#{dataMap.file_gid},</if>
|
||
|
|
<if test="dataMap.file_owner != null">#{dataMap.file_owner},</if>
|
||
|
|
<if test="dataMap.file_ownergroup != null">#{dataMap.file_ownergroup},</if>
|
||
|
|
<if test="dataMap.file_uid != null">#{dataMap.file_uid},</if>
|
||
|
|
<if test="dataMap.http_resp_cookie != null">#{dataMap.http_resp_cookie},</if>
|
||
|
|
<if test="dataMap.origin_rule_id != null">#{dataMap.origin_rule_id},</if>
|
||
|
|
<if test="dataMap.origin_rule_name != null">#{dataMap.origin_rule_name},</if>
|
||
|
|
<if test="dataMap.service_name != null">#{dataMap.service_name},</if>
|
||
|
|
<if test="dataMap.src_ip_asset_group != null">#{dataMap.src_ip_asset_group},</if>
|
||
|
|
<if test="dataMap.srcip_organization_name != null">#{dataMap.srcip_organization_name},</if>
|
||
|
|
<if test="dataMap.victim_host_asset_name != null">#{dataMap.victim_host_asset_name},</if>
|
||
|
|
<if test="dataMap.http_resp_codes != null">#{dataMap.http_resp_codes}::bigint,</if>
|
||
|
|
<if test="dataMap.victim_organization_name != null">#{dataMap.victim_organization_name},</if>
|
||
|
|
<if test="dataMap.tc_type != null">#{dataMap.tc_type},</if>
|
||
|
|
<if test="dataMap.direction != null">#{dataMap.direction},</if>
|
||
|
|
<if test="dataMap.http_req_cookie != null">#{dataMap.http_req_cookie},</if>
|
||
|
|
<if test="dataMap.http_req_protocol != null">#{dataMap.http_req_protocol},</if>
|
||
|
|
<if test="dataMap.http_req_header_raw != null">#{dataMap.http_req_header_raw},</if>
|
||
|
|
<if test="dataMap.http_url != null">#{dataMap.http_url},</if>
|
||
|
|
<if test="dataMap.uname != null">#{dataMap.uname},</if>
|
||
|
|
<if test="dataMap.origin_hostname != null">#{dataMap.origin_hostname},</if>
|
||
|
|
<if test="dataMap.origin_os != null">#{dataMap.origin_os},</if>
|
||
|
|
<if test="dataMap.origin_agent_mac != null">#{dataMap.origin_agent_mac},</if>
|
||
|
|
<if test="dataMap.origin_host_id != null">#{dataMap.origin_host_id},</if>
|
||
|
|
<if test="dataMap.origin_agent_version != null">#{dataMap.origin_agent_version},</if>
|
||
|
|
<if test="dataMap.origin_agent_id != null">#{dataMap.origin_agent_id},</if>
|
||
|
|
<if test="dataMap.origin_agent_name != null">#{dataMap.origin_agent_name},</if>
|
||
|
|
<if test="dataMap.origin_work_group != null">#{dataMap.origin_work_group},</if>
|
||
|
|
<if test="dataMap.origin_asset_group != null">#{dataMap.origin_asset_group},</if>
|
||
|
|
<if test="dataMap.origin_local_port != null">#{dataMap.origin_local_port}::int8,</if>
|
||
|
|
<if test="dataMap.origin_agent_ip != null">#{dataMap.origin_agent_ip}::inet,</if>
|
||
|
|
<if test="dataMap.origin_internal_ip != null">#{dataMap.origin_internal_ip}::inet,</if>
|
||
|
|
<if test="dataMap.origin_external_ip != null">#{dataMap.origin_external_ip}::inet,</if>
|
||
|
|
<if test="dataMap.origin_local_addr != null">#{dataMap.origin_local_addr}::inet,</if>
|
||
|
|
<if test="dataMap.agent_id != null">#{dataMap.agent_id}::int8,</if>
|
||
|
|
<if test="dataMap.agent_name != null">#{dataMap.agent_name},</if>
|
||
|
|
<if test="dataMap.tc_title != null">#{dataMap.tc_title},</if>
|
||
|
|
<if test="dataMap.log_id != null">#{dataMap.log_id},</if>
|
||
|
|
<if test="dataMap.event_date != null">#{dataMap.event_date},</if>
|
||
|
|
<if test="dataMap.event_time_ts != null">#{dataMap.event_time_ts},</if>
|
||
|
|
<if test="dataMap.event_level != null">#{dataMap.event_level}::int ,</if>
|
||
|
|
<if test="dataMap.src_ip != null">#{dataMap.src_ip}::inet,</if>
|
||
|
|
<if test="dataMap.src_port != null">#{dataMap.src_port}::BIGINT ,</if>
|
||
|
|
<if test="dataMap.dest_ip != null">#{dataMap.dest_ip}::inet,</if>
|
||
|
|
<if test="dataMap.dest_port != null">#{dataMap.dest_port}::BIGINT,</if>
|
||
|
|
<if test="dataMap.event_time != null">#{dataMap.event_time},</if>
|
||
|
|
<if test="dataMap.attacker_country != null">#{dataMap.attacker_country},</if>
|
||
|
|
<if test="dataMap.src_mac != null">#{dataMap.src_mac},</if>
|
||
|
|
<if test="dataMap.dest_mac != null">#{dataMap.dest_mac},</if>
|
||
|
|
<if test="dataMap.proto != null">#{dataMap.proto},</if>
|
||
|
|
<if test="dataMap.dev_id != null">#{dataMap.dev_id}::int8,</if>
|
||
|
|
<if test="dataMap.created_time != null">#{dataMap.created_time},</if>
|
||
|
|
<if test="dataMap.src_country != null">#{dataMap.src_country},</if>
|
||
|
|
<if test="dataMap.src_country_code != null">#{dataMap.src_country_code},</if>
|
||
|
|
<if test="dataMap.src_region != null">#{dataMap.src_region},</if>
|
||
|
|
<if test="dataMap.src_region_code != null">#{dataMap.src_region_code},</if>
|
||
|
|
<if test="dataMap.src_city != null">#{dataMap.src_city},</if>
|
||
|
|
<if test="dataMap.src_lon != null">#{dataMap.src_lon},</if>
|
||
|
|
<if test="dataMap.http_method != null">#{dataMap.http_method},</if>
|
||
|
|
<if test="dataMap.http_host != null">#{dataMap.http_host},</if>
|
||
|
|
<if test="dataMap.http_req_header != null">#{dataMap.http_req_header},</if>
|
||
|
|
<if test="dataMap.http_req_body != null">#{dataMap.http_req_body},</if>
|
||
|
|
<if test="dataMap.http_resp_header != null">#{dataMap.http_resp_header},</if>
|
||
|
|
<if test="dataMap.http_resp_body != null">#{dataMap.http_resp_body},</if>
|
||
|
|
<if test="dataMap.file_type != null">#{dataMap.file_type},</if>
|
||
|
|
<if test="dataMap.file_md5 != null">#{dataMap.file_md5},</if>
|
||
|
|
<if test="dataMap.file_size != null">#{dataMap.file_size},</if>
|
||
|
|
<if test="dataMap.process != null">#{dataMap.process},</if>
|
||
|
|
<if test="dataMap.start_time != null">#{dataMap.start_time},</if>
|
||
|
|
<if test="dataMap.action != null">#{dataMap.action},</if>
|
||
|
|
<if test="dataMap.attacker_region != null">#{dataMap.attacker_region},</if>
|
||
|
|
<if test="dataMap.end_time != null">#{dataMap.end_time},</if>
|
||
|
|
<if test="dataMap.file_created_time != null">#{dataMap.file_created_time},</if>
|
||
|
|
<if test="dataMap.file_modified_time != null">#{dataMap.file_modified_time},</if>
|
||
|
|
<if test="dataMap.tc_miguan_scan_port != null">#{dataMap.tc_miguan_scan_port}::inet,</if>
|
||
|
|
<if test="dataMap.process_path != null">#{dataMap.process_path},</if>
|
||
|
|
<if test="dataMap.parent_process_path != null">#{dataMap.parent_process_path},</if>
|
||
|
|
<if test="dataMap.gname != null">#{dataMap.gname},</if>
|
||
|
|
<if test="dataMap.exe_name != null">#{dataMap.exe_name},</if>
|
||
|
|
<if test="dataMap.exe_path != null">#{dataMap.exe_path},</if>
|
||
|
|
<if test="dataMap.login_time != null">#{dataMap.login_time},</if>
|
||
|
|
<if test="dataMap.login_times != null">#{dataMap.login_times}::int8,</if>
|
||
|
|
<if test="dataMap.check_item != null">#{dataMap.check_item},</if>
|
||
|
|
<if test="dataMap.check_type != null">#{dataMap.check_type},</if>
|
||
|
|
<if test="dataMap.attacker_ip != null">#{dataMap.attacker_ip}::inet,</if>
|
||
|
|
<if test="dataMap.attacker_port != null">#{dataMap.attacker_port}::int8,</if>
|
||
|
|
<if test="dataMap.victim_ip != null">#{dataMap.victim_ip}::inet,</if>
|
||
|
|
<if test="dataMap.victim_port != null">#{dataMap.victim_port}::int8,</if>
|
||
|
|
<if test="dataMap.attacker_city != null">#{dataMap.attacker_city},</if>
|
||
|
|
<if test="dataMap.attacker_lon != null">#{dataMap.attacker_lon},</if>
|
||
|
|
<if test="dataMap.attacker_lat != null">#{dataMap.attacker_lat},</if>
|
||
|
|
<if test="dataMap.victim_country != null">#{dataMap.victim_country},</if>
|
||
|
|
<if test="dataMap.victim_region != null">#{dataMap.victim_region},</if>
|
||
|
|
<if test="dataMap.victim_city != null">#{dataMap.victim_city},</if>
|
||
|
|
<if test="dataMap.victim_lon != null">#{dataMap.victim_lon},</if>
|
||
|
|
<if test="dataMap.victim_lat != null">#{dataMap.victim_lat},</if>
|
||
|
|
<if test="dataMap.origin_event_id != null">#{dataMap.origin_event_id},</if>
|
||
|
|
<if test="dataMap.origin_event_name != null">#{dataMap.origin_event_name},</if>
|
||
|
|
<if test="dataMap.origin_event_category != null">#{dataMap.origin_event_category},</if>
|
||
|
|
<if test="dataMap.origin_event_level != null">#{dataMap.origin_event_level},</if>
|
||
|
|
<if test="dataMap.origin_attack_chain != null">#{dataMap.origin_attack_chain},</if>
|
||
|
|
<if test="dataMap.engine_type != null">#{dataMap.engine_type},</if>
|
||
|
|
<if test="dataMap.evil_payload != null">#{dataMap.evil_payload},</if>
|
||
|
|
<if test="dataMap.http_resp_status != null">#{dataMap.http_resp_status},</if>
|
||
|
|
<if test="dataMap.dns_query != null">#{dataMap.dns_query},</if>
|
||
|
|
<if test="dataMap.dns_query_type != null">#{dataMap.dns_query_type},</if>
|
||
|
|
<if test="dataMap.dns_ttl != null">#{dataMap.dns_ttl},</if>
|
||
|
|
<if test="dataMap.dns_answer != null">#{dataMap.dns_answer},</if>
|
||
|
|
<if test="dataMap.dns_subdomains != null">#{dataMap.dns_subdomains},</if>
|
||
|
|
<if test="dataMap.file_sha256 != null">#{dataMap.file_sha256},</if>
|
||
|
|
<if test="dataMap.file_ssdeep != null">#{dataMap.file_ssdeep},</if>
|
||
|
|
<if test="dataMap.victim_country_code != null">#{dataMap.victim_country_code},</if>
|
||
|
|
<if test="dataMap.http_xff_ip != null">#{dataMap.http_xff_ip},</if>
|
||
|
|
<if test="dataMap.tc_miguan_class != null">#{dataMap.tc_miguan_class}::inet,</if>
|
||
|
|
<if test="dataMap.pid != null">#{dataMap.pid},</if>
|
||
|
|
<if test="dataMap.ppid != null">#{dataMap.ppid},</if>
|
||
|
|
<if test="dataMap.process_name != null">#{dataMap.process_name},</if>
|
||
|
|
<if test="dataMap.backdoor_type != null">#{dataMap.backdoor_type},</if>
|
||
|
|
<if test="dataMap.tty != null">#{dataMap.tty},</if>
|
||
|
|
<if test="dataMap.sudo_user != null">#{dataMap.sudo_user},</if>
|
||
|
|
<if test="dataMap.sudo_group != null">#{dataMap.sudo_group},</if>
|
||
|
|
<if test="dataMap.origin_event_type != null">#{dataMap.origin_event_type},</if>
|
||
|
|
<if test="dataMap.dest_domain != null">#{dataMap.dest_domain},</if>
|
||
|
|
<if test="dataMap.shell_cmdline != null">#{dataMap.shell_cmdline},</if>
|
||
|
|
<if test="dataMap.parent_cmdline != null">#{dataMap.parent_cmdline},</if>
|
||
|
|
<if test="dataMap.attack_chain != null">#{dataMap.attack_chain},</if>
|
||
|
|
<if test="dataMap.process_tree != null">#{dataMap.process_tree},</if>
|
||
|
|
<if test="dataMap.host_file_sha256 != null">#{dataMap.host_file_sha256},</if>
|
||
|
|
<if test="dataMap.host_file_md5 != null">#{dataMap.host_file_md5},</if>
|
||
|
|
<if test="dataMap.host_file_size != null">#{dataMap.host_file_size},</if>
|
||
|
|
<if test="dataMap.host_file_type != null">#{dataMap.host_file_type},</if>
|
||
|
|
<if test="dataMap.dest_country != null">#{dataMap.dest_country},</if>
|
||
|
|
<if test="dataMap.dest_country_code != null">#{dataMap.dest_country_code},</if>
|
||
|
|
<if test="dataMap.log_origin != null">#{dataMap.log_origin},</if>
|
||
|
|
<if test="dataMap.dest_region != null">#{dataMap.dest_region},</if>
|
||
|
|
<if test="dataMap.src_lat != null">#{dataMap.src_lat},</if>
|
||
|
|
<if test="dataMap.dest_region_code != null">#{dataMap.dest_region_code},</if>
|
||
|
|
<if test="dataMap.dest_city != null">#{dataMap.dest_city},</if>
|
||
|
|
<if test="dataMap.dest_lon != null">#{dataMap.dest_lon},</if>
|
||
|
|
<if test="dataMap.dest_lat != null">#{dataMap.dest_lat},</if>
|
||
|
|
<if test="dataMap.event_category != null">#{dataMap.event_category}::int4,</if>
|
||
|
|
<if test="dataMap.attack_result != null">#{dataMap.attack_result}::int4,</if>
|
||
|
|
<if test="dataMap.probe_ip != null">#{dataMap.probe_ip}::inet,</if>
|
||
|
|
<if test="dataMap.device_ip != null">#{dataMap.device_ip}::inet,</if>
|
||
|
|
<if test="dataMap.device_manufacturer != null">#{dataMap.device_manufacturer},</if>
|
||
|
|
<if test="dataMap.device_name != null">#{dataMap.device_name},</if>
|
||
|
|
<if test="dataMap.product_name != null">#{dataMap.product_name},</if>
|
||
|
|
<if test="dataMap.__id != null">#{dataMap.__id},</if>
|
||
|
|
<if test="dataMap.__count != null">#{dataMap.__count}::int8,</if>
|
||
|
|
<if test="dataMap.__count_reason != null">#{dataMap.__count_reason},</if>
|
||
|
|
<if test="dataMap.event_type != null">#{dataMap.event_type}::int,</if>
|
||
|
|
<if test="dataMap.protocol != null">#{dataMap.protocol},</if>
|
||
|
|
<if test="dataMap.shell_cmd != null">#{dataMap.shell_cmd},</if>
|
||
|
|
<if test="dataMap.parent_name != null">#{dataMap.parent_name},</if>
|
||
|
|
<if test="dataMap.host_file_path != null">#{dataMap.host_file_path},</if>
|
||
|
|
<if test="dataMap.uid != null">#{dataMap.uid},</if>
|
||
|
|
<if test="dataMap.fall != null">#{dataMap.fall}::int4,</if>
|
||
|
|
<if test="dataMap.tc_miguan_server_ip != null">#{dataMap.tc_miguan_server_ip}::inet,</if>
|
||
|
|
<if test="dataMap.dev_type != null">#{dataMap.dev_type}::int4,</if>
|
||
|
|
<if test="dataMap.collect_method != null">#{dataMap.collect_method}::int4,</if>
|
||
|
|
<if test="dataMap.field_cate_id != null">#{dataMap.field_cate_id}::int4,</if>
|
||
|
|
<if test="dataMap.device_type != null">#{dataMap.device_type}::int4,</if>
|
||
|
|
<if test="dataMap.tc_miguan_client_ip != null">#{dataMap.tc_miguan_client_ip}::inet,</if>
|
||
|
|
<if test="dataMap.tc_miguan_name != null">#{dataMap.tc_miguan_name}::inet,</if>
|
||
|
|
<if test="dataMap.origin_total_packages != null">#{dataMap.origin_total_packages}::int8,</if>
|
||
|
|
<if test="dataMap.origin_total_bytes != null">#{dataMap.origin_total_bytes}::int8,</if>
|
||
|
|
<if test="dataMap.origin_peak_packages_rate != null">#{dataMap.origin_peak_packages_rate}::int8,</if>
|
||
|
|
<if test="dataMap.origin_peak_bytes_rate != null">#{dataMap.origin_peak_bytes_rate}::int8,</if>
|
||
|
|
<if test="dataMap.origin_peak_flows_rate != null">#{dataMap.origin_peak_flows_rate}::int8,</if>
|
||
|
|
<if test="dataMap.apt_orgname != null">#{dataMap.apt_orgname},</if>
|
||
|
|
<if test="dataMap.apt_orgmsg != null">#{dataMap.apt_orgmsg},</if>
|
||
|
|
<if test="dataMap.mail_message_id != null">#{dataMap.mail_message_id},</if>
|
||
|
|
<if test="dataMap.mail_bcc != null">#{dataMap.mail_bcc},</if>
|
||
|
|
<if test="dataMap.mail_size != null">#{dataMap.mail_size},</if>
|
||
|
|
<if test="dataMap.mail_attach_hashcode != null">#{dataMap.mail_attach_hashcode},</if>
|
||
|
|
<if test="dataMap.mail_url != null">#{dataMap.mail_url},</if>
|
||
|
|
<if test="dataMap.mail_cc != null">#{dataMap.mail_cc},</if>
|
||
|
|
<if test="dataMap.algorithm != null">#{dataMap.algorithm},</if>
|
||
|
|
<if test="dataMap.miningpool_ip != null">#{dataMap.miningpool_ip}::inet,</if>
|
||
|
|
<if test="dataMap.process_md5 != null">#{dataMap.process_md5},</if>
|
||
|
|
<if test="dataMap.pprocess_md5 != null">#{dataMap.pprocess_md5},</if>
|
||
|
|
<if test="dataMap.source_servername != null">#{dataMap.source_servername},</if>
|
||
|
|
<if test="dataMap.origin_source_servername != null">#{dataMap.origin_source_servername},</if>
|
||
|
|
<if test="dataMap.mail_filename != null">#{dataMap.mail_filename},</if>
|
||
|
|
<if test="dataMap.dst_upload_appname != null">#{dataMap.dst_upload_appname},</if>
|
||
|
|
<if test="dataMap.target_port != null">#{dataMap.target_port}::int8,</if>
|
||
|
|
<if test="dataMap.gid != null">#{dataMap.gid},</if>
|
||
|
|
<if test="dataMap.origin_uid != null">#{dataMap.origin_uid},</if>
|
||
|
|
<if test="dataMap.origin_gid != null">#{dataMap.origin_gid},</if>
|
||
|
|
<if test="dataMap.target_ports != null">#{dataMap.target_ports}::int8,</if>
|
||
|
|
<if test="dataMap.tc_miguan_name1 != null">#{dataMap.tc_miguan_name1},</if>
|
||
|
|
<if test="dataMap.tc_miguan_class1 != null">#{dataMap.tc_miguan_class1},</if>
|
||
|
|
<if test="dataMap.etl_time != null">#{dataMap.etl_time},</if>
|
||
|
|
<if test="dataMap.tc_miguan_scan_port2 != null">#{dataMap.tc_miguan_scan_port2},</if>
|
||
|
|
<if test="dataMap.desip_security_scope != null">#{dataMap.desip_security_scope},</if>
|
||
|
|
<if test="dataMap.srcip_security_scope != null">#{dataMap.srcip_security_scope},</if>
|
||
|
|
<if test="dataMap.collect_time_ts != null">#{dataMap.collect_time_ts},</if>
|
||
|
|
<if test="dataMap.tc_miguan_scan_port1 != null">#{dataMap.tc_miguan_scan_port1}::inet,</if>
|
||
|
|
<if test="dataMap.src_dev_name != null">#{dataMap.src_dev_name},</if>
|
||
|
|
<if test="dataMap.collect_protocol != null">#{dataMap.collect_protocol},</if>
|
||
|
|
<if test="dataMap.destination_system_type != null">#{dataMap.destination_system_type},</if>
|
||
|
|
<if test="dataMap.destination_system != null">#{dataMap.destination_system},</if>
|
||
|
|
<if test="dataMap.etl_host != null">#{dataMap.etl_host},</if>
|
||
|
|
<if test="dataMap.normalize_rule_id != null">#{dataMap.normalize_rule_id},</if>
|
||
|
|
<if test="dataMap.normalize_rule_name != null">#{dataMap.normalize_rule_name},</if>
|
||
|
|
<if test="dataMap.syslog_uuid != null">#{dataMap.syslog_uuid},</if>
|
||
|
|
<if test="dataMap.syslog_topic != null">#{dataMap.syslog_topic},</if>
|
||
|
|
</trim>
|
||
|
|
</insert>
|
||
|
|
|
||
|
|
<!-- 使用实体类插入 -->
|
||
|
|
<insert id="insertByEntity" parameterType="com.common.entity.SyslogNormalData">
|
||
|
|
INSERT INTO syslog_normal_data
|
||
|
|
<trim prefix="(" suffix=")" suffixOverrides=",">
|
||
|
|
<if test="id != null">id,</if>
|
||
|
|
<if test="createdAt != null">created_at,</if>
|
||
|
|
<if test="logTime != null">log_time,</if>
|
||
|
|
<if test="deviceId != null">device_id,</if>
|
||
|
|
<!-- 其他字段类似,按照驼峰命名法 -->
|
||
|
|
</trim>
|
||
|
|
VALUES
|
||
|
|
<trim prefix="(" suffix=")" suffixOverrides=",">
|
||
|
|
<if test="id != null">#{id},</if>
|
||
|
|
<if test="createdAt != null">#{createdAt},</if>
|
||
|
|
<if test="logTime != null">#{logTime},</if>
|
||
|
|
<if test="deviceId != null">#{deviceId},</if>
|
||
|
|
<!-- 其他字段类似 -->
|
||
|
|
</trim>
|
||
|
|
</insert>
|
||
|
|
|
||
|
|
<!-- 批量插入 -->
|
||
|
|
<insert id="batchInsert" parameterType="map">
|
||
|
|
INSERT INTO syslog_normal_data
|
||
|
|
(id, log_time, src_ip, dest_ip, event_level)
|
||
|
|
VALUES
|
||
|
|
<foreach collection="dataList" item="item" separator=",">
|
||
|
|
(#{item.id}, #{item.log_time}, #{item.src_ip}, #{item.dest_ip}, #{item.event_level})
|
||
|
|
</foreach>
|
||
|
|
</insert>
|
||
|
|
|
||
|
|
</mapper>
|