nanChen/ai-security-xdr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a3608952925d5000aca30bd12aaf8ab737b14799
ai-security-xdr/haobang-security-dm/syslog-consumer-rule/target/classes/com/common/service/impl/RealtimeAnalysisEngine.class
T

241 lines
27 KiB
Plaintext
Raw Normal View History

1、新增功能探针联动处置、心跳在线检测
2026-05-28 14:30:06 +08:00
Êþº¾4
#
;$
A%
A&
A' ;(
y) *+ ,- ,./
0 ;1
23
Z4 56
;7 ;89:
y;
<=> ;?
A@ AB
CD
EF
2G
HI
HJ
HKL
HM
HN
HO
HPQ
HR
HS
HTU
HVW
,#X
,Y
,Z
H[
H\ ;] ^_`
5#× ¬abcde¨ ;fg hi ;j k+ ;l m+ ;n o+ ;p q+ ;r s+ ;t uvw Ax ;y
z{ž
;|é ;} ~ ,

ƒ
C
C
C
C
Cˆ
CŠ
C ^ŒŸŽ A
h
B˜
B
Cšœž
t# ,Ÿ  ¡  ¢£
;¤ ,¥¦§¨©
ª«¬ A­
A®
B¯
B-°
B±
B²³
B´µ
;·
;¸
;¹º A»
<¼
<½
Z3¾¿
BÀÁÂÃ
AÄ
AÅ
AÆÇÈ
<É
<ÊËÌÍ
<Î
<ÏÐÑÒÓ
ÔÕ
Ö×
ÖZ
ØÙ
ØÚ
ØÛ
ØÜ
ØÝ
ØÞ
ßà
Øá
Øâã
Øä
Øå
Øæ
Øçè
Øé
Øêë
Øì
Øí
Øî
;ï
Øð
;ñ
Øò
Øó
Øôõ ¬ö ¬÷
;ø
Ôùú
Ôûü
;ý
Ôþÿ
Ô
;
;
Ô
;
Ô
Ô 
Ô 
Ô

Ô
Ô
Ô
Ô
Ô
Ô
Ô
;
Ô
Ô !
Ô"#
Ô$%
Ô&'
Ô()
Ô*+
Ô,-
Ô./
Ô01
Ô23
Ô45
Ô67
Ô89
Ô:;
Ô<=
Ô>?
Ô@A
ÔBC
ÔDE
ÔFG
ÔHI
ÔJK
ÔLM
ÔNO
ÔPQ
ÔRS
ÔTU
ÔVW
ÔXY
ÔZ[
Ô\]
Ô^_
Ô`a
Ôbc
Z
Bde
<f
2g
<3
Zhijklmnopqrstuv
Aw
Axyýz
B{|
B}~
Bƒ
Bˆ
;Š
B
ŒŽlogLorg/slf4j/Logger;sqlGeneratorService(Lcom/common/service/SqlGeneratorService;RuntimeVisibleAnnotations8Lorg/springframework/beans/factory/annotation/Autowired;
ruleMapper.Lcom/common/mapper/AnalysisAnalysisRuleMapper; fieldMapper'Lcom/common/mapper/AnalysisFieldMapper;whereConditionMapper0Lcom/common/mapper/AnalysisWhereConditionMapper;groupByColumnMapper/Lcom/common/mapper/AnalysisGroupByColumnMapper;groupByWindowMapper/Lcom/common/mapper/AnalysisGroupByWindowMapper; filterMapper(Lcom/common/mapper/AnalysisFilterMapper;groupByHavingMapper/Lcom/common/mapper/AnalysisGroupByHavingMapper;taskHistoryMapper-Lcom/common/mapper/AnalysisTaskHistoryMapper; alarmMapperLcom/common/mapper/AlarmMapper;
groupByMapper)Lcom/common/mapper/AnalysisGroupByMapper; jdbcTemplate,Lorg/springframework/jdbc/core/JdbcTemplate;RUN_MODELjava/lang/String;
ConstantValueDATE_FORMATTER$Ljava/time/format/DateTimeFormatter;<init>()VCodeLineNumberTableLocalVariableTablethis0Lcom/common/service/impl/RealtimeAnalysisEngine; executeRule9(Lcom/common/entity/AnalysisAnalysisRule;)Ljava/util/Map;groupBy#Lcom/common/entity/AnalysisGroupBy; tableNamealarmsLjava/util/List;fieldswhereConditionsfiltersgroupByColumnshavingConditionssql queryResult
alarmCountJendTimeLjava/time/LocalDateTime;durationSecondseLjava/lang/Exception;rule(Lcom/common/entity/AnalysisAnalysisRule;batchNo startTime dataEndTime
groupByWindow)Lcom/common/entity/AnalysisGroupByWindow; groupByList
dataStartTimehistory'Lcom/common/entity/AnalysisTaskHistory;resultLjava/util/Map;LocalVariableTypeTable+Ljava/util/List<Lcom/common/entity/Alarm;>;3Ljava/util/List<Lcom/common/entity/AnalysisField;>;<Ljava/util/List<Lcom/common/entity/AnalysisWhereCondition;>;4Ljava/util/List<Lcom/common/entity/AnalysisFilter;>;;Ljava/util/List<Lcom/common/entity/AnalysisGroupByColumn;>;;Ljava/util/List<Lcom/common/entity/AnalysisGroupByHaving;>;GLjava/util/List<Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;>;5Ljava/util/List<Lcom/common/entity/AnalysisGroupBy;>;5Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;
StackMapTabled£ji:ÓWMethodParameters Signature_(Lcom/common/entity/AnalysisAnalysisRule;)Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>; executeRules"(Ljava/util/List;)Ljava/util/List; errorResultrulesresults:Ljava/util/List<Lcom/common/entity/AnalysisAnalysisRule;>;ƒ(Ljava/util/List<Lcom/common/entity/AnalysisAnalysisRule;>;)Ljava/util/List<Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;>;stopRule(Ljava/lang/String;)VruleId
getRunMode()Ljava/lang/String;generateBatchNocalculateDataStartTime](Ljava/time/LocalDateTime;Lcom/common/entity/AnalysisGroupByWindow;)Ljava/time/LocalDateTime;
windowTypecalculateTumbleWindowStartTime
windowSizeLjava/lang/Integer;windowSizeUnitcalculateHopWindowStartTimecalculateSessionWindowStartTimesessionTimeoutsessionTimeoutUnitconvertToAlarmsJ(Lcom/common/entity/AnalysisAnalysisRule;Ljava/util/List;)Ljava/util/List;alarmLcom/common/entity/Alarm;rowœ(Lcom/common/entity/AnalysisAnalysisRule;Ljava/util/List<Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;>;)Ljava/util/List<Lcom/common/entity/Alarm;>;
getBytesValue(Ljava/lang/Object;)[BvalueLjava/lang/Object;getStringValue&(Ljava/lang/Object;)Ljava/lang/String; getLongValue$(Ljava/lang/Object;)Ljava/lang/Long;getIntegerValue'(Ljava/lang/Object;)Ljava/lang/Integer;getTimestampValue-(Ljava/lang/Object;)Ljava/time/LocalDateTime;patternstrValuepatterns[Ljava/lang/String;getStringArray'(Ljava/lang/Object;)[Ljava/lang/String;iIarr[Ljava/lang/Object;strgetIntegerArray((Ljava/lang/Object;)[Ljava/lang/Integer;!Ljava/lang/NumberFormatException;strArray[Ljava/lang/Integer; getByteArrayArray(Ljava/lang/Object;)[[B[[BconvertAlarmLevel'(Ljava/lang/Integer;)Ljava/lang/String;
eventLevel buildComment#(Ljava/util/Map;)Ljava/lang/String; victimIpsStr alarmName AttackIpsI(Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;)Ljava/lang/String;convertAttackIps'([Ljava/lang/String;)Ljava/lang/String; attackIpsdetermineAttackResult$(Ljava/util/Map;)Ljava/lang/Integer;J(Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;)Ljava/lang/Integer;<clinit>
SourceFileRealtimeAnalysisEngine.java(Lorg/springframework/stereotype/Service;realtimeAnalysisEngine Š ÚÙ  ˜ ˜  šÙ œ žŸ  ¡!com/common/entity/AnalysisGroupBy ¢£ wx¤ ¥¦ §¨© ª« ÛÜ ijm开始执行实时规则: ruleId={}, ruleName={}, batchNo={}, windowType={}, dataStartTime={}, dataEndTime={}java/lang/Object ¬Ù ­ÙNONE ˆ ®¯ °± ²µ ·¸ §¹º »¼ ×½ ©¾RUNNING Ž½ ¿À Á¼ ¼0 ý ľ ž000000 ƽjava/lang/StringBuilder实时分æžä»»åŠ¡ - ÇÈ É٠ʽ ËÌ }~Í ÎÏjava/util/HashMap ÐÑruleNamerunMode.com/common/service/impl/RealtimeAnalysisEnginerealtime oprunningÒ ÓÔ qrÕ stÖ yz× uvØ {|Ù klÚ ÛÜ生æˆçš„SQL: {} °Ý ƒÞ ß çè à áâ ã¦ä åæ ç¸ èé êë ìí îë ïë COMPLETED ðÖ ñé òÏprocessedCountstatussuccesswaiting?规则执行æˆåŠŸ: ruleId={}, processedCount={}, alarmCount={}java/lang/Exception规则执行失败: ruleId={} óôFAILED执行失败: õÙ ö¦ ÷ø ùÖstoppedfailederrorMsgjava/util/ArrayList úû üŸ ýþ&com/common/entity/AnalysisAnalysisRule  ÿ执行规则失败: ruleId={}å·²åœæ­¢è§„则: ruleId={}åœæ­¢è§„则失败: ruleId={}yyyyMMddHHmmssSSS A未é…置窗å£ç±»åž‹ï¼Œä½¿ç”¨é»˜è®¤æŸ¥è¯¢èŒƒå›´ï¼šæœ€è¿‘30分钟 Ö  Ù>窗å£ç±»åž‹ä¸ºç©ºï¼Œä½¿ç”¨é»˜è®¤æŸ¥è¯¢èŒƒå›´ï¼šæœ€è¿‘30分钟 Ù  ¦TUMBLE 
HOPSESSION ÞÜ ãÜ äÜB未知窗å£ç±»åž‹: {},使用默认查询范围:最近30分钟 Ý   
Ù:滚动窗å£å¤§å°é…置无效,使用默认值:5分钟m Ùshd   :滚动窗å£å•ä½æ— æ•ˆ: {},使用默认å•ä½ï¼šåˆ†é’ŸI滚动窗å£æŸ¥è¯¢èŒƒå›´: 窗å£å¤§å°={}{},查询时间范围=[{}, {}]  Ù:滑动窗å£å¤§å°é…置无效,使用默认值:5分钟:滑动窗å£å•ä½æ— æ•ˆ: {},使用默认å•ä½ï¼šåˆ†é’ŸI滑动窗å£æŸ¥è¯¢èŒƒå›´: 窗å£å¤§å°={}{},查询时间范围=[{}, {}]  ÙA会è¯çª—å£è¶…时时间é…置无效,使用默认值:30分钟@会è¯çª—å£è¶…æ—¶å•ä½æ— æ•ˆ: {},使用默认å•ä½ï¼šåˆ†é’Ÿ\会è¯çª—å£æŸ¥è¯¢èŒƒå›´: 超时时间={}{},é¢å¤–缓冲1天,查询时间范围=[{}, {}]
java/util/Map ²  »      !"# §$ %& "未知 ' (& )& *+研判åŽå¤„ç½® , -"other . / 0"    12 3" Ë4 log_start_at 5  6 øù 7é
log_end_at 8é
alarm_name òó 9Ö
alarm_type :Ö alarm_level ö÷  ;Ö attack_ip þÿ <= victim_ip >=victim_web_url ?=attack_chain_phase @A device_id BAtag C=comment DÖorigin_log_ids E=query_id FÖ
attack_result Gífall Hípayload îï IJ
operate_event KA attack_port LA victim_port MA
attack_method NÖ business_ext OÖ http_status PÖdns_info QÖ account_info RÖ
attacker_info SÖ victim_info TÖsuspicious_action UÖ vuln_info VÖweak_pwd WÖcompliance_baseline XÖ file_info YÖ file_tags ZÖ
endpoint_info [Ö origin_info \Ö
protocol_info ]Ö
email_info ^Ösensitive_data _Öhit_intelligence `í window_time aÖ
attack_ip_pic bÖ
victim_ip_pic cÖ operation_at déattack_direction eÖetl_time fé log_count gí is_asset_hit híhttp_req_header i=
http_req_body j=http_resp_header k=http_resp_body l=[B mnjava/lang/Number o¸ pq rsjava/time/LocalDateTimejava/lang/Stringyyyy-MM-dd HH:mm:ss.SSSyyyy-MM-dd HH:mm:ssyyyy-MM-dd'T'HH:mm:ss.SSSyyyy-MM-dd'T'HH:mm:ssyyyy-MM-dd HH:mm:ss.SSSSSSyyyy-MM-dd HH:mm:ss.SSSSSyyyy-MM-dd HH:mm:ss.Syyyy-MM-dd HH:mm:ss.SSyyyy-MM-dd'T'HH:mm:ss.SSSSSSS
yyyy-MM-ddyyyy/MM/dd HH:mm:ssyyyy/MM/dd HH:mm:ss.SSS tu tv无法解æžæ—¶é—´å­—符串: {}{ wx} yx, z{java/lang/Integerjava/lang/NumberFormatException安全(æ— å¨èƒ)低å±中å±高å±è¶…å± |}_24å°æ—¶å†…,检测到%s上产生%s告警:
å‘Šè­¦å称:%s
攻击IP:%s
攻击结果:%d  ®~ !com/common/service/AnalysisEngine'com/common/entity/AnalysisGroupByWindowjava/util/Listorg/slf4j/Logger%com/common/entity/AnalysisTaskHistoryjava/util/Iteratorcom/common/entity/Alarmnow()Ljava/time/LocalDateTime;
withSecond(I)Ljava/time/LocalDateTime;withNano getRuleId'com/common/mapper/AnalysisGroupByMapperselectByRuleId$(Ljava/lang/String;)Ljava/util/List;isEmpty()Zget(I)Ljava/lang/Object;getId()Ljava/lang/Long;java/lang/LongintValue()IvalueOf(I)Ljava/lang/Integer;-com/common/mapper/AnalysisGroupByWindowMapperselectByGroupById>(Ljava/lang/Integer;)Lcom/common/entity/AnalysisGroupByWindow; getRuleName
getWindowTypeformat8(Ljava/time/format/DateTimeFormatter;)Ljava/lang/String;info((Ljava/lang/String;[Ljava/lang/Object;)VbuilderAnalysisTaskHistoryBuilder InnerClassesD()Lcom/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilder;java/lang/SystemcurrentTimeMillis()J(J)Ljava/lang/Long;@com/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilderidT(Ljava/lang/Long;)Lcom/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilder;V(Ljava/lang/String;)Lcom/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilder;](Ljava/time/LocalDateTime;)Lcom/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilder;progressPercentW(Ljava/lang/Integer;)Lcom/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilder;
inputCount outputCountdelFlag
createTime
updateTimetenantIdappend-(Ljava/lang/String;)Ljava/lang/StringBuilder;toStringremarkbuild)()Lcom/common/entity/AnalysisTaskHistory;+com/common/mapper/AnalysisTaskHistoryMapperinsert*(Lcom/common/entity/AnalysisTaskHistory;)Iput8(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;,com/common/mapper/AnalysisAnalysisRuleMapperupdateTaskStatus7(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Long;)I%com/common/mapper/AnalysisFieldMapper.com/common/mapper/AnalysisWhereConditionMapper&com/common/mapper/AnalysisFilterMapper-com/common/mapper/AnalysisGroupByColumnMapper-com/common/mapper/AnalysisGroupByHavingMapper&com/common/service/SqlGeneratorService generateSqlÙ(Lcom/common/entity/AnalysisAnalysisRule;Ljava/util/List;Ljava/util/List;Ljava/util/List;Ljava/util/List;Ljava/util/List;Lcom/common/entity/AnalysisGroupByWindow;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;'(Ljava/lang/String;Ljava/lang/Object;)V*org/springframework/jdbc/core/JdbcTemplate queryForListcom/common/mapper/AlarmMapper batchInsert(Ljava/util/List;)Vsizejava/time/DurationbetweenP(Ljava/time/temporal/Temporal;Ljava/time/temporal/Temporal;)Ljava/time/Duration;
getSeconds
setEndTime(Ljava/time/LocalDateTime;)VsetDurationTime(Ljava/lang/Long;)VsetProgressPercent(Ljava/lang/Integer;)V
setInputCountsetOutputCount setStatus
setUpdateTimeupdateerror9(Ljava/lang/String;Ljava/lang/Object;Ljava/lang/Object;)V
getMessagelength substring(II)Ljava/lang/String; setRemarkiterator()Ljava/util/Iterator;hasNextnext()Ljava/lang/Object;add(Ljava/lang/Object;)Z"java/time/format/DateTimeFormatter ofPattern8(Ljava/lang/String;)Ljava/time/format/DateTimeFormatter;warn minusMinutes(J)Ljava/time/LocalDateTime;trim toUpperCasehashCodeequalsgetTumbleWindowSize()Ljava/lang/Integer;getTumbleWindowSizeUnit toLowerCase minusSeconds
minusHours minusDaysgetHopWindowSizegetHopWindowSizeUnitgetSessionWindowSizegetSessionWindowSizeUnit AlarmBuilder(()Lcom/common/entity/Alarm$AlarmBuilder;java/util/UUID
randomUUID()Ljava/util/UUID;$com/common/entity/Alarm$AlarmBuilder:(Ljava/lang/String;)Lcom/common/entity/Alarm$AlarmBuilder; createdAtA(Ljava/time/LocalDateTime;)Lcom/common/entity/Alarm$AlarmBuilder; updatedAt
engineType attackResult;(Ljava/lang/Integer;)Lcom/common/entity/Alarm$AlarmBuilder;java/lang/Boolean(Z)Ljava/lang/Boolean;focused;(Ljava/lang/Boolean;)Lcom/common/entity/Alarm$AlarmBuilder;
alarmLevel baseFocused isUpdated alarmSource)(I)Lcom/common/entity/Alarm$AlarmBuilder;dispositionAdvice
disposedStateattackDirectionetlTime alarmAreaIdattackChainPhase<([Ljava/lang/Integer;)Lcom/common/entity/Alarm$AlarmBuilder; judgedState()Lcom/common/entity/Alarm; containsKey&(Ljava/lang/Object;)Ljava/lang/Object;
setLogStartAt setLogEndAt setAlarmName setAlarmType
setAlarmLevel setAttackIp([Ljava/lang/String;)V setVictimIpsetVictimWebUrlsetAttackChainPhase([Ljava/lang/Integer;)V setDeviceIdsetTag
setCommentsetOriginLogIds
setQueryIdsetAttackResultsetFall
setPayload([B)VsetOperateEvent
setAttackPort
setVictimPortsetAttackMethodsetBusinessExt
setHttpStatus
setDnsInfosetAccountInfosetAttackerInfo
setVictimInfosetSuspiciousAction setVulnInfo
setWeakPwdsetComplianceBaseline setFileInfo setFileTagssetEndpointInfo
setOriginInfosetProtocolInfo setEmailInfosetSensitiveDatasetHitIntelligence
setWindowTimesetAttackIpPicsetVictimIpPicsetOperationAtsetAttackDirection
setEtlTime setLogCount
setIsAssetHitsetHttpReqHeadersetHttpReqBodysetHttpRespHeadersetHttpRespBodygetBytes()[B longValue parseLong(Ljava/lang/String;)JparseInt(Ljava/lang/String;)IparseW(Ljava/lang/CharSequence;Ljava/time/format/DateTimeFormatter;)Ljava/time/LocalDateTime;3(Ljava/lang/CharSequence;)Ljava/time/LocalDateTime;
startsWith(Ljava/lang/String;)ZendsWithsplit'(Ljava/lang/String;)[Ljava/lang/String;joinE(Ljava/lang/CharSequence;[Ljava/lang/CharSequence;)Ljava/lang/String;9(Ljava/lang/String;[Ljava/lang/Object;)Ljava/lang/String;org/slf4j/LoggerFactory getLogger%(Ljava/lang/Class;)Lorg/slf4j/Logger;!;hijklmnopmnqrmnstmnuvmnwxmnyzmn{|mn}~mnmnmnƒmn<ˆŠŒ/±Ž Œù Ã*·N-::*´¹:Æ8¹ š.¹
À : Æ*´
 ¸¹:*·:²½YSYSY,SYÆ §SY²SY²¸¸¸ "¸# ¸$ ¸%'-¶(-¶),Y·-/,¶2:*´3¹45Y·6:  7+¶¹8W 9+¶¹8W :8W =,¹8W*´>+¶?
¸¹@W*´A+¶¹B:
*´C+¶¹D: *´E+¶¹F: *´G+¶¹H:
Reference in New Issue Copy Permalink