nanChen/ai-security-xdr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a3608952925d5000aca30bd12aaf8ab737b14799
ai-security-xdr/haobang-security-dm/syslog-consumer/target/classes/com/common/service/impl/OfflineAnalysisEngine.class
T

189 lines
20 KiB
Plaintext
Raw Normal View History

1、新增功能探针联动处置、心跳在线检测
2026-05-28 14:30:06 +08:00
Êþº¾4É
È
.É
Ê .ËÌÍ
yÎ
yÏ ÐÑ
.Ò
.Ó
Ô
ÕÖ
×Ø
ÙÚ
ÛÜ
ÛÝ
ÛÞß
Ûà
á
Ûâ
Ûã
Ûäå
Ûæ
Ûç
Ûèé
Ûêë
Èì
í
î
Ûï
Ûð .ñ òóô
(È õö÷øùikl .úû üý .þ ÿ .  .  .  .  . 
    

D .
Ù  . .
  Ð .
_
. .  !  "
#$
#%
Õ&
Õ'
Õ(
Õ)
Õ*+
Õ,
Õ- ò./`012345 Ð678
h9
:
;
Õ<=>?@
tÈ  A BC BDE
.F  GHIJK
LMN
OP
QR
Qî
ST
SU
SV
SW
SX
SY
Z[
S\
S]^
S_
S`
Sa
Sbc
Sd
Sef
Sg
Sh
Si
Sjk l m
.n
Oop
Oqr
.s
Otuv
.w
.x
Oyz
.{
O|}
O~
O
.
Oƒ
O
Oˆ
OŠ
OŒ
OŽ
O
.
O
O
O˜
Oš
Oœ
Ož
OŸ 
O¡¢
O£¤
O¥¦
O§¨
O©ª
O«¬
O­®
O¯°
O±²
O³´
Oµ
O·¸
O¹º
O»¼
O½¾
O¿À
OÁÂ
OÃÄ
OÅÆ
OÇÈ
OÉÊ
OËÌ
OÍÎ
OÏÐ
OÑÒ
OÓÔ
OÕÖ
O×Ø
î
ÙÚ
 Û
ÙÜ
 
ÝÞ
ßಱá
âã
äå
æçè¾
éêëìí
îïðñlogLorg/slf4j/Logger;sqlGeneratorService(Lcom/common/service/SqlGeneratorService;RuntimeVisibleAnnotations8Lorg/springframework/beans/factory/annotation/Autowired;
ruleMapper.Lcom/common/mapper/AnalysisAnalysisRuleMapper; fieldMapper'Lcom/common/mapper/AnalysisFieldMapper;whereConditionMapper0Lcom/common/mapper/AnalysisWhereConditionMapper;groupByColumnMapper/Lcom/common/mapper/AnalysisGroupByColumnMapper; filterMapper(Lcom/common/mapper/AnalysisFilterMapper;groupByHavingMapper/Lcom/common/mapper/AnalysisGroupByHavingMapper;
groupByMapper)Lcom/common/mapper/AnalysisGroupByMapper;groupByWindowMapper/Lcom/common/mapper/AnalysisGroupByWindowMapper;taskHistoryMapper-Lcom/common/mapper/AnalysisTaskHistoryMapper; alarmMapperLcom/common/mapper/AlarmMapper; jdbcTemplate,Lorg/springframework/jdbc/core/JdbcTemplate;RUN_MODELjava/lang/String;
ConstantValueDATE_FORMATTER$Ljava/time/format/DateTimeFormatter;<init>()VCodeLineNumberTableLocalVariableTablethis/Lcom/common/service/impl/OfflineAnalysisEngine; executeRule9(Lcom/common/entity/AnalysisAnalysisRule;)Ljava/util/Map;groupBy#Lcom/common/entity/AnalysisGroupBy; tableNamealarmsLjava/util/List;fieldswhereConditionsfiltersgroupByColumnshavingConditions
groupByWindow)Lcom/common/entity/AnalysisGroupByWindow; groupByListsql queryResult
alarmCountJendTimeLjava/time/LocalDateTime;durationSecondseLjava/lang/Exception;rule(Lcom/common/entity/AnalysisAnalysisRule;batchNo startTime
dataStartTime dataEndTimehistory'Lcom/common/entity/AnalysisTaskHistory;resultLjava/util/Map;LocalVariableTypeTable+Ljava/util/List<Lcom/common/entity/Alarm;>;3Ljava/util/List<Lcom/common/entity/AnalysisField;>;<Ljava/util/List<Lcom/common/entity/AnalysisWhereCondition;>;4Ljava/util/List<Lcom/common/entity/AnalysisFilter;>;;Ljava/util/List<Lcom/common/entity/AnalysisGroupByColumn;>;;Ljava/util/List<Lcom/common/entity/AnalysisGroupByHaving;>;5Ljava/util/List<Lcom/common/entity/AnalysisGroupBy;>;GLjava/util/List<Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;>;5Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;
StackMapTableøEàÞòNóô4ë Signature_(Lcom/common/entity/AnalysisAnalysisRule;)Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>; executeRules"(Ljava/util/List;)Ljava/util/List; errorResultrulesresults:Ljava/util/List<Lcom/common/entity/AnalysisAnalysisRule;>;õƒ(Ljava/util/List<Lcom/common/entity/AnalysisAnalysisRule;>;)Ljava/util/List<Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;>;stopRule(Ljava/lang/String;)VruleId
getRunMode()Ljava/lang/String;generateBatchNoparseDataStartTimeC(Lcom/common/entity/AnalysisAnalysisRule;)Ljava/time/LocalDateTime;parseDataEndTimeconvertToAlarmsJ(Lcom/common/entity/AnalysisAnalysisRule;Ljava/util/List;)Ljava/util/List;alarmLcom/common/entity/Alarm;rowöœ(Lcom/common/entity/AnalysisAnalysisRule;Ljava/util/List<Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;>;)Ljava/util/List<Lcom/common/entity/Alarm;>;
getBytesValue(Ljava/lang/Object;)[BvalueLjava/lang/Object;getStringValue&(Ljava/lang/Object;)Ljava/lang/String; getLongValue$(Ljava/lang/Object;)Ljava/lang/Long;getIntegerValue'(Ljava/lang/Object;)Ljava/lang/Integer;getTimestampValue-(Ljava/lang/Object;)Ljava/time/LocalDateTime;getStringArray'(Ljava/lang/Object;)[Ljava/lang/String;iIarr[Ljava/lang/Object;[Ljava/lang/String;strÍgetIntegerArray((Ljava/lang/Object;)[Ljava/lang/Integer;!Ljava/lang/NumberFormatException;strArray[Ljava/lang/Integer;¹ègetByteArrayArray(Ljava/lang/Object;)[[B[[BconvertAlarmLevel'(Ljava/lang/Integer;)Ljava/lang/String;
eventLevelLjava/lang/Integer;<clinit>
SourceFileOfflineAnalysisEngine.java(Lorg/springframework/stereotype/Service;offlineAnalysisEngine HI  ÷ø '(<开始执行离线规则: ruleId={}, ruleName={}, batchNo={}java/lang/Object ù úû üý  ˜ þÿò    
  
jRUNNING 0
    0 
 000000 
java/lang/StringBuilder离线分æžä»»åŠ¡ -   
 =>  java/util/HashMap !"ruleNamerunMode-com/common/service/impl/OfflineAnalysisEngineoffline -.running# $% /0& '( 12) 56* 34+ 78, 9:-ó ./ 01!com/common/entity/AnalysisGroupBy 23 ;< 456 78 )* FG 9:; <=生æˆçš„SQL: {} ü> AB? @( š ?@A BC D5E FG H IJ KL MN OL PL COMPLETED Q RJ S processedCountstatussuccesswaiting?规则执行æˆåŠŸ: ruleId={}, processedCount={}, alarmCount={}java/lang/Exception规则执行失败: ruleId={} TUFAILED执行失败: V W5 XY ZstoppedfailederrorMsgjava/util/ArrayList [\õ ]/ ^_&com/common/entity/AnalysisAnalysisRule OP `a执行规则失败: ruleId={}å·²åœæ­¢è§„则: ruleId={}åœæ­¢è§„则失败: ruleId={}yyyyMMddHHmmssSSSb cd
java/util/Mapö fg hij  k lm nm ok pk qrs t uv r未知 wk xv yv z{研判åŽå¤„ç½® |k }rother ~k m r  log_start_at a 0ƒ ª« J
log_end_at J
alarm_name ¤¥ 
alarm_type alarm_level ¨© ¿À  attack_ip ¬­ ˆ victim_ip Švictim_web_url attack_chain_phase µ Œ device_id Žtag commentorigin_log_ids query_id 
attack_result Nfall Npayload  ¡ 
operate_event  attack_port  victim_port ˜
attack_method  business_ext š http_status dns_info œ account_info 
attacker_info ž victim_info Ÿsuspicious_action   vuln_info ¡weak_pwd ¢compliance_baseline £ file_info ¤ file_tags ¥
endpoint_info ¦ origin_info §
protocol_info ¨
email_info ©sensitive_data ªhit_intelligence «N window_time ¬
attack_ip_pic ­
victim_ip_pic ® operation_at ¯Jattack_direction °etl_time ±J log_count ²N is_asset_hit ³Nhttp_req_header ´
http_req_body µhttp_resp_header http_resp_body ·[B ¸¹java/lang/Number º »¼ ½¾java/time/LocalDateTime ¿Àjava/lang/String{ ÁÂ} ÃÂ, ÄÅjava/lang/Integerjava/lang/NumberFormatException安全(æ— å¨èƒ)低å±中å±高å±超å±Æ ÇÈyyyy-MM-dd HH:mm:ss!com/common/service/AnalysisEngine%com/common/entity/AnalysisTaskHistoryjava/util/List'com/common/entity/AnalysisGroupByWindowjava/util/Iteratorcom/common/entity/Alarmnow()Ljava/time/LocalDateTime; getRuleId getRuleNameorg/slf4j/Loggerinfo((Ljava/lang/String;[Ljava/lang/Object;)V
minusHours(J)Ljava/time/LocalDateTime;builderAnalysisTaskHistoryBuilder InnerClassesD()Lcom/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilder;java/lang/SystemcurrentTimeMillis()Jjava/lang/LongvalueOf(J)Ljava/lang/Long;@com/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilderidT(Ljava/lang/Long;)Lcom/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilder;V(Ljava/lang/String;)Lcom/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilder;](Ljava/time/LocalDateTime;)Lcom/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilder;(I)Ljava/lang/Integer;progressPercentW(Ljava/lang/Integer;)Lcom/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilder;
inputCount outputCountdelFlag
createTime
updateTimetenantIdappend-(Ljava/lang/String;)Ljava/lang/StringBuilder;toStringremarkbuild)()Lcom/common/entity/AnalysisTaskHistory;+com/common/mapper/AnalysisTaskHistoryMapperinsert*(Lcom/common/entity/AnalysisTaskHistory;)Iput8(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;,com/common/mapper/AnalysisAnalysisRuleMapperupdateTaskStatus7(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Long;)I%com/common/mapper/AnalysisFieldMapperselectByRuleId$(Ljava/lang/String;)Ljava/util/List;.com/common/mapper/AnalysisWhereConditionMapper&com/common/mapper/AnalysisFilterMapper-com/common/mapper/AnalysisGroupByColumnMapper-com/common/mapper/AnalysisGroupByHavingMapper'com/common/mapper/AnalysisGroupByMapperisEmpty()Zget(I)Ljava/lang/Object;getId()Ljava/lang/Long;intValue()I-com/common/mapper/AnalysisGroupByWindowMapperselectByGroupById>(Ljava/lang/Integer;)Lcom/common/entity/AnalysisGroupByWindow;format8(Ljava/time/format/DateTimeFormatter;)Ljava/lang/String;&com/common/service/SqlGeneratorService generateSqlÙ(Lcom/common/entity/AnalysisAnalysisRule;Ljava/util/List;Ljava/util/List;Ljava/util/List;Ljava/util/List;Ljava/util/List;Lcom/common/entity/AnalysisGroupByWindow;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;'(Ljava/lang/String;Ljava/lang/Object;)V*org/springframework/jdbc/core/JdbcTemplate queryForListcom/common/mapper/AlarmMapper batchInsert(Ljava/util/List;)Vsizejava/time/DurationbetweenP(Ljava/time/temporal/Temporal;Ljava/time/temporal/Temporal;)Ljava/time/Duration;
getSeconds
setEndTime(Ljava/time/LocalDateTime;)VsetDurationTime(Ljava/lang/Long;)VsetProgressPercent(Ljava/lang/Integer;)V
setInputCountsetOutputCount setStatus
setUpdateTimeupdateerror9(Ljava/lang/String;Ljava/lang/Object;Ljava/lang/Object;)V
getMessagelength substring(II)Ljava/lang/String; setRemarkiterator()Ljava/util/Iterator;hasNextnext()Ljava/lang/Object;add(Ljava/lang/Object;)Z"java/time/format/DateTimeFormatter ofPattern8(Ljava/lang/String;)Ljava/time/format/DateTimeFormatter; AlarmBuilder(()Lcom/common/entity/Alarm$AlarmBuilder;java/util/UUID
randomUUID()Ljava/util/UUID;$com/common/entity/Alarm$AlarmBuilder:(Ljava/lang/String;)Lcom/common/entity/Alarm$AlarmBuilder; createdAtA(Ljava/time/LocalDateTime;)Lcom/common/entity/Alarm$AlarmBuilder; updatedAt alarmName
engineType attackResult;(Ljava/lang/Integer;)Lcom/common/entity/Alarm$AlarmBuilder;java/lang/Boolean(Z)Ljava/lang/Boolean;focused;(Ljava/lang/Boolean;)Lcom/common/entity/Alarm$AlarmBuilder;
alarmLevel baseFocused isUpdated alarmSource)(I)Lcom/common/entity/Alarm$AlarmBuilder;dispositionAdvice
disposedStateattackDirectionetlTime alarmAreaId()Lcom/common/entity/Alarm; containsKey&(Ljava/lang/Object;)Ljava/lang/Object;
setLogStartAt setLogEndAt
setComment
Reference in New Issue Copy Permalink