nanChen/ai-security-xdr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a3608952925d5000aca30bd12aaf8ab737b14799
ai-security-xdr/haobang-security-dm/syslog-consumer/target/classes/com/common/service/impl/RealtimeAnalysisEngine.class
T

241 lines
26 KiB
Plaintext
Raw Normal View History

1、新增功能探针联动处置、心跳在线检测
2026-05-28 14:30:06 +08:00
Êþº¾4
"
;#
A$
A%
A& ;'
y( )* +, +-.
/ ;0
12
Z3 45
;6 ;789
y:
;<= ;>
A? @A
BC
DE
1F
GH
GI
GJK
GL
GM
GN
GOP
GQ
GR
GST
GUV
,"W
,X
,Y
GZ
G[ ;\ ]^_
5"Ö ¬`abcd¨ ;ef gh ;i j* ;k l* ;m n* ;o p* ;q r* ;s tuv @w ;x
yzž
;{è ;| }~ +


Bƒ
B
B
B
Bˆ
B
BŠ ]ŒŸŽ @
h
B
B˜
Bšœ
t" +ž Ÿ  Ÿ¡¢
;£ +¤¥¦§¨
©ª« @¬
A­
B®
B,¯
B°
B±²
B³´µ
;
;·
;¸¹ @º
;»
;¼
Z2½¾
B¿ÀÁÂ
AÃ
AÄ
AÅÆÇ
;È
;ÉÊËÌ
;Í
;ÎÏÐÑÒ
ÓÔ
ÕÖ
ÕY
×Ø
×Ù
×Ú
×Û
×Ü
×Ý
Þß
×à
×áâ
×ã
×ä
×å
×æç
×è
×éê
×ë
×ì
×í
;î
×ï
;ð
×ñ
×ò
×óô ¬õ ¬ö
;÷
Óøù
Óúû
;ü
Óýþ
Óÿ
;
;
Ó
;
Ó
Ó
Ó

Ó 
Ó
Ó
Ó
Ó
Ó
Ó
Ó
;
Ó
Ó
Ó!"
Ó#$
Ó%&
Ó'(
Ó)*
Ó+,
Ó-.
Ó/0
Ó12
Ó34
Ó56
Ó78
Ó9:
Ó;<
Ó=>
Ó?@
ÓAB
ÓCD
ÓEF
ÓGH
ÓIJ
ÓKL
ÓMN
ÓOP
ÓQR
ÓST
ÓUV
ÓWX
ÓYZ
Ó[\
Ó]^
Ó_`
Óab
Y
Bcd
<e
1f
<2
Zghijklmnopqrstu
Av
Awxüy
Bz{
B|}
B~
ƒ
Bˆ
;
BŠ
ŒlogLorg/slf4j/Logger;sqlGeneratorService(Lcom/common/service/SqlGeneratorService;RuntimeVisibleAnnotations8Lorg/springframework/beans/factory/annotation/Autowired;
ruleMapper.Lcom/common/mapper/AnalysisAnalysisRuleMapper; fieldMapper'Lcom/common/mapper/AnalysisFieldMapper;whereConditionMapper0Lcom/common/mapper/AnalysisWhereConditionMapper;groupByColumnMapper/Lcom/common/mapper/AnalysisGroupByColumnMapper;groupByWindowMapper/Lcom/common/mapper/AnalysisGroupByWindowMapper; filterMapper(Lcom/common/mapper/AnalysisFilterMapper;groupByHavingMapper/Lcom/common/mapper/AnalysisGroupByHavingMapper;taskHistoryMapper-Lcom/common/mapper/AnalysisTaskHistoryMapper; alarmMapperLcom/common/mapper/AlarmMapper;
groupByMapper)Lcom/common/mapper/AnalysisGroupByMapper; jdbcTemplate,Lorg/springframework/jdbc/core/JdbcTemplate;RUN_MODELjava/lang/String;
ConstantValueDATE_FORMATTER$Ljava/time/format/DateTimeFormatter;<init>()VCodeLineNumberTableLocalVariableTablethis0Lcom/common/service/impl/RealtimeAnalysisEngine; executeRule9(Lcom/common/entity/AnalysisAnalysisRule;)Ljava/util/Map;groupBy#Lcom/common/entity/AnalysisGroupBy; tableNamealarmsLjava/util/List;fieldswhereConditionsfiltersgroupByColumnshavingConditionssql queryResult
alarmCountJendTimeLjava/time/LocalDateTime;durationSecondseLjava/lang/Exception;rule(Lcom/common/entity/AnalysisAnalysisRule;batchNo startTime dataEndTime
groupByWindow)Lcom/common/entity/AnalysisGroupByWindow; groupByList
dataStartTimehistory'Lcom/common/entity/AnalysisTaskHistory;resultLjava/util/Map;LocalVariableTypeTable+Ljava/util/List<Lcom/common/entity/Alarm;>;3Ljava/util/List<Lcom/common/entity/AnalysisField;>;<Ljava/util/List<Lcom/common/entity/AnalysisWhereCondition;>;4Ljava/util/List<Lcom/common/entity/AnalysisFilter;>;;Ljava/util/List<Lcom/common/entity/AnalysisGroupByColumn;>;;Ljava/util/List<Lcom/common/entity/AnalysisGroupByHaving;>;GLjava/util/List<Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;>;5Ljava/util/List<Lcom/common/entity/AnalysisGroupBy;>;5Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;
StackMapTablec¢ihŽ9ÒV Signature_(Lcom/common/entity/AnalysisAnalysisRule;)Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>; executeRules"(Ljava/util/List;)Ljava/util/List; errorResultrulesresults:Ljava/util/List<Lcom/common/entity/AnalysisAnalysisRule;>;ƒ(Ljava/util/List<Lcom/common/entity/AnalysisAnalysisRule;>;)Ljava/util/List<Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;>;stopRule(Ljava/lang/String;)VruleId
getRunMode()Ljava/lang/String;generateBatchNocalculateDataStartTime](Ljava/time/LocalDateTime;Lcom/common/entity/AnalysisGroupByWindow;)Ljava/time/LocalDateTime;
windowTypecalculateTumbleWindowStartTime
windowSizeLjava/lang/Integer;windowSizeUnitcalculateHopWindowStartTimecalculateSessionWindowStartTimesessionTimeoutsessionTimeoutUnitconvertToAlarmsJ(Lcom/common/entity/AnalysisAnalysisRule;Ljava/util/List;)Ljava/util/List;alarmLcom/common/entity/Alarm;rowœ(Lcom/common/entity/AnalysisAnalysisRule;Ljava/util/List<Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;>;)Ljava/util/List<Lcom/common/entity/Alarm;>;
getBytesValue(Ljava/lang/Object;)[BvalueLjava/lang/Object;getStringValue&(Ljava/lang/Object;)Ljava/lang/String; getLongValue$(Ljava/lang/Object;)Ljava/lang/Long;getIntegerValue'(Ljava/lang/Object;)Ljava/lang/Integer;getTimestampValue-(Ljava/lang/Object;)Ljava/time/LocalDateTime;patternstrValuepatterns[Ljava/lang/String;getStringArray'(Ljava/lang/Object;)[Ljava/lang/String;iIarr[Ljava/lang/Object;strgetIntegerArray((Ljava/lang/Object;)[Ljava/lang/Integer;!Ljava/lang/NumberFormatException;strArray[Ljava/lang/Integer;getByteArrayArray(Ljava/lang/Object;)[[B[[BconvertAlarmLevel'(Ljava/lang/Integer;)Ljava/lang/String;
eventLevel buildComment#(Ljava/util/Map;)Ljava/lang/String; victimIpsStr alarmName AttackIpsI(Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;)Ljava/lang/String;convertAttackIps'([Ljava/lang/String;)Ljava/lang/String; attackIpsdetermineAttackResult$(Ljava/util/Map;)Ljava/lang/Integer;J(Ljava/util/Map<Ljava/lang/String;Ljava/lang/Object;>;)Ljava/lang/Integer;<clinit>
SourceFileRealtimeAnalysisEngine.java(Lorg/springframework/stereotype/Service;realtimeAnalysisEngine Š ÙØ   ˜  Øš œ ž Ÿ !com/common/entity/AnalysisGroupBy ¡¢ wx£ ¤¥ ¦§¨ ©ª ÚÛ ijm开始执行实时规则: ruleId={}, ruleName={}, batchNo={}, windowType={}, dataStartTime={}, dataEndTime={}java/lang/Object «ØŽ ¬ØNONE ˆ ­® ¯° ±´µ · ¦¸¹ º» Ö¼ ©½RUNNING ¼ ¾¿ À» Á»0 ¼ ý Ľ000000 żjava/lang/StringBuilder实时分æžä»»åŠ¡ - ÆÇ ÈØ É¼ ÊË }~Ì ÍÎjava/util/HashMap ÏÐruleNamerunMode.com/common/service/impl/RealtimeAnalysisEnginerealtime oprunningÑ ÒÓ qrÔ stÕ yzÖ uv× {|Ø klÙ ÚÛ生æˆçš„SQL: {} ¯Ü ƒÝ Þœ æç ß àá â¥ã äå æ· çè éê ëì íê îê COMPLETED ïÕ ðè ñÎprocessedCountstatussuccesswaiting?规则执行æˆåŠŸ: ruleId={}, processedCount={}, alarmCount={}java/lang/Exception规则执行失败: ruleId={} òóFAILED执行失败: ôØ õ¥ ö÷ øÕstoppedfailederrorMsgjava/util/ArrayList ùú ûž üý&com/common/entity/AnalysisAnalysisRule  þÿ执行规则失败: ruleId={}å·²åœæ­¢è§„则: ruleId={}åœæ­¢è§„则失败: ruleId={}yyyyMMddHHmmssSSS A未é…置窗å£ç±»åž‹ï¼Œä½¿ç”¨é»˜è®¤æŸ¥è¯¢èŒƒå›´ï¼šæœ€è¿‘30分钟 Õ  Ø>窗å£ç±»åž‹ä¸ºç©ºï¼Œä½¿ç”¨é»˜è®¤æŸ¥è¯¢èŒƒå›´ï¼šæœ€è¿‘30分钟 Ø ¥TUMBLE  ÿHOPSESSION ÝÛ âÛ ãÛB未知窗å£ç±»åž‹: {},使用默认查询范围:最近30分钟 Ü 
  Ø:滚动窗å£å¤§å°é…置无效,使用默认值:5分钟m 
Øshd   :滚动窗å£å•ä½æ— æ•ˆ: {},使用默认å•ä½ï¼šåˆ†é’ŸI滚动窗å£æŸ¥è¯¢èŒƒå›´: 窗å£å¤§å°={}{},查询时间范围=[{}, {}]  Ø:滑动窗å£å¤§å°é…置无效,使用默认值:5分钟:滑动窗å£å•ä½æ— æ•ˆ: {},使用默认å•ä½ï¼šåˆ†é’ŸI滑动窗å£æŸ¥è¯¢èŒƒå›´: 窗å£å¤§å°={}{},查询时间范围=[{}, {}]  ØA会è¯çª—å£è¶…时时间é…置无效,使用默认值:30分钟@会è¯çª—å£è¶…æ—¶å•ä½æ— æ•ˆ: {},使用默认å•ä½ï¼šåˆ†é’Ÿ\会è¯çª—å£æŸ¥è¯¢èŒƒå›´: 超时时间={}{},é¢å¤–缓冲1天,查询时间范围=[{}, {}]
java/util/Map ±  º      !" ¦# $% !未知 & '% (% )*研判åŽå¤„ç½® + ,!other - . /!    01 2! Ê3 log_start_at 4ÿ Ÿ5 ÷ø 6è
log_end_at 7è
alarm_name ñò 8Õ
alarm_type 9Õ alarm_level õö  :Õ attack_ip ýþ ;< victim_ip =<victim_web_url ><attack_chain_phase ?@ device_id A@tag B<comment CÕorigin_log_ids D<query_id EÕ
attack_result Fìfall Gìpayload íî HI
operate_event J@ attack_port K@ victim_port L@
attack_method MÕ business_ext NÕ http_status OÕdns_info PÕ account_info QÕ
attacker_info RÕ victim_info SÕsuspicious_action TÕ vuln_info UÕweak_pwd VÕcompliance_baseline WÕ file_info XÕ file_tags YÕ
endpoint_info ZÕ origin_info [Õ
protocol_info \Õ
email_info ]Õsensitive_data ^Õhit_intelligence _ì window_time `Õ
attack_ip_pic aÕ
victim_ip_pic bÕ operation_at cèattack_direction dÕetl_time eè log_count fì is_asset_hit gìhttp_req_header h<
http_req_body i<http_resp_header j<http_resp_body k<[B lmjava/lang/Number n· op qrjava/time/LocalDateTimejava/lang/Stringyyyy-MM-dd HH:mm:ss.SSSyyyy-MM-dd HH:mm:ssyyyy-MM-dd'T'HH:mm:ss.SSSyyyy-MM-dd'T'HH:mm:ssyyyy-MM-dd HH:mm:ss.SSSSSSyyyy-MM-dd HH:mm:ss.SSSSSyyyy-MM-dd HH:mm:ss.Syyyy-MM-dd HH:mm:ss.SSyyyy-MM-dd'T'HH:mm:ss.SSSSSSS
yyyy-MM-ddyyyy/MM/dd HH:mm:ssyyyy/MM/dd HH:mm:ss.SSS st su无法解æžæ—¶é—´å­—符串: {}{ vw} xw, yzjava/lang/Integerjava/lang/NumberFormatException安全(æ— å¨èƒ)低å±中å±高å±è¶…å± {|_24å°æ—¶å†…,检测到%s上产生%s告警:
å‘Šè­¦å称:%s
攻击IP:%s
攻击结果:%d  ­}~ !com/common/service/AnalysisEngine'com/common/entity/AnalysisGroupByWindowjava/util/Listorg/slf4j/Logger%com/common/entity/AnalysisTaskHistoryjava/util/Iteratorcom/common/entity/Alarmnow()Ljava/time/LocalDateTime;
withSecond(I)Ljava/time/LocalDateTime;withNano getRuleId'com/common/mapper/AnalysisGroupByMapperselectByRuleId$(Ljava/lang/String;)Ljava/util/List;isEmpty()Zget(I)Ljava/lang/Object;getId()Ljava/lang/Long;java/lang/LongintValue()IvalueOf(I)Ljava/lang/Integer;-com/common/mapper/AnalysisGroupByWindowMapperselectByGroupById>(Ljava/lang/Integer;)Lcom/common/entity/AnalysisGroupByWindow; getRuleName
getWindowTypeformat8(Ljava/time/format/DateTimeFormatter;)Ljava/lang/String;info((Ljava/lang/String;[Ljava/lang/Object;)VbuilderAnalysisTaskHistoryBuilder InnerClassesD()Lcom/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilder;java/lang/SystemcurrentTimeMillis()J(J)Ljava/lang/Long;@com/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilderidT(Ljava/lang/Long;)Lcom/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilder;V(Ljava/lang/String;)Lcom/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilder;](Ljava/time/LocalDateTime;)Lcom/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilder;progressPercentW(Ljava/lang/Integer;)Lcom/common/entity/AnalysisTaskHistory$AnalysisTaskHistoryBuilder;
inputCount outputCountdelFlag
createTime
updateTimetenantIdappend-(Ljava/lang/String;)Ljava/lang/StringBuilder;toStringremarkbuild)()Lcom/common/entity/AnalysisTaskHistory;+com/common/mapper/AnalysisTaskHistoryMapperinsert*(Lcom/common/entity/AnalysisTaskHistory;)Iput8(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;,com/common/mapper/AnalysisAnalysisRuleMapperupdateTaskStatus7(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Long;)I%com/common/mapper/AnalysisFieldMapper.com/common/mapper/AnalysisWhereConditionMapper&com/common/mapper/AnalysisFilterMapper-com/common/mapper/AnalysisGroupByColumnMapper-com/common/mapper/AnalysisGroupByHavingMapper&com/common/service/SqlGeneratorService generateSqlÙ(Lcom/common/entity/AnalysisAnalysisRule;Ljava/util/List;Ljava/util/List;Ljava/util/List;Ljava/util/List;Ljava/util/List;Lcom/common/entity/AnalysisGroupByWindow;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;'(Ljava/lang/String;Ljava/lang/Object;)V*org/springframework/jdbc/core/JdbcTemplate queryForListcom/common/mapper/AlarmMapper batchInsert(Ljava/util/List;)Vsizejava/time/DurationbetweenP(Ljava/time/temporal/Temporal;Ljava/time/temporal/Temporal;)Ljava/time/Duration;
getSeconds
setEndTime(Ljava/time/LocalDateTime;)VsetDurationTime(Ljava/lang/Long;)VsetProgressPercent(Ljava/lang/Integer;)V
setInputCountsetOutputCount setStatus
setUpdateTimeupdateerror9(Ljava/lang/String;Ljava/lang/Object;Ljava/lang/Object;)V
getMessagelength substring(II)Ljava/lang/String; setRemarkiterator()Ljava/util/Iterator;hasNextnext()Ljava/lang/Object;add(Ljava/lang/Object;)Z"java/time/format/DateTimeFormatter ofPattern8(Ljava/lang/String;)Ljava/time/format/DateTimeFormatter;warn minusMinutes(J)Ljava/time/LocalDateTime;trim toUpperCasehashCodeequalsgetTumbleWindowSize()Ljava/lang/Integer;getTumbleWindowSizeUnit toLowerCase minusSeconds
minusHours minusDaysgetHopWindowSizegetHopWindowSizeUnitgetSessionWindowSizegetSessionWindowSizeUnit AlarmBuilder(()Lcom/common/entity/Alarm$AlarmBuilder;java/util/UUID
randomUUID()Ljava/util/UUID;$com/common/entity/Alarm$AlarmBuilder:(Ljava/lang/String;)Lcom/common/entity/Alarm$AlarmBuilder; createdAtA(Ljava/time/LocalDateTime;)Lcom/common/entity/Alarm$AlarmBuilder; updatedAt
engineType attackResult;(Ljava/lang/Integer;)Lcom/common/entity/Alarm$AlarmBuilder;java/lang/Boolean(Z)Ljava/lang/Boolean;focused;(Ljava/lang/Boolean;)Lcom/common/entity/Alarm$AlarmBuilder;
alarmLevel baseFocused isUpdated alarmSource)(I)Lcom/common/entity/Alarm$AlarmBuilder;dispositionAdvice
disposedStateattackDirectionetlTime alarmAreaIdattackChainPhase<([Ljava/lang/Integer;)Lcom/common/entity/Alarm$AlarmBuilder; judgedState()Lcom/common/entity/Alarm; containsKey&(Ljava/lang/Object;)Ljava/lang/Object;
setLogStartAt setLogEndAt setAlarmName setAlarmType
setAlarmLevel setAttackIp([Ljava/lang/String;)V setVictimIpsetVictimWebUrlsetAttackChainPhase([Ljava/lang/Integer;)V setDeviceIdsetTag
setCommentsetOriginLogIds
setQueryIdsetAttackResultsetFall
setPayload([B)VsetOperateEvent
setAttackPort
setVictimPortsetAttackMethodsetBusinessExt
setHttpStatus
setDnsInfosetAccountInfosetAttackerInfo
setVictimInfosetSuspiciousAction setVulnInfo
setWeakPwdsetComplianceBaseline setFileInfo setFileTagssetEndpointInfo
setOriginInfosetProtocolInfo setEmailInfosetSensitiveDatasetHitIntelligence
setWindowTimesetAttackIpPicsetVictimIpPicsetOperationAtsetAttackDirection
setEtlTime setLogCount
setIsAssetHitsetHttpReqHeadersetHttpReqBodysetHttpRespHeadersetHttpRespBodygetBytes()[B longValue parseLong(Ljava/lang/String;)JparseInt(Ljava/lang/String;)IparseW(Ljava/lang/CharSequence;Ljava/time/format/DateTimeFormatter;)Ljava/time/LocalDateTime;3(Ljava/lang/CharSequence;)Ljava/time/LocalDateTime;
startsWith(Ljava/lang/String;)ZendsWithsplit'(Ljava/lang/String;)[Ljava/lang/String;joinE(Ljava/lang/CharSequence;[Ljava/lang/CharSequence;)Ljava/lang/String;9(Ljava/lang/String;[Ljava/lang/Object;)Ljava/lang/String;org/slf4j/LoggerFactory getLogger%(Ljava/lang/Class;)Lorg/slf4j/Logger;!;hijklmnopmnqrmnstmnuvmnwxmnyzmn{|mn}~mnmnmnƒmn<ˆŠŒ/±Ž Œù Ã*·N-::*´¹:Æ8¹ š.¹
À : Æ*´
 ¸¹:*·:²½YSYSY,SYÆ §SY²SY²¸¸¸ "¸# ¸$ ¸%'-¶(-¶),Y·-/,¶2:*´3¹45Y·6:  7+¶¹8W 9+¶¹8W :8W =,¹8W*´>+¶?
¸¹@W*´A+¶¹B:
*´C+¶¹D: *´E+¶¹F: *´G+¶¹H:
Reference in New Issue Copy Permalink