1、完善kafka 接收消息进行sm4 解密
2、新增IP联动封禁相关的API接口,供探针模块进行调用。
This commit is contained in:
@@ -15,7 +15,7 @@ syslog.tcp.port=514
|
||||
syslog.udp.port=514
|
||||
syslog.max.frame.length=65536
|
||||
syslog.buffer.size=1000
|
||||
|
||||
syslog.sm4.generateKey=f79548ab6fa8a304fc0115e17230358a
|
||||
# InfluxDB 2.7 Configuration
|
||||
influxdb.url=http://192.168.222.131:8086
|
||||
influxdb.token=3Tvu-IZWtaY03UDkbUDlufD0kxn85keo9LhYQcv2Cxk0LJmXqqHkNVrO664DbaJAYwoGI7UIg904KqZC7Q_ZFA==
|
||||
@@ -146,4 +146,24 @@ spring.datasource.hikari.schema=public
|
||||
# 关联分析规则配置
|
||||
analysis.realtime.enabled= true
|
||||
# 检查间隔(秒) - 默认10秒
|
||||
analysis.realtime.check-interval-seconds: 10
|
||||
analysis.realtime.check-interval-seconds: 10
|
||||
|
||||
|
||||
|
||||
# ============================================
|
||||
# 探针联动API配置
|
||||
# ============================================
|
||||
# API-KEY认证(32位,建议使用随机生成的密钥)
|
||||
interlocking.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
|
||||
# API接口基础URL(供syslog-serve调用)
|
||||
interlocking.api.base-url=http://localhost:8089/xdrservice/interlocking
|
||||
|
||||
# ============================================
|
||||
# 告警健康检查配置
|
||||
# ============================================
|
||||
# 告警表无数据阈值(小时)
|
||||
alarm.health-check.alarm-hours=2
|
||||
# 告警日志表无数据阈值(小时)
|
||||
alarm.health-check.alarm-visit-hours=4
|
||||
# 是否启用定时巡检
|
||||
alarm.health-check.enabled=true
|
||||
+10
-2
@@ -57,7 +57,7 @@ mybatis-plus.type-handlers-package=com.Modules.etl.handler
|
||||
spring.kafka.consumer.bootstrap-servers=10.11.2.142:9092
|
||||
spring.kafka.consumer.group-id=agent-syslog-group
|
||||
spring.kafka.consumer.auto-offset-reset=latest
|
||||
spring.kafka.consumer.enable-auto-commit=true
|
||||
spring.kafka.consumer.enable-auto-commit=false
|
||||
spring.kafka.consumer.auto-commit-interval=1000
|
||||
spring.kafka.consumer.topic=agent-syslog-topic
|
||||
|
||||
@@ -121,6 +121,8 @@ spring.elasticsearch.password=t2NZCiajmdazxBrF
|
||||
spring.elasticsearch.connection-timeout=10s
|
||||
# Socket 超时时间
|
||||
spring.elasticsearch.socket-timeout=30s
|
||||
|
||||
|
||||
# ETL配置
|
||||
etl.batch.page-size=1000
|
||||
etl.batch.insert-batch-size=500
|
||||
@@ -140,4 +142,10 @@ spring.datasource.hikari.validation-timeout=5000
|
||||
spring.datasource.hikari.leak-detection-threshold=30000
|
||||
spring.datasource.hikari.pool-name=HikariPool-SyslogConsumer
|
||||
spring.datasource.hikari.auto-commit=false
|
||||
spring.datasource.hikari.schema=public
|
||||
spring.datasource.hikari.schema=public
|
||||
|
||||
|
||||
# 关联分析规则配置
|
||||
analysis.realtime.enabled= true
|
||||
# 检查间隔(秒) - 默认10秒
|
||||
analysis.realtime.check-interval-seconds: 10
|
||||
+20
-1
@@ -15,6 +15,7 @@ syslog.tcp.port=514
|
||||
syslog.udp.port=514
|
||||
syslog.max.frame.length=65536
|
||||
syslog.buffer.size=1000
|
||||
syslog.sm4.generateKey=f79548ab6fa8a304fc0115e17230358a
|
||||
|
||||
# InfluxDB 2.7 Configuration
|
||||
influxdb.url=http://192.168.4.26:8087
|
||||
@@ -148,4 +149,22 @@ spring.datasource.hikari.schema=public
|
||||
# 关联分析规则配置
|
||||
analysis.realtime.enabled= true
|
||||
# 检查间隔(秒) - 默认10秒
|
||||
analysis.realtime.check-interval-seconds: 10
|
||||
analysis.realtime.check-interval-seconds: 10
|
||||
|
||||
# ============================================
|
||||
# 探针联动API配置
|
||||
# ============================================
|
||||
# API-KEY认证(32位,建议使用随机生成的密钥)
|
||||
interlocking.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
|
||||
# API接口基础URL(供syslog-serve调用)
|
||||
interlocking.api.base-url=http://localhost:8089/xdrservice/interlocking
|
||||
|
||||
# ============================================
|
||||
# 告警健康检查配置
|
||||
# ============================================
|
||||
# 告警表无数据阈值(小时)
|
||||
alarm.health-check.alarm-hours=2
|
||||
# 告警日志表无数据阈值(小时)
|
||||
alarm.health-check.alarm-visit-hours=4
|
||||
# 是否启用定时巡检
|
||||
alarm.health-check.enabled=true
|
||||
@@ -15,6 +15,7 @@ syslog.tcp.port=514
|
||||
syslog.udp.port=514
|
||||
syslog.max.frame.length=65536
|
||||
syslog.buffer.size=1000
|
||||
syslog.sm4.generateKey=f79548ab6fa8a304fc0115e17230358a
|
||||
|
||||
# InfluxDB 2.7 Configuration
|
||||
influxdb.url=http://192.168.4.26:8087
|
||||
@@ -148,4 +149,22 @@ spring.datasource.hikari.schema=public
|
||||
# 关联分析规则配置
|
||||
analysis.realtime.enabled= true
|
||||
# 检查间隔(秒) - 默认10秒
|
||||
analysis.realtime.check-interval-seconds: 10
|
||||
analysis.realtime.check-interval-seconds: 10
|
||||
|
||||
# ============================================
|
||||
# 探针联动API配置
|
||||
# ============================================
|
||||
# API-KEY认证(32位,建议使用随机生成的密钥)
|
||||
interlocking.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
|
||||
# API接口基础URL(供syslog-serve调用)
|
||||
interlocking.api.base-url=http://localhost:8089/xdrservice/interlocking
|
||||
|
||||
# ============================================
|
||||
# 告警健康检查配置
|
||||
# ============================================
|
||||
# 告警表无数据阈值(小时)
|
||||
alarm.health-check.alarm-hours=2
|
||||
# 告警日志表无数据阈值(小时)
|
||||
alarm.health-check.alarm-visit-hours=4
|
||||
# 是否启用定时巡检
|
||||
alarm.health-check.enabled=true
|
||||
-1
@@ -44,7 +44,6 @@
|
||||
FROM analysis_analysis_rule
|
||||
WHERE run_mode = #{runMode}
|
||||
AND del_flag = '0'
|
||||
AND task_status IN ('stopped', 'waiting', 'STOPPED')
|
||||
AND rule_status =1
|
||||
ORDER BY priority DESC, create_time ASC
|
||||
</select>
|
||||
|
||||
+34
-34
@@ -3,6 +3,7 @@
|
||||
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
|
||||
<mapper namespace="com.common.mapper.SyslogNormalAlarmMapper">
|
||||
|
||||
|
||||
<insert id="insertDynamic" parameterType="map">
|
||||
INSERT INTO syslog_normal_alarm
|
||||
<trim prefix="(" suffix=")" suffixOverrides=",">
|
||||
@@ -405,7 +406,7 @@
|
||||
<if test="dataMap.container_name != null">#{dataMap.container_name},</if>
|
||||
<if test="dataMap.container_id != null">#{dataMap.container_id},</if>
|
||||
<if test="dataMap.http_resp_server != null">#{dataMap.http_resp_server},</if>
|
||||
<if test="dataMap.srcip_id != null">#{dataMap.srcip_id},</if>
|
||||
<if test="dataMap.srcip_id != null">#{dataMap.srcip_id}::int8,</if>
|
||||
<if test="dataMap.cdnip != null">#{dataMap.cdnip}::inet,</if>
|
||||
<if test="dataMap.natip != null">#{dataMap.natip}::inet,</if>
|
||||
<if test="dataMap.mail_sender != null">#{dataMap.mail_sender},</if>
|
||||
@@ -438,8 +439,8 @@
|
||||
<if test="dataMap.print_time != null">#{dataMap.print_time},</if>
|
||||
<if test="dataMap.printer != null">#{dataMap.printer},</if>
|
||||
<if test="dataMap.printer_type != null">#{dataMap.printer_type},</if>
|
||||
<if test="dataMap.print_pages != null">#{dataMap.print_pages},</if>
|
||||
<if test="dataMap.print_copies != null">#{dataMap.print_copies},</if>
|
||||
<if test="dataMap.print_pages != null">#{dataMap.print_pages}::int8,</if>
|
||||
<if test="dataMap.print_copies != null">#{dataMap.print_copies}::int8,</if>
|
||||
<if test="dataMap.src_device != null">#{dataMap.src_device},</if>
|
||||
<if test="dataMap.dst_device != null">#{dataMap.dst_device},</if>
|
||||
<if test="dataMap.src_file != null">#{dataMap.src_file},</if>
|
||||
@@ -456,7 +457,7 @@
|
||||
<if test="dataMap.env != null">#{dataMap.env},</if>
|
||||
<if test="dataMap.brute_force_service != null">#{dataMap.brute_force_service},</if>
|
||||
<if test="dataMap.vuirs_name != null">#{dataMap.vuirs_name},</if>
|
||||
<if test="dataMap.http_req_length != null">#{dataMap.http_req_length},</if>
|
||||
<if test="dataMap.http_req_length != null">#{dataMap.http_req_length}::int8,</if>
|
||||
<if test="dataMap.http_req_content_type != null">#{dataMap.http_req_content_type},</if>
|
||||
<if test="dataMap.tc_scan_port != null">#{dataMap.tc_scan_port}::inet,</if>
|
||||
<if test="dataMap.tc_labels != null">#{dataMap.tc_labels}::inet,</if>
|
||||
@@ -487,25 +488,25 @@
|
||||
<if test="dataMap.src_ip_apt != null">#{dataMap.src_ip_apt},</if>
|
||||
<if test="dataMap.srcip_name != null">#{dataMap.srcip_name},</if>
|
||||
<if test="dataMap.tc_client != null">#{dataMap.tc_client},</if>
|
||||
<if test="dataMap.srcip_organization_id != null">#{dataMap.srcip_organization_id},</if>
|
||||
<if test="dataMap.srcip_organization_id != null">#{dataMap.srcip_organization_id}::int8,</if>
|
||||
<if test="dataMap.dest_ip_intranetip != null">#{dataMap.dest_ip_intranetip},</if>
|
||||
<if test="dataMap.dest_ip_ioc != null">#{dataMap.dest_ip_ioc},</if>
|
||||
<if test="dataMap.desip_id != null">#{dataMap.desip_id},</if>
|
||||
<if test="dataMap.desip_id != null">#{dataMap.desip_id}::int8,</if>
|
||||
<if test="dataMap.desip_name != null">#{dataMap.desip_name},</if>
|
||||
<if test="dataMap.tc_hostip != null">#{dataMap.tc_hostip}::inet,</if>
|
||||
<if test="dataMap.desip_organization_id != null">#{dataMap.desip_organization_id},</if>
|
||||
<if test="dataMap.desip_organization_id != null">#{dataMap.desip_organization_id}::int8,</if>
|
||||
<if test="dataMap.origin_confidence != null">#{dataMap.origin_confidence},</if>
|
||||
<if test="dataMap.origin_malscore != null">#{dataMap.origin_malscore},</if>
|
||||
<if test="dataMap.attacker_icampaign != null">#{dataMap.attacker_icampaign},</if>
|
||||
<if test="dataMap.attacker_host_asset_id != null">#{dataMap.attacker_host_asset_id},</if>
|
||||
<if test="dataMap.attacker_organization_id != null">#{dataMap.attacker_organization_id},</if>
|
||||
<if test="dataMap.victim_host_asset_id != null">#{dataMap.victim_host_asset_id},</if>
|
||||
<if test="dataMap.victim_organization_id != null">#{dataMap.victim_organization_id},</if>
|
||||
<if test="dataMap.attacker_host_asset_id != null">#{dataMap.attacker_host_asset_id}::int8,</if>
|
||||
<if test="dataMap.attacker_organization_id != null">#{dataMap.attacker_organization_id}::int8,</if>
|
||||
<if test="dataMap.victim_host_asset_id != null">#{dataMap.victim_host_asset_id}::int8,</if>
|
||||
<if test="dataMap.victim_organization_id != null">#{dataMap.victim_organization_id}::int8,</if>
|
||||
<if test="dataMap.logout_time != null">#{dataMap.logout_time},</if>
|
||||
<if test="dataMap.http_req_line != null">#{dataMap.http_req_line},</if>
|
||||
<if test="dataMap.desip_security_scope_id != null">#{dataMap.desip_security_scope_id},</if>
|
||||
<if test="dataMap.srcip_security_scope_id != null">#{dataMap.srcip_security_scope_id},</if>
|
||||
<if test="dataMap.http_resp_length != null">#{dataMap.http_resp_length},</if>
|
||||
<if test="dataMap.http_resp_length != null">#{dataMap.http_resp_length}::int8,</if>
|
||||
<if test="dataMap.tc_attack_type != null">#{dataMap.tc_attack_type},</if>
|
||||
<if test="dataMap.tc_realip != null">#{dataMap.tc_realip}::inet,</if>
|
||||
<if test="dataMap.attacker_ip_lists != null">#{dataMap.attacker_ip_lists},</if>
|
||||
@@ -529,7 +530,7 @@
|
||||
<if test="dataMap.tc_client_ip != null">#{dataMap.tc_client_ip}::inet,</if>
|
||||
<if test="dataMap.tc_server_ip != null">#{dataMap.tc_server_ip}::inet,</if>
|
||||
<if test="dataMap.tc_externalip != null">#{dataMap.tc_externalip}::inet,</if>
|
||||
<if test="dataMap.http_status_code != null">#{dataMap.http_status_code},</if>
|
||||
<if test="dataMap.http_status_code != null">#{dataMap.http_status_code}::int8,</if>
|
||||
<if test="dataMap.device_domian != null">#{dataMap.device_domian},</if>
|
||||
<if test="dataMap.src_ip_str != null">#{dataMap.src_ip_str},</if>
|
||||
<if test="dataMap.src_port_str != null">#{dataMap.src_port_str},</if>
|
||||
@@ -575,12 +576,12 @@
|
||||
<if test="dataMap.origin_agent_name != null">#{dataMap.origin_agent_name},</if>
|
||||
<if test="dataMap.origin_work_group != null">#{dataMap.origin_work_group},</if>
|
||||
<if test="dataMap.origin_asset_group != null">#{dataMap.origin_asset_group},</if>
|
||||
<if test="dataMap.origin_local_port != null">#{dataMap.origin_local_port},</if>
|
||||
<if test="dataMap.origin_local_port != null">#{dataMap.origin_local_port}::int8,</if>
|
||||
<if test="dataMap.origin_agent_ip != null">#{dataMap.origin_agent_ip}::inet,</if>
|
||||
<if test="dataMap.origin_internal_ip != null">#{dataMap.origin_internal_ip}::inet,</if>
|
||||
<if test="dataMap.origin_external_ip != null">#{dataMap.origin_external_ip}::inet,</if>
|
||||
<if test="dataMap.origin_local_addr != null">#{dataMap.origin_local_addr}::inet,</if>
|
||||
<if test="dataMap.agent_id != null">#{dataMap.agent_id},</if>
|
||||
<if test="dataMap.agent_id != null">#{dataMap.agent_id}::int8,</if>
|
||||
<if test="dataMap.agent_name != null">#{dataMap.agent_name},</if>
|
||||
<if test="dataMap.tc_title != null">#{dataMap.tc_title},</if>
|
||||
<if test="dataMap.log_id != null">#{dataMap.log_id},</if>
|
||||
@@ -596,7 +597,7 @@
|
||||
<if test="dataMap.src_mac != null">#{dataMap.src_mac},</if>
|
||||
<if test="dataMap.dest_mac != null">#{dataMap.dest_mac},</if>
|
||||
<if test="dataMap.proto != null">#{dataMap.proto},</if>
|
||||
<if test="dataMap.dev_id != null">#{dataMap.dev_id},</if>
|
||||
<if test="dataMap.dev_id != null">#{dataMap.dev_id}::int8,</if>
|
||||
<if test="dataMap.created_time != null">#{dataMap.created_time},</if>
|
||||
<if test="dataMap.src_country != null">#{dataMap.src_country},</if>
|
||||
<if test="dataMap.src_country_code != null">#{dataMap.src_country_code},</if>
|
||||
@@ -631,9 +632,9 @@
|
||||
<if test="dataMap.check_item != null">#{dataMap.check_item},</if>
|
||||
<if test="dataMap.check_type != null">#{dataMap.check_type},</if>
|
||||
<if test="dataMap.attacker_ip != null">#{dataMap.attacker_ip}::inet,</if>
|
||||
<if test="dataMap.attacker_port != null">#{dataMap.attacker_port},</if>
|
||||
<if test="dataMap.attacker_port != null">#{dataMap.attacker_port}::int8,</if>
|
||||
<if test="dataMap.victim_ip != null">#{dataMap.victim_ip}::inet,</if>
|
||||
<if test="dataMap.victim_port != null">#{dataMap.victim_port},</if>
|
||||
<if test="dataMap.victim_port != null">#{dataMap.victim_port}::int8,</if>
|
||||
<if test="dataMap.attacker_city != null">#{dataMap.attacker_city},</if>
|
||||
<if test="dataMap.attacker_lon != null">#{dataMap.attacker_lon},</if>
|
||||
<if test="dataMap.attacker_lat != null">#{dataMap.attacker_lat},</if>
|
||||
@@ -686,15 +687,15 @@
|
||||
<if test="dataMap.dest_city != null">#{dataMap.dest_city},</if>
|
||||
<if test="dataMap.dest_lon != null">#{dataMap.dest_lon},</if>
|
||||
<if test="dataMap.dest_lat != null">#{dataMap.dest_lat},</if>
|
||||
<if test="dataMap.event_category != null">#{dataMap.event_category},</if>
|
||||
<if test="dataMap.attack_result != null">#{dataMap.attack_result}::int,</if>
|
||||
<if test="dataMap.event_category != null">#{dataMap.event_category}::int4,</if>
|
||||
<if test="dataMap.attack_result != null">#{dataMap.attack_result}::int4,</if>
|
||||
<if test="dataMap.probe_ip != null">#{dataMap.probe_ip}::inet,</if>
|
||||
<if test="dataMap.device_ip != null">#{dataMap.device_ip}::inet,</if>
|
||||
<if test="dataMap.device_manufacturer != null">#{dataMap.device_manufacturer},</if>
|
||||
<if test="dataMap.device_name != null">#{dataMap.device_name},</if>
|
||||
<if test="dataMap.product_name != null">#{dataMap.product_name},</if>
|
||||
<if test="dataMap.__id != null">#{dataMap.__id},</if>
|
||||
<if test="dataMap.__count != null">#{dataMap.__count},</if>
|
||||
<if test="dataMap.__count != null">#{dataMap.__count}::int8,</if>
|
||||
<if test="dataMap.__count_reason != null">#{dataMap.__count_reason},</if>
|
||||
<if test="dataMap.event_type != null">#{dataMap.event_type}::int,</if>
|
||||
<if test="dataMap.protocol != null">#{dataMap.protocol},</if>
|
||||
@@ -702,19 +703,19 @@
|
||||
<if test="dataMap.parent_name != null">#{dataMap.parent_name},</if>
|
||||
<if test="dataMap.host_file_path != null">#{dataMap.host_file_path},</if>
|
||||
<if test="dataMap.uid != null">#{dataMap.uid},</if>
|
||||
<if test="dataMap.fall != null">#{dataMap.fall},</if>
|
||||
<if test="dataMap.fall != null">#{dataMap.fall}::int4,</if>
|
||||
<if test="dataMap.tc_miguan_server_ip != null">#{dataMap.tc_miguan_server_ip}::inet,</if>
|
||||
<if test="dataMap.dev_type != null">#{dataMap.dev_type},</if>
|
||||
<if test="dataMap.collect_method != null">#{dataMap.collect_method},</if>
|
||||
<if test="dataMap.field_cate_id != null">#{dataMap.field_cate_id},</if>
|
||||
<if test="dataMap.device_type != null">#{dataMap.device_type},</if>
|
||||
<if test="dataMap.dev_type != null">#{dataMap.dev_type}::int4,</if>
|
||||
<if test="dataMap.collect_method != null">#{dataMap.collect_method}::int4,</if>
|
||||
<if test="dataMap.field_cate_id != null">#{dataMap.field_cate_id}::int4,</if>
|
||||
<if test="dataMap.device_type != null">#{dataMap.device_type}::int4,</if>
|
||||
<if test="dataMap.tc_miguan_client_ip != null">#{dataMap.tc_miguan_client_ip}::inet,</if>
|
||||
<if test="dataMap.tc_miguan_name != null">#{dataMap.tc_miguan_name}::inet,</if>
|
||||
<if test="dataMap.origin_total_packages != null">#{dataMap.origin_total_packages},</if>
|
||||
<if test="dataMap.origin_total_bytes != null">#{dataMap.origin_total_bytes},</if>
|
||||
<if test="dataMap.origin_peak_packages_rate != null">#{dataMap.origin_peak_packages_rate},</if>
|
||||
<if test="dataMap.origin_peak_bytes_rate != null">#{dataMap.origin_peak_bytes_rate},</if>
|
||||
<if test="dataMap.origin_peak_flows_rate != null">#{dataMap.origin_peak_flows_rate},</if>
|
||||
<if test="dataMap.origin_total_packages != null">#{dataMap.origin_total_packages}::int8,</if>
|
||||
<if test="dataMap.origin_total_bytes != null">#{dataMap.origin_total_bytes}::int8,</if>
|
||||
<if test="dataMap.origin_peak_packages_rate != null">#{dataMap.origin_peak_packages_rate}::int8,</if>
|
||||
<if test="dataMap.origin_peak_bytes_rate != null">#{dataMap.origin_peak_bytes_rate}::int8,</if>
|
||||
<if test="dataMap.origin_peak_flows_rate != null">#{dataMap.origin_peak_flows_rate}::int8,</if>
|
||||
<if test="dataMap.apt_orgname != null">#{dataMap.apt_orgname},</if>
|
||||
<if test="dataMap.apt_orgmsg != null">#{dataMap.apt_orgmsg},</if>
|
||||
<if test="dataMap.mail_message_id != null">#{dataMap.mail_message_id},</if>
|
||||
@@ -731,11 +732,11 @@
|
||||
<if test="dataMap.origin_source_servername != null">#{dataMap.origin_source_servername},</if>
|
||||
<if test="dataMap.mail_filename != null">#{dataMap.mail_filename},</if>
|
||||
<if test="dataMap.dst_upload_appname != null">#{dataMap.dst_upload_appname},</if>
|
||||
<if test="dataMap.target_port != null">#{dataMap.target_port},</if>
|
||||
<if test="dataMap.target_port != null">#{dataMap.target_port}::int8,</if>
|
||||
<if test="dataMap.gid != null">#{dataMap.gid},</if>
|
||||
<if test="dataMap.origin_uid != null">#{dataMap.origin_uid},</if>
|
||||
<if test="dataMap.origin_gid != null">#{dataMap.origin_gid},</if>
|
||||
<if test="dataMap.target_ports != null">#{dataMap.target_ports},</if>
|
||||
<if test="dataMap.target_ports != null">#{dataMap.target_ports}::int8,</if>
|
||||
<if test="dataMap.tc_miguan_name1 != null">#{dataMap.tc_miguan_name1},</if>
|
||||
<if test="dataMap.tc_miguan_class1 != null">#{dataMap.tc_miguan_class1},</if>
|
||||
<if test="dataMap.etl_time != null">#{dataMap.etl_time},</if>
|
||||
@@ -755,7 +756,6 @@
|
||||
<if test="dataMap.syslog_topic != null">#{dataMap.syslog_topic},</if>
|
||||
</trim>
|
||||
</insert>
|
||||
|
||||
<!-- 使用实体类插入 -->
|
||||
<insert id="insertByEntity" parameterType="com.common.entity.SyslogNormalData">
|
||||
INSERT INTO syslog_normal_alarm
|
||||
|
||||
+33
-33
@@ -541,7 +541,7 @@
|
||||
<if test="dataMap.container_name != null">#{dataMap.container_name},</if>
|
||||
<if test="dataMap.container_id != null">#{dataMap.container_id},</if>
|
||||
<if test="dataMap.http_resp_server != null">#{dataMap.http_resp_server},</if>
|
||||
<if test="dataMap.srcip_id != null">#{dataMap.srcip_id},</if>
|
||||
<if test="dataMap.srcip_id != null">#{dataMap.srcip_id}::int8,</if>
|
||||
<if test="dataMap.cdnip != null">#{dataMap.cdnip}::inet,</if>
|
||||
<if test="dataMap.natip != null">#{dataMap.natip}::inet,</if>
|
||||
<if test="dataMap.mail_sender != null">#{dataMap.mail_sender},</if>
|
||||
@@ -574,8 +574,8 @@
|
||||
<if test="dataMap.print_time != null">#{dataMap.print_time},</if>
|
||||
<if test="dataMap.printer != null">#{dataMap.printer},</if>
|
||||
<if test="dataMap.printer_type != null">#{dataMap.printer_type},</if>
|
||||
<if test="dataMap.print_pages != null">#{dataMap.print_pages},</if>
|
||||
<if test="dataMap.print_copies != null">#{dataMap.print_copies},</if>
|
||||
<if test="dataMap.print_pages != null">#{dataMap.print_pages}::int8,</if>
|
||||
<if test="dataMap.print_copies != null">#{dataMap.print_copies}::int8,</if>
|
||||
<if test="dataMap.src_device != null">#{dataMap.src_device},</if>
|
||||
<if test="dataMap.dst_device != null">#{dataMap.dst_device},</if>
|
||||
<if test="dataMap.src_file != null">#{dataMap.src_file},</if>
|
||||
@@ -592,7 +592,7 @@
|
||||
<if test="dataMap.env != null">#{dataMap.env},</if>
|
||||
<if test="dataMap.brute_force_service != null">#{dataMap.brute_force_service},</if>
|
||||
<if test="dataMap.vuirs_name != null">#{dataMap.vuirs_name},</if>
|
||||
<if test="dataMap.http_req_length != null">#{dataMap.http_req_length},</if>
|
||||
<if test="dataMap.http_req_length != null">#{dataMap.http_req_length}::int8,</if>
|
||||
<if test="dataMap.http_req_content_type != null">#{dataMap.http_req_content_type},</if>
|
||||
<if test="dataMap.tc_scan_port != null">#{dataMap.tc_scan_port}::inet,</if>
|
||||
<if test="dataMap.tc_labels != null">#{dataMap.tc_labels}::inet,</if>
|
||||
@@ -623,25 +623,25 @@
|
||||
<if test="dataMap.src_ip_apt != null">#{dataMap.src_ip_apt},</if>
|
||||
<if test="dataMap.srcip_name != null">#{dataMap.srcip_name},</if>
|
||||
<if test="dataMap.tc_client != null">#{dataMap.tc_client},</if>
|
||||
<if test="dataMap.srcip_organization_id != null">#{dataMap.srcip_organization_id},</if>
|
||||
<if test="dataMap.srcip_organization_id != null">#{dataMap.srcip_organization_id}::int8,</if>
|
||||
<if test="dataMap.dest_ip_intranetip != null">#{dataMap.dest_ip_intranetip},</if>
|
||||
<if test="dataMap.dest_ip_ioc != null">#{dataMap.dest_ip_ioc},</if>
|
||||
<if test="dataMap.desip_id != null">#{dataMap.desip_id},</if>
|
||||
<if test="dataMap.desip_id != null">#{dataMap.desip_id}::int8,</if>
|
||||
<if test="dataMap.desip_name != null">#{dataMap.desip_name},</if>
|
||||
<if test="dataMap.tc_hostip != null">#{dataMap.tc_hostip}::inet,</if>
|
||||
<if test="dataMap.desip_organization_id != null">#{dataMap.desip_organization_id},</if>
|
||||
<if test="dataMap.desip_organization_id != null">#{dataMap.desip_organization_id}::int8,</if>
|
||||
<if test="dataMap.origin_confidence != null">#{dataMap.origin_confidence},</if>
|
||||
<if test="dataMap.origin_malscore != null">#{dataMap.origin_malscore},</if>
|
||||
<if test="dataMap.attacker_icampaign != null">#{dataMap.attacker_icampaign},</if>
|
||||
<if test="dataMap.attacker_host_asset_id != null">#{dataMap.attacker_host_asset_id},</if>
|
||||
<if test="dataMap.attacker_organization_id != null">#{dataMap.attacker_organization_id},</if>
|
||||
<if test="dataMap.victim_host_asset_id != null">#{dataMap.victim_host_asset_id},</if>
|
||||
<if test="dataMap.victim_organization_id != null">#{dataMap.victim_organization_id},</if>
|
||||
<if test="dataMap.attacker_host_asset_id != null">#{dataMap.attacker_host_asset_id}::int8,</if>
|
||||
<if test="dataMap.attacker_organization_id != null">#{dataMap.attacker_organization_id}::int8,</if>
|
||||
<if test="dataMap.victim_host_asset_id != null">#{dataMap.victim_host_asset_id}::int8,</if>
|
||||
<if test="dataMap.victim_organization_id != null">#{dataMap.victim_organization_id}::int8,</if>
|
||||
<if test="dataMap.logout_time != null">#{dataMap.logout_time},</if>
|
||||
<if test="dataMap.http_req_line != null">#{dataMap.http_req_line},</if>
|
||||
<if test="dataMap.desip_security_scope_id != null">#{dataMap.desip_security_scope_id},</if>
|
||||
<if test="dataMap.srcip_security_scope_id != null">#{dataMap.srcip_security_scope_id},</if>
|
||||
<if test="dataMap.http_resp_length != null">#{dataMap.http_resp_length},</if>
|
||||
<if test="dataMap.http_resp_length != null">#{dataMap.http_resp_length}::int8,</if>
|
||||
<if test="dataMap.tc_attack_type != null">#{dataMap.tc_attack_type},</if>
|
||||
<if test="dataMap.tc_realip != null">#{dataMap.tc_realip}::inet,</if>
|
||||
<if test="dataMap.attacker_ip_lists != null">#{dataMap.attacker_ip_lists},</if>
|
||||
@@ -665,7 +665,7 @@
|
||||
<if test="dataMap.tc_client_ip != null">#{dataMap.tc_client_ip}::inet,</if>
|
||||
<if test="dataMap.tc_server_ip != null">#{dataMap.tc_server_ip}::inet,</if>
|
||||
<if test="dataMap.tc_externalip != null">#{dataMap.tc_externalip}::inet,</if>
|
||||
<if test="dataMap.http_status_code != null">#{dataMap.http_status_code},</if>
|
||||
<if test="dataMap.http_status_code != null">#{dataMap.http_status_code}::int8,</if>
|
||||
<if test="dataMap.device_domian != null">#{dataMap.device_domian},</if>
|
||||
<if test="dataMap.src_ip_str != null">#{dataMap.src_ip_str},</if>
|
||||
<if test="dataMap.src_port_str != null">#{dataMap.src_port_str},</if>
|
||||
@@ -711,12 +711,12 @@
|
||||
<if test="dataMap.origin_agent_name != null">#{dataMap.origin_agent_name},</if>
|
||||
<if test="dataMap.origin_work_group != null">#{dataMap.origin_work_group},</if>
|
||||
<if test="dataMap.origin_asset_group != null">#{dataMap.origin_asset_group},</if>
|
||||
<if test="dataMap.origin_local_port != null">#{dataMap.origin_local_port},</if>
|
||||
<if test="dataMap.origin_local_port != null">#{dataMap.origin_local_port}::int8,</if>
|
||||
<if test="dataMap.origin_agent_ip != null">#{dataMap.origin_agent_ip}::inet,</if>
|
||||
<if test="dataMap.origin_internal_ip != null">#{dataMap.origin_internal_ip}::inet,</if>
|
||||
<if test="dataMap.origin_external_ip != null">#{dataMap.origin_external_ip}::inet,</if>
|
||||
<if test="dataMap.origin_local_addr != null">#{dataMap.origin_local_addr}::inet,</if>
|
||||
<if test="dataMap.agent_id != null">#{dataMap.agent_id},</if>
|
||||
<if test="dataMap.agent_id != null">#{dataMap.agent_id}::int8,</if>
|
||||
<if test="dataMap.agent_name != null">#{dataMap.agent_name},</if>
|
||||
<if test="dataMap.tc_title != null">#{dataMap.tc_title},</if>
|
||||
<if test="dataMap.log_id != null">#{dataMap.log_id},</if>
|
||||
@@ -732,7 +732,7 @@
|
||||
<if test="dataMap.src_mac != null">#{dataMap.src_mac},</if>
|
||||
<if test="dataMap.dest_mac != null">#{dataMap.dest_mac},</if>
|
||||
<if test="dataMap.proto != null">#{dataMap.proto},</if>
|
||||
<if test="dataMap.dev_id != null">#{dataMap.dev_id},</if>
|
||||
<if test="dataMap.dev_id != null">#{dataMap.dev_id}::int8,</if>
|
||||
<if test="dataMap.created_time != null">#{dataMap.created_time},</if>
|
||||
<if test="dataMap.src_country != null">#{dataMap.src_country},</if>
|
||||
<if test="dataMap.src_country_code != null">#{dataMap.src_country_code},</if>
|
||||
@@ -767,9 +767,9 @@
|
||||
<if test="dataMap.check_item != null">#{dataMap.check_item},</if>
|
||||
<if test="dataMap.check_type != null">#{dataMap.check_type},</if>
|
||||
<if test="dataMap.attacker_ip != null">#{dataMap.attacker_ip}::inet,</if>
|
||||
<if test="dataMap.attacker_port != null">#{dataMap.attacker_port},</if>
|
||||
<if test="dataMap.attacker_port != null">#{dataMap.attacker_port}::int8,</if>
|
||||
<if test="dataMap.victim_ip != null">#{dataMap.victim_ip}::inet,</if>
|
||||
<if test="dataMap.victim_port != null">#{dataMap.victim_port},</if>
|
||||
<if test="dataMap.victim_port != null">#{dataMap.victim_port}::int8,</if>
|
||||
<if test="dataMap.attacker_city != null">#{dataMap.attacker_city},</if>
|
||||
<if test="dataMap.attacker_lon != null">#{dataMap.attacker_lon},</if>
|
||||
<if test="dataMap.attacker_lat != null">#{dataMap.attacker_lat},</if>
|
||||
@@ -822,15 +822,15 @@
|
||||
<if test="dataMap.dest_city != null">#{dataMap.dest_city},</if>
|
||||
<if test="dataMap.dest_lon != null">#{dataMap.dest_lon},</if>
|
||||
<if test="dataMap.dest_lat != null">#{dataMap.dest_lat},</if>
|
||||
<if test="dataMap.event_category != null">#{dataMap.event_category},</if>
|
||||
<if test="dataMap.attack_result != null">#{dataMap.attack_result},</if>
|
||||
<if test="dataMap.event_category != null">#{dataMap.event_category}::int4,</if>
|
||||
<if test="dataMap.attack_result != null">#{dataMap.attack_result}::int4,</if>
|
||||
<if test="dataMap.probe_ip != null">#{dataMap.probe_ip}::inet,</if>
|
||||
<if test="dataMap.device_ip != null">#{dataMap.device_ip}::inet,</if>
|
||||
<if test="dataMap.device_manufacturer != null">#{dataMap.device_manufacturer},</if>
|
||||
<if test="dataMap.device_name != null">#{dataMap.device_name},</if>
|
||||
<if test="dataMap.product_name != null">#{dataMap.product_name},</if>
|
||||
<if test="dataMap.__id != null">#{dataMap.__id},</if>
|
||||
<if test="dataMap.__count != null">#{dataMap.__count},</if>
|
||||
<if test="dataMap.__count != null">#{dataMap.__count}::int8,</if>
|
||||
<if test="dataMap.__count_reason != null">#{dataMap.__count_reason},</if>
|
||||
<if test="dataMap.event_type != null">#{dataMap.event_type}::int,</if>
|
||||
<if test="dataMap.protocol != null">#{dataMap.protocol},</if>
|
||||
@@ -838,19 +838,19 @@
|
||||
<if test="dataMap.parent_name != null">#{dataMap.parent_name},</if>
|
||||
<if test="dataMap.host_file_path != null">#{dataMap.host_file_path},</if>
|
||||
<if test="dataMap.uid != null">#{dataMap.uid},</if>
|
||||
<if test="dataMap.fall != null">#{dataMap.fall},</if>
|
||||
<if test="dataMap.fall != null">#{dataMap.fall}::int4,</if>
|
||||
<if test="dataMap.tc_miguan_server_ip != null">#{dataMap.tc_miguan_server_ip}::inet,</if>
|
||||
<if test="dataMap.dev_type != null">#{dataMap.dev_type},</if>
|
||||
<if test="dataMap.collect_method != null">#{dataMap.collect_method},</if>
|
||||
<if test="dataMap.field_cate_id != null">#{dataMap.field_cate_id},</if>
|
||||
<if test="dataMap.device_type != null">#{dataMap.device_type},</if>
|
||||
<if test="dataMap.dev_type != null">#{dataMap.dev_type}::int4,</if>
|
||||
<if test="dataMap.collect_method != null">#{dataMap.collect_method}::int4,</if>
|
||||
<if test="dataMap.field_cate_id != null">#{dataMap.field_cate_id}::int4,</if>
|
||||
<if test="dataMap.device_type != null">#{dataMap.device_type}::int4,</if>
|
||||
<if test="dataMap.tc_miguan_client_ip != null">#{dataMap.tc_miguan_client_ip}::inet,</if>
|
||||
<if test="dataMap.tc_miguan_name != null">#{dataMap.tc_miguan_name}::inet,</if>
|
||||
<if test="dataMap.origin_total_packages != null">#{dataMap.origin_total_packages},</if>
|
||||
<if test="dataMap.origin_total_bytes != null">#{dataMap.origin_total_bytes},</if>
|
||||
<if test="dataMap.origin_peak_packages_rate != null">#{dataMap.origin_peak_packages_rate},</if>
|
||||
<if test="dataMap.origin_peak_bytes_rate != null">#{dataMap.origin_peak_bytes_rate},</if>
|
||||
<if test="dataMap.origin_peak_flows_rate != null">#{dataMap.origin_peak_flows_rate},</if>
|
||||
<if test="dataMap.origin_total_packages != null">#{dataMap.origin_total_packages}::int8,</if>
|
||||
<if test="dataMap.origin_total_bytes != null">#{dataMap.origin_total_bytes}::int8,</if>
|
||||
<if test="dataMap.origin_peak_packages_rate != null">#{dataMap.origin_peak_packages_rate}::int8,</if>
|
||||
<if test="dataMap.origin_peak_bytes_rate != null">#{dataMap.origin_peak_bytes_rate}::int8,</if>
|
||||
<if test="dataMap.origin_peak_flows_rate != null">#{dataMap.origin_peak_flows_rate}::int8,</if>
|
||||
<if test="dataMap.apt_orgname != null">#{dataMap.apt_orgname},</if>
|
||||
<if test="dataMap.apt_orgmsg != null">#{dataMap.apt_orgmsg},</if>
|
||||
<if test="dataMap.mail_message_id != null">#{dataMap.mail_message_id},</if>
|
||||
@@ -867,11 +867,11 @@
|
||||
<if test="dataMap.origin_source_servername != null">#{dataMap.origin_source_servername},</if>
|
||||
<if test="dataMap.mail_filename != null">#{dataMap.mail_filename},</if>
|
||||
<if test="dataMap.dst_upload_appname != null">#{dataMap.dst_upload_appname},</if>
|
||||
<if test="dataMap.target_port != null">#{dataMap.target_port},</if>
|
||||
<if test="dataMap.target_port != null">#{dataMap.target_port}::int8,</if>
|
||||
<if test="dataMap.gid != null">#{dataMap.gid},</if>
|
||||
<if test="dataMap.origin_uid != null">#{dataMap.origin_uid},</if>
|
||||
<if test="dataMap.origin_gid != null">#{dataMap.origin_gid},</if>
|
||||
<if test="dataMap.target_ports != null">#{dataMap.target_ports},</if>
|
||||
<if test="dataMap.target_ports != null">#{dataMap.target_ports}::int8,</if>
|
||||
<if test="dataMap.tc_miguan_name1 != null">#{dataMap.tc_miguan_name1},</if>
|
||||
<if test="dataMap.tc_miguan_class1 != null">#{dataMap.tc_miguan_class1},</if>
|
||||
<if test="dataMap.etl_time != null">#{dataMap.etl_time},</if>
|
||||
|
||||
Reference in New Issue
Block a user