nanChen/ai-security-xdr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

初次提交代码

Browse Source
This commit is contained in:
nanChen
2026-01-11 15:33:22 +08:00
commit 6603c6f4a1
455 changed files with 32175 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
haobang-security-xdr/syslog-consumer/src/main/resources/application-dev.properties
+125
View File
@@ -0,0 +1,125 @@
#Server Configuration
server.port=8089
server.servlet.context-path=/xdrservice
#server.address=0.0.0.0
server.tomcat.uri-encoding=UTF-8
server.error.include-message=always
server.error.include-binding-errors=always
#run.environment: dev|test|pro
server.run.environment=dev
# Syslog Server Configuration
syslog.tcp.port=514
syslog.udp.port=514
syslog.max.frame.length=65536
syslog.buffer.size=1000
# InfluxDB 2.7 Configuration
influxdb.url=http://192.168.222.131:8086
influxdb.token=3Tvu-IZWtaY03UDkbUDlufD0kxn85keo9LhYQcv2Cxk0LJmXqqHkNVrO664DbaJAYwoGI7UIg904KqZC7Q_ZFA==
influxdb.org=yelang
influxdb.bucket=yelangbucket
influxdb.batch.size=1000
influxdb.flush.interval=1000
influxdb.retry.attempts=3
influxdb.retry.delay=1000
# Application Configuration
app.worker.threads=4
app.max.queue.size=10000
app.metrics.enabled=true
#database Configuration
spring.datasource.url=jdbc:postgresql://117.72.68.72:54329/ecosys
spring.datasource.username=postgres
spring.datasource.password=TnLanWaidYSwTSG5
spring.datasource.driver-class-name=org.postgresql.Driver
# mybatis Configuration
mybatis.mapper-locations=classpath:mapper/*.xml
mybatis.type-aliases-package=com.common.entity
#mybatis handler 类
mybatis.configuration.default-statement-timeout=30
mybatis.configuration.default-fetch-size=1000
mybatis.configuration.map-underscore-to-camel-case=true
mybatis.type-handlers-package=com.Modules.etl.handler
mybatis-plus.configuration.map-underscore-to-camel-case=true
mybatis-plus.type-handlers-package=com.Modules.etl.handler
# kafka Configuration
spring.kafka.consumer.bootstrap-servers=192.168.222.130:9092
spring.kafka.consumer.group-id=test-group-app
spring.kafka.consumer.auto-offset-reset=latest
spring.kafka.consumer.enable-auto-commit=false
spring.kafka.consumer.auto-commit-interval=1000
spring.kafka.consumer.topic=test-topic
spring.kafka.consumer.max-poll-records=1000
spring.kafka.consumer.properties.max.poll.interval.ms=300000
spring.kafka.consumer.properties.session.timeout.ms=45000
#spring.kafka.consumer.key-deserializer: org.apache.kafka.common.serialization.StringDeserializer
#spring.kafka.consumer.value-deserializer: org.apache.kafka.common.serialization.StringDeserializer
spring.kafka.consumer.fetch-min-size= 1048576
spring.kafka.listener.ack-mode= manual
spring.kafka.listener.concurrency= 2
spring.kafka.listener.type=batch
# 定时任务配置
spring.task.scheduling.pool.size=10
# 日志配置
logging.level.com.common.schedule=INFO
logging.level.com.common.service=INFO
# 分区表检查配置
partition.check.tomorrow.enabled=true
partition.check.future.days=7
partition.auto.create=true
# 开发环境缓存配置
spring.redis.host=localhost
spring.redis.port=6379
# 密码(如果没有设置密码,可以省略)
spring.redis.password=
spring.redis.database=0
spring.redis.timeout=2000
spring.redis.lettuce.pool.max-active=8
spring.redis.lettuce.pool.max-wait=-1
spring.redis.lettuce.pool.max-idle=8
spring.redis.lettuce.pool.min-idle=0
# 开发环境缓存时间较短,方便调试
spring.cache.redis.time-to-live=600000
# 应用处理器配置
app.processor.thread-pool.core-pool-size=10
app.processor.thread-pool.max-pool-size=20
app.processor.thread-pool.queue-capacity=2000
app.processor.thread-pool.keep-alive-seconds=60
app.processor.batch-size=100
app.processor.process-timeout-ms=30000
# 配置 Elasticsearch
# Elasticsearch连接地址
spring.elasticsearch.uris=http://192.168.1.174:9200
# 配置 Elasticsearch 用户名
spring.elasticsearch.username=CONTAINER_NAME
# 配置 Elasticsearch 密码
spring.elasticsearch.password=t2NZCiajmdazxBrF
# 连接超时时间
spring.elasticsearch.connection-timeout=10s
# Socket 超时时间
spring.elasticsearch.socket-timeout=30s
# ETL配置
etl.batch.page-size=1000
etl.batch.insert-batch-size=500
etl.schedule.cron=0 0 2 * * ?
haobang-security-xdr/syslog-consumer/src/main/resources/application-prod-zc.properties
+124
View File
@@ -0,0 +1,124 @@
#Server Configuration [zhongcheng]
server.port=8089
server.servlet.context-path=/xdrservice
#server.address=0.0.0.0
server.tomcat.uri-encoding=UTF-8
server.error.include-message=always
server.error.include-binding-errors=always
#run.environment: dev|test|prod
server.run.environment=prod
# Syslog Server Configuration
syslog.tcp.port=514
syslog.udp.port=514
syslog.max.frame.length=65536
syslog.buffer.size=1000
# InfluxDB 2.7 Configuration
influxdb.url=http://10.11.2.141:8087
influxdb.token=_dTKzcUbYIKSo5jvLVExYki1L4wyuRKsm5XxB90CqYBzgu7GpQD-VCB4cHSd9XOhVQIBl5ke-XaL82JHsogW7Q==
influxdb.org=influxdb
influxdb.bucket=yelangbucket
influxdb.batch.size=1000
influxdb.flush.interval=1000
influxdb.retry.attempts=3
influxdb.retry.delay=1000
# Application Configuration
app.worker.threads=4
app.max.queue.size=10000
app.metrics.enabled=true
#database Configuration
spring.datasource.url=jdbc:postgresql://10.11.2.141:5432/ecosys
spring.datasource.username=ecosys
spring.datasource.password=wsYDPjrpNZPrkPrR
spring.datasource.driver-class-name=org.postgresql.Driver
# mybatis Configuration
mybatis.mapper-locations=classpath:mapper/*.xml
mybatis.type-aliases-package=com.common.entity
#mybatis handler 类
mybatis.configuration.default-statement-timeout=30
mybatis.configuration.default-fetch-size=1000
mybatis.configuration.map-underscore-to-camel-case=true
mybatis.type-handlers-package=com.Modules.etl.handler
mybatis-plus.configuration.map-underscore-to-camel-case=true
mybatis-plus.type-handlers-package=com.Modules.etl.handler
# kafka Configuration
spring.kafka.consumer.bootstrap-servers=10.11.2.142:9092
spring.kafka.consumer.group-id=agent-syslog-group
spring.kafka.consumer.auto-offset-reset=latest
spring.kafka.consumer.enable-auto-commit=true
spring.kafka.consumer.auto-commit-interval=1000
spring.kafka.consumer.topic=agent-syslog-topic
spring.kafka.consumer.max-poll-records=1000
spring.kafka.consumer.properties.max.poll.interval.ms=300000
spring.kafka.consumer.properties.session.timeout.ms=45000
#spring.kafka.consumer.key-deserializer: org.apache.kafka.common.serialization.StringDeserializer
#spring.kafka.consumer.value-deserializer: org.apache.kafka.common.serialization.StringDeserializer
spring.kafka.consumer.fetch-min-size= 1048576
spring.kafka.listener.ack-mode= manual
spring.kafka.listener.concurrency= 2
spring.kafka.listener.type=batch
# 定时任务配置
spring.task.scheduling.pool.size=10
# 日志配置
logging.level.com.common.schedule=INFO
logging.level.com.common.service=INFO
# 分区表检查配置
partition.check.tomorrow.enabled=true
partition.check.future.days=7
partition.auto.create=true
# 生产环境缓存配置
spring.redis.host=10.11.2.142
spring.redis.port=6379
# 密码(如果没有设置密码,可以省略)
spring.redis.password=redis_edP6N6
spring.redis.database=0
spring.redis.timeout=5000
#spring.redis.password=${REDIS_PASSWORD:default_prod_password}
spring.redis.lettuce.pool.max-active=20
spring.redis.lettuce.pool.max-wait=5000
spring.redis.lettuce.pool.max-idle=10
spring.redis.lettuce.pool.min-idle=5
# 生产环境缓存时间较长
spring.cache.redis.time-to-live=3600000
# 应用处理器配置
app.processor.thread-pool.core-pool-size=10
app.processor.thread-pool.max-pool-size=20
app.processor.thread-pool.queue-capacity=2000
app.processor.thread-pool.keep-alive-seconds=60
app.processor.batch-size=100
app.processor.process-timeout-ms=30000
# 配置 Elasticsearch
# Elasticsearch连接地址
spring.elasticsearch.uris=http://192.168.1.174:9200
# 配置 Elasticsearch 用户名
spring.elasticsearch.username=CONTAINER_NAME
# 配置 Elasticsearch 密码
spring.elasticsearch.password=t2NZCiajmdazxBrF
# 连接超时时间
spring.elasticsearch.connection-timeout=10s
# Socket 超时时间
spring.elasticsearch.socket-timeout=30s
# ETL配置
etl.batch.page-size=1000
etl.batch.insert-batch-size=500
etl.schedule.cron=0 0 2 * * ?
haobang-security-xdr/syslog-consumer/src/main/resources/application-prod.properties
+126
View File
@@ -0,0 +1,126 @@
#Server Configuration
server.port=8089
server.servlet.context-path=/xdrservice
#server.address=0.0.0.0
server.tomcat.uri-encoding=UTF-8
server.error.include-message=always
server.error.include-binding-errors=always
#run.environment: dev|test|pro
server.run.environment=pro
# Syslog Server Configuration
syslog.tcp.port=514
syslog.udp.port=514
syslog.max.frame.length=65536
syslog.buffer.size=1000
# InfluxDB 2.7 Configuration
influxdb.url=http://192.168.4.26:8087
influxdb.token=LFjXZyRxTf1V84oN-wwjhSjS4qIK-ZMoHzQJB67ir3qHNSBVJbMcTkPuNmM0cNxvzFEDWLYNzrz1VJKMitY5hw==
influxdb.org=influxdb
influxdb.bucket=yelangbucket
influxdb.batch.size=1000
influxdb.flush.interval=1000
influxdb.retry.attempts=3
influxdb.retry.delay=1000
# Application Configuration
app.worker.threads=4
app.max.queue.size=10000
app.metrics.enabled=true
#database Configuration
spring.datasource.url=jdbc:postgresql://192.168.4.26:5432/ecosys
spring.datasource.username=postgres
spring.datasource.password=caZ2TcmXNSW8L2Ap
spring.datasource.driver-class-name=org.postgresql.Driver
# mybatis Configuration
mybatis.mapper-locations=classpath:mapper/*.xml
mybatis.type-aliases-package=com.common.entity
#mybatis handler 类
mybatis.configuration.default-statement-timeout=30
mybatis.configuration.default-fetch-size=1000
mybatis.configuration.map-underscore-to-camel-case=true
mybatis.type-handlers-package=com.Modules.etl.handler
mybatis-plus.configuration.map-underscore-to-camel-case=true
mybatis-plus.type-handlers-package=com.Modules.etl.handler
# kafka Configuration
spring.kafka.consumer.bootstrap-servers=192.168.4.26:9092
spring.kafka.consumer.group-id=agent-syslog-group
spring.kafka.consumer.auto-offset-reset=latest
spring.kafka.consumer.enable-auto-commit=false
spring.kafka.consumer.auto-commit-interval=1000
spring.kafka.consumer.topic=agent-syslog-topic
spring.kafka.consumer.max-poll-records=1000
spring.kafka.consumer.properties.max.poll.interval.ms=300000
spring.kafka.consumer.properties.session.timeout.ms=45000
spring.kafka.consumer.fetch-min-size= 1048576
spring.kafka.listener.ack-mode= manual
spring.kafka.listener.concurrency= 2
spring.kafka.listener.type=batch
# 定时任务配置
spring.task.scheduling.pool.size=10
# 日志配置
logging.level.com.common.schedule=INFO
logging.level.com.common.service=INFO
# 分区表检查配置
partition.check.tomorrow.enabled=true
partition.check.future.days=7
partition.auto.create=true
# 生产环境缓存配置
spring.redis.host=192.168.4.26
spring.redis.port=6379
# 密码(如果没有设置密码,可以省略)
spring.redis.password=123456
spring.redis.database=0
spring.redis.timeout=5000
#spring.redis.password=${REDIS_PASSWORD:default_prod_password}
spring.redis.lettuce.pool.max-active=20
spring.redis.lettuce.pool.max-wait=5000
spring.redis.lettuce.pool.max-idle=10
spring.redis.lettuce.pool.min-idle=5
# 生产环境缓存时间较长
spring.cache.redis.time-to-live=3600000
# 应用处理器配置
app.processor.thread-pool.core-pool-size=10
app.processor.thread-pool.max-pool-size=20
app.processor.thread-pool.queue-capacity=2000
app.processor.thread-pool.keep-alive-seconds=60
app.processor.batch-size=100
app.processor.process-timeout-ms=30000
# 配置 Elasticsearch
# Elasticsearch连接地址
spring.elasticsearch.uris=http://192.168.1.174:9200
# 配置 Elasticsearch 用户名
spring.elasticsearch.username=CONTAINER_NAME
# 配置 Elasticsearch 密码
spring.elasticsearch.password=t2NZCiajmdazxBrF
# 连接超时时间
spring.elasticsearch.connection-timeout=10s
# Socket 超时时间
spring.elasticsearch.socket-timeout=30s
# ETL配置
etl.batch.page-size=1000
etl.batch.insert-batch-size=500
etl.schedule.cron=0 0 2 * * ?
haobang-security-xdr/syslog-consumer/src/main/resources/application-test.properties
+85
View File
@@ -0,0 +1,85 @@
#Server Configuration
server.port=8089
server.servlet.context-path=/xdrservice
#server.address=0.0.0.0
server.tomcat.uri-encoding=UTF-8
server.error.include-message=always
server.error.include-binding-errors=always
#run.environment: dev|test|pro
server.run.environment=test
# Syslog Server Configuration
syslog.tcp.port=514
syslog.udp.port=514
syslog.max.frame.length=65536
syslog.buffer.size=1000
# InfluxDB 2.7 Configuration
influxdb.url=http://192.168.4.32:8087
influxdb.token=53sfHaJOmBnrWxVhsZ4SzfiguSkTxYeqXR1cXgt4Q4zan43LcbXw7JOKmOOOWMppNQv6TDNyW1RVctqr5sslzw==
influxdb.org=influxdb
influxdb.bucket=yelangbucket
influxdb.batch.size=1000
influxdb.flush.interval=1000
influxdb.retry.attempts=3
influxdb.retry.delay=1000
# Application Configuration
app.worker.threads=4
app.max.queue.size=10000
app.metrics.enabled=true
#database Configuration
spring.datasource.url=jdbc:postgresql://192.168.4.32:5432/ecosys
spring.datasource.username=user_eSER8N
spring.datasource.password=password_QCYKj6
spring.datasource.driver-class-name=org.postgresql.Driver
# mybatis Configuration
mybatis.mapper-locations=classpath:mapper/*.xml
mybatis.type-aliases-package=com.common.entity
mybatis.configuration.map-underscore-to-camel-case=true
mybatis-plus.configuration.map-underscore-to-camel-case=true
mybatis-plus.type-handlers-package=com.Modules.etl.handler
# kafka Configuration
spring.kafka.consumer.bootstrap-servers=192.168.4.32:9092
spring.kafka.consumer.group-id=agent-syslog-group
spring.kafka.consumer.auto-offset-reset=latest
spring.kafka.consumer.enable-auto-commit=true
spring.kafka.consumer.auto-commit-interval=1000
spring.kafka.consumer.topic=agent-syslog-topic
# 定时任务配置
spring.task.scheduling.pool.size=10
# 日志配置
logging.level.com.common.schedule=INFO
logging.level.com.common.service=INFO
# 分区表检查配置
partition.check.tomorrow.enabled=true
partition.check.future.days=7
partition.auto.create=true
# 生产环境缓存配置
spring.redis.host=192.168.4.32
spring.redis.port=6379
# 密码(如果没有设置密码,可以省略)
spring.redis.password=redis_edP6N6
spring.redis.database=0
spring.redis.timeout=5000
#spring.redis.password=${REDIS_PASSWORD:default_prod_password}
spring.redis.lettuce.pool.max-active=20
spring.redis.lettuce.pool.max-wait=5000
spring.redis.lettuce.pool.max-idle=10
spring.redis.lettuce.pool.min-idle=5
# 生产环境缓存时间较长
spring.cache.redis.time-to-live=3600000
haobang-security-xdr/syslog-consumer/src/main/resources/application.properties
+125
View File
@@ -0,0 +1,125 @@
#Server Configuration
server.port=8089
server.servlet.context-path=/xdrservice
#server.address=0.0.0.0
server.tomcat.uri-encoding=UTF-8
server.error.include-message=always
server.error.include-binding-errors=always
#run.environment: dev|test|pro
server.run.environment=dev
# Syslog Server Configuration
syslog.tcp.port=514
syslog.udp.port=514
syslog.max.frame.length=65536
syslog.buffer.size=1000
# InfluxDB 2.7 Configuration
influxdb.url=http://192.168.222.131:8086
influxdb.token=3Tvu-IZWtaY03UDkbUDlufD0kxn85keo9LhYQcv2Cxk0LJmXqqHkNVrO664DbaJAYwoGI7UIg904KqZC7Q_ZFA==
influxdb.org=yelang
influxdb.bucket=yelangbucket
influxdb.batch.size=1000
influxdb.flush.interval=1000
influxdb.retry.attempts=3
influxdb.retry.delay=1000
# Application Configuration
app.worker.threads=4
app.max.queue.size=10000
app.metrics.enabled=true
#database Configuration
spring.datasource.url=jdbc:postgresql://117.72.68.72:54329/ecosys
spring.datasource.username=postgres
spring.datasource.password=TnLanWaidYSwTSG5
spring.datasource.driver-class-name=org.postgresql.Driver
# mybatis Configuration
mybatis.mapper-locations=classpath:mapper/*.xml
mybatis.type-aliases-package=com.common.entity
#mybatis handler 类
mybatis.configuration.default-statement-timeout=30
mybatis.configuration.default-fetch-size=1000
mybatis.configuration.map-underscore-to-camel-case=true
mybatis.type-handlers-package=com.Modules.etl.handler
mybatis-plus.configuration.map-underscore-to-camel-case=true
mybatis-plus.type-handlers-package=com.Modules.etl.handler
# kafka Configuration
spring.kafka.consumer.bootstrap-servers=192.168.222.130:9092
spring.kafka.consumer.group-id=test-group-app
spring.kafka.consumer.auto-offset-reset=latest
spring.kafka.consumer.enable-auto-commit=false
spring.kafka.consumer.auto-commit-interval=1000
spring.kafka.consumer.topic=test-topic
spring.kafka.consumer.max-poll-records=1000
spring.kafka.consumer.properties.max.poll.interval.ms=300000
spring.kafka.consumer.properties.session.timeout.ms=45000
#spring.kafka.consumer.key-deserializer: org.apache.kafka.common.serialization.StringDeserializer
#spring.kafka.consumer.value-deserializer: org.apache.kafka.common.serialization.StringDeserializer
spring.kafka.consumer.fetch-min-size= 1048576
spring.kafka.listener.ack-mode= manual
spring.kafka.listener.concurrency= 2
spring.kafka.listener.type=batch
# 定时任务配置
spring.task.scheduling.pool.size=10
# 日志配置
logging.level.com.common.schedule=INFO
logging.level.com.common.service=INFO
# 分区表检查配置
partition.check.tomorrow.enabled=true
partition.check.future.days=7
partition.auto.create=true
# 开发环境缓存配置
spring.redis.host=localhost
spring.redis.port=6379
# 密码(如果没有设置密码,可以省略)
spring.redis.password=
spring.redis.database=0
spring.redis.timeout=2000
spring.redis.lettuce.pool.max-active=8
spring.redis.lettuce.pool.max-wait=-1
spring.redis.lettuce.pool.max-idle=8
spring.redis.lettuce.pool.min-idle=0
# 开发环境缓存时间较短,方便调试
spring.cache.redis.time-to-live=600000
# 应用处理器配置
app.processor.thread-pool.core-pool-size=10
app.processor.thread-pool.max-pool-size=20
app.processor.thread-pool.queue-capacity=2000
app.processor.thread-pool.keep-alive-seconds=60
app.processor.batch-size=100
app.processor.process-timeout-ms=30000
# 配置 Elasticsearch
# Elasticsearch连接地址
spring.elasticsearch.uris=http://192.168.1.174:9200
# 配置 Elasticsearch 用户名
spring.elasticsearch.username=CONTAINER_NAME
# 配置 Elasticsearch 密码
spring.elasticsearch.password=t2NZCiajmdazxBrF
# 连接超时时间
spring.elasticsearch.connection-timeout=10s
# Socket 超时时间
spring.elasticsearch.socket-timeout=30s
# ETL配置
etl.batch.page-size=1000
etl.batch.insert-batch-size=500
etl.schedule.cron=0 0 2 * * ?
haobang-security-xdr/syslog-consumer/src/main/resources/logback.xml
+39
View File
@@ -0,0 +1,39 @@
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>logs/syslog-consumer.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>logs/syslog-consumer.%d{yyyy-MM-dd}.log</fileNamePattern>
<!-- 保留的日志文件的最大天数 -->
<maxHistory>1</maxHistory>
<!-- 所有归档日志文件的总大小上限 -->
<totalSizeCap>15GB</totalSizeCap>
<!-- 启动时是否清理过期日志 -->
<cleanHistoryOnStart>true</cleanHistoryOnStart>
</rollingPolicy>
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<root level="INFO">
<appender-ref ref="CONSOLE" />
<appender-ref ref="FILE" />
</root>
<logger name="com.influx" level="INFO" />
<logger name="io.netty" level="WARN" />
<!-- 专门屏蔽ProducerConfig的INFO日志 -->
<logger name="org.apache.kafka.clients.producer.ProducerConfig" level="WARN"/>
<!-- 或者更通用地,屏蔽整个Kafka客户端包的INFO日志 -->
<logger name="org.apache.kafka.clients" level="WARN"/>
</configuration>
haobang-security-xdr/syslog-consumer/src/main/resources/mapper/AppLogMapper.xml
+22
View File
@@ -0,0 +1,22 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.example.esdemo.mapper.AppLogMapper">
<insert id="batchInsert" parameterType="list">
INSERT INTO applog (
es_index, es_type, es_id, es_score, dt_time, collect_time, log_type,
trace_id, method, app_name, ip, class_name, env, content, thread_name,
log_level, seq, indexed_at, log_date, created_at, updated_at
) VALUES
<foreach collection="list" item="item" separator=",">
(
#{item.esIndex}, #{item.esType}, #{item.esId}, #{item.esScore}, #{item.dtTime},
#{item.collectTime}, #{item.logType}, #{item.traceId}, #{item.method},
#{item.appName}, #{item.ip}, #{item.className}, #{item.env}, #{item.content},
#{item.threadName}, #{item.logLevel}, #{item.seq}, #{item.indexedAt},
#{item.logDate}, #{item.createdAt}, #{item.updatedAt}
)
</foreach>
</insert>
</mapper>
haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DeviceCollectTaskMapper.xml
+67
View File
@@ -0,0 +1,67 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.common.mapper.DeviceCollectTaskMapper">
<resultMap id="BaseResultMap" type="com.common.entity.DeviceCollectTask">
<id column="id" property="id" />
<result column="created_at" property="createdAt" />
<result column="updated_at" property="updatedAt" />
<result column="deleted_at" property="deletedAt" />
<result column="device_id" property="deviceId" />
<result column="method" property="method" />
<result column="task_name" property="taskName" />
<result column="first_time" property="firstTime" />
<result column="last_success_time" property="lastSuccessTime" />
<result column="last_failed_time" property="lastFailedTime" />
<result column="detail_id" property="detailId" />
<result column="epm" property="epm" />
<result column="epm_peak" property="epmPeak" />
<result column="process_architecture" property="processArchitecture" />
<result column="task_count" property="taskCount" />
<result column="recent_discover_time" property="recentDiscoverTime" />
<result column="epm_upper_limit" property="epmUpperLimit" />
</resultMap>
<sql id="Base_Column_List">
id, created_at, updated_at, deleted_at, device_id, method, task_name,
first_time, last_success_time, last_failed_time, detail_id, epm, epm_peak,
process_architecture, task_count, recent_discover_time, epm_upper_limit
</sql>
<!-- 多条件组合查询 -->
<select id="selectByCondition" parameterType="com.common.entity.DeviceCollectTask" resultMap="BaseResultMap">
SELECT <include refid="Base_Column_List" />
FROM device_collect_task
<where>
<if test="deviceId != null">
AND device_id = #{deviceId}
</if>
<if test="method != null">
AND method = #{method}
</if>
<if test="taskName != null and taskName != ''">
AND task_name LIKE CONCAT('%', #{taskName}, '%')
</if>
<if test="detailId != null">
AND detail_id = #{detailId}
</if>
<if test="processArchitecture != null">
AND process_architecture = #{processArchitecture}
</if>
<if test="epmUpperLimit != null">
AND epm_upper_limit = #{epmUpperLimit}
</if>
<!-- 时间范围查询 -->
<if test="firstTime != null">
AND first_time >= #{firstTime}
</if>
<if test="lastSuccessTime != null">
AND last_success_time >= #{lastSuccessTime}
</if>
</where>
ORDER BY updated_at DESC
</select>
</mapper>
haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DeviceReceiveLogMapper.xml
+164
View File
@@ -0,0 +1,164 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.common.mapper.DeviceReceiveLogMapper">
<!-- 结果映射 -->
<resultMap id="BaseResultMap" type="com.common.entity.DeviceReceiveLog">
<id column="id" property="id" />
<result column="created_at" property="createdAt" />
<result column="device_collect_id" property="deviceCollectId" />
<result column="device_id" property="deviceId" />
<result column="device_ip" property="deviceIp" />
<result column="receive_time" property="receiveTime" />
<result column="receive_time_str" property="receiveTimeStr" />
<result column="syslog_message" property="syslogMessage" />
</resultMap>
<!-- 插入单条记录 -->
<insert id="insert" parameterType="com.common.entity.DeviceReceiveLog" useGeneratedKeys="true" keyProperty="id">
INSERT INTO device_receive_log (
created_at,
device_collect_id,
device_id,
device_ip,
receive_time,
receive_time_str,
syslog_message
) VALUES (
COALESCE(#{createdAt}, NOW() AT TIME ZONE 'utc'),
#{deviceCollectId},
#{deviceId},
#{deviceIp}::inet,
#{receiveTime},
#{receiveTimeStr},
#{syslogMessage}
)
</insert>
<!-- 批量插入(高性能) -->
<insert id="batchInsert" parameterType="java.util.List">
INSERT INTO device_receive_log (
created_at,
device_collect_id,
device_id,
device_ip,
receive_time,
receive_time_str,
syslog_message
) VALUES
<foreach collection="list" item="item" separator=",">
(
COALESCE(#{item.createdAt}, NOW() AT TIME ZONE 'utc'),
#{item.deviceCollectId},
#{item.deviceId},
#{item.deviceIp}::inet,
#{item.receiveTime},
#{item.receiveTimeStr},
#{item.syslogMessage}
)
</foreach>
</insert>
<!-- 根据ID查询 -->
<select id="selectById" resultMap="BaseResultMap">
SELECT * FROM device_receive_log
WHERE id = #{id}
</select>
<!-- 根据设备ID查询 -->
<select id="selectByDeviceId" resultMap="BaseResultMap">
SELECT * FROM device_receive_log
WHERE device_id = #{deviceId}
ORDER BY receive_time DESC
</select>
<!-- 根据采集探针ID查询 -->
<select id="selectByCollectId" resultMap="BaseResultMap">
SELECT * FROM device_receive_log
WHERE device_collect_id = #{collectId}
ORDER BY receive_time DESC
</select>
<!-- 根据IP地址查询(使用PostgreSQL的inet操作符) -->
<select id="selectByDeviceIp" resultMap="BaseResultMap">
SELECT * FROM device_receive_log
WHERE device_ip >>= #{deviceIp}::inet
ORDER BY receive_time DESC
</select>
<!-- 根据时间范围查询(利用created_at索引) -->
<select id="selectByTimeRange" resultMap="BaseResultMap">
SELECT * FROM device_receive_log
WHERE created_at BETWEEN #{startTime} AND #{endTime}
ORDER BY created_at DESC
</select>
<!-- 多条件组合查询(动态SQL -->
<select id="selectByCondition" parameterType="com.common.entity.DeviceReceiveLog" resultMap="BaseResultMap">
SELECT * FROM device_receive_log
<where>
<if test="deviceId != null">
AND device_id = #{deviceId}
</if>
<if test="deviceCollectId != null">
AND device_collect_id = #{deviceCollectId}
</if>
<if test="deviceIp != null and deviceIp != ''">
AND device_ip >>= #{deviceIp}::inet
</if>
<if test="receiveTime != null">
AND receive_time >= #{receiveTime}
</if>
<if test="syslogMessage != null and syslogMessage != ''">
AND syslog_message LIKE CONCAT('%', #{syslogMessage}, '%')
</if>
</where>
ORDER BY created_at DESC
</select>
<!-- 统计数量 -->
<select id="countByCondition" parameterType="com.common.entity.DeviceReceiveLog" resultType="java.lang.Long">
SELECT COUNT(*) FROM device_receive_log
<where>
<if test="deviceId != null">
AND device_id = #{deviceId}
</if>
<if test="deviceCollectId != null">
AND device_collect_id = #{deviceCollectId}
</if>
<if test="deviceIp != null and deviceIp != ''">
AND device_ip >>= #{deviceIp}::inet
</if>
<if test="receiveTime != null">
AND receive_time >= #{receiveTime}
</if>
</where>
</select>
<!-- 删除时间范围内的数据 -->
<delete id="deleteByTimeRange">
DELETE FROM device_receive_log
WHERE created_at BETWEEN #{startTime} AND #{endTime}
</delete>
<!-- 获取最近N条记录 -->
<select id="selectRecent" resultMap="BaseResultMap">
SELECT * FROM device_receive_log
ORDER BY created_at DESC
LIMIT #{limit}
</select>
<!-- 按设备分组统计 -->
<select id="countByDeviceGroup" resultType="java.util.Map">
SELECT
device_id,
COUNT(*) as log_count,
MIN(receive_time) as first_receive_time,
MAX(receive_time) as last_receive_time
FROM device_receive_log
GROUP BY device_id
ORDER BY log_count DESC
</select>
</mapper>
haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DmColumnMapper.xml
+95
View File
@@ -0,0 +1,95 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.common.mapper.DmColumnMapper">
<resultMap id="BaseResultMap" type="com.common.entity.DmColumn">
<id column="id" property="id" jdbcType="BIGINT"/>
<result column="created_at" property="createdAt"/>
<result column="updated_at" property="updatedAt" />
<result column="deleted_at" property="deletedAt" />
<result column="name" property="name" jdbcType="VARCHAR"/>
<result column="display_name" property="displayName" jdbcType="VARCHAR"/>
<result column="storage_data_type" property="storageDataType" jdbcType="BIGINT"/>
<result column="business_data_type" property="businessDataType" jdbcType="BIGINT"/>
<result column="is_built_in" property="isBuiltIn" jdbcType="BOOLEAN"/>
<result column="is_hidden" property="isHidden" jdbcType="BOOLEAN"/>
<result column="is_not_normalizable" property="isNotNormalizable" jdbcType="BOOLEAN"/>
<result column="is_required" property="isRequired" jdbcType="BOOLEAN"/>
<result column="category_id" property="categoryId" jdbcType="INTEGER"/>
<result column="custom_asset_category_id" property="customAssetCategoryId" jdbcType="INTEGER"/>
<result column="is_virtual" property="isVirtual" jdbcType="BOOLEAN"/>
<result column="table_id" property="tableId" jdbcType="INTEGER"/>
<result column="asset_table_id" property="assetTableId" jdbcType="INTEGER"/>
<result column="column_set_id" property="columnSetId" jdbcType="INTEGER"/>
<result column="base_type" property="baseType" jdbcType="INTEGER"/>
<result column="user_task_id" property="userTaskId" jdbcType="INTEGER"/>
<result column="created_by_id" property="createdById" jdbcType="BIGINT"/>
<result column="create_dept" property="createDept" jdbcType="BIGINT"/>
<result column="create_by" property="createBy" jdbcType="BIGINT"/>
<result column="create_time" property="createTime"/>
<result column="update_by" property="updateBy" jdbcType="BIGINT"/>
<result column="update_time" property="updateTime"/>
</resultMap>
<!-- 条件查询 -->
<select id="findByCondition" parameterType="com.common.entity.DmColumn" resultMap="BaseResultMap">
SELECT * FROM dm_column
WHERE deleted_at IS NULL
<if test="name != null and name != ''">
AND name = #{name}
</if>
<if test="displayName != null and displayName != ''">
AND display_name LIKE CONCAT('%', #{displayName}, '%')
</if>
<if test="isBuiltIn != null">
AND is_built_in = #{isBuiltIn}
</if>
<if test="isHidden != null">
AND is_hidden = #{isHidden}
</if>
<if test="isRequired != null">
AND is_required = #{isRequired}
</if>
<if test="categoryId != null">
AND category_id = #{categoryId}
</if>
<if test="tableId != null">
AND table_id = #{tableId}
</if>
ORDER BY id DESC
</select>
<select id="findById" parameterType="java.lang.Long" resultMap="BaseResultMap">
SELECT Id, created_at::timestamp as created_at ,
updated_at::timestamp as updated_at , deleted_at::timestamp as deleted_at , name, display_name,
storage_data_type, business_data_type, is_built_in, is_hidden,
is_not_normalizable, is_required, category_id, custom_asset_category_id,
is_virtual, table_id, asset_table_id, column_set_id, base_type,
user_task_id, created_by_id, create_dept, create_by, create_time::timestamp as create_time ,
update_by, update_time::timestamp as update_time
FROM dm_column
WHERE id = #{id} AND deleted_at IS NULL
</select>
<!-- 查询全部正常字段-->
<select id="selectAllNormal" parameterType="java.lang.Long" resultType="java.util.LinkedHashMap">
SELECT Id, created_at::timestamp as created_at ,
updated_at::timestamp as updated_at , deleted_at::timestamp as deleted_at , name, display_name,
storage_data_type, business_data_type, is_built_in, is_hidden,
is_not_normalizable, is_required, category_id, custom_asset_category_id,
is_virtual, table_id, asset_table_id, column_set_id, base_type,
user_task_id, created_by_id, create_dept, create_by, create_time::timestamp as create_time ,
update_by, update_time::timestamp as update_time
FROM dm_column
where deleted_at is null and id in ( select distinct column_id from dm_field_table_column where deleted_at is null
)
</select>
</mapper>
haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DmNormalizeRuleMapper.xml
+160
View File
@@ -0,0 +1,160 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.common.mapper.DmNormalizeRuleMapper">
<resultMap id="BaseResultMap" type="com.common.entity.DmNormalizeRule">
<id column="id" property="id" />
<result column="created_at" property="createdAt" />
<result column="updated_at" property="updatedAt" />
<result column="deleted_at" property="deletedAt" />
<result column="name" property="name" />
<result column="display_name" property="displayName" />
<result column="description" property="description" />
<result column="is_built_in" property="isBuiltIn" />
<result column="is_running" property="isRunning" />
<result column="first_data_saved_at" property="firstDataSavedAt" />
<result column="data_type" property="dataType" />
<result column="field_cate_id" property="fieldCateId" />
<result column="log_parsed" property="logParsed" />
<result column="sample_logs" property="sampleLogs" typeHandler="org.apache.ibatis.type.ArrayTypeHandler" />
<result column="is_data_merge_enabled" property="isDataMergeEnabled" />
<result column="data_merge_interval" property="dataMergeInterval" />
<result column="data_merge_time_unit" property="dataMergeTimeUnit" />
<result column="data_merge_row_limit" property="dataMergeRowLimit" />
<result column="data_merge_columns" property="dataMergeColumns" />
<result column="data_storage_medium" property="dataStorageMedium" />
<result column="created_by_id" property="createdById" />
<result column="group_id" property="groupId" />
<result column="rule_content" property="ruleContent" />
<result column="built_in_version" property="builtInVersion" />
<result column="tenant_id" property="tenantId" />
<result column="create_time" property="createTime" />
<result column="update_time" property="updateTime" />
<result column="create_by" property="createBy" />
<result column="update_by" property="updateBy" />
<result column="del_flag" property="delFlag" />
<result column="create_dept" property="createDept" />
</resultMap>
<sql id="Base_Column_List">
id, created_at, updated_at, deleted_at, name, display_name, description,
is_built_in, is_running, first_data_saved_at, data_type, field_cate_id,
log_parsed, sample_logs, is_data_merge_enabled, data_merge_interval,
data_merge_time_unit, data_merge_row_limit, data_merge_columns,
data_storage_medium, created_by_id, group_id, rule_content,
built_in_version, tenant_id, create_time, update_time, create_by,
update_by, del_flag, create_dept
</sql>
<!-- 根据ID查询 -->
<select id="selectById" parameterType="java.lang.Long" resultMap="BaseResultMap">
SELECT
id,
created_at::timestamp as created_at, <!-- 转换为 timestamp -->
updated_at::timestamp as updated_at,
deleted_at::timestamp as deleted_at,
first_data_saved_at::timestamp as first_data_saved_at,
create_time::timestamp as create_time,
update_time::timestamp as update_time,
name, display_name, description, is_built_in, is_running,
data_type, field_cate_id, log_parsed, sample_logs,
is_data_merge_enabled, data_merge_interval, data_merge_time_unit,
data_merge_row_limit, data_merge_columns, data_storage_medium,
created_by_id, group_id, rule_content, built_in_version, tenant_id,
create_by, update_by, del_flag, create_dept
FROM dm_normalize_rule
WHERE id = #{id} AND del_flag = '0'
</select>
<!-- 根据ID查询 -->
<select id="selectByDeviceId" parameterType="java.lang.Long" resultType="java.util.LinkedHashMap">
SELECT
id,
created_at::timestamp as created_at, <!-- 转换为 timestamp -->
updated_at::timestamp as updated_at,
deleted_at::timestamp as deleted_at,
first_data_saved_at::timestamp as first_data_saved_at,
create_time::timestamp as create_time,
update_time::timestamp as update_time,
name, display_name, description, is_built_in, is_running,
data_type, field_cate_id, log_parsed, sample_logs,
is_data_merge_enabled, data_merge_interval, data_merge_time_unit,
data_merge_row_limit, data_merge_columns, data_storage_medium,
created_by_id, group_id, rule_content, built_in_version, tenant_id,
create_by, update_by, del_flag, create_dept
FROM dm_normalize_rule
WHERE id in ( select normalize_rule_id from dm_normalize_rule_device where device_id =#{id}) AND del_flag = '0'
</select>
<!-- 根据ID和租户ID查询 -->
<select id="selectByIdAndTenant" resultMap="BaseResultMap">
SELECT
<include refid="Base_Column_List" />
FROM dm_normalize_rule
WHERE id = #{id} AND tenant_id = #{tenantId} AND del_flag = '0'
</select>
<!-- 根据ID更新 -->
<update id="updateById" parameterType="com.common.entity.DmNormalizeRule">
UPDATE dm_normalize_rule
<set>
<if test="updatedAt != null">updated_at = #{updatedAt},</if>
<if test="name != null">name = #{name},</if>
<if test="displayName != null">display_name = #{displayName},</if>
<if test="description != null">description = #{description},</if>
<if test="isBuiltIn != null">is_built_in = #{isBuiltIn},</if>
<if test="isRunning != null">is_running = #{isRunning},</if>
<if test="firstDataSavedAt != null">first_data_saved_at = #{firstDataSavedAt},</if>
<if test="dataType != null">data_type = #{dataType},</if>
<if test="fieldCateId != null">field_cate_id = #{fieldCateId},</if>
<if test="logParsed != null">log_parsed = #{logParsed},</if>
<if test="sampleLogs != null">sample_logs = #{sampleLogs, typeHandler=org.apache.ibatis.type.ArrayTypeHandler},</if>
<if test="isDataMergeEnabled != null">is_data_merge_enabled = #{isDataMergeEnabled},</if>
<if test="dataMergeInterval != null">data_merge_interval = #{dataMergeInterval},</if>
<if test="dataMergeTimeUnit != null">data_merge_time_unit = #{dataMergeTimeUnit},</if>
<if test="dataMergeRowLimit != null">data_merge_row_limit = #{dataMergeRowLimit},</if>
<if test="dataMergeColumns != null">data_merge_columns = #{dataMergeColumns},</if>
<if test="dataStorageMedium != null">data_storage_medium = #{dataStorageMedium},</if>
<if test="ruleContent != null">rule_content = #{ruleContent},</if>
<if test="builtInVersion != null">built_in_version = #{builtInVersion},</if>
<if test="updateTime != null">update_time = #{updateTime},</if>
<if test="updateBy != null">update_by = #{updateBy},</if>
</set>
WHERE id = #{id} AND del_flag = '0'
</update>
<!-- 根据ID和租户ID更新 -->
<update id="updateByIdAndTenant" parameterType="com.common.entity.DmNormalizeRule">
UPDATE dm_normalize_rule
<set>
<if test="updatedAt != null">updated_at = #{updatedAt},</if>
<if test="name != null">name = #{name},</if>
<if test="displayName != null">display_name = #{displayName},</if>
<if test="description != null">description = #{description},</if>
<if test="isBuiltIn != null">is_built_in = #{isBuiltIn},</if>
<if test="isRunning != null">is_running = #{isRunning},</if>
<if test="firstDataSavedAt != null">first_data_saved_at = #{firstDataSavedAt},</if>
<if test="dataType != null">data_type = #{dataType},</if>
<if test="fieldCateId != null">field_cate_id = #{fieldCateId},</if>
<if test="logParsed != null">log_parsed = #{logParsed},</if>
<if test="sampleLogs != null">sample_logs = #{sampleLogs, typeHandler=org.apache.ibatis.type.ArrayTypeHandler},</if>
<if test="isDataMergeEnabled != null">is_data_merge_enabled = #{isDataMergeEnabled},</if>
<if test="dataMergeInterval != null">data_merge_interval = #{dataMergeInterval},</if>
<if test="dataMergeTimeUnit != null">data_merge_time_unit = #{dataMergeTimeUnit},</if>
<if test="dataMergeRowLimit != null">data_merge_row_limit = #{dataMergeRowLimit},</if>
<if test="dataMergeColumns != null">data_merge_columns = #{dataMergeColumns},</if>
<if test="dataStorageMedium != null">data_storage_medium = #{dataStorageMedium},</if>
<if test="ruleContent != null">rule_content = #{ruleContent},</if>
<if test="builtInVersion != null">built_in_version = #{builtInVersion},</if>
<if test="updateTime != null">update_time = #{updateTime},</if>
<if test="updateBy != null">update_by = #{updateBy},</if>
</set>
WHERE id = #{id} AND tenant_id = #{tenantId} AND del_flag = '0'
</update>
</mapper>
haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SecExceptionAlgorithmMapper.xml
+67
View File
@@ -0,0 +1,67 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.common.mapper.SecExceptionAlgorithmMapper">
<!-- 基本的结果映射,与注解方式一致 -->
<resultMap id="algorithmResultMap" type="com.common.entity.SecExceptionAlgorithm">
<id property="id" column="id" jdbcType="BIGINT"/>
<result property="algorithmName" column="algorithm_name" jdbcType="VARCHAR"/>
<result property="exceptionType" column="exception_type" jdbcType="VARCHAR"/>
<result property="dataSource" column="data_source" jdbcType="VARCHAR"/>
<result property="status" column="status" jdbcType="SMALLINT"/>
<result property="description" column="description" jdbcType="VARCHAR"/>
<result property="configInfo" column="config_info" jdbcType="VARCHAR"/>
<result property="operatorZipUrl" column="operator_zip_url" jdbcType="VARCHAR"/>
<result property="remark" column="remark" jdbcType="VARCHAR"/>
<result property="createBy" column="create_by" jdbcType="VARCHAR"/>
<result property="createTime" column="create_time" jdbcType="TIMESTAMP"/>
<result property="updateBy" column="update_by" jdbcType="VARCHAR"/>
<result property="updateTime" column="update_time" jdbcType="TIMESTAMP"/>
<result property="tenantId" column="tenant_id" jdbcType="VARCHAR"/>
<result property="delFlag" column="del_flag" jdbcType="CHAR"/>
<result property="createDept" column="create_dept" jdbcType="BIGINT"/>
<result property="apiUrl" column="api_url" jdbcType="VARCHAR"/>
<result property="apiMethod" column="api_method" jdbcType="VARCHAR"/>
<result property="respUrl" column="resp_url" jdbcType="VARCHAR"/>
</resultMap>
<!-- 使用XML方式定义的findById方法 -->
<select id="findById" parameterType="java.lang.Long" resultMap="algorithmResultMap">
SELECT *
FROM sec_exception_algorithm
WHERE id = #{id, jdbcType=BIGINT}
</select>
<!-- 批量查询 -->
<select id="findByIds" parameterType="java.util.List" resultMap="algorithmResultMap">
SELECT *
FROM sec_exception_algorithm
WHERE id IN
<foreach collection="list" item="id" open="(" separator="," close=")">
#{id, jdbcType=BIGINT}
</foreach>
AND status = 1 AND del_flag = '0'
</select>
<!-- 条件查询 -->
<select id="findByCondition" parameterType="java.util.Map" resultMap="algorithmResultMap">
SELECT *
FROM sec_exception_algorithm
WHERE del_flag = '0'
<if test="status != null">
AND status = #{status, jdbcType=SMALLINT}
</if>
<if test="exceptionType != null and exceptionType != ''">
AND exception_type = #{exceptionType, jdbcType=VARCHAR}
</if>
<if test="dataSource != null and dataSource != ''">
AND data_source = #{dataSource, jdbcType=VARCHAR}
</if>
<if test="algorithmName != null and algorithmName != ''">
AND algorithm_name LIKE CONCAT('%', #{algorithmName, jdbcType=VARCHAR}, '%')
</if>
ORDER BY create_time DESC
</select>
</mapper>
haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SyslogNonNormalMessageMapper.xml
+146
View File
@@ -0,0 +1,146 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.common.mapper.SyslogNonNormalMessageMapper">
<!-- 基础结果映射 -->
<resultMap id="BaseResultMap" type="com.common.entity.SyslogNonNormalMessage">
<id column="id" property="id" />
<result column="created_at" property="createdAt" />
<result column="log_time" property="logTime" />
<result column="device_id" property="deviceId" />
<result column="syslog_message" property="syslogMessage" />
<result column="syslog_uuid" property="syslogUuid" />
<result column="syslog_topic" property="syslogTopic" />
<result column="tenant_id" property="tenantId" />
<result column="create_time" property="createTime" />
<result column="update_time" property="updateTime" />
<result column="create_by" property="createBy" />
<result column="update_by" property="updateBy" />
<result column="create_dept" property="createDept" />
<result column="header_message" property="headerMessage" />
<result column="receive_time" property="receiveTime" />
<result column="rule_time" property="ruleTime" />
<result column="device_name" property="deviceName" />
<result column="etl_node" property="etlNode" />
<result column="collect_task_id" property="collectTaskId" />
<result column="collect_task_name" property="collectTaskName" />
<result column="reason" property="reason" />
<result column="reason_detail" property="reasonDetail" />
<result column="rule_result" property="ruleResult" />
<result column="del_flag" property="delFlag" />
</resultMap>
<!-- 批量插入 -->
<insert id="batchInsert" parameterType="java.util.List">
INSERT INTO syslog_non_normal_message (
id, created_at, log_time, device_id, syslog_message,
syslog_uuid, syslog_topic, tenant_id, create_time,
update_time, create_by, update_by, create_dept,
header_message, receive_time, rule_time, device_name,
etl_node, collect_task_id, collect_task_name, reason,
reason_detail, rule_result, del_flag
) VALUES
<foreach collection="list" item="item" separator=",">
(
#{item.id},
#{item.createdAt},
#{item.logTime},
#{item.deviceId},
#{item.syslogMessage},
#{item.syslogUuid},
#{item.syslogTopic},
#{item.tenantId},
#{item.createTime},
#{item.updateTime},
#{item.createBy},
#{item.updateBy},
#{item.createDept},
#{item.headerMessage},
#{item.receiveTime},
#{item.ruleTime},
#{item.deviceName},
#{item.etlNode},
#{item.collectTaskId},
#{item.collectTaskName},
#{item.reason},
#{item.reasonDetail},
#{item.ruleResult},
#{item.delFlag}
)
</foreach>
</insert>
<!-- 动态更新 -->
<update id="updateByCondition" parameterType="com.common.entity.SyslogNonNormalMessage">
UPDATE syslog_non_normal_message
<set>
<if test="logTime != null">log_time = #{logTime},</if>
<if test="deviceId != null">device_id = #{deviceId},</if>
<if test="syslogMessage != null and syslogMessage != ''">syslog_message = #{syslogMessage},</if>
<if test="syslogUuid != null and syslogUuid != ''">syslog_uuid = #{syslogUuid},</if>
<if test="syslogTopic != null and syslogTopic != ''">syslog_topic = #{syslogTopic},</if>
<if test="tenantId != null and tenantId != ''">tenant_id = #{tenantId},</if>
<if test="updateTime != null">update_time = #{updateTime},</if>
<if test="updateBy != null">update_by = #{updateBy},</if>
<if test="headerMessage != null and headerMessage != ''">header_message = #{headerMessage},</if>
<if test="receiveTime != null">receive_time = #{receiveTime},</if>
<if test="ruleTime != null">rule_time = #{ruleTime},</if>
<if test="deviceName != null and deviceName != ''">device_name = #{deviceName},</if>
<if test="etlNode != null and etlNode != ''">etl_node = #{etlNode},</if>
<if test="collectTaskId != null">collect_task_id = #{collectTaskId},</if>
<if test="collectTaskName != null and collectTaskName != ''">collect_task_name = #{collectTaskName},</if>
<if test="reason != null and reason != ''">reason = #{reason},</if>
<if test="reasonDetail != null and reasonDetail != ''">reason_detail = #{reasonDetail},</if>
<if test="ruleResult != null and ruleResult != ''">rule_result = #{ruleResult},</if>
<if test="delFlag != null and delFlag != ''">del_flag = #{delFlag},</if>
</set>
WHERE id = #{id} AND del_flag = '0'
</update>
<!-- 根据条件查询 -->
<select id="selectByCondition" parameterType="map" resultMap="BaseResultMap">
SELECT * FROM syslog_non_normal_message
WHERE del_flag = '0'
<if test="deviceId != null">AND device_id = #{deviceId}</if>
<if test="tenantId != null and tenantId != ''">AND tenant_id = #{tenantId}</if>
<if test="ruleResult != null and ruleResult != ''">AND rule_result = #{ruleResult}</if>
<if test="collectTaskId != null">AND collect_task_id = #{collectTaskId}</if>
<if test="startTime != null">AND log_time >= #{startTime}</if>
<if test="endTime != null">AND log_time &lt;= #{endTime}</if>
<if test="deviceName != null and deviceName != ''">AND device_name LIKE CONCAT('%', #{deviceName}, '%')</if>
ORDER BY log_time DESC
</select>
<!-- 根据ID和创建时间批量查询 -->
<select id="getMessagesByIdsAndCreatedAts" resultType="com.common.entity.SyslogNonNormalMessage">
SELECT * FROM syslog_non_normal_message
WHERE del_flag = '0'
AND (
<foreach collection="ids" item="id" index="index" separator=" OR ">
(id = #{id} AND created_at = #{createdAts[${index}]}::timestamptz)
</foreach>
)
</select>
<!-- 根据ID列表批量查询 -->
<select id="getMessagesByIds" resultType="com.common.entity.SyslogNonNormalMessage">
SELECT * FROM syslog_non_normal_message
WHERE del_flag = '0'
AND id IN
<foreach collection="ids" item="id" open="(" separator="," close=")">
#{id}
</foreach>
</select>
<!-- 批量更新del_flag -->
<update id="updateBatchDelFlag">
UPDATE syslog_non_normal_message
SET del_flag = '1',
update_time = NOW()
WHERE id IN
<foreach collection="messages" item="item" open="(" separator="," close=")">
#{item.id}
</foreach>
</update>
</mapper>
haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SyslogNormalAlarmMapper.xml
+789
View File
@@ -0,0 +1,789 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.common.mapper.SyslogNormalAlarmMapper">
<insert id="insertDynamic" parameterType="map">
INSERT INTO syslog_normal_alarm
<trim prefix="(" suffix=")" suffixOverrides=",">
<if test="dataMap.id != null">id,</if>
<if test="dataMap.created_at != null">created_at,</if>
<if test="dataMap.log_time != null">log_time,</if>
<if test="dataMap.device_id != null">device_id,</if>
<if test="dataMap.webshell_type != null">webshell_type,</if>
<if test="dataMap.vuirs_type != null">vuirs_type,</if>
<if test="dataMap.vuirs_url != null">vuirs_url,</if>
<if test="dataMap.class_filename != null">class_filename,</if>
<if test="dataMap.class_path != null">class_path,</if>
<if test="dataMap.parent_class != null">parent_class,</if>
<if test="dataMap.jar_path != null">jar_path,</if>
<if test="dataMap.class_md5 != null">class_md5,</if>
<if test="dataMap.class_loader != null">class_loader,</if>
<if test="dataMap.class_hashcode != null">class_hashcode,</if>
<if test="dataMap.class_loader_hashcode != null">class_loader_hashcode,</if>
<if test="dataMap.tc_nameip != null">tc_nameip,</if>
<if test="dataMap.perform_sql != null">perform_sql,</if>
<if test="dataMap.tc_account != null">tc_account,</if>
<if test="dataMap.tc_appname != null">tc_appname,</if>
<if test="dataMap.process_uname != null">process_uname,</if>
<if test="dataMap.p_process_uname != null">p_process_uname,</if>
<if test="dataMap.container_name != null">container_name,</if>
<if test="dataMap.container_id != null">container_id,</if>
<if test="dataMap.http_resp_server != null">http_resp_server,</if>
<if test="dataMap.srcip_id != null">srcip_id,</if>
<if test="dataMap.cdnip != null">cdnip,</if>
<if test="dataMap.natip != null">natip,</if>
<if test="dataMap.mail_sender != null">mail_sender,</if>
<if test="dataMap.mail_receiver != null">mail_receiver,</if>
<if test="dataMap.vpn_mac != null">vpn_mac,</if>
<if test="dataMap.vpn_os != null">vpn_os,</if>
<if test="dataMap.vpn_user != null">vpn_user,</if>
<if test="dataMap.vpn_groupname != null">vpn_groupname,</if>
<if test="dataMap.vpn_access_ip != null">vpn_access_ip,</if>
<if test="dataMap.dest_ip_apt != null">dest_ip_apt,</if>
<if test="dataMap.origin_attack_result != null">origin_attack_result,</if>
<if test="dataMap.description != null">description,</if>
<if test="dataMap.solution != null">solution,</if>
<if test="dataMap.attack_cause != null">attack_cause,</if>
<if test="dataMap.username != null">username,</if>
<if test="dataMap.tc_flow_id != null">tc_flow_id,</if>
<if test="dataMap.login_result != null">login_result,</if>
<if test="dataMap.cmdline != null">cmdline,</if>
<if test="dataMap.origin_attack_action != null">origin_attack_action,</if>
<if test="dataMap.victim_domain != null">victim_domain,</if>
<if test="dataMap.vpn_deviceid != null">vpn_deviceid,</if>
<if test="dataMap.vpn_access_action != null">vpn_access_action,</if>
<if test="dataMap.file_access_time != null">file_access_time,</if>
<if test="dataMap.file_name != null">file_name,</if>
<if test="dataMap.tc_class != null">tc_class,</if>
<if test="dataMap.tc_name2 != null">tc_name2,</if>
<if test="dataMap.login_lasttime != null">login_lasttime,</if>
<if test="dataMap.origin_permissions != null">origin_permissions,</if>
<if test="dataMap.begin_permissions != null">begin_permissions,</if>
<if test="dataMap.print_time != null">print_time,</if>
<if test="dataMap.printer != null">printer,</if>
<if test="dataMap.printer_type != null">printer_type,</if>
<if test="dataMap.print_pages != null">print_pages,</if>
<if test="dataMap.print_copies != null">print_copies,</if>
<if test="dataMap.src_device != null">src_device,</if>
<if test="dataMap.dst_device != null">dst_device,</if>
<if test="dataMap.src_file != null">src_file,</if>
<if test="dataMap.src_file_type != null">src_file_type,</if>
<if test="dataMap.src_file_path != null">src_file_path,</if>
<if test="dataMap.dst_file != null">dst_file,</if>
<if test="dataMap.dst_file_type != null">dst_file_type,</if>
<if test="dataMap.dst_file_path != null">dst_file_path,</if>
<if test="dataMap.dlp_policy_name != null">dlp_policy_name,</if>
<if test="dataMap.dlp_policy_type != null">dlp_policy_type,</if>
<if test="dataMap.dst_upload_url != null">dst_upload_url,</if>
<if test="dataMap.process_uuid != null">process_uuid,</if>
<if test="dataMap.p_process_uuid != null">p_process_uuid,</if>
<if test="dataMap.env != null">env,</if>
<if test="dataMap.brute_force_service != null">brute_force_service,</if>
<if test="dataMap.vuirs_name != null">vuirs_name,</if>
<if test="dataMap.http_req_length != null">http_req_length,</if>
<if test="dataMap.http_req_content_type != null">http_req_content_type,</if>
<if test="dataMap.tc_scan_port != null">tc_scan_port,</if>
<if test="dataMap.tc_labels != null">tc_labels,</if>
<if test="dataMap.http_resp_content_type != null">http_resp_content_type,</if>
<if test="dataMap.dns_msg_type != null">dns_msg_type,</if>
<if test="dataMap.dns_answer_length != null">dns_answer_length,</if>
<if test="dataMap.dns_ioc != null">dns_ioc,</if>
<if test="dataMap.tx_bytes != null">tx_bytes,</if>
<if test="dataMap.rx_bytes != null">rx_bytes,</if>
<if test="dataMap.all_bytes != null">all_bytes,</if>
<if test="dataMap.duration_time != null">duration_time,</if>
<if test="dataMap.mail_attach_name != null">mail_attach_name,</if>
<if test="dataMap.mail_subject != null">mail_subject,</if>
<if test="dataMap.mail_message != null">mail_message,</if>
<if test="dataMap.mail_send_server != null">mail_send_server,</if>
<if test="dataMap.mail_agent != null">mail_agent,</if>
<if test="dataMap.tls_version != null">tls_version,</if>
<if test="dataMap.tls_server_cert != null">tls_server_cert,</if>
<if test="dataMap.tls_server_suite != null">tls_server_suite,</if>
<if test="dataMap.tls_client_suites_len != null">tls_client_suites_len,</if>
<if test="dataMap.tls_ja3 != null">tls_ja3,</if>
<if test="dataMap.tls_ja3s != null">tls_ja3s,</if>
<if test="dataMap.vpn_access_port != null">vpn_access_port,</if>
<if test="dataMap.log_topic != null">log_topic,</if>
<if test="dataMap.collect_time != null">collect_time,</if>
<if test="dataMap.src_is_intranetip != null">src_is_intranetip,</if>
<if test="dataMap.src_ip_ioc != null">src_ip_ioc,</if>
<if test="dataMap.src_ip_apt != null">src_ip_apt,</if>
<if test="dataMap.srcip_name != null">srcip_name,</if>
<if test="dataMap.tc_client != null">tc_client,</if>
<if test="dataMap.srcip_organization_id != null">srcip_organization_id,</if>
<if test="dataMap.dest_ip_intranetip != null">dest_ip_intranetip,</if>
<if test="dataMap.dest_ip_ioc != null">dest_ip_ioc,</if>
<if test="dataMap.desip_id != null">desip_id,</if>
<if test="dataMap.desip_name != null">desip_name,</if>
<if test="dataMap.tc_hostip != null">tc_hostip,</if>
<if test="dataMap.desip_organization_id != null">desip_organization_id,</if>
<if test="dataMap.origin_confidence != null">origin_confidence,</if>
<if test="dataMap.origin_malscore != null">origin_malscore,</if>
<if test="dataMap.attacker_icampaign != null">attacker_icampaign,</if>
<if test="dataMap.attacker_host_asset_id != null">attacker_host_asset_id,</if>
<if test="dataMap.attacker_organization_id != null">attacker_organization_id,</if>
<if test="dataMap.victim_host_asset_id != null">victim_host_asset_id,</if>
<if test="dataMap.victim_organization_id != null">victim_organization_id,</if>
<if test="dataMap.logout_time != null">logout_time,</if>
<if test="dataMap.http_req_line != null">http_req_line,</if>
<if test="dataMap.desip_security_scope_id != null">desip_security_scope_id,</if>
<if test="dataMap.srcip_security_scope_id != null">srcip_security_scope_id,</if>
<if test="dataMap.http_resp_length != null">http_resp_length,</if>
<if test="dataMap.tc_attack_type != null">tc_attack_type,</if>
<if test="dataMap.tc_realip != null">tc_realip,</if>
<if test="dataMap.attacker_ip_lists != null">attacker_ip_lists,</if>
<if test="dataMap.login_password != null">login_password,</if>
<if test="dataMap.detail != null">detail,</if>
<if test="dataMap.attacker_country_code != null">attacker_country_code,</if>
<if test="dataMap.attacker_region_code != null">attacker_region_code,</if>
<if test="dataMap.victim_region_code != null">victim_region_code,</if>
<if test="dataMap.payload != null">payload,</if>
<if test="dataMap.http_referer != null">http_referer,</if>
<if test="dataMap.http_user_agent != null">http_user_agent,</if>
<if test="dataMap.http_session != null">http_session,</if>
<if test="dataMap.http_query_string != null">http_query_string,</if>
<if test="dataMap.file_path != null">file_path,</if>
<if test="dataMap.file_permission != null">file_permission,</if>
<if test="dataMap.login_abnormal_type != null">login_abnormal_type,</if>
<if test="dataMap.file_tag != null">file_tag,</if>
<if test="dataMap.file_platform != null">file_platform,</if>
<if test="dataMap.target_ip != null">target_ip,</if>
<if test="dataMap.collect_date != null">collect_date,</if>
<if test="dataMap.tc_client_ip != null">tc_client_ip,</if>
<if test="dataMap.tc_server_ip != null">tc_server_ip,</if>
<if test="dataMap.tc_externalip != null">tc_externalip,</if>
<if test="dataMap.http_status_code != null">http_status_code,</if>
<if test="dataMap.device_domian != null">device_domian,</if>
<if test="dataMap.src_ip_str != null">src_ip_str,</if>
<if test="dataMap.src_port_str != null">src_port_str,</if>
<if test="dataMap.dest_ip_str != null">dest_ip_str,</if>
<if test="dataMap.dest_port_str != null">dest_port_str,</if>
<if test="dataMap.pcap != null">pcap,</if>
<if test="dataMap.ioc != null">ioc,</if>
<if test="dataMap.malicious_family != null">malicious_family,</if>
<if test="dataMap.vuln_cve != null">vuln_cve,</if>
<if test="dataMap.aliyun_type != null">aliyun_type,</if>
<if test="dataMap.attacker_host_asset_name != null">attacker_host_asset_name,</if>
<if test="dataMap.attacker_organization_name != null">attacker_organization_name,</if>
<if test="dataMap.ct_id != null">ct_id,</if>
<if test="dataMap.cve_list != null">cve_list,</if>
<if test="dataMap.desip_organization_name != null">desip_organization_name,</if>
<if test="dataMap.dest_ip_group != null">dest_ip_group,</if>
<if test="dataMap.file_gid != null">file_gid,</if>
<if test="dataMap.file_owner != null">file_owner,</if>
<if test="dataMap.file_ownergroup != null">file_ownergroup,</if>
<if test="dataMap.file_uid != null">file_uid,</if>
<if test="dataMap.http_resp_cookie != null">http_resp_cookie,</if>
<if test="dataMap.origin_rule_id != null">origin_rule_id,</if>
<if test="dataMap.origin_rule_name != null">origin_rule_name,</if>
<if test="dataMap.service_name != null">service_name,</if>
<if test="dataMap.src_ip_asset_group != null">src_ip_asset_group,</if>
<if test="dataMap.srcip_organization_name != null">srcip_organization_name,</if>
<if test="dataMap.victim_host_asset_name != null">victim_host_asset_name,</if>
<if test="dataMap.http_resp_codes != null">http_resp_codes,</if>
<if test="dataMap.victim_organization_name != null">victim_organization_name,</if>
<if test="dataMap.tc_type != null">tc_type,</if>
<if test="dataMap.direction != null">direction,</if>
<if test="dataMap.http_req_cookie != null">http_req_cookie,</if>
<if test="dataMap.http_req_protocol != null">http_req_protocol,</if>
<if test="dataMap.http_req_header_raw != null">http_req_header_raw,</if>
<if test="dataMap.http_url != null">http_url,</if>
<if test="dataMap.uname != null">uname,</if>
<if test="dataMap.origin_hostname != null">origin_hostname,</if>
<if test="dataMap.origin_os != null">origin_os,</if>
<if test="dataMap.origin_agent_mac != null">origin_agent_mac,</if>
<if test="dataMap.origin_host_id != null">origin_host_id,</if>
<if test="dataMap.origin_agent_version != null">origin_agent_version,</if>
<if test="dataMap.origin_agent_id != null">origin_agent_id,</if>
<if test="dataMap.origin_agent_name != null">origin_agent_name,</if>
<if test="dataMap.origin_work_group != null">origin_work_group,</if>
<if test="dataMap.origin_asset_group != null">origin_asset_group,</if>
<if test="dataMap.origin_local_port != null">origin_local_port,</if>
<if test="dataMap.origin_agent_ip != null">origin_agent_ip,</if>
<if test="dataMap.origin_internal_ip != null">origin_internal_ip,</if>
<if test="dataMap.origin_external_ip != null">origin_external_ip,</if>
<if test="dataMap.origin_local_addr != null">origin_local_addr,</if>
<if test="dataMap.agent_id != null">agent_id,</if>
<if test="dataMap.agent_name != null">agent_name,</if>
<if test="dataMap.tc_title != null">tc_title,</if>
<if test="dataMap.log_id != null">log_id,</if>
<if test="dataMap.event_date != null">event_date,</if>
<if test="dataMap.event_time_ts != null">event_time_ts,</if>
<if test="dataMap.event_level != null">event_level,</if>
<if test="dataMap.src_ip != null">src_ip ,</if>
<if test="dataMap.src_port != null">src_port,</if>
<if test="dataMap.dest_ip != null">dest_ip,</if>
<if test="dataMap.dest_port != null">dest_port,</if>
<if test="dataMap.event_time != null">event_time,</if>
<if test="dataMap.attacker_country != null">attacker_country,</if>
<if test="dataMap.src_mac != null">src_mac,</if>
<if test="dataMap.dest_mac != null">dest_mac,</if>
<if test="dataMap.proto != null">proto,</if>
<if test="dataMap.dev_id != null">dev_id,</if>
<if test="dataMap.created_time != null">created_time,</if>
<if test="dataMap.src_country != null">src_country,</if>
<if test="dataMap.src_country_code != null">src_country_code,</if>
<if test="dataMap.src_region != null">src_region,</if>
<if test="dataMap.src_region_code != null">src_region_code,</if>
<if test="dataMap.src_city != null">src_city,</if>
<if test="dataMap.src_lon != null">src_lon,</if>
<if test="dataMap.http_method != null">http_method,</if>
<if test="dataMap.http_host != null">http_host,</if>
<if test="dataMap.http_req_header != null">http_req_header,</if>
<if test="dataMap.http_req_body != null">http_req_body,</if>
<if test="dataMap.http_resp_header != null">http_resp_header,</if>
<if test="dataMap.http_resp_body != null">http_resp_body,</if>
<if test="dataMap.file_type != null">file_type,</if>
<if test="dataMap.file_md5 != null">file_md5,</if>
<if test="dataMap.file_size != null">file_size,</if>
<if test="dataMap.process != null">process,</if>
<if test="dataMap.start_time != null">start_time,</if>
<if test="dataMap.action != null">action,</if>
<if test="dataMap.attacker_region != null">attacker_region,</if>
<if test="dataMap.end_time != null">end_time,</if>
<if test="dataMap.file_created_time != null">file_created_time,</if>
<if test="dataMap.file_modified_time != null">file_modified_time,</if>
<if test="dataMap.tc_miguan_scan_port != null">tc_miguan_scan_port,</if>
<if test="dataMap.process_path != null">process_path,</if>
<if test="dataMap.parent_process_path != null">parent_process_path,</if>
<if test="dataMap.gname != null">gname,</if>
<if test="dataMap.exe_name != null">exe_name,</if>
<if test="dataMap.exe_path != null">exe_path,</if>
<if test="dataMap.login_time != null">login_time,</if>
<if test="dataMap.login_times != null">login_times,</if>
<if test="dataMap.check_item != null">check_item,</if>
<if test="dataMap.check_type != null">check_type,</if>
<if test="dataMap.attacker_ip != null">attacker_ip,</if>
<if test="dataMap.attacker_port != null">attacker_port,</if>
<if test="dataMap.victim_ip != null">victim_ip,</if>
<if test="dataMap.victim_port != null">victim_port,</if>
<if test="dataMap.attacker_city != null">attacker_city,</if>
<if test="dataMap.attacker_lon != null">attacker_lon,</if>
<if test="dataMap.attacker_lat != null">attacker_lat,</if>
<if test="dataMap.victim_country != null">victim_country,</if>
<if test="dataMap.victim_region != null">victim_region,</if>
<if test="dataMap.victim_city != null">victim_city,</if>
<if test="dataMap.victim_lon != null">victim_lon,</if>
<if test="dataMap.victim_lat != null">victim_lat,</if>
<if test="dataMap.origin_event_id != null">origin_event_id,</if>
<if test="dataMap.origin_event_name != null">origin_event_name,</if>
<if test="dataMap.origin_event_category != null">origin_event_category,</if>
<if test="dataMap.origin_event_level != null">origin_event_level,</if>
<if test="dataMap.origin_attack_chain != null">origin_attack_chain,</if>
<if test="dataMap.engine_type != null">engine_type,</if>
<if test="dataMap.evil_payload != null">evil_payload,</if>
<if test="dataMap.http_resp_status != null">http_resp_status,</if>
<if test="dataMap.dns_query != null">dns_query,</if>
<if test="dataMap.dns_query_type != null">dns_query_type,</if>
<if test="dataMap.dns_ttl != null">dns_ttl,</if>
<if test="dataMap.dns_answer != null">dns_answer,</if>
<if test="dataMap.dns_subdomains != null">dns_subdomains,</if>
<if test="dataMap.file_sha256 != null">file_sha256,</if>
<if test="dataMap.file_ssdeep != null">file_ssdeep,</if>
<if test="dataMap.victim_country_code != null">victim_country_code,</if>
<if test="dataMap.http_xff_ip != null">http_xff_ip,</if>
<if test="dataMap.tc_miguan_class != null">tc_miguan_class,</if>
<if test="dataMap.pid != null">pid,</if>
<if test="dataMap.ppid != null">ppid,</if>
<if test="dataMap.process_name != null">process_name,</if>
<if test="dataMap.backdoor_type != null">backdoor_type,</if>
<if test="dataMap.tty != null">tty,</if>
<if test="dataMap.sudo_user != null">sudo_user,</if>
<if test="dataMap.sudo_group != null">sudo_group,</if>
<if test="dataMap.origin_event_type != null">origin_event_type,</if>
<if test="dataMap.dest_domain != null">dest_domain,</if>
<if test="dataMap.shell_cmdline != null">shell_cmdline,</if>
<if test="dataMap.parent_cmdline != null">parent_cmdline,</if>
<if test="dataMap.attack_chain != null">attack_chain,</if>
<if test="dataMap.process_tree != null">process_tree,</if>
<if test="dataMap.host_file_sha256 != null">host_file_sha256,</if>
<if test="dataMap.host_file_md5 != null">host_file_md5,</if>
<if test="dataMap.host_file_size != null">host_file_size,</if>
<if test="dataMap.host_file_type != null">host_file_type,</if>
<if test="dataMap.dest_country != null">dest_country,</if>
<if test="dataMap.dest_country_code != null">dest_country_code,</if>
<if test="dataMap.log_origin != null">log_origin,</if>
<if test="dataMap.dest_region != null">dest_region,</if>
<if test="dataMap.src_lat != null">src_lat,</if>
<if test="dataMap.dest_region_code != null">dest_region_code,</if>
<if test="dataMap.dest_city != null">dest_city,</if>
<if test="dataMap.dest_lon != null">dest_lon,</if>
<if test="dataMap.dest_lat != null">dest_lat,</if>
<if test="dataMap.event_category != null">event_category,</if>
<if test="dataMap.attack_result != null">attack_result,</if>
<if test="dataMap.probe_ip != null">probe_ip,</if>
<if test="dataMap.device_ip != null">device_ip,</if>
<if test="dataMap.device_manufacturer != null">device_manufacturer,</if>
<if test="dataMap.device_name != null">device_name,</if>
<if test="dataMap.product_name != null">product_name,</if>
<if test="dataMap.__id != null">__id,</if>
<if test="dataMap.__count != null">__count,</if>
<if test="dataMap.__count_reason != null">__count_reason,</if>
<if test="dataMap.event_type != null">event_type,</if>
<if test="dataMap.protocol != null">protocol,</if>
<if test="dataMap.shell_cmd != null">shell_cmd,</if>
<if test="dataMap.parent_name != null">parent_name,</if>
<if test="dataMap.host_file_path != null">host_file_path,</if>
<if test="dataMap.uid != null">uid,</if>
<if test="dataMap.fall != null">fall,</if>
<if test="dataMap.tc_miguan_server_ip != null">tc_miguan_server_ip,</if>
<if test="dataMap.dev_type != null">dev_type,</if>
<if test="dataMap.collect_method != null">collect_method,</if>
<if test="dataMap.field_cate_id != null">field_cate_id,</if>
<if test="dataMap.device_type != null">device_type,</if>
<if test="dataMap.tc_miguan_client_ip != null">tc_miguan_client_ip,</if>
<if test="dataMap.tc_miguan_name != null">tc_miguan_name,</if>
<if test="dataMap.origin_total_packages != null">origin_total_packages,</if>
<if test="dataMap.origin_total_bytes != null">origin_total_bytes,</if>
<if test="dataMap.origin_peak_packages_rate != null">origin_peak_packages_rate,</if>
<if test="dataMap.origin_peak_bytes_rate != null">origin_peak_bytes_rate,</if>
<if test="dataMap.origin_peak_flows_rate != null">origin_peak_flows_rate,</if>
<if test="dataMap.apt_orgname != null">apt_orgname,</if>
<if test="dataMap.apt_orgmsg != null">apt_orgmsg,</if>
<if test="dataMap.mail_message_id != null">mail_message_id,</if>
<if test="dataMap.mail_bcc != null">mail_bcc,</if>
<if test="dataMap.mail_size != null">mail_size,</if>
<if test="dataMap.mail_attach_hashcode != null">mail_attach_hashcode,</if>
<if test="dataMap.mail_url != null">mail_url,</if>
<if test="dataMap.mail_cc != null">mail_cc,</if>
<if test="dataMap.algorithm != null">algorithm,</if>
<if test="dataMap.miningpool_ip != null">miningpool_ip,</if>
<if test="dataMap.process_md5 != null">process_md5,</if>
<if test="dataMap.pprocess_md5 != null">pprocess_md5,</if>
<if test="dataMap.source_servername != null">source_servername,</if>
<if test="dataMap.origin_source_servername != null">origin_source_servername,</if>
<if test="dataMap.mail_filename != null">mail_filename,</if>
<if test="dataMap.dst_upload_appname != null">dst_upload_appname,</if>
<if test="dataMap.target_port != null">target_port,</if>
<if test="dataMap.gid != null">gid,</if>
<if test="dataMap.origin_uid != null">origin_uid,</if>
<if test="dataMap.origin_gid != null">origin_gid,</if>
<if test="dataMap.target_ports != null">target_ports,</if>
<if test="dataMap.tc_miguan_name1 != null">tc_miguan_name1,</if>
<if test="dataMap.tc_miguan_class1 != null">tc_miguan_class1,</if>
<if test="dataMap.etl_time != null">etl_time,</if>
<if test="dataMap.tc_miguan_scan_port2 != null">tc_miguan_scan_port2,</if>
<if test="dataMap.desip_security_scope != null">desip_security_scope,</if>
<if test="dataMap.srcip_security_scope != null">srcip_security_scope,</if>
<if test="dataMap.collect_time_ts != null">collect_time_ts,</if>
<if test="dataMap.tc_miguan_scan_port1 != null">tc_miguan_scan_port1,</if>
<if test="dataMap.src_dev_name != null">src_dev_name,</if>
<if test="dataMap.collect_protocol != null">collect_protocol,</if>
<if test="dataMap.destination_system_type != null">destination_system_type,</if>
<if test="dataMap.destination_system != null">destination_system,</if>
<if test="dataMap.etl_host != null">etl_host,</if>
<if test="dataMap.normalize_rule_id != null">normalize_rule_id,</if>
<if test="dataMap.normalize_rule_name != null">normalize_rule_name,</if>
<if test="dataMap.syslog_uuid != null">syslog_uuid,</if>
<if test="dataMap.syslog_topic != null">syslog_topic,</if>
</trim>
VALUES
<trim prefix="(" suffix=")" suffixOverrides=",">
<if test="dataMap.id != null">#{dataMap.id},</if>
<if test="dataMap.created_at != null">#{dataMap.created_at},</if>
<if test="dataMap.log_time != null">#{dataMap.log_time},</if>
<if test="dataMap.device_id != null">#{dataMap.device_id},</if>
<if test="dataMap.webshell_type != null">#{dataMap.webshell_type},</if>
<if test="dataMap.vuirs_type != null">#{dataMap.vuirs_type},</if>
<if test="dataMap.vuirs_url != null">#{dataMap.vuirs_url},</if>
<if test="dataMap.class_filename != null">#{dataMap.class_filename},</if>
<if test="dataMap.class_path != null">#{dataMap.class_path},</if>
<if test="dataMap.parent_class != null">#{dataMap.parent_class},</if>
<if test="dataMap.jar_path != null">#{dataMap.jar_path},</if>
<if test="dataMap.class_md5 != null">#{dataMap.class_md5},</if>
<if test="dataMap.class_loader != null">#{dataMap.class_loader},</if>
<if test="dataMap.class_hashcode != null">#{dataMap.class_hashcode},</if>
<if test="dataMap.class_loader_hashcode != null">#{dataMap.class_loader_hashcode},</if>
<if test="dataMap.tc_nameip != null">#{dataMap.tc_nameip},</if>
<if test="dataMap.perform_sql != null">#{dataMap.perform_sql},</if>
<if test="dataMap.tc_account != null">#{dataMap.tc_account},</if>
<if test="dataMap.tc_appname != null">#{dataMap.tc_appname},</if>
<if test="dataMap.process_uname != null">#{dataMap.process_uname},</if>
<if test="dataMap.p_process_uname != null">#{dataMap.p_process_uname},</if>
<if test="dataMap.container_name != null">#{dataMap.container_name},</if>
<if test="dataMap.container_id != null">#{dataMap.container_id},</if>
<if test="dataMap.http_resp_server != null">#{dataMap.http_resp_server},</if>
<if test="dataMap.srcip_id != null">#{dataMap.srcip_id},</if>
<if test="dataMap.cdnip != null">#{dataMap.cdnip}::inet,</if>
<if test="dataMap.natip != null">#{dataMap.natip}::inet,</if>
<if test="dataMap.mail_sender != null">#{dataMap.mail_sender},</if>
<if test="dataMap.mail_receiver != null">#{dataMap.mail_receiver},</if>
<if test="dataMap.vpn_mac != null">#{dataMap.vpn_mac},</if>
<if test="dataMap.vpn_os != null">#{dataMap.vpn_os},</if>
<if test="dataMap.vpn_user != null">#{dataMap.vpn_user},</if>
<if test="dataMap.vpn_groupname != null">#{dataMap.vpn_groupname},</if>
<if test="dataMap.vpn_access_ip != null">#{dataMap.vpn_access_ip},</if>
<if test="dataMap.dest_ip_apt != null">#{dataMap.dest_ip_apt},</if>
<if test="dataMap.origin_attack_result != null">#{dataMap.origin_attack_result},</if>
<if test="dataMap.description != null">#{dataMap.description},</if>
<if test="dataMap.solution != null">#{dataMap.solution},</if>
<if test="dataMap.attack_cause != null">#{dataMap.attack_cause},</if>
<if test="dataMap.username != null">#{dataMap.username},</if>
<if test="dataMap.tc_flow_id != null">#{dataMap.tc_flow_id},</if>
<if test="dataMap.login_result != null">#{dataMap.login_result},</if>
<if test="dataMap.cmdline != null">#{dataMap.cmdline},</if>
<if test="dataMap.origin_attack_action != null">#{dataMap.origin_attack_action},</if>
<if test="dataMap.victim_domain != null">#{dataMap.victim_domain},</if>
<if test="dataMap.vpn_deviceid != null">#{dataMap.vpn_deviceid},</if>
<if test="dataMap.vpn_access_action != null">#{dataMap.vpn_access_action},</if>
<if test="dataMap.file_access_time != null">#{dataMap.file_access_time},</if>
<if test="dataMap.file_name != null">#{dataMap.file_name},</if>
<if test="dataMap.tc_class != null">#{dataMap.tc_class},</if>
<if test="dataMap.tc_name2 != null">#{dataMap.tc_name2},</if>
<if test="dataMap.login_lasttime != null">#{dataMap.login_lasttime},</if>
<if test="dataMap.origin_permissions != null">#{dataMap.origin_permissions},</if>
<if test="dataMap.begin_permissions != null">#{dataMap.begin_permissions},</if>
<if test="dataMap.print_time != null">#{dataMap.print_time},</if>
<if test="dataMap.printer != null">#{dataMap.printer},</if>
<if test="dataMap.printer_type != null">#{dataMap.printer_type},</if>
<if test="dataMap.print_pages != null">#{dataMap.print_pages},</if>
<if test="dataMap.print_copies != null">#{dataMap.print_copies},</if>
<if test="dataMap.src_device != null">#{dataMap.src_device},</if>
<if test="dataMap.dst_device != null">#{dataMap.dst_device},</if>
<if test="dataMap.src_file != null">#{dataMap.src_file},</if>
<if test="dataMap.src_file_type != null">#{dataMap.src_file_type},</if>
<if test="dataMap.src_file_path != null">#{dataMap.src_file_path},</if>
<if test="dataMap.dst_file != null">#{dataMap.dst_file},</if>
<if test="dataMap.dst_file_type != null">#{dataMap.dst_file_type},</if>
<if test="dataMap.dst_file_path != null">#{dataMap.dst_file_path},</if>
<if test="dataMap.dlp_policy_name != null">#{dataMap.dlp_policy_name},</if>
<if test="dataMap.dlp_policy_type != null">#{dataMap.dlp_policy_type},</if>
<if test="dataMap.dst_upload_url != null">#{dataMap.dst_upload_url},</if>
<if test="dataMap.process_uuid != null">#{dataMap.process_uuid},</if>
<if test="dataMap.p_process_uuid != null">#{dataMap.p_process_uuid},</if>
<if test="dataMap.env != null">#{dataMap.env},</if>
<if test="dataMap.brute_force_service != null">#{dataMap.brute_force_service},</if>
<if test="dataMap.vuirs_name != null">#{dataMap.vuirs_name},</if>
<if test="dataMap.http_req_length != null">#{dataMap.http_req_length},</if>
<if test="dataMap.http_req_content_type != null">#{dataMap.http_req_content_type},</if>
<if test="dataMap.tc_scan_port != null">#{dataMap.tc_scan_port}::inet,</if>
<if test="dataMap.tc_labels != null">#{dataMap.tc_labels}::inet,</if>
<if test="dataMap.http_resp_content_type != null">#{dataMap.http_resp_content_type},</if>
<if test="dataMap.dns_msg_type != null">#{dataMap.dns_msg_type},</if>
<if test="dataMap.dns_answer_length != null">#{dataMap.dns_answer_length},</if>
<if test="dataMap.dns_ioc != null">#{dataMap.dns_ioc},</if>
<if test="dataMap.tx_bytes != null">#{dataMap.tx_bytes}::double precision,</if>
<if test="dataMap.rx_bytes != null">#{dataMap.rx_bytes}::double precision,</if>
<if test="dataMap.all_bytes != null">#{dataMap.all_bytes}::double precision,</if>
<if test="dataMap.duration_time != null">#{dataMap.duration_time},</if>
<if test="dataMap.mail_attach_name != null">#{dataMap.mail_attach_name},</if>
<if test="dataMap.mail_subject != null">#{dataMap.mail_subject},</if>
<if test="dataMap.mail_message != null">#{dataMap.mail_message},</if>
<if test="dataMap.mail_send_server != null">#{dataMap.mail_send_server},</if>
<if test="dataMap.mail_agent != null">#{dataMap.mail_agent},</if>
<if test="dataMap.tls_version != null">#{dataMap.tls_version},</if>
<if test="dataMap.tls_server_cert != null">#{dataMap.tls_server_cert},</if>
<if test="dataMap.tls_server_suite != null">#{dataMap.tls_server_suite},</if>
<if test="dataMap.tls_client_suites_len != null">#{dataMap.tls_client_suites_len},</if>
<if test="dataMap.tls_ja3 != null">#{dataMap.tls_ja3},</if>
<if test="dataMap.tls_ja3s != null">#{dataMap.tls_ja3s},</if>
<if test="dataMap.vpn_access_port != null">#{dataMap.vpn_access_port},</if>
<if test="dataMap.log_topic != null">#{dataMap.log_topic},</if>
<if test="dataMap.collect_time != null">#{dataMap.collect_time},</if>
<if test="dataMap.src_is_intranetip != null">#{dataMap.src_is_intranetip},</if>
<if test="dataMap.src_ip_ioc != null">#{dataMap.src_ip_ioc},</if>
<if test="dataMap.src_ip_apt != null">#{dataMap.src_ip_apt},</if>
<if test="dataMap.srcip_name != null">#{dataMap.srcip_name},</if>
<if test="dataMap.tc_client != null">#{dataMap.tc_client},</if>
<if test="dataMap.srcip_organization_id != null">#{dataMap.srcip_organization_id},</if>
<if test="dataMap.dest_ip_intranetip != null">#{dataMap.dest_ip_intranetip},</if>
<if test="dataMap.dest_ip_ioc != null">#{dataMap.dest_ip_ioc},</if>
<if test="dataMap.desip_id != null">#{dataMap.desip_id},</if>
<if test="dataMap.desip_name != null">#{dataMap.desip_name},</if>
<if test="dataMap.tc_hostip != null">#{dataMap.tc_hostip}::inet,</if>
<if test="dataMap.desip_organization_id != null">#{dataMap.desip_organization_id},</if>
<if test="dataMap.origin_confidence != null">#{dataMap.origin_confidence},</if>
<if test="dataMap.origin_malscore != null">#{dataMap.origin_malscore},</if>
<if test="dataMap.attacker_icampaign != null">#{dataMap.attacker_icampaign},</if>
<if test="dataMap.attacker_host_asset_id != null">#{dataMap.attacker_host_asset_id},</if>
<if test="dataMap.attacker_organization_id != null">#{dataMap.attacker_organization_id},</if>
<if test="dataMap.victim_host_asset_id != null">#{dataMap.victim_host_asset_id},</if>
<if test="dataMap.victim_organization_id != null">#{dataMap.victim_organization_id},</if>
<if test="dataMap.logout_time != null">#{dataMap.logout_time},</if>
<if test="dataMap.http_req_line != null">#{dataMap.http_req_line},</if>
<if test="dataMap.desip_security_scope_id != null">#{dataMap.desip_security_scope_id},</if>
<if test="dataMap.srcip_security_scope_id != null">#{dataMap.srcip_security_scope_id},</if>
<if test="dataMap.http_resp_length != null">#{dataMap.http_resp_length},</if>
<if test="dataMap.tc_attack_type != null">#{dataMap.tc_attack_type},</if>
<if test="dataMap.tc_realip != null">#{dataMap.tc_realip}::inet,</if>
<if test="dataMap.attacker_ip_lists != null">#{dataMap.attacker_ip_lists},</if>
<if test="dataMap.login_password != null">#{dataMap.login_password},</if>
<if test="dataMap.detail != null">#{dataMap.detail},</if>
<if test="dataMap.attacker_country_code != null">#{dataMap.attacker_country_code},</if>
<if test="dataMap.attacker_region_code != null">#{dataMap.attacker_region_code},</if>
<if test="dataMap.victim_region_code != null">#{dataMap.victim_region_code},</if>
<if test="dataMap.payload != null">#{dataMap.payload},</if>
<if test="dataMap.http_referer != null">#{dataMap.http_referer},</if>
<if test="dataMap.http_user_agent != null">#{dataMap.http_user_agent},</if>
<if test="dataMap.http_session != null">#{dataMap.http_session},</if>
<if test="dataMap.http_query_string != null">#{dataMap.http_query_string},</if>
<if test="dataMap.file_path != null">#{dataMap.file_path},</if>
<if test="dataMap.file_permission != null">#{dataMap.file_permission},</if>
<if test="dataMap.login_abnormal_type != null">#{dataMap.login_abnormal_type},</if>
<if test="dataMap.file_tag != null">#{dataMap.file_tag},</if>
<if test="dataMap.file_platform != null">#{dataMap.file_platform},</if>
<if test="dataMap.target_ip != null">#{dataMap.target_ip}::inet,</if>
<if test="dataMap.collect_date != null">#{dataMap.collect_date},</if>
<if test="dataMap.tc_client_ip != null">#{dataMap.tc_client_ip}::inet,</if>
<if test="dataMap.tc_server_ip != null">#{dataMap.tc_server_ip}::inet,</if>
<if test="dataMap.tc_externalip != null">#{dataMap.tc_externalip}::inet,</if>
<if test="dataMap.http_status_code != null">#{dataMap.http_status_code},</if>
<if test="dataMap.device_domian != null">#{dataMap.device_domian},</if>
<if test="dataMap.src_ip_str != null">#{dataMap.src_ip_str},</if>
<if test="dataMap.src_port_str != null">#{dataMap.src_port_str},</if>
<if test="dataMap.dest_ip_str != null"> #{dataMap.dest_ip_str} ,</if>
<if test="dataMap.dest_port_str != null">CAST(#{dataMap.dest_port_str} AS text),</if>
<if test="dataMap.pcap != null">#{dataMap.pcap},</if>
<if test="dataMap.ioc != null">#{dataMap.ioc},</if>
<if test="dataMap.malicious_family != null">#{dataMap.malicious_family},</if>
<if test="dataMap.vuln_cve != null">#{dataMap.vuln_cve},</if>
<if test="dataMap.aliyun_type != null">#{dataMap.aliyun_type},</if>
<if test="dataMap.attacker_host_asset_name != null">#{dataMap.attacker_host_asset_name},</if>
<if test="dataMap.attacker_organization_name != null">#{dataMap.attacker_organization_name},</if>
<if test="dataMap.ct_id != null">#{dataMap.ct_id},</if>
<if test="dataMap.cve_list != null">#{dataMap.cve_list},</if>
<if test="dataMap.desip_organization_name != null">#{dataMap.desip_organization_name},</if>
<if test="dataMap.dest_ip_group != null">#{dataMap.dest_ip_group},</if>
<if test="dataMap.file_gid != null">#{dataMap.file_gid},</if>
<if test="dataMap.file_owner != null">#{dataMap.file_owner},</if>
<if test="dataMap.file_ownergroup != null">#{dataMap.file_ownergroup},</if>
<if test="dataMap.file_uid != null">#{dataMap.file_uid},</if>
<if test="dataMap.http_resp_cookie != null">#{dataMap.http_resp_cookie},</if>
<if test="dataMap.origin_rule_id != null">#{dataMap.origin_rule_id},</if>
<if test="dataMap.origin_rule_name != null">#{dataMap.origin_rule_name},</if>
<if test="dataMap.service_name != null">#{dataMap.service_name},</if>
<if test="dataMap.src_ip_asset_group != null">#{dataMap.src_ip_asset_group},</if>
<if test="dataMap.srcip_organization_name != null">#{dataMap.srcip_organization_name},</if>
<if test="dataMap.victim_host_asset_name != null">#{dataMap.victim_host_asset_name},</if>
<if test="dataMap.http_resp_codes != null">#{dataMap.http_resp_codes}::bigint,</if>
<if test="dataMap.victim_organization_name != null">#{dataMap.victim_organization_name},</if>
<if test="dataMap.tc_type != null">#{dataMap.tc_type},</if>
<if test="dataMap.direction != null">#{dataMap.direction},</if>
<if test="dataMap.http_req_cookie != null">#{dataMap.http_req_cookie},</if>
<if test="dataMap.http_req_protocol != null">#{dataMap.http_req_protocol},</if>
<if test="dataMap.http_req_header_raw != null">#{dataMap.http_req_header_raw},</if>
<if test="dataMap.http_url != null">#{dataMap.http_url},</if>
<if test="dataMap.uname != null">#{dataMap.uname},</if>
<if test="dataMap.origin_hostname != null">#{dataMap.origin_hostname},</if>
<if test="dataMap.origin_os != null">#{dataMap.origin_os},</if>
<if test="dataMap.origin_agent_mac != null">#{dataMap.origin_agent_mac},</if>
<if test="dataMap.origin_host_id != null">#{dataMap.origin_host_id},</if>
<if test="dataMap.origin_agent_version != null">#{dataMap.origin_agent_version},</if>
<if test="dataMap.origin_agent_id != null">#{dataMap.origin_agent_id},</if>
<if test="dataMap.origin_agent_name != null">#{dataMap.origin_agent_name},</if>
<if test="dataMap.origin_work_group != null">#{dataMap.origin_work_group},</if>
<if test="dataMap.origin_asset_group != null">#{dataMap.origin_asset_group},</if>
<if test="dataMap.origin_local_port != null">#{dataMap.origin_local_port},</if>
<if test="dataMap.origin_agent_ip != null">#{dataMap.origin_agent_ip}::inet,</if>
<if test="dataMap.origin_internal_ip != null">#{dataMap.origin_internal_ip}::inet,</if>
<if test="dataMap.origin_external_ip != null">#{dataMap.origin_external_ip}::inet,</if>
<if test="dataMap.origin_local_addr != null">#{dataMap.origin_local_addr}::inet,</if>
<if test="dataMap.agent_id != null">#{dataMap.agent_id},</if>
<if test="dataMap.agent_name != null">#{dataMap.agent_name},</if>
<if test="dataMap.tc_title != null">#{dataMap.tc_title},</if>
<if test="dataMap.log_id != null">#{dataMap.log_id},</if>
<if test="dataMap.event_date != null">#{dataMap.event_date},</if>
<if test="dataMap.event_time_ts != null">#{dataMap.event_time_ts},</if>
<if test="dataMap.event_level != null">#{dataMap.event_level}::int ,</if>
<if test="dataMap.src_ip != null">#{dataMap.src_ip}::inet,</if>
<if test="dataMap.src_port != null">#{dataMap.src_port}::BIGINT ,</if>
<if test="dataMap.dest_ip != null">#{dataMap.dest_ip}::inet,</if>
<if test="dataMap.dest_port != null">#{dataMap.dest_port}::BIGINT,</if>
<if test="dataMap.event_time != null">#{dataMap.event_time},</if>
<if test="dataMap.attacker_country != null">#{dataMap.attacker_country},</if>
<if test="dataMap.src_mac != null">#{dataMap.src_mac},</if>
<if test="dataMap.dest_mac != null">#{dataMap.dest_mac},</if>
<if test="dataMap.proto != null">#{dataMap.proto},</if>
<if test="dataMap.dev_id != null">#{dataMap.dev_id},</if>
<if test="dataMap.created_time != null">#{dataMap.created_time},</if>
<if test="dataMap.src_country != null">#{dataMap.src_country},</if>
<if test="dataMap.src_country_code != null">#{dataMap.src_country_code},</if>
<if test="dataMap.src_region != null">#{dataMap.src_region},</if>
<if test="dataMap.src_region_code != null">#{dataMap.src_region_code},</if>
<if test="dataMap.src_city != null">#{dataMap.src_city},</if>
<if test="dataMap.src_lon != null">#{dataMap.src_lon},</if>
<if test="dataMap.http_method != null">#{dataMap.http_method},</if>
<if test="dataMap.http_host != null">#{dataMap.http_host},</if>
<if test="dataMap.http_req_header != null">#{dataMap.http_req_header},</if>
<if test="dataMap.http_req_body != null">#{dataMap.http_req_body},</if>
<if test="dataMap.http_resp_header != null">#{dataMap.http_resp_header},</if>
<if test="dataMap.http_resp_body != null">#{dataMap.http_resp_body},</if>
<if test="dataMap.file_type != null">#{dataMap.file_type},</if>
<if test="dataMap.file_md5 != null">#{dataMap.file_md5},</if>
<if test="dataMap.file_size != null">#{dataMap.file_size},</if>
<if test="dataMap.process != null">#{dataMap.process},</if>
<if test="dataMap.start_time != null">#{dataMap.start_time},</if>
<if test="dataMap.action != null">#{dataMap.action},</if>
<if test="dataMap.attacker_region != null">#{dataMap.attacker_region},</if>
<if test="dataMap.end_time != null">#{dataMap.end_time},</if>
<if test="dataMap.file_created_time != null">#{dataMap.file_created_time},</if>
<if test="dataMap.file_modified_time != null">#{dataMap.file_modified_time},</if>
<if test="dataMap.tc_miguan_scan_port != null">#{dataMap.tc_miguan_scan_port}::inet,</if>
<if test="dataMap.process_path != null">#{dataMap.process_path},</if>
<if test="dataMap.parent_process_path != null">#{dataMap.parent_process_path},</if>
<if test="dataMap.gname != null">#{dataMap.gname},</if>
<if test="dataMap.exe_name != null">#{dataMap.exe_name},</if>
<if test="dataMap.exe_path != null">#{dataMap.exe_path},</if>
<if test="dataMap.login_time != null">#{dataMap.login_time},</if>
<if test="dataMap.login_times != null">#{dataMap.login_times},</if>
<if test="dataMap.check_item != null">#{dataMap.check_item},</if>
<if test="dataMap.check_type != null">#{dataMap.check_type},</if>
<if test="dataMap.attacker_ip != null">#{dataMap.attacker_ip}::inet,</if>
<if test="dataMap.attacker_port != null">#{dataMap.attacker_port},</if>
<if test="dataMap.victim_ip != null">#{dataMap.victim_ip}::inet,</if>
<if test="dataMap.victim_port != null">#{dataMap.victim_port},</if>
<if test="dataMap.attacker_city != null">#{dataMap.attacker_city},</if>
<if test="dataMap.attacker_lon != null">#{dataMap.attacker_lon},</if>
<if test="dataMap.attacker_lat != null">#{dataMap.attacker_lat},</if>
<if test="dataMap.victim_country != null">#{dataMap.victim_country},</if>
<if test="dataMap.victim_region != null">#{dataMap.victim_region},</if>
<if test="dataMap.victim_city != null">#{dataMap.victim_city},</if>
<if test="dataMap.victim_lon != null">#{dataMap.victim_lon},</if>
<if test="dataMap.victim_lat != null">#{dataMap.victim_lat},</if>
<if test="dataMap.origin_event_id != null">#{dataMap.origin_event_id},</if>
<if test="dataMap.origin_event_name != null">#{dataMap.origin_event_name},</if>
<if test="dataMap.origin_event_category != null">#{dataMap.origin_event_category},</if>
<if test="dataMap.origin_event_level != null">#{dataMap.origin_event_level},</if>
<if test="dataMap.origin_attack_chain != null">#{dataMap.origin_attack_chain},</if>
<if test="dataMap.engine_type != null">#{dataMap.engine_type},</if>
<if test="dataMap.evil_payload != null">#{dataMap.evil_payload},</if>
<if test="dataMap.http_resp_status != null">#{dataMap.http_resp_status},</if>
<if test="dataMap.dns_query != null">#{dataMap.dns_query},</if>
<if test="dataMap.dns_query_type != null">#{dataMap.dns_query_type},</if>
<if test="dataMap.dns_ttl != null">#{dataMap.dns_ttl},</if>
<if test="dataMap.dns_answer != null">#{dataMap.dns_answer},</if>
<if test="dataMap.dns_subdomains != null">#{dataMap.dns_subdomains},</if>
<if test="dataMap.file_sha256 != null">#{dataMap.file_sha256},</if>
<if test="dataMap.file_ssdeep != null">#{dataMap.file_ssdeep},</if>
<if test="dataMap.victim_country_code != null">#{dataMap.victim_country_code},</if>
<if test="dataMap.http_xff_ip != null">#{dataMap.http_xff_ip},</if>
<if test="dataMap.tc_miguan_class != null">#{dataMap.tc_miguan_class}::inet,</if>
<if test="dataMap.pid != null">#{dataMap.pid},</if>
<if test="dataMap.ppid != null">#{dataMap.ppid},</if>
<if test="dataMap.process_name != null">#{dataMap.process_name},</if>
<if test="dataMap.backdoor_type != null">#{dataMap.backdoor_type},</if>
<if test="dataMap.tty != null">#{dataMap.tty},</if>
<if test="dataMap.sudo_user != null">#{dataMap.sudo_user},</if>
<if test="dataMap.sudo_group != null">#{dataMap.sudo_group},</if>
<if test="dataMap.origin_event_type != null">#{dataMap.origin_event_type},</if>
<if test="dataMap.dest_domain != null">#{dataMap.dest_domain},</if>
<if test="dataMap.shell_cmdline != null">#{dataMap.shell_cmdline},</if>
<if test="dataMap.parent_cmdline != null">#{dataMap.parent_cmdline},</if>
<if test="dataMap.attack_chain != null">#{dataMap.attack_chain},</if>
<if test="dataMap.process_tree != null">#{dataMap.process_tree},</if>
<if test="dataMap.host_file_sha256 != null">#{dataMap.host_file_sha256},</if>
<if test="dataMap.host_file_md5 != null">#{dataMap.host_file_md5},</if>
<if test="dataMap.host_file_size != null">#{dataMap.host_file_size},</if>
<if test="dataMap.host_file_type != null">#{dataMap.host_file_type},</if>
<if test="dataMap.dest_country != null">#{dataMap.dest_country},</if>
<if test="dataMap.dest_country_code != null">#{dataMap.dest_country_code},</if>
<if test="dataMap.log_origin != null">#{dataMap.log_origin},</if>
<if test="dataMap.dest_region != null">#{dataMap.dest_region},</if>
<if test="dataMap.src_lat != null">#{dataMap.src_lat},</if>
<if test="dataMap.dest_region_code != null">#{dataMap.dest_region_code},</if>
<if test="dataMap.dest_city != null">#{dataMap.dest_city},</if>
<if test="dataMap.dest_lon != null">#{dataMap.dest_lon},</if>
<if test="dataMap.dest_lat != null">#{dataMap.dest_lat},</if>
<if test="dataMap.event_category != null">#{dataMap.event_category},</if>
<if test="dataMap.attack_result != null">#{dataMap.attack_result},</if>
<if test="dataMap.probe_ip != null">#{dataMap.probe_ip}::inet,</if>
<if test="dataMap.device_ip != null">#{dataMap.device_ip}::inet,</if>
<if test="dataMap.device_manufacturer != null">#{dataMap.device_manufacturer},</if>
<if test="dataMap.device_name != null">#{dataMap.device_name},</if>
<if test="dataMap.product_name != null">#{dataMap.product_name},</if>
<if test="dataMap.__id != null">#{dataMap.__id},</if>
<if test="dataMap.__count != null">#{dataMap.__count},</if>
<if test="dataMap.__count_reason != null">#{dataMap.__count_reason},</if>
<if test="dataMap.event_type != null">#{dataMap.event_type}::int,</if>
<if test="dataMap.protocol != null">#{dataMap.protocol},</if>
<if test="dataMap.shell_cmd != null">#{dataMap.shell_cmd},</if>
<if test="dataMap.parent_name != null">#{dataMap.parent_name},</if>
<if test="dataMap.host_file_path != null">#{dataMap.host_file_path},</if>
<if test="dataMap.uid != null">#{dataMap.uid},</if>
<if test="dataMap.fall != null">#{dataMap.fall},</if>
<if test="dataMap.tc_miguan_server_ip != null">#{dataMap.tc_miguan_server_ip}::inet,</if>
<if test="dataMap.dev_type != null">#{dataMap.dev_type},</if>
<if test="dataMap.collect_method != null">#{dataMap.collect_method},</if>
<if test="dataMap.field_cate_id != null">#{dataMap.field_cate_id},</if>
<if test="dataMap.device_type != null">#{dataMap.device_type},</if>
<if test="dataMap.tc_miguan_client_ip != null">#{dataMap.tc_miguan_client_ip}::inet,</if>
<if test="dataMap.tc_miguan_name != null">#{dataMap.tc_miguan_name}::inet,</if>
<if test="dataMap.origin_total_packages != null">#{dataMap.origin_total_packages},</if>
<if test="dataMap.origin_total_bytes != null">#{dataMap.origin_total_bytes},</if>
<if test="dataMap.origin_peak_packages_rate != null">#{dataMap.origin_peak_packages_rate},</if>
<if test="dataMap.origin_peak_bytes_rate != null">#{dataMap.origin_peak_bytes_rate},</if>
<if test="dataMap.origin_peak_flows_rate != null">#{dataMap.origin_peak_flows_rate},</if>
<if test="dataMap.apt_orgname != null">#{dataMap.apt_orgname},</if>
<if test="dataMap.apt_orgmsg != null">#{dataMap.apt_orgmsg},</if>
<if test="dataMap.mail_message_id != null">#{dataMap.mail_message_id},</if>
<if test="dataMap.mail_bcc != null">#{dataMap.mail_bcc},</if>
<if test="dataMap.mail_size != null">#{dataMap.mail_size},</if>
<if test="dataMap.mail_attach_hashcode != null">#{dataMap.mail_attach_hashcode},</if>
<if test="dataMap.mail_url != null">#{dataMap.mail_url},</if>
<if test="dataMap.mail_cc != null">#{dataMap.mail_cc},</if>
<if test="dataMap.algorithm != null">#{dataMap.algorithm},</if>
<if test="dataMap.miningpool_ip != null">#{dataMap.miningpool_ip}::inet,</if>
<if test="dataMap.process_md5 != null">#{dataMap.process_md5},</if>
<if test="dataMap.pprocess_md5 != null">#{dataMap.pprocess_md5},</if>
<if test="dataMap.source_servername != null">#{dataMap.source_servername},</if>
<if test="dataMap.origin_source_servername != null">#{dataMap.origin_source_servername},</if>
<if test="dataMap.mail_filename != null">#{dataMap.mail_filename},</if>
<if test="dataMap.dst_upload_appname != null">#{dataMap.dst_upload_appname},</if>
<if test="dataMap.target_port != null">#{dataMap.target_port},</if>
<if test="dataMap.gid != null">#{dataMap.gid},</if>
<if test="dataMap.origin_uid != null">#{dataMap.origin_uid},</if>
<if test="dataMap.origin_gid != null">#{dataMap.origin_gid},</if>
<if test="dataMap.target_ports != null">#{dataMap.target_ports},</if>
<if test="dataMap.tc_miguan_name1 != null">#{dataMap.tc_miguan_name1},</if>
<if test="dataMap.tc_miguan_class1 != null">#{dataMap.tc_miguan_class1},</if>
<if test="dataMap.etl_time != null">#{dataMap.etl_time},</if>
<if test="dataMap.tc_miguan_scan_port2 != null">#{dataMap.tc_miguan_scan_port2},</if>
<if test="dataMap.desip_security_scope != null">#{dataMap.desip_security_scope},</if>
<if test="dataMap.srcip_security_scope != null">#{dataMap.srcip_security_scope},</if>
<if test="dataMap.collect_time_ts != null">#{dataMap.collect_time_ts},</if>
<if test="dataMap.tc_miguan_scan_port1 != null">#{dataMap.tc_miguan_scan_port1}::inet,</if>
<if test="dataMap.src_dev_name != null">#{dataMap.src_dev_name},</if>
<if test="dataMap.collect_protocol != null">#{dataMap.collect_protocol},</if>
<if test="dataMap.destination_system_type != null">#{dataMap.destination_system_type},</if>
<if test="dataMap.destination_system != null">#{dataMap.destination_system},</if>
<if test="dataMap.etl_host != null">#{dataMap.etl_host},</if>
<if test="dataMap.normalize_rule_id != null">#{dataMap.normalize_rule_id},</if>
<if test="dataMap.normalize_rule_name != null">#{dataMap.normalize_rule_name},</if>
<if test="dataMap.syslog_uuid != null">#{dataMap.syslog_uuid},</if>
<if test="dataMap.syslog_topic != null">#{dataMap.syslog_topic},</if>
</trim>
</insert>
<!-- 使用实体类插入 -->
<insert id="insertByEntity" parameterType="com.common.entity.SyslogNormalData">
INSERT INTO syslog_normal_alarm
<trim prefix="(" suffix=")" suffixOverrides=",">
<if test="id != null">id,</if>
<if test="createdAt != null">created_at,</if>
<if test="logTime != null">log_time,</if>
<if test="deviceId != null">device_id,</if>
<!-- 其他字段类似,按照驼峰命名法 -->
</trim>
VALUES
<trim prefix="(" suffix=")" suffixOverrides=",">
<if test="id != null">#{id},</if>
<if test="createdAt != null">#{createdAt},</if>
<if test="logTime != null">#{logTime},</if>
<if test="deviceId != null">#{deviceId},</if>
<!-- 其他字段类似 -->
</trim>
</insert>
<!-- 批量插入 -->
<insert id="batchInsert" parameterType="map">
INSERT INTO syslog_normal_alarm
(id, log_time, src_ip, dest_ip, event_level)
VALUES
<foreach collection="dataList" item="item" separator=",">
(#{item.id}, #{item.log_time}, #{item.src_ip}, #{item.dest_ip}, #{item.event_level})
</foreach>
</insert>
</mapper>
haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SyslogNormalDataMapper.xml
+925
View File
@@ -0,0 +1,925 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.common.mapper.SyslogNormalDataMapper">
<!-- 定义部分字段的结果映射 -->
<resultMap id="requiredFieldsMap" type="com.common.entity.SyslogNormalData">
<!-- 基础字段 -->
<id property="id" column="id" jdbcType="VARCHAR"/>
<result property="createdAt" column="created_at"
typeHandler="com.Modules.etl.handler.TimestamptzTypeHandler"/>
<result property="logTime" column="log_time"
typeHandler="com.Modules.etl.handler.TimestamptzTypeHandler"/>
<!-- 构建请求体所需的字段 -->
<result property="deviceIp" column="device_ip" jdbcType="VARCHAR"/>
<result property="destIp" column="dest_ip" jdbcType="VARCHAR"/>
<result property="destPort" column="dest_port" jdbcType="BIGINT"/>
<result property="destMac" column="dest_mac" jdbcType="VARCHAR"/>
<result property="srcIp" column="src_ip" jdbcType="VARCHAR"/>
<result property="srcPort" column="src_port" jdbcType="BIGINT"/>
<result property="srcMac" column="src_mac" jdbcType="VARCHAR"/>
<result property="hostFilePath" column="host_file_path" jdbcType="VARCHAR"/>
<result property="fileMd5" column="file_md5" jdbcType="VARCHAR"/>
<result property="fileName" column="file_name" jdbcType="VARCHAR"/>
<result property="destCity" column="dest_city" jdbcType="VARCHAR"/>
<result property="destCountry" column="dest_country" jdbcType="VARCHAR"/>
<result property="destLat" column="dest_lat" jdbcType="VARCHAR"/>
<result property="destLon" column="dest_lon" jdbcType="VARCHAR"/>
<result property="srcCity" column="src_city" jdbcType="VARCHAR"/>
<result property="srcCountry" column="src_country" jdbcType="VARCHAR"/>
<result property="srcCountryCode" column="src_country_code" jdbcType="VARCHAR"/>
<result property="srcLat" column="src_lat" jdbcType="VARCHAR"/>
<result property="srcLon" column="src_lon" jdbcType="VARCHAR"/>
<result property="httpHost" column="http_host" jdbcType="VARCHAR"/>
<result property="hostFileMd5" column="host_file_md5" jdbcType="VARCHAR"/>
<result property="httpReqHeaderRaw" column="http_req_header_raw" jdbcType="VARCHAR"/>
<result property="httpMethod" column="http_method" jdbcType="VARCHAR"/>
<result property="httpRespContentType" column="http_resp_content_type" jdbcType="VARCHAR"/>
<result property="proto" column="proto" jdbcType="VARCHAR"/>
<result property="httpReferer" column="http_referer" jdbcType="VARCHAR"/>
<result property="httpUrl" column="http_url" jdbcType="VARCHAR"/>
<result property="httpStatusCode" column="http_status_code" jdbcType="BIGINT"/>
<result property="vlanId" column="vlan_id" jdbcType="VARCHAR"/>
<!-- 其他可能需要的字段(可选) -->
<result property="eventDate" column="event_date"
typeHandler="com.Modules.etl.handler.TimestamptzTypeHandler"/>
<result property="attackResult" column="attack_result" jdbcType="INTEGER"/>
<result property="engineType" column="engine_type" jdbcType="VARCHAR"/>
<result property="syslogUuid" column="syslog_uuid" jdbcType="VARCHAR"/>
<result property="syslogTopic" column="syslog_topic" jdbcType="VARCHAR"/>
</resultMap>
<!-- 只查询构建API请求体所需的字段 -->
<select id="findRequiredFieldsAfterTime" resultMap="requiredFieldsMap">
SELECT
id,
created_at,
log_time,
device_ip,
dest_ip,
dest_port,
dest_mac,
src_ip,
src_port,
src_mac,
host_file_path,
file_md5,
file_name,
dest_city,
dest_country,
dest_lat,
dest_lon,
src_city,
src_country,
src_country_code,
src_lat,
src_lon,
http_host,
host_file_md5,
http_req_header_raw,
http_method,
http_resp_content_type,
proto,
http_referer,
http_url,
http_status_code,
-- 可选字段
event_date,
attack_result,
engine_type,
syslog_uuid,
syslog_topic
FROM syslog_normal_data
WHERE created_at >= #{startTime}
ORDER BY created_at ASC
<!-- LIMIT 1000 -->
</select>
<!-- 分页查询版本 -->
<select id="findRequiredFieldsByPage" resultMap="requiredFieldsMap">
SELECT
id,
created_at,
log_time,
device_ip,
dest_ip,
dest_port,
dest_mac,
src_ip,
src_port,
src_mac,
host_file_path,
file_md5,
file_name,
dest_city,
dest_country,
dest_lat,
dest_lon,
src_city,
src_country,
src_country_code,
src_lat,
src_lon,
http_host,
host_file_md5,
http_req_header_raw,
http_method,
http_resp_content_type,
proto,
http_referer,
http_url,
http_status_code,
vlan_id
FROM syslog_normal_data
WHERE created_at >= #{startTime}
ORDER BY created_at ASC
<!-- LIMIT #{limit} OFFSET #{offset} -->
</select>
<insert id="insertDynamic" parameterType="map">
INSERT INTO syslog_normal_data
<trim prefix="(" suffix=")" suffixOverrides=",">
<if test="dataMap.id != null">id,</if>
<if test="dataMap.created_at != null">created_at,</if>
<if test="dataMap.log_time != null">log_time,</if>
<if test="dataMap.device_id != null">device_id,</if>
<if test="dataMap.webshell_type != null">webshell_type,</if>
<if test="dataMap.vuirs_type != null">vuirs_type,</if>
<if test="dataMap.vuirs_url != null">vuirs_url,</if>
<if test="dataMap.class_filename != null">class_filename,</if>
<if test="dataMap.class_path != null">class_path,</if>
<if test="dataMap.parent_class != null">parent_class,</if>
<if test="dataMap.jar_path != null">jar_path,</if>
<if test="dataMap.class_md5 != null">class_md5,</if>
<if test="dataMap.class_loader != null">class_loader,</if>
<if test="dataMap.class_hashcode != null">class_hashcode,</if>
<if test="dataMap.class_loader_hashcode != null">class_loader_hashcode,</if>
<if test="dataMap.tc_nameip != null">tc_nameip,</if>
<if test="dataMap.perform_sql != null">perform_sql,</if>
<if test="dataMap.tc_account != null">tc_account,</if>
<if test="dataMap.tc_appname != null">tc_appname,</if>
<if test="dataMap.process_uname != null">process_uname,</if>
<if test="dataMap.p_process_uname != null">p_process_uname,</if>
<if test="dataMap.container_name != null">container_name,</if>
<if test="dataMap.container_id != null">container_id,</if>
<if test="dataMap.http_resp_server != null">http_resp_server,</if>
<if test="dataMap.srcip_id != null">srcip_id,</if>
<if test="dataMap.cdnip != null">cdnip,</if>
<if test="dataMap.natip != null">natip,</if>
<if test="dataMap.mail_sender != null">mail_sender,</if>
<if test="dataMap.mail_receiver != null">mail_receiver,</if>
<if test="dataMap.vpn_mac != null">vpn_mac,</if>
<if test="dataMap.vpn_os != null">vpn_os,</if>
<if test="dataMap.vpn_user != null">vpn_user,</if>
<if test="dataMap.vpn_groupname != null">vpn_groupname,</if>
<if test="dataMap.vpn_access_ip != null">vpn_access_ip,</if>
<if test="dataMap.dest_ip_apt != null">dest_ip_apt,</if>
<if test="dataMap.origin_attack_result != null">origin_attack_result,</if>
<if test="dataMap.description != null">description,</if>
<if test="dataMap.solution != null">solution,</if>
<if test="dataMap.attack_cause != null">attack_cause,</if>
<if test="dataMap.username != null">username,</if>
<if test="dataMap.tc_flow_id != null">tc_flow_id,</if>
<if test="dataMap.login_result != null">login_result,</if>
<if test="dataMap.cmdline != null">cmdline,</if>
<if test="dataMap.origin_attack_action != null">origin_attack_action,</if>
<if test="dataMap.victim_domain != null">victim_domain,</if>
<if test="dataMap.vpn_deviceid != null">vpn_deviceid,</if>
<if test="dataMap.vpn_access_action != null">vpn_access_action,</if>
<if test="dataMap.file_access_time != null">file_access_time,</if>
<if test="dataMap.file_name != null">file_name,</if>
<if test="dataMap.tc_class != null">tc_class,</if>
<if test="dataMap.tc_name2 != null">tc_name2,</if>
<if test="dataMap.login_lasttime != null">login_lasttime,</if>
<if test="dataMap.origin_permissions != null">origin_permissions,</if>
<if test="dataMap.begin_permissions != null">begin_permissions,</if>
<if test="dataMap.print_time != null">print_time,</if>
<if test="dataMap.printer != null">printer,</if>
<if test="dataMap.printer_type != null">printer_type,</if>
<if test="dataMap.print_pages != null">print_pages,</if>
<if test="dataMap.print_copies != null">print_copies,</if>
<if test="dataMap.src_device != null">src_device,</if>
<if test="dataMap.dst_device != null">dst_device,</if>
<if test="dataMap.src_file != null">src_file,</if>
<if test="dataMap.src_file_type != null">src_file_type,</if>
<if test="dataMap.src_file_path != null">src_file_path,</if>
<if test="dataMap.dst_file != null">dst_file,</if>
<if test="dataMap.dst_file_type != null">dst_file_type,</if>
<if test="dataMap.dst_file_path != null">dst_file_path,</if>
<if test="dataMap.dlp_policy_name != null">dlp_policy_name,</if>
<if test="dataMap.dlp_policy_type != null">dlp_policy_type,</if>
<if test="dataMap.dst_upload_url != null">dst_upload_url,</if>
<if test="dataMap.process_uuid != null">process_uuid,</if>
<if test="dataMap.p_process_uuid != null">p_process_uuid,</if>
<if test="dataMap.env != null">env,</if>
<if test="dataMap.brute_force_service != null">brute_force_service,</if>
<if test="dataMap.vuirs_name != null">vuirs_name,</if>
<if test="dataMap.http_req_length != null">http_req_length,</if>
<if test="dataMap.http_req_content_type != null">http_req_content_type,</if>
<if test="dataMap.tc_scan_port != null">tc_scan_port,</if>
<if test="dataMap.tc_labels != null">tc_labels,</if>
<if test="dataMap.http_resp_content_type != null">http_resp_content_type,</if>
<if test="dataMap.dns_msg_type != null">dns_msg_type,</if>
<if test="dataMap.dns_answer_length != null">dns_answer_length,</if>
<if test="dataMap.dns_ioc != null">dns_ioc,</if>
<if test="dataMap.tx_bytes != null">tx_bytes,</if>
<if test="dataMap.rx_bytes != null">rx_bytes,</if>
<if test="dataMap.all_bytes != null">all_bytes,</if>
<if test="dataMap.duration_time != null">duration_time,</if>
<if test="dataMap.mail_attach_name != null">mail_attach_name,</if>
<if test="dataMap.mail_subject != null">mail_subject,</if>
<if test="dataMap.mail_message != null">mail_message,</if>
<if test="dataMap.mail_send_server != null">mail_send_server,</if>
<if test="dataMap.mail_agent != null">mail_agent,</if>
<if test="dataMap.tls_version != null">tls_version,</if>
<if test="dataMap.tls_server_cert != null">tls_server_cert,</if>
<if test="dataMap.tls_server_suite != null">tls_server_suite,</if>
<if test="dataMap.tls_client_suites_len != null">tls_client_suites_len,</if>
<if test="dataMap.tls_ja3 != null">tls_ja3,</if>
<if test="dataMap.tls_ja3s != null">tls_ja3s,</if>
<if test="dataMap.vpn_access_port != null">vpn_access_port,</if>
<if test="dataMap.log_topic != null">log_topic,</if>
<if test="dataMap.collect_time != null">collect_time,</if>
<if test="dataMap.src_is_intranetip != null">src_is_intranetip,</if>
<if test="dataMap.src_ip_ioc != null">src_ip_ioc,</if>
<if test="dataMap.src_ip_apt != null">src_ip_apt,</if>
<if test="dataMap.srcip_name != null">srcip_name,</if>
<if test="dataMap.tc_client != null">tc_client,</if>
<if test="dataMap.srcip_organization_id != null">srcip_organization_id,</if>
<if test="dataMap.dest_ip_intranetip != null">dest_ip_intranetip,</if>
<if test="dataMap.dest_ip_ioc != null">dest_ip_ioc,</if>
<if test="dataMap.desip_id != null">desip_id,</if>
<if test="dataMap.desip_name != null">desip_name,</if>
<if test="dataMap.tc_hostip != null">tc_hostip,</if>
<if test="dataMap.desip_organization_id != null">desip_organization_id,</if>
<if test="dataMap.origin_confidence != null">origin_confidence,</if>
<if test="dataMap.origin_malscore != null">origin_malscore,</if>
<if test="dataMap.attacker_icampaign != null">attacker_icampaign,</if>
<if test="dataMap.attacker_host_asset_id != null">attacker_host_asset_id,</if>
<if test="dataMap.attacker_organization_id != null">attacker_organization_id,</if>
<if test="dataMap.victim_host_asset_id != null">victim_host_asset_id,</if>
<if test="dataMap.victim_organization_id != null">victim_organization_id,</if>
<if test="dataMap.logout_time != null">logout_time,</if>
<if test="dataMap.http_req_line != null">http_req_line,</if>
<if test="dataMap.desip_security_scope_id != null">desip_security_scope_id,</if>
<if test="dataMap.srcip_security_scope_id != null">srcip_security_scope_id,</if>
<if test="dataMap.http_resp_length != null">http_resp_length,</if>
<if test="dataMap.tc_attack_type != null">tc_attack_type,</if>
<if test="dataMap.tc_realip != null">tc_realip,</if>
<if test="dataMap.attacker_ip_lists != null">attacker_ip_lists,</if>
<if test="dataMap.login_password != null">login_password,</if>
<if test="dataMap.detail != null">detail,</if>
<if test="dataMap.attacker_country_code != null">attacker_country_code,</if>
<if test="dataMap.attacker_region_code != null">attacker_region_code,</if>
<if test="dataMap.victim_region_code != null">victim_region_code,</if>
<if test="dataMap.payload != null">payload,</if>
<if test="dataMap.http_referer != null">http_referer,</if>
<if test="dataMap.http_user_agent != null">http_user_agent,</if>
<if test="dataMap.http_session != null">http_session,</if>
<if test="dataMap.http_query_string != null">http_query_string,</if>
<if test="dataMap.file_path != null">file_path,</if>
<if test="dataMap.file_permission != null">file_permission,</if>
<if test="dataMap.login_abnormal_type != null">login_abnormal_type,</if>
<if test="dataMap.file_tag != null">file_tag,</if>
<if test="dataMap.file_platform != null">file_platform,</if>
<if test="dataMap.target_ip != null">target_ip,</if>
<if test="dataMap.collect_date != null">collect_date,</if>
<if test="dataMap.tc_client_ip != null">tc_client_ip,</if>
<if test="dataMap.tc_server_ip != null">tc_server_ip,</if>
<if test="dataMap.tc_externalip != null">tc_externalip,</if>
<if test="dataMap.http_status_code != null">http_status_code,</if>
<if test="dataMap.device_domian != null">device_domian,</if>
<if test="dataMap.src_ip_str != null">src_ip_str,</if>
<if test="dataMap.src_port_str != null">src_port_str,</if>
<if test="dataMap.dest_ip_str != null">dest_ip_str,</if>
<if test="dataMap.dest_port_str != null">dest_port_str,</if>
<if test="dataMap.pcap != null">pcap,</if>
<if test="dataMap.ioc != null">ioc,</if>
<if test="dataMap.malicious_family != null">malicious_family,</if>
<if test="dataMap.vuln_cve != null">vuln_cve,</if>
<if test="dataMap.aliyun_type != null">aliyun_type,</if>
<if test="dataMap.attacker_host_asset_name != null">attacker_host_asset_name,</if>
<if test="dataMap.attacker_organization_name != null">attacker_organization_name,</if>
<if test="dataMap.ct_id != null">ct_id,</if>
<if test="dataMap.cve_list != null">cve_list,</if>
<if test="dataMap.desip_organization_name != null">desip_organization_name,</if>
<if test="dataMap.dest_ip_group != null">dest_ip_group,</if>
<if test="dataMap.file_gid != null">file_gid,</if>
<if test="dataMap.file_owner != null">file_owner,</if>
<if test="dataMap.file_ownergroup != null">file_ownergroup,</if>
<if test="dataMap.file_uid != null">file_uid,</if>
<if test="dataMap.http_resp_cookie != null">http_resp_cookie,</if>
<if test="dataMap.origin_rule_id != null">origin_rule_id,</if>
<if test="dataMap.origin_rule_name != null">origin_rule_name,</if>
<if test="dataMap.service_name != null">service_name,</if>
<if test="dataMap.src_ip_asset_group != null">src_ip_asset_group,</if>
<if test="dataMap.srcip_organization_name != null">srcip_organization_name,</if>
<if test="dataMap.victim_host_asset_name != null">victim_host_asset_name,</if>
<if test="dataMap.http_resp_codes != null">http_resp_codes,</if>
<if test="dataMap.victim_organization_name != null">victim_organization_name,</if>
<if test="dataMap.tc_type != null">tc_type,</if>
<if test="dataMap.direction != null">direction,</if>
<if test="dataMap.http_req_cookie != null">http_req_cookie,</if>
<if test="dataMap.http_req_protocol != null">http_req_protocol,</if>
<if test="dataMap.http_req_header_raw != null">http_req_header_raw,</if>
<if test="dataMap.http_url != null">http_url,</if>
<if test="dataMap.uname != null">uname,</if>
<if test="dataMap.origin_hostname != null">origin_hostname,</if>
<if test="dataMap.origin_os != null">origin_os,</if>
<if test="dataMap.origin_agent_mac != null">origin_agent_mac,</if>
<if test="dataMap.origin_host_id != null">origin_host_id,</if>
<if test="dataMap.origin_agent_version != null">origin_agent_version,</if>
<if test="dataMap.origin_agent_id != null">origin_agent_id,</if>
<if test="dataMap.origin_agent_name != null">origin_agent_name,</if>
<if test="dataMap.origin_work_group != null">origin_work_group,</if>
<if test="dataMap.origin_asset_group != null">origin_asset_group,</if>
<if test="dataMap.origin_local_port != null">origin_local_port,</if>
<if test="dataMap.origin_agent_ip != null">origin_agent_ip,</if>
<if test="dataMap.origin_internal_ip != null">origin_internal_ip,</if>
<if test="dataMap.origin_external_ip != null">origin_external_ip,</if>
<if test="dataMap.origin_local_addr != null">origin_local_addr,</if>
<if test="dataMap.agent_id != null">agent_id,</if>
<if test="dataMap.agent_name != null">agent_name,</if>
<if test="dataMap.tc_title != null">tc_title,</if>
<if test="dataMap.log_id != null">log_id,</if>
<if test="dataMap.event_date != null">event_date,</if>
<if test="dataMap.event_time_ts != null">event_time_ts,</if>
<if test="dataMap.event_level != null">event_level,</if>
<if test="dataMap.src_ip != null">src_ip ,</if>
<if test="dataMap.src_port != null">src_port,</if>
<if test="dataMap.dest_ip != null">dest_ip,</if>
<if test="dataMap.dest_port != null">dest_port,</if>
<if test="dataMap.event_time != null">event_time,</if>
<if test="dataMap.attacker_country != null">attacker_country,</if>
<if test="dataMap.src_mac != null">src_mac,</if>
<if test="dataMap.dest_mac != null">dest_mac,</if>
<if test="dataMap.proto != null">proto,</if>
<if test="dataMap.dev_id != null">dev_id,</if>
<if test="dataMap.created_time != null">created_time,</if>
<if test="dataMap.src_country != null">src_country,</if>
<if test="dataMap.src_country_code != null">src_country_code,</if>
<if test="dataMap.src_region != null">src_region,</if>
<if test="dataMap.src_region_code != null">src_region_code,</if>
<if test="dataMap.src_city != null">src_city,</if>
<if test="dataMap.src_lon != null">src_lon,</if>
<if test="dataMap.http_method != null">http_method,</if>
<if test="dataMap.http_host != null">http_host,</if>
<if test="dataMap.http_req_header != null">http_req_header,</if>
<if test="dataMap.http_req_body != null">http_req_body,</if>
<if test="dataMap.http_resp_header != null">http_resp_header,</if>
<if test="dataMap.http_resp_body != null">http_resp_body,</if>
<if test="dataMap.file_type != null">file_type,</if>
<if test="dataMap.file_md5 != null">file_md5,</if>
<if test="dataMap.file_size != null">file_size,</if>
<if test="dataMap.process != null">process,</if>
<if test="dataMap.start_time != null">start_time,</if>
<if test="dataMap.action != null">action,</if>
<if test="dataMap.attacker_region != null">attacker_region,</if>
<if test="dataMap.end_time != null">end_time,</if>
<if test="dataMap.file_created_time != null">file_created_time,</if>
<if test="dataMap.file_modified_time != null">file_modified_time,</if>
<if test="dataMap.tc_miguan_scan_port != null">tc_miguan_scan_port,</if>
<if test="dataMap.process_path != null">process_path,</if>
<if test="dataMap.parent_process_path != null">parent_process_path,</if>
<if test="dataMap.gname != null">gname,</if>
<if test="dataMap.exe_name != null">exe_name,</if>
<if test="dataMap.exe_path != null">exe_path,</if>
<if test="dataMap.login_time != null">login_time,</if>
<if test="dataMap.login_times != null">login_times,</if>
<if test="dataMap.check_item != null">check_item,</if>
<if test="dataMap.check_type != null">check_type,</if>
<if test="dataMap.attacker_ip != null">attacker_ip,</if>
<if test="dataMap.attacker_port != null">attacker_port,</if>
<if test="dataMap.victim_ip != null">victim_ip,</if>
<if test="dataMap.victim_port != null">victim_port,</if>
<if test="dataMap.attacker_city != null">attacker_city,</if>
<if test="dataMap.attacker_lon != null">attacker_lon,</if>
<if test="dataMap.attacker_lat != null">attacker_lat,</if>
<if test="dataMap.victim_country != null">victim_country,</if>
<if test="dataMap.victim_region != null">victim_region,</if>
<if test="dataMap.victim_city != null">victim_city,</if>
<if test="dataMap.victim_lon != null">victim_lon,</if>
<if test="dataMap.victim_lat != null">victim_lat,</if>
<if test="dataMap.origin_event_id != null">origin_event_id,</if>
<if test="dataMap.origin_event_name != null">origin_event_name,</if>
<if test="dataMap.origin_event_category != null">origin_event_category,</if>
<if test="dataMap.origin_event_level != null">origin_event_level,</if>
<if test="dataMap.origin_attack_chain != null">origin_attack_chain,</if>
<if test="dataMap.engine_type != null">engine_type,</if>
<if test="dataMap.evil_payload != null">evil_payload,</if>
<if test="dataMap.http_resp_status != null">http_resp_status,</if>
<if test="dataMap.dns_query != null">dns_query,</if>
<if test="dataMap.dns_query_type != null">dns_query_type,</if>
<if test="dataMap.dns_ttl != null">dns_ttl,</if>
<if test="dataMap.dns_answer != null">dns_answer,</if>
<if test="dataMap.dns_subdomains != null">dns_subdomains,</if>
<if test="dataMap.file_sha256 != null">file_sha256,</if>
<if test="dataMap.file_ssdeep != null">file_ssdeep,</if>
<if test="dataMap.victim_country_code != null">victim_country_code,</if>
<if test="dataMap.http_xff_ip != null">http_xff_ip,</if>
<if test="dataMap.tc_miguan_class != null">tc_miguan_class,</if>
<if test="dataMap.pid != null">pid,</if>
<if test="dataMap.ppid != null">ppid,</if>
<if test="dataMap.process_name != null">process_name,</if>
<if test="dataMap.backdoor_type != null">backdoor_type,</if>
<if test="dataMap.tty != null">tty,</if>
<if test="dataMap.sudo_user != null">sudo_user,</if>
<if test="dataMap.sudo_group != null">sudo_group,</if>
<if test="dataMap.origin_event_type != null">origin_event_type,</if>
<if test="dataMap.dest_domain != null">dest_domain,</if>
<if test="dataMap.shell_cmdline != null">shell_cmdline,</if>
<if test="dataMap.parent_cmdline != null">parent_cmdline,</if>
<if test="dataMap.attack_chain != null">attack_chain,</if>
<if test="dataMap.process_tree != null">process_tree,</if>
<if test="dataMap.host_file_sha256 != null">host_file_sha256,</if>
<if test="dataMap.host_file_md5 != null">host_file_md5,</if>
<if test="dataMap.host_file_size != null">host_file_size,</if>
<if test="dataMap.host_file_type != null">host_file_type,</if>
<if test="dataMap.dest_country != null">dest_country,</if>
<if test="dataMap.dest_country_code != null">dest_country_code,</if>
<if test="dataMap.log_origin != null">log_origin,</if>
<if test="dataMap.dest_region != null">dest_region,</if>
<if test="dataMap.src_lat != null">src_lat,</if>
<if test="dataMap.dest_region_code != null">dest_region_code,</if>
<if test="dataMap.dest_city != null">dest_city,</if>
<if test="dataMap.dest_lon != null">dest_lon,</if>
<if test="dataMap.dest_lat != null">dest_lat,</if>
<if test="dataMap.event_category != null">event_category,</if>
<if test="dataMap.attack_result != null">attack_result,</if>
<if test="dataMap.probe_ip != null">probe_ip,</if>
<if test="dataMap.device_ip != null">device_ip,</if>
<if test="dataMap.device_manufacturer != null">device_manufacturer,</if>
<if test="dataMap.device_name != null">device_name,</if>
<if test="dataMap.product_name != null">product_name,</if>
<if test="dataMap.__id != null">__id,</if>
<if test="dataMap.__count != null">__count,</if>
<if test="dataMap.__count_reason != null">__count_reason,</if>
<if test="dataMap.event_type != null">event_type,</if>
<if test="dataMap.protocol != null">protocol,</if>
<if test="dataMap.shell_cmd != null">shell_cmd,</if>
<if test="dataMap.parent_name != null">parent_name,</if>
<if test="dataMap.host_file_path != null">host_file_path,</if>
<if test="dataMap.uid != null">uid,</if>
<if test="dataMap.fall != null">fall,</if>
<if test="dataMap.tc_miguan_server_ip != null">tc_miguan_server_ip,</if>
<if test="dataMap.dev_type != null">dev_type,</if>
<if test="dataMap.collect_method != null">collect_method,</if>
<if test="dataMap.field_cate_id != null">field_cate_id,</if>
<if test="dataMap.device_type != null">device_type,</if>
<if test="dataMap.tc_miguan_client_ip != null">tc_miguan_client_ip,</if>
<if test="dataMap.tc_miguan_name != null">tc_miguan_name,</if>
<if test="dataMap.origin_total_packages != null">origin_total_packages,</if>
<if test="dataMap.origin_total_bytes != null">origin_total_bytes,</if>
<if test="dataMap.origin_peak_packages_rate != null">origin_peak_packages_rate,</if>
<if test="dataMap.origin_peak_bytes_rate != null">origin_peak_bytes_rate,</if>
<if test="dataMap.origin_peak_flows_rate != null">origin_peak_flows_rate,</if>
<if test="dataMap.apt_orgname != null">apt_orgname,</if>
<if test="dataMap.apt_orgmsg != null">apt_orgmsg,</if>
<if test="dataMap.mail_message_id != null">mail_message_id,</if>
<if test="dataMap.mail_bcc != null">mail_bcc,</if>
<if test="dataMap.mail_size != null">mail_size,</if>
<if test="dataMap.mail_attach_hashcode != null">mail_attach_hashcode,</if>
<if test="dataMap.mail_url != null">mail_url,</if>
<if test="dataMap.mail_cc != null">mail_cc,</if>
<if test="dataMap.algorithm != null">algorithm,</if>
<if test="dataMap.miningpool_ip != null">miningpool_ip,</if>
<if test="dataMap.process_md5 != null">process_md5,</if>
<if test="dataMap.pprocess_md5 != null">pprocess_md5,</if>
<if test="dataMap.source_servername != null">source_servername,</if>
<if test="dataMap.origin_source_servername != null">origin_source_servername,</if>
<if test="dataMap.mail_filename != null">mail_filename,</if>
<if test="dataMap.dst_upload_appname != null">dst_upload_appname,</if>
<if test="dataMap.target_port != null">target_port,</if>
<if test="dataMap.gid != null">gid,</if>
<if test="dataMap.origin_uid != null">origin_uid,</if>
<if test="dataMap.origin_gid != null">origin_gid,</if>
<if test="dataMap.target_ports != null">target_ports,</if>
<if test="dataMap.tc_miguan_name1 != null">tc_miguan_name1,</if>
<if test="dataMap.tc_miguan_class1 != null">tc_miguan_class1,</if>
<if test="dataMap.etl_time != null">etl_time,</if>
<if test="dataMap.tc_miguan_scan_port2 != null">tc_miguan_scan_port2,</if>
<if test="dataMap.desip_security_scope != null">desip_security_scope,</if>
<if test="dataMap.srcip_security_scope != null">srcip_security_scope,</if>
<if test="dataMap.collect_time_ts != null">collect_time_ts,</if>
<if test="dataMap.tc_miguan_scan_port1 != null">tc_miguan_scan_port1,</if>
<if test="dataMap.src_dev_name != null">src_dev_name,</if>
<if test="dataMap.collect_protocol != null">collect_protocol,</if>
<if test="dataMap.destination_system_type != null">destination_system_type,</if>
<if test="dataMap.destination_system != null">destination_system,</if>
<if test="dataMap.etl_host != null">etl_host,</if>
<if test="dataMap.normalize_rule_id != null">normalize_rule_id,</if>
<if test="dataMap.normalize_rule_name != null">normalize_rule_name,</if>
<if test="dataMap.syslog_uuid != null">syslog_uuid,</if>
<if test="dataMap.syslog_topic != null">syslog_topic,</if>
</trim>
VALUES
<trim prefix="(" suffix=")" suffixOverrides=",">
<if test="dataMap.id != null">#{dataMap.id},</if>
<if test="dataMap.created_at != null">#{dataMap.created_at},</if>
<if test="dataMap.log_time != null">#{dataMap.log_time},</if>
<if test="dataMap.device_id != null">#{dataMap.device_id},</if>
<if test="dataMap.webshell_type != null">#{dataMap.webshell_type},</if>
<if test="dataMap.vuirs_type != null">#{dataMap.vuirs_type},</if>
<if test="dataMap.vuirs_url != null">#{dataMap.vuirs_url},</if>
<if test="dataMap.class_filename != null">#{dataMap.class_filename},</if>
<if test="dataMap.class_path != null">#{dataMap.class_path},</if>
<if test="dataMap.parent_class != null">#{dataMap.parent_class},</if>
<if test="dataMap.jar_path != null">#{dataMap.jar_path},</if>
<if test="dataMap.class_md5 != null">#{dataMap.class_md5},</if>
<if test="dataMap.class_loader != null">#{dataMap.class_loader},</if>
<if test="dataMap.class_hashcode != null">#{dataMap.class_hashcode},</if>
<if test="dataMap.class_loader_hashcode != null">#{dataMap.class_loader_hashcode},</if>
<if test="dataMap.tc_nameip != null">#{dataMap.tc_nameip},</if>
<if test="dataMap.perform_sql != null">#{dataMap.perform_sql},</if>
<if test="dataMap.tc_account != null">#{dataMap.tc_account},</if>
<if test="dataMap.tc_appname != null">#{dataMap.tc_appname},</if>
<if test="dataMap.process_uname != null">#{dataMap.process_uname},</if>
<if test="dataMap.p_process_uname != null">#{dataMap.p_process_uname},</if>
<if test="dataMap.container_name != null">#{dataMap.container_name},</if>
<if test="dataMap.container_id != null">#{dataMap.container_id},</if>
<if test="dataMap.http_resp_server != null">#{dataMap.http_resp_server},</if>
<if test="dataMap.srcip_id != null">#{dataMap.srcip_id},</if>
<if test="dataMap.cdnip != null">#{dataMap.cdnip}::inet,</if>
<if test="dataMap.natip != null">#{dataMap.natip}::inet,</if>
<if test="dataMap.mail_sender != null">#{dataMap.mail_sender},</if>
<if test="dataMap.mail_receiver != null">#{dataMap.mail_receiver},</if>
<if test="dataMap.vpn_mac != null">#{dataMap.vpn_mac},</if>
<if test="dataMap.vpn_os != null">#{dataMap.vpn_os},</if>
<if test="dataMap.vpn_user != null">#{dataMap.vpn_user},</if>
<if test="dataMap.vpn_groupname != null">#{dataMap.vpn_groupname},</if>
<if test="dataMap.vpn_access_ip != null">#{dataMap.vpn_access_ip},</if>
<if test="dataMap.dest_ip_apt != null">#{dataMap.dest_ip_apt},</if>
<if test="dataMap.origin_attack_result != null">#{dataMap.origin_attack_result},</if>
<if test="dataMap.description != null">#{dataMap.description},</if>
<if test="dataMap.solution != null">#{dataMap.solution},</if>
<if test="dataMap.attack_cause != null">#{dataMap.attack_cause},</if>
<if test="dataMap.username != null">#{dataMap.username},</if>
<if test="dataMap.tc_flow_id != null">#{dataMap.tc_flow_id},</if>
<if test="dataMap.login_result != null">#{dataMap.login_result},</if>
<if test="dataMap.cmdline != null">#{dataMap.cmdline},</if>
<if test="dataMap.origin_attack_action != null">#{dataMap.origin_attack_action},</if>
<if test="dataMap.victim_domain != null">#{dataMap.victim_domain},</if>
<if test="dataMap.vpn_deviceid != null">#{dataMap.vpn_deviceid},</if>
<if test="dataMap.vpn_access_action != null">#{dataMap.vpn_access_action},</if>
<if test="dataMap.file_access_time != null">#{dataMap.file_access_time},</if>
<if test="dataMap.file_name != null">#{dataMap.file_name},</if>
<if test="dataMap.tc_class != null">#{dataMap.tc_class},</if>
<if test="dataMap.tc_name2 != null">#{dataMap.tc_name2},</if>
<if test="dataMap.login_lasttime != null">#{dataMap.login_lasttime},</if>
<if test="dataMap.origin_permissions != null">#{dataMap.origin_permissions},</if>
<if test="dataMap.begin_permissions != null">#{dataMap.begin_permissions},</if>
<if test="dataMap.print_time != null">#{dataMap.print_time},</if>
<if test="dataMap.printer != null">#{dataMap.printer},</if>
<if test="dataMap.printer_type != null">#{dataMap.printer_type},</if>
<if test="dataMap.print_pages != null">#{dataMap.print_pages},</if>
<if test="dataMap.print_copies != null">#{dataMap.print_copies},</if>
<if test="dataMap.src_device != null">#{dataMap.src_device},</if>
<if test="dataMap.dst_device != null">#{dataMap.dst_device},</if>
<if test="dataMap.src_file != null">#{dataMap.src_file},</if>
<if test="dataMap.src_file_type != null">#{dataMap.src_file_type},</if>
<if test="dataMap.src_file_path != null">#{dataMap.src_file_path},</if>
<if test="dataMap.dst_file != null">#{dataMap.dst_file},</if>
<if test="dataMap.dst_file_type != null">#{dataMap.dst_file_type},</if>
<if test="dataMap.dst_file_path != null">#{dataMap.dst_file_path},</if>
<if test="dataMap.dlp_policy_name != null">#{dataMap.dlp_policy_name},</if>
<if test="dataMap.dlp_policy_type != null">#{dataMap.dlp_policy_type},</if>
<if test="dataMap.dst_upload_url != null">#{dataMap.dst_upload_url},</if>
<if test="dataMap.process_uuid != null">#{dataMap.process_uuid},</if>
<if test="dataMap.p_process_uuid != null">#{dataMap.p_process_uuid},</if>
<if test="dataMap.env != null">#{dataMap.env},</if>
<if test="dataMap.brute_force_service != null">#{dataMap.brute_force_service},</if>
<if test="dataMap.vuirs_name != null">#{dataMap.vuirs_name},</if>
<if test="dataMap.http_req_length != null">#{dataMap.http_req_length},</if>
<if test="dataMap.http_req_content_type != null">#{dataMap.http_req_content_type},</if>
<if test="dataMap.tc_scan_port != null">#{dataMap.tc_scan_port}::inet,</if>
<if test="dataMap.tc_labels != null">#{dataMap.tc_labels}::inet,</if>
<if test="dataMap.http_resp_content_type != null">#{dataMap.http_resp_content_type},</if>
<if test="dataMap.dns_msg_type != null">#{dataMap.dns_msg_type},</if>
<if test="dataMap.dns_answer_length != null">#{dataMap.dns_answer_length},</if>
<if test="dataMap.dns_ioc != null">#{dataMap.dns_ioc},</if>
<if test="dataMap.tx_bytes != null">#{dataMap.tx_bytes}::double precision,</if>
<if test="dataMap.rx_bytes != null">#{dataMap.rx_bytes}::double precision,</if>
<if test="dataMap.all_bytes != null">#{dataMap.all_bytes}::double precision,</if>
<if test="dataMap.duration_time != null">#{dataMap.duration_time},</if>
<if test="dataMap.mail_attach_name != null">#{dataMap.mail_attach_name},</if>
<if test="dataMap.mail_subject != null">#{dataMap.mail_subject},</if>
<if test="dataMap.mail_message != null">#{dataMap.mail_message},</if>
<if test="dataMap.mail_send_server != null">#{dataMap.mail_send_server},</if>
<if test="dataMap.mail_agent != null">#{dataMap.mail_agent},</if>
<if test="dataMap.tls_version != null">#{dataMap.tls_version},</if>
<if test="dataMap.tls_server_cert != null">#{dataMap.tls_server_cert},</if>
<if test="dataMap.tls_server_suite != null">#{dataMap.tls_server_suite},</if>
<if test="dataMap.tls_client_suites_len != null">#{dataMap.tls_client_suites_len},</if>
<if test="dataMap.tls_ja3 != null">#{dataMap.tls_ja3},</if>
<if test="dataMap.tls_ja3s != null">#{dataMap.tls_ja3s},</if>
<if test="dataMap.vpn_access_port != null">#{dataMap.vpn_access_port},</if>
<if test="dataMap.log_topic != null">#{dataMap.log_topic},</if>
<if test="dataMap.collect_time != null">#{dataMap.collect_time},</if>
<if test="dataMap.src_is_intranetip != null">#{dataMap.src_is_intranetip},</if>
<if test="dataMap.src_ip_ioc != null">#{dataMap.src_ip_ioc},</if>
<if test="dataMap.src_ip_apt != null">#{dataMap.src_ip_apt},</if>
<if test="dataMap.srcip_name != null">#{dataMap.srcip_name},</if>
<if test="dataMap.tc_client != null">#{dataMap.tc_client},</if>
<if test="dataMap.srcip_organization_id != null">#{dataMap.srcip_organization_id},</if>
<if test="dataMap.dest_ip_intranetip != null">#{dataMap.dest_ip_intranetip},</if>
<if test="dataMap.dest_ip_ioc != null">#{dataMap.dest_ip_ioc},</if>
<if test="dataMap.desip_id != null">#{dataMap.desip_id},</if>
<if test="dataMap.desip_name != null">#{dataMap.desip_name},</if>
<if test="dataMap.tc_hostip != null">#{dataMap.tc_hostip}::inet,</if>
<if test="dataMap.desip_organization_id != null">#{dataMap.desip_organization_id},</if>
<if test="dataMap.origin_confidence != null">#{dataMap.origin_confidence},</if>
<if test="dataMap.origin_malscore != null">#{dataMap.origin_malscore},</if>
<if test="dataMap.attacker_icampaign != null">#{dataMap.attacker_icampaign},</if>
<if test="dataMap.attacker_host_asset_id != null">#{dataMap.attacker_host_asset_id},</if>
<if test="dataMap.attacker_organization_id != null">#{dataMap.attacker_organization_id},</if>
<if test="dataMap.victim_host_asset_id != null">#{dataMap.victim_host_asset_id},</if>
<if test="dataMap.victim_organization_id != null">#{dataMap.victim_organization_id},</if>
<if test="dataMap.logout_time != null">#{dataMap.logout_time},</if>
<if test="dataMap.http_req_line != null">#{dataMap.http_req_line},</if>
<if test="dataMap.desip_security_scope_id != null">#{dataMap.desip_security_scope_id},</if>
<if test="dataMap.srcip_security_scope_id != null">#{dataMap.srcip_security_scope_id},</if>
<if test="dataMap.http_resp_length != null">#{dataMap.http_resp_length},</if>
<if test="dataMap.tc_attack_type != null">#{dataMap.tc_attack_type},</if>
<if test="dataMap.tc_realip != null">#{dataMap.tc_realip}::inet,</if>
<if test="dataMap.attacker_ip_lists != null">#{dataMap.attacker_ip_lists},</if>
<if test="dataMap.login_password != null">#{dataMap.login_password},</if>
<if test="dataMap.detail != null">#{dataMap.detail},</if>
<if test="dataMap.attacker_country_code != null">#{dataMap.attacker_country_code},</if>
<if test="dataMap.attacker_region_code != null">#{dataMap.attacker_region_code},</if>
<if test="dataMap.victim_region_code != null">#{dataMap.victim_region_code},</if>
<if test="dataMap.payload != null">#{dataMap.payload},</if>
<if test="dataMap.http_referer != null">#{dataMap.http_referer},</if>
<if test="dataMap.http_user_agent != null">#{dataMap.http_user_agent},</if>
<if test="dataMap.http_session != null">#{dataMap.http_session},</if>
<if test="dataMap.http_query_string != null">#{dataMap.http_query_string},</if>
<if test="dataMap.file_path != null">#{dataMap.file_path},</if>
<if test="dataMap.file_permission != null">#{dataMap.file_permission},</if>
<if test="dataMap.login_abnormal_type != null">#{dataMap.login_abnormal_type},</if>
<if test="dataMap.file_tag != null">#{dataMap.file_tag},</if>
<if test="dataMap.file_platform != null">#{dataMap.file_platform},</if>
<if test="dataMap.target_ip != null">#{dataMap.target_ip}::inet,</if>
<if test="dataMap.collect_date != null">#{dataMap.collect_date},</if>
<if test="dataMap.tc_client_ip != null">#{dataMap.tc_client_ip}::inet,</if>
<if test="dataMap.tc_server_ip != null">#{dataMap.tc_server_ip}::inet,</if>
<if test="dataMap.tc_externalip != null">#{dataMap.tc_externalip}::inet,</if>
<if test="dataMap.http_status_code != null">#{dataMap.http_status_code},</if>
<if test="dataMap.device_domian != null">#{dataMap.device_domian},</if>
<if test="dataMap.src_ip_str != null">#{dataMap.src_ip_str},</if>
<if test="dataMap.src_port_str != null">#{dataMap.src_port_str},</if>
<if test="dataMap.dest_ip_str != null"> #{dataMap.dest_ip_str} ,</if>
<if test="dataMap.dest_port_str != null">CAST(#{dataMap.dest_port_str} AS text),</if>
<if test="dataMap.pcap != null">#{dataMap.pcap},</if>
<if test="dataMap.ioc != null">#{dataMap.ioc},</if>
<if test="dataMap.malicious_family != null">#{dataMap.malicious_family},</if>
<if test="dataMap.vuln_cve != null">#{dataMap.vuln_cve},</if>
<if test="dataMap.aliyun_type != null">#{dataMap.aliyun_type},</if>
<if test="dataMap.attacker_host_asset_name != null">#{dataMap.attacker_host_asset_name},</if>
<if test="dataMap.attacker_organization_name != null">#{dataMap.attacker_organization_name},</if>
<if test="dataMap.ct_id != null">#{dataMap.ct_id},</if>
<if test="dataMap.cve_list != null">#{dataMap.cve_list},</if>
<if test="dataMap.desip_organization_name != null">#{dataMap.desip_organization_name},</if>
<if test="dataMap.dest_ip_group != null">#{dataMap.dest_ip_group},</if>
<if test="dataMap.file_gid != null">#{dataMap.file_gid},</if>
<if test="dataMap.file_owner != null">#{dataMap.file_owner},</if>
<if test="dataMap.file_ownergroup != null">#{dataMap.file_ownergroup},</if>
<if test="dataMap.file_uid != null">#{dataMap.file_uid},</if>
<if test="dataMap.http_resp_cookie != null">#{dataMap.http_resp_cookie},</if>
<if test="dataMap.origin_rule_id != null">#{dataMap.origin_rule_id},</if>
<if test="dataMap.origin_rule_name != null">#{dataMap.origin_rule_name},</if>
<if test="dataMap.service_name != null">#{dataMap.service_name},</if>
<if test="dataMap.src_ip_asset_group != null">#{dataMap.src_ip_asset_group},</if>
<if test="dataMap.srcip_organization_name != null">#{dataMap.srcip_organization_name},</if>
<if test="dataMap.victim_host_asset_name != null">#{dataMap.victim_host_asset_name},</if>
<if test="dataMap.http_resp_codes != null">#{dataMap.http_resp_codes}::bigint,</if>
<if test="dataMap.victim_organization_name != null">#{dataMap.victim_organization_name},</if>
<if test="dataMap.tc_type != null">#{dataMap.tc_type},</if>
<if test="dataMap.direction != null">#{dataMap.direction},</if>
<if test="dataMap.http_req_cookie != null">#{dataMap.http_req_cookie},</if>
<if test="dataMap.http_req_protocol != null">#{dataMap.http_req_protocol},</if>
<if test="dataMap.http_req_header_raw != null">#{dataMap.http_req_header_raw},</if>
<if test="dataMap.http_url != null">#{dataMap.http_url},</if>
<if test="dataMap.uname != null">#{dataMap.uname},</if>
<if test="dataMap.origin_hostname != null">#{dataMap.origin_hostname},</if>
<if test="dataMap.origin_os != null">#{dataMap.origin_os},</if>
<if test="dataMap.origin_agent_mac != null">#{dataMap.origin_agent_mac},</if>
<if test="dataMap.origin_host_id != null">#{dataMap.origin_host_id},</if>
<if test="dataMap.origin_agent_version != null">#{dataMap.origin_agent_version},</if>
<if test="dataMap.origin_agent_id != null">#{dataMap.origin_agent_id},</if>
<if test="dataMap.origin_agent_name != null">#{dataMap.origin_agent_name},</if>
<if test="dataMap.origin_work_group != null">#{dataMap.origin_work_group},</if>
<if test="dataMap.origin_asset_group != null">#{dataMap.origin_asset_group},</if>
<if test="dataMap.origin_local_port != null">#{dataMap.origin_local_port},</if>
<if test="dataMap.origin_agent_ip != null">#{dataMap.origin_agent_ip}::inet,</if>
<if test="dataMap.origin_internal_ip != null">#{dataMap.origin_internal_ip}::inet,</if>
<if test="dataMap.origin_external_ip != null">#{dataMap.origin_external_ip}::inet,</if>
<if test="dataMap.origin_local_addr != null">#{dataMap.origin_local_addr}::inet,</if>
<if test="dataMap.agent_id != null">#{dataMap.agent_id},</if>
<if test="dataMap.agent_name != null">#{dataMap.agent_name},</if>
<if test="dataMap.tc_title != null">#{dataMap.tc_title},</if>
<if test="dataMap.log_id != null">#{dataMap.log_id},</if>
<if test="dataMap.event_date != null">#{dataMap.event_date},</if>
<if test="dataMap.event_time_ts != null">#{dataMap.event_time_ts},</if>
<if test="dataMap.event_level != null">#{dataMap.event_level}::int ,</if>
<if test="dataMap.src_ip != null">#{dataMap.src_ip}::inet,</if>
<if test="dataMap.src_port != null">#{dataMap.src_port}::BIGINT ,</if>
<if test="dataMap.dest_ip != null">#{dataMap.dest_ip}::inet,</if>
<if test="dataMap.dest_port != null">#{dataMap.dest_port}::BIGINT,</if>
<if test="dataMap.event_time != null">#{dataMap.event_time},</if>
<if test="dataMap.attacker_country != null">#{dataMap.attacker_country},</if>
<if test="dataMap.src_mac != null">#{dataMap.src_mac},</if>
<if test="dataMap.dest_mac != null">#{dataMap.dest_mac},</if>
<if test="dataMap.proto != null">#{dataMap.proto},</if>
<if test="dataMap.dev_id != null">#{dataMap.dev_id},</if>
<if test="dataMap.created_time != null">#{dataMap.created_time},</if>
<if test="dataMap.src_country != null">#{dataMap.src_country},</if>
<if test="dataMap.src_country_code != null">#{dataMap.src_country_code},</if>
<if test="dataMap.src_region != null">#{dataMap.src_region},</if>
<if test="dataMap.src_region_code != null">#{dataMap.src_region_code},</if>
<if test="dataMap.src_city != null">#{dataMap.src_city},</if>
<if test="dataMap.src_lon != null">#{dataMap.src_lon},</if>
<if test="dataMap.http_method != null">#{dataMap.http_method},</if>
<if test="dataMap.http_host != null">#{dataMap.http_host},</if>
<if test="dataMap.http_req_header != null">#{dataMap.http_req_header},</if>
<if test="dataMap.http_req_body != null">#{dataMap.http_req_body},</if>
<if test="dataMap.http_resp_header != null">#{dataMap.http_resp_header},</if>
<if test="dataMap.http_resp_body != null">#{dataMap.http_resp_body},</if>
<if test="dataMap.file_type != null">#{dataMap.file_type},</if>
<if test="dataMap.file_md5 != null">#{dataMap.file_md5},</if>
<if test="dataMap.file_size != null">#{dataMap.file_size},</if>
<if test="dataMap.process != null">#{dataMap.process},</if>
<if test="dataMap.start_time != null">#{dataMap.start_time},</if>
<if test="dataMap.action != null">#{dataMap.action},</if>
<if test="dataMap.attacker_region != null">#{dataMap.attacker_region},</if>
<if test="dataMap.end_time != null">#{dataMap.end_time},</if>
<if test="dataMap.file_created_time != null">#{dataMap.file_created_time},</if>
<if test="dataMap.file_modified_time != null">#{dataMap.file_modified_time},</if>
<if test="dataMap.tc_miguan_scan_port != null">#{dataMap.tc_miguan_scan_port}::inet,</if>
<if test="dataMap.process_path != null">#{dataMap.process_path},</if>
<if test="dataMap.parent_process_path != null">#{dataMap.parent_process_path},</if>
<if test="dataMap.gname != null">#{dataMap.gname},</if>
<if test="dataMap.exe_name != null">#{dataMap.exe_name},</if>
<if test="dataMap.exe_path != null">#{dataMap.exe_path},</if>
<if test="dataMap.login_time != null">#{dataMap.login_time},</if>
<if test="dataMap.login_times != null">#{dataMap.login_times},</if>
<if test="dataMap.check_item != null">#{dataMap.check_item},</if>
<if test="dataMap.check_type != null">#{dataMap.check_type},</if>
<if test="dataMap.attacker_ip != null">#{dataMap.attacker_ip}::inet,</if>
<if test="dataMap.attacker_port != null">#{dataMap.attacker_port},</if>
<if test="dataMap.victim_ip != null">#{dataMap.victim_ip}::inet,</if>
<if test="dataMap.victim_port != null">#{dataMap.victim_port},</if>
<if test="dataMap.attacker_city != null">#{dataMap.attacker_city},</if>
<if test="dataMap.attacker_lon != null">#{dataMap.attacker_lon},</if>
<if test="dataMap.attacker_lat != null">#{dataMap.attacker_lat},</if>
<if test="dataMap.victim_country != null">#{dataMap.victim_country},</if>
<if test="dataMap.victim_region != null">#{dataMap.victim_region},</if>
<if test="dataMap.victim_city != null">#{dataMap.victim_city},</if>
<if test="dataMap.victim_lon != null">#{dataMap.victim_lon},</if>
<if test="dataMap.victim_lat != null">#{dataMap.victim_lat},</if>
<if test="dataMap.origin_event_id != null">#{dataMap.origin_event_id},</if>
<if test="dataMap.origin_event_name != null">#{dataMap.origin_event_name},</if>
<if test="dataMap.origin_event_category != null">#{dataMap.origin_event_category},</if>
<if test="dataMap.origin_event_level != null">#{dataMap.origin_event_level},</if>
<if test="dataMap.origin_attack_chain != null">#{dataMap.origin_attack_chain},</if>
<if test="dataMap.engine_type != null">#{dataMap.engine_type},</if>
<if test="dataMap.evil_payload != null">#{dataMap.evil_payload},</if>
<if test="dataMap.http_resp_status != null">#{dataMap.http_resp_status},</if>
<if test="dataMap.dns_query != null">#{dataMap.dns_query},</if>
<if test="dataMap.dns_query_type != null">#{dataMap.dns_query_type},</if>
<if test="dataMap.dns_ttl != null">#{dataMap.dns_ttl},</if>
<if test="dataMap.dns_answer != null">#{dataMap.dns_answer},</if>
<if test="dataMap.dns_subdomains != null">#{dataMap.dns_subdomains},</if>
<if test="dataMap.file_sha256 != null">#{dataMap.file_sha256},</if>
<if test="dataMap.file_ssdeep != null">#{dataMap.file_ssdeep},</if>
<if test="dataMap.victim_country_code != null">#{dataMap.victim_country_code},</if>
<if test="dataMap.http_xff_ip != null">#{dataMap.http_xff_ip},</if>
<if test="dataMap.tc_miguan_class != null">#{dataMap.tc_miguan_class}::inet,</if>
<if test="dataMap.pid != null">#{dataMap.pid},</if>
<if test="dataMap.ppid != null">#{dataMap.ppid},</if>
<if test="dataMap.process_name != null">#{dataMap.process_name},</if>
<if test="dataMap.backdoor_type != null">#{dataMap.backdoor_type},</if>
<if test="dataMap.tty != null">#{dataMap.tty},</if>
<if test="dataMap.sudo_user != null">#{dataMap.sudo_user},</if>
<if test="dataMap.sudo_group != null">#{dataMap.sudo_group},</if>
<if test="dataMap.origin_event_type != null">#{dataMap.origin_event_type},</if>
<if test="dataMap.dest_domain != null">#{dataMap.dest_domain},</if>
<if test="dataMap.shell_cmdline != null">#{dataMap.shell_cmdline},</if>
<if test="dataMap.parent_cmdline != null">#{dataMap.parent_cmdline},</if>
<if test="dataMap.attack_chain != null">#{dataMap.attack_chain},</if>
<if test="dataMap.process_tree != null">#{dataMap.process_tree},</if>
<if test="dataMap.host_file_sha256 != null">#{dataMap.host_file_sha256},</if>
<if test="dataMap.host_file_md5 != null">#{dataMap.host_file_md5},</if>
<if test="dataMap.host_file_size != null">#{dataMap.host_file_size},</if>
<if test="dataMap.host_file_type != null">#{dataMap.host_file_type},</if>
<if test="dataMap.dest_country != null">#{dataMap.dest_country},</if>
<if test="dataMap.dest_country_code != null">#{dataMap.dest_country_code},</if>
<if test="dataMap.log_origin != null">#{dataMap.log_origin},</if>
<if test="dataMap.dest_region != null">#{dataMap.dest_region},</if>
<if test="dataMap.src_lat != null">#{dataMap.src_lat},</if>
<if test="dataMap.dest_region_code != null">#{dataMap.dest_region_code},</if>
<if test="dataMap.dest_city != null">#{dataMap.dest_city},</if>
<if test="dataMap.dest_lon != null">#{dataMap.dest_lon},</if>
<if test="dataMap.dest_lat != null">#{dataMap.dest_lat},</if>
<if test="dataMap.event_category != null">#{dataMap.event_category},</if>
<if test="dataMap.attack_result != null">#{dataMap.attack_result},</if>
<if test="dataMap.probe_ip != null">#{dataMap.probe_ip}::inet,</if>
<if test="dataMap.device_ip != null">#{dataMap.device_ip}::inet,</if>
<if test="dataMap.device_manufacturer != null">#{dataMap.device_manufacturer},</if>
<if test="dataMap.device_name != null">#{dataMap.device_name},</if>
<if test="dataMap.product_name != null">#{dataMap.product_name},</if>
<if test="dataMap.__id != null">#{dataMap.__id},</if>
<if test="dataMap.__count != null">#{dataMap.__count},</if>
<if test="dataMap.__count_reason != null">#{dataMap.__count_reason},</if>
<if test="dataMap.event_type != null">#{dataMap.event_type}::int,</if>
<if test="dataMap.protocol != null">#{dataMap.protocol},</if>
<if test="dataMap.shell_cmd != null">#{dataMap.shell_cmd},</if>
<if test="dataMap.parent_name != null">#{dataMap.parent_name},</if>
<if test="dataMap.host_file_path != null">#{dataMap.host_file_path},</if>
<if test="dataMap.uid != null">#{dataMap.uid},</if>
<if test="dataMap.fall != null">#{dataMap.fall},</if>
<if test="dataMap.tc_miguan_server_ip != null">#{dataMap.tc_miguan_server_ip}::inet,</if>
<if test="dataMap.dev_type != null">#{dataMap.dev_type},</if>
<if test="dataMap.collect_method != null">#{dataMap.collect_method},</if>
<if test="dataMap.field_cate_id != null">#{dataMap.field_cate_id},</if>
<if test="dataMap.device_type != null">#{dataMap.device_type},</if>
<if test="dataMap.tc_miguan_client_ip != null">#{dataMap.tc_miguan_client_ip}::inet,</if>
<if test="dataMap.tc_miguan_name != null">#{dataMap.tc_miguan_name}::inet,</if>
<if test="dataMap.origin_total_packages != null">#{dataMap.origin_total_packages},</if>
<if test="dataMap.origin_total_bytes != null">#{dataMap.origin_total_bytes},</if>
<if test="dataMap.origin_peak_packages_rate != null">#{dataMap.origin_peak_packages_rate},</if>
<if test="dataMap.origin_peak_bytes_rate != null">#{dataMap.origin_peak_bytes_rate},</if>
<if test="dataMap.origin_peak_flows_rate != null">#{dataMap.origin_peak_flows_rate},</if>
<if test="dataMap.apt_orgname != null">#{dataMap.apt_orgname},</if>
<if test="dataMap.apt_orgmsg != null">#{dataMap.apt_orgmsg},</if>
<if test="dataMap.mail_message_id != null">#{dataMap.mail_message_id},</if>
<if test="dataMap.mail_bcc != null">#{dataMap.mail_bcc},</if>
<if test="dataMap.mail_size != null">#{dataMap.mail_size},</if>
<if test="dataMap.mail_attach_hashcode != null">#{dataMap.mail_attach_hashcode},</if>
<if test="dataMap.mail_url != null">#{dataMap.mail_url},</if>
<if test="dataMap.mail_cc != null">#{dataMap.mail_cc},</if>
<if test="dataMap.algorithm != null">#{dataMap.algorithm},</if>
<if test="dataMap.miningpool_ip != null">#{dataMap.miningpool_ip}::inet,</if>
<if test="dataMap.process_md5 != null">#{dataMap.process_md5},</if>
<if test="dataMap.pprocess_md5 != null">#{dataMap.pprocess_md5},</if>
<if test="dataMap.source_servername != null">#{dataMap.source_servername},</if>
<if test="dataMap.origin_source_servername != null">#{dataMap.origin_source_servername},</if>
<if test="dataMap.mail_filename != null">#{dataMap.mail_filename},</if>
<if test="dataMap.dst_upload_appname != null">#{dataMap.dst_upload_appname},</if>
<if test="dataMap.target_port != null">#{dataMap.target_port},</if>
<if test="dataMap.gid != null">#{dataMap.gid},</if>
<if test="dataMap.origin_uid != null">#{dataMap.origin_uid},</if>
<if test="dataMap.origin_gid != null">#{dataMap.origin_gid},</if>
<if test="dataMap.target_ports != null">#{dataMap.target_ports},</if>
<if test="dataMap.tc_miguan_name1 != null">#{dataMap.tc_miguan_name1},</if>
<if test="dataMap.tc_miguan_class1 != null">#{dataMap.tc_miguan_class1},</if>
<if test="dataMap.etl_time != null">#{dataMap.etl_time},</if>
<if test="dataMap.tc_miguan_scan_port2 != null">#{dataMap.tc_miguan_scan_port2},</if>
<if test="dataMap.desip_security_scope != null">#{dataMap.desip_security_scope},</if>
<if test="dataMap.srcip_security_scope != null">#{dataMap.srcip_security_scope},</if>
<if test="dataMap.collect_time_ts != null">#{dataMap.collect_time_ts},</if>
<if test="dataMap.tc_miguan_scan_port1 != null">#{dataMap.tc_miguan_scan_port1}::inet,</if>
<if test="dataMap.src_dev_name != null">#{dataMap.src_dev_name},</if>
<if test="dataMap.collect_protocol != null">#{dataMap.collect_protocol},</if>
<if test="dataMap.destination_system_type != null">#{dataMap.destination_system_type},</if>
<if test="dataMap.destination_system != null">#{dataMap.destination_system},</if>
<if test="dataMap.etl_host != null">#{dataMap.etl_host},</if>
<if test="dataMap.normalize_rule_id != null">#{dataMap.normalize_rule_id},</if>
<if test="dataMap.normalize_rule_name != null">#{dataMap.normalize_rule_name},</if>
<if test="dataMap.syslog_uuid != null">#{dataMap.syslog_uuid},</if>
<if test="dataMap.syslog_topic != null">#{dataMap.syslog_topic},</if>
</trim>
</insert>
<!-- 使用实体类插入 -->
<insert id="insertByEntity" parameterType="com.common.entity.SyslogNormalData">
INSERT INTO syslog_normal_data
<trim prefix="(" suffix=")" suffixOverrides=",">
<if test="id != null">id,</if>
<if test="createdAt != null">created_at,</if>
<if test="logTime != null">log_time,</if>
<if test="deviceId != null">device_id,</if>
<!-- 其他字段类似,按照驼峰命名法 -->
</trim>
VALUES
<trim prefix="(" suffix=")" suffixOverrides=",">
<if test="id != null">#{id},</if>
<if test="createdAt != null">#{createdAt},</if>
<if test="logTime != null">#{logTime},</if>
<if test="deviceId != null">#{deviceId},</if>
<!-- 其他字段类似 -->
</trim>
</insert>
<!-- 批量插入 -->
<insert id="batchInsert" parameterType="map">
INSERT INTO syslog_normal_data
(id, log_time, src_ip, dest_ip, event_level)
VALUES
<foreach collection="dataList" item="item" separator=",">
(#{item.id}, #{item.log_time}, #{item.src_ip}, #{item.dest_ip}, #{item.event_level})
</foreach>
</insert>
</mapper>
haobang-security-xdr/syslog-consumer/src/main/resources/mapper/XdrHoneypotMapper.xml
+48
View File
@@ -0,0 +1,48 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.common.mapper.XdrHoneypotMapper">
<resultMap id="xdrHoneypotResultMap" type="com.common.entity.XdrHoneypot">
<id property="id" column="id"/>
<result property="vcsource" column="vcsource"/>
<result property="dstartTime" column="dstart_time"/>
<result property="dtime" column="dtime"/>
<result property="riskLevel" column="risk_level"/>
<result property="vcconnection" column="vcconnection"/>
<result property="fileInfo" column="file_info"/>
<result property="extra" column="extra"/>
<result property="vctype" column="vctype"/>
<result property="agentSn" column="agent_sn"/>
<result property="agentName" column="agent_name"/>
<result property="honeypotId" column="honeypot_id"/>
<result property="honeypotName" column="honeypot_name"/>
<result property="srcIp" column="src_ip"/>
<result property="srcPort" column="src_port"/>
<result property="srcMac" column="src_mac"/>
<result property="destIp" column="dest_ip"/>
<result property="destPort" column="dest_port"/>
<result property="proxyIp" column="proxy_ip"/>
<result property="node" column="node"/>
</resultMap>
<!-- 批量插入 -->
<insert id="batchInsert" parameterType="java.util.List" useGeneratedKeys="true" keyProperty="id">
INSERT INTO xdr_honeypot (
vcsource, dstart_time, dtime, risk_level, vcconnection,
file_info, extra, vctype, agent_sn, agent_name,
honeypot_id, honeypot_name, src_ip, src_port, src_mac,
dest_ip, dest_port, proxy_ip, node
) VALUES
<foreach collection="list" item="item" index="index" separator=",">
(
#{item.vcsource}, #{item.dstartTime}, #{item.dtime}, #{item.riskLevel}, #{item.vcconnection},
#{item.fileInfo}, #{item.extra}, #{item.vctype}, #{item.agentSn}, #{item.agentName},
#{item.honeypotId}, #{item.honeypotName}, #{item.srcIp}, #{item.srcPort}, #{item.srcMac},
#{item.destIp}, #{item.destPort}, #{item.proxyIp}, #{item.node}
)
</foreach>
</insert>
</mapper>
haobang-security-xdr/syslog-consumer/src/main/resources/mybatis-config-dev.xml
+52
View File
@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration
PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
<properties>
<property name="driver" value="org.postgresql.Driver"/>
<property name="url" value="jdbc:postgresql://192.168.1.174:5432/ecosys"/>
<property name="username" value="postgres"/>
<property name="password" value="TnLanWaidYSwTSG5"/>
</properties>
<settings>
<setting name="mapUnderscoreToCamelCase" value="true"/>
<setting name="logImpl" value="SLF4J"/>
<setting name="cacheEnabled" value="true"/>
<setting name="lazyLoadingEnabled" value="true"/>
<setting name="multipleResultSetsEnabled" value="true"/>
<setting name="useGeneratedKeys" value="true"/>
<setting name="defaultStatementTimeout" value="30"/>
</settings>
<typeAliases>
<typeAlias type="com.common.entity.XdrHoneypot" alias="XdrHoneypot"/>
<package name="com.common.entity"/>
</typeAliases>
<environments default="development">
<environment id="development">
<transactionManager type="JDBC"/>
<dataSource type="POOLED">
<property name="driver" value="${driver}"/>
<property name="url" value="${url}"/>
<property name="username" value="${username}"/>
<property name="password" value="${password}"/>
<property name="poolMaximumActiveConnections" value="20"/>
<property name="poolMaximumIdleConnections" value="10"/>
<property name="poolMaximumCheckoutTime" value="20000"/>
<property name="poolTimeToWait" value="20000"/>
</dataSource>
</environment>
</environments>
<mappers>
<mapper class="com.common.mapper.XdrHoneypotMapper"/>
<mapper class="com.common.mapper.DmNormalizeRuleMapper"/>
<mapper resource="mapper/XdrHoneypotMapper.xml"/>
<mapper resource="mapper/DmNormalizeRuleMapper.xml"/>
</mappers>
</configuration>
haobang-security-xdr/syslog-consumer/src/main/resources/mybatis-config.xml
+57
View File
@@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration
PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
<properties>
<property name="driver" value="org.postgresql.Driver"/>
<property name="url" value="jdbc:postgresql://192.168.4.26:5432/ecosys"/>
<property name="username" value="postgres"/>
<property name="password" value="caZ2TcmXNSW8L2Ap"/>
</properties>
<settings>
<setting name="mapUnderscoreToCamelCase" value="true"/>
<setting name="logImpl" value="SLF4J"/>
<setting name="cacheEnabled" value="true"/>
<setting name="lazyLoadingEnabled" value="true"/>
<setting name="multipleResultSetsEnabled" value="true"/>
<setting name="useGeneratedKeys" value="true"/>
<setting name="defaultStatementTimeout" value="30"/>
</settings>
<typeAliases>
<typeAlias type="com.common.entity.XdrHoneypot" alias="XdrHoneypot"/>
<package name="com.common.entity"/>
</typeAliases>
<environments default="development">
<environment id="development">
<transactionManager type="JDBC"/>
<dataSource type="POOLED">
<property name="driver" value="${driver}"/>
<property name="url" value="${url}"/>
<property name="username" value="${username}"/>
<property name="password" value="${password}"/>
<property name="poolMaximumActiveConnections" value="20"/>
<property name="poolMaximumIdleConnections" value="10"/>
<property name="poolMaximumCheckoutTime" value="20000"/>
<property name="poolTimeToWait" value="20000"/>
</dataSource>
</environment>
</environments>
<mappers>
<mapper class="com.common.mapper.XdrHoneypotMapper"/>
<mapper class="com.common.mapper.DmNormalizeRuleMapper"/>
<mapper class="com.common.mapper.DmColumnMapper"/>
<mapper class="com.common.mapper.SyslogNormalDataMapper"/>
<mapper resource="mapper/XdrHoneypotMapper.xml"/>
<mapper resource="mapper/DmNormalizeRuleMapper.xml"/>
<mapper resource="mapper/DmColumnMapper.xml"/>
<mapper resource="mapper/SyslogNormalDataMapper.xml"/>
</mappers>
</configuration>