1、新增功能探针联动处置、心跳在线检测

2、syslog-consumer模块拆分 syslog-consumer-rule模块实现日志数据消费、解析、泛化入库。

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/AnalysisAnalysisRuleMapper.xml

@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.AnalysisAnalysisRuleMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.AnalysisAnalysisRule">
+        <id column="rule_id" property="ruleId" jdbcType="VARCHAR"/>
+        <result column="create_user" property="createUser" jdbcType="VARCHAR"/>
+        <result column="rule_name" property="ruleName" jdbcType="VARCHAR"/>
+        <result column="analysis_method" property="analysisMethod" jdbcType="VARCHAR"/>
+        <result column="run_mode" property="runMode" jdbcType="VARCHAR"/>
+        <result column="rule_output" property="ruleOutput" jdbcType="VARCHAR"/>
+        <result column="organization" property="organization" jdbcType="VARCHAR"/>
+        <result column="task_status" property="taskStatus" jdbcType="VARCHAR"/>
+        <result column="create_dept" property="createDept" jdbcType="BIGINT"/>
+        <result column="del_flag" property="delFlag" jdbcType="CHAR"/>
+        <result column="create_time" property="createTime" jdbcType="TIMESTAMP"/>
+        <result column="update_time" property="updateTime" jdbcType="TIMESTAMP"/>
+        <result column="create_by" property="createBy" jdbcType="BIGINT"/>
+        <result column="update_by" property="updateBy" jdbcType="BIGINT"/>
+        <result column="remark" property="remark" jdbcType="VARCHAR"/>
+        <result column="tenant_id" property="tenantId" jdbcType="VARCHAR"/>
+        <result column="rule_desc" property="ruleDesc" jdbcType="VARCHAR"/>
+        <result column="rule_type" property="ruleType" jdbcType="INTEGER"/>
+        <result column="rule_status" property="ruleStatus" jdbcType="INTEGER"/>
+        <result column="rule_content" property="ruleContent" jdbcType="VARCHAR"/>
+        <result column="rule_expression" property="ruleExpression" jdbcType="VARCHAR"/>
+        <result column="priority" property="priority" jdbcType="BIGINT"/>
+        <result column="tags" property="tags" jdbcType="VARCHAR"/>
+        <result column="version" property="version" jdbcType="INTEGER"/>
+        <result column="subset_id" property="subsetId" jdbcType="INTEGER"/>
+    </resultMap>
+
+    <sql id="Base_Column_List">
+        rule_id, create_user, rule_name, analysis_method, run_mode, rule_output,
+        organization, task_status, create_dept, del_flag, create_time, update_time,
+        create_by, update_by, remark, tenant_id, rule_desc, rule_type, rule_status,
+        rule_content, rule_expression, priority, tags, version, subset_id
+    </sql>
+
+    <!-- 查询指定运行模式的活动规则 -->
+    <select id="selectActiveRulesByRunMode" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List"/>
+        FROM analysis_analysis_rule
+        WHERE run_mode = #{runMode}
+        AND del_flag = '0'
+        AND  rule_status =1
+        ORDER BY priority DESC, create_time ASC
+    </select>
+
+    <!-- 根据规则ID查询规则 -->
+    <select id="selectByRuleId" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List"/>
+        FROM analysis_analysis_rule
+        WHERE rule_id =#{ruleId, jdbcType=OTHER}::uuid
+        AND del_flag = '0'
+    </select>
+
+    <!-- 根据ID查询规则（与selectByRuleId相同） -->
+    <select id="selectById" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List"/>
+        FROM analysis_analysis_rule
+        WHERE rule_id = #{ruleId, jdbcType=OTHER}::uuid
+        AND del_flag = '0'
+    </select>
+
+    <!-- 更新规则任务状态 -->
+    <update id="updateTaskStatus">
+        UPDATE analysis_analysis_rule
+        SET task_status = #{taskStatus},
+            update_time = NOW()
+        <if test="updateBy != null">
+            ,update_by = #{updateBy}
+        </if>
+        WHERE rule_id = #{ruleId, jdbcType=OTHER}::uuid
+    </update>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/AnalysisFieldMapper.xml

@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.AnalysisFieldMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.AnalysisField">
+        <id column="id" property="id" jdbcType="INTEGER"/>
+        <result column="rule_id" property="ruleId" jdbcType="VARCHAR"/>
+        <result column="type" property="type" jdbcType="VARCHAR"/>
+        <result column="data_source" property="dataSource" jdbcType="VARCHAR"/>
+        <result column="database" property="database" jdbcType="VARCHAR"/>
+        <result column="table_name" property="tableName" jdbcType="VARCHAR"/>
+        <result column="table_alias" property="tableAlias" jdbcType="VARCHAR"/>
+        <result column="column_name" property="columnName" jdbcType="VARCHAR"/>
+        <result column="column_desc" property="columnDesc" jdbcType="VARCHAR"/>
+        <result column="data_type" property="dataType" jdbcType="VARCHAR"/>
+        <result column="fn" property="fn" jdbcType="VARCHAR"/>
+        <result column="arguments" property="arguments" jdbcType="VARCHAR"/>
+        <result column="placeholder" property="placeholder" jdbcType="VARCHAR"/>
+        <result column="base_type" property="baseType" jdbcType="INTEGER"/>
+        <result column="category_id" property="categoryId" jdbcType="INTEGER"/>
+        <result column="create_dept" property="createDept" jdbcType="BIGINT"/>
+        <result column="del_flag" property="delFlag" jdbcType="CHAR"/>
+        <result column="create_time" property="createTime" jdbcType="TIMESTAMP"/>
+        <result column="update_time" property="updateTime" jdbcType="TIMESTAMP"/>
+        <result column="create_by" property="createBy" jdbcType="BIGINT"/>
+        <result column="update_by" property="updateBy" jdbcType="BIGINT"/>
+        <result column="remark" property="remark" jdbcType="VARCHAR"/>
+        <result column="tenant_id" property="tenantId" jdbcType="VARCHAR"/>
+        <result column="alarm_column_name" property="alarmColumnName" jdbcType="VARCHAR"/>
+        <result column="alarm_column_desc" property="alarmColumnDesc" jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <sql id="Base_Column_List">
+        id, rule_id, type, data_source, database, table_name, table_alias,
+        column_name, column_desc, data_type, fn, arguments, placeholder,
+        base_type, category_id, create_dept, del_flag, create_time,
+        update_time, create_by, update_by, remark, tenant_id,alarm_column_name,alarm_column_desc
+    </sql>
+
+    <!-- 根据规则ID查询字段配置 -->
+    <select id="selectByRuleId" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List"/>
+        FROM analysis_field
+        WHERE rule_id = #{ruleId, jdbcType=OTHER}::uuid
+        AND del_flag = '0'
+        ORDER BY id ASC
+    </select>
+
+    <!-- 查询规则中用于SELECT的字段（通过type字段区分） -->
+    <select id="selectSelectFieldsByRuleId" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List"/>
+        FROM analysis_field
+        WHERE rule_id =#{ruleId, jdbcType=OTHER}::uuid
+        AND del_flag = '0'
+        AND type IN ('measure', 'calc')
+        ORDER BY id ASC
+    </select>
+
+    <!-- 查询规则中用于GROUP BY的字段（通过type字段区分） -->
+    <select id="selectGroupByFieldsByRuleId" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List"/>
+        FROM analysis_field
+        WHERE rule_id = #{ruleId, jdbcType=OTHER}::uuid
+        AND del_flag = '0'
+        AND type = 'dimension'
+        ORDER BY id ASC
+    </select>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/AnalysisFilterMapper.xml

@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.AnalysisFilterMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.AnalysisFilter">
+        <id column="id" property="id" jdbcType="INTEGER"/>
+        <result column="rule_id" property="ruleId" jdbcType="VARCHAR"/>
+        <result column="data_source" property="dataSource" jdbcType="VARCHAR"/>
+        <result column="database" property="database" jdbcType="VARCHAR"/>
+        <result column="table_name" property="tableName" jdbcType="VARCHAR"/>
+        <result column="table_alias" property="tableAlias" jdbcType="VARCHAR"/>
+        <result column="column_name" property="columnName" jdbcType="VARCHAR"/>
+        <result column="column_desc" property="columnDesc" jdbcType="VARCHAR"/>
+        <result column="data_type" property="dataType" jdbcType="VARCHAR"/>
+        <result column="fn" property="fn" jdbcType="VARCHAR"/>
+        <result column="arguments" property="arguments" jdbcType="OTHER"/>
+        <result column="operator" property="operator" jdbcType="VARCHAR"/>
+        <result column="value" property="value" jdbcType="OTHER"/>
+        <result column="base_type" property="baseType" jdbcType="INTEGER"/>
+        <result column="category_id" property="categoryId" jdbcType="INTEGER"/>
+        <result column="create_dept" property="createDept" jdbcType="BIGINT"/>
+        <result column="del_flag" property="delFlag" jdbcType="CHAR"/>
+        <result column="create_time" property="createTime" jdbcType="TIMESTAMP"/>
+        <result column="update_time" property="updateTime" jdbcType="TIMESTAMP"/>
+        <result column="create_by" property="createBy" jdbcType="BIGINT"/>
+        <result column="update_by" property="updateBy" jdbcType="BIGINT"/>
+        <result column="remark" property="remark" jdbcType="VARCHAR"/>
+        <result column="tenant_id" property="tenantId" jdbcType="VARCHAR"/>
+        <result column="cond_id" property="condId" jdbcType="INTEGER"/>
+        <result column="seq_num" property="seqNum" jdbcType="INTEGER"/>
+    </resultMap>
+
+    <sql id="Base_Column_List">
+        id, rule_id, data_source, database, table_name, table_alias,
+        column_name, column_desc, data_type, fn, arguments, operator, value,
+        base_type, category_id, create_dept, del_flag, create_time,
+        update_time, create_by, update_by, remark, tenant_id, cond_id, seq_num
+    </sql>
+
+    <!-- 根据规则ID查询过滤条件 -->
+    <select id="selectByRuleId" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List"/>
+        FROM analysis_filter
+        WHERE rule_id  =#{ruleId, jdbcType=OTHER}::uuid
+        AND del_flag = '0'
+    </select>
+
+    <!-- 根据字段ID查询过滤条件 -->
+    <select id="selectByFieldId" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List"/>
+        FROM analysis_filter
+        WHERE field_id = #{fieldId}
+        AND del_flag = '0'
+    </select>
+
+    <!-- 根据条件ID查询过滤条件（与where_condition表关联） -->
+    <select id="selectByCondId" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List"/>
+        FROM analysis_filter
+        WHERE cond_id = #{condId}
+        AND del_flag = '0'
+        ORDER BY seq_num ASC
+    </select>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/AnalysisGroupByColumnMapper.xml

@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.AnalysisGroupByColumnMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.AnalysisGroupByColumn">
+        <id column="id" property="id" jdbcType="INTEGER"/>
+        <result column="group_by_id" property="groupById" jdbcType="INTEGER"/>
+        <result column="data_source" property="dataSource" jdbcType="VARCHAR"/>
+        <result column="database" property="database" jdbcType="VARCHAR"/>
+        <result column="table_name" property="tableName" jdbcType="VARCHAR"/>
+        <result column="table_alias" property="tableAlias" jdbcType="VARCHAR"/>
+        <result column="column_name" property="columnName" jdbcType="VARCHAR"/>
+        <result column="column_desc" property="columnDesc" jdbcType="VARCHAR"/>
+        <result column="data_type" property="dataType" jdbcType="VARCHAR"/>
+        <result column="base_type" property="baseType" jdbcType="INTEGER"/>
+        <result column="category_id" property="categoryId" jdbcType="INTEGER"/>
+        <result column="create_dept" property="createDept" jdbcType="BIGINT"/>
+        <result column="del_flag" property="delFlag" jdbcType="CHAR"/>
+        <result column="create_time" property="createTime" jdbcType="TIMESTAMP"/>
+        <result column="update_time" property="updateTime" jdbcType="TIMESTAMP"/>
+        <result column="create_by" property="createBy" jdbcType="BIGINT"/>
+        <result column="update_by" property="updateBy" jdbcType="BIGINT"/>
+        <result column="remark" property="remark" jdbcType="VARCHAR"/>
+        <result column="tenant_id" property="tenantId" jdbcType="VARCHAR"/>
+        <result column="rule_id" property="ruleId" jdbcType="VARCHAR"/>
+        <result column="group_id" property="groupId" jdbcType="BIGINT"/>
+        <result column="field_id" property="fieldId" jdbcType="BIGINT"/>
+        <result column="sort" property="sort" jdbcType="INTEGER"/>
+    </resultMap>
+
+    <sql id="Base_Column_List">
+        id, group_by_id, data_source, database, table_name, table_alias,
+        column_name, column_desc, data_type, base_type, category_id,
+        create_dept, del_flag, create_time, update_time, create_by, update_by,
+        remark, tenant_id, rule_id, group_id, field_id, sort
+    </sql>
+
+    <!-- 根据规则ID查询分组字段配置 -->
+    <select id="selectByRuleId" resultMap="BaseResultMap">
+        SELECT
+        id, group_by_id, data_source, database, table_name,
+        table_alias, column_name, column_desc, data_type,
+        base_type, category_id, create_dept, del_flag,
+        create_time, update_time, create_by, update_by, remark,
+        tenant_id, rule_id, group_id, field_id, sort
+        FROM analysis_group_by_column
+        WHERE rule_id =#{ruleId, jdbcType=OTHER}::uuid
+        AND del_flag = '0'
+        ORDER BY sort ASC
+    </select>
+
+    <!-- 根据分组ID查询分组字段配置 -->
+    <select id="selectByGroupById" resultMap="BaseResultMap">
+        SELECT
+        id, group_by_id, data_source, database, table_name,
+        table_alias, column_name, column_desc, data_type,
+        base_type, category_id, create_dept, del_flag,
+        create_time, update_time, create_by, update_by, remark,
+        tenant_id, rule_id, group_id, field_id, sort
+        FROM analysis_group_by_column
+        WHERE group_by_id = #{groupById}
+        AND del_flag = '0'
+        ORDER BY sort ASC
+    </select>
+
+    <!-- 根据用户组ID查询分组字段配置 -->
+    <select id="selectByGroupId" resultMap="BaseResultMap">
+        SELECT
+        id, group_by_id, data_source, database, table_name,
+        table_alias, column_name, column_desc, data_type,
+        base_type, category_id, create_dept, del_flag,
+        create_time, update_time, create_by, update_by, remark,
+        tenant_id, rule_id, group_id, field_id, sort
+        FROM analysis_group_by_column
+        WHERE group_id = #{groupId}
+        AND del_flag = '0'
+        ORDER BY sort ASC
+    </select>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/AnalysisGroupByHavingMapper.xml

@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.AnalysisGroupByHavingMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.AnalysisGroupByHaving">
+        <id column="id" property="id" jdbcType="INTEGER"/>
+        <result column="group_by_id" property="groupById" jdbcType="INTEGER"/>
+        <result column="data_source" property="dataSource" jdbcType="VARCHAR"/>
+        <result column="database" property="database" jdbcType="VARCHAR"/>
+        <result column="table_name" property="tableName" jdbcType="VARCHAR"/>
+        <result column="table_alias" property="tableAlias" jdbcType="VARCHAR"/>
+        <result column="column_name" property="columnName" jdbcType="VARCHAR"/>
+        <result column="column_desc" property="columnDesc" jdbcType="VARCHAR"/>
+        <result column="data_type" property="dataType" jdbcType="VARCHAR"/>
+        <result column="fn" property="fn" jdbcType="VARCHAR"/>
+        <result column="arguments" property="arguments" jdbcType="OTHER"/>
+        <result column="operator" property="operator" jdbcType="VARCHAR"/>
+        <result column="value" property="value" jdbcType="OTHER"/>
+        <result column="base_type" property="baseType" jdbcType="INTEGER"/>
+        <result column="category_id" property="categoryId" jdbcType="INTEGER"/>
+        <result column="create_dept" property="createDept" jdbcType="BIGINT"/>
+        <result column="del_flag" property="delFlag" jdbcType="CHAR"/>
+        <result column="create_time" property="createTime" jdbcType="TIMESTAMP"/>
+        <result column="update_time" property="updateTime" jdbcType="TIMESTAMP"/>
+        <result column="create_by" property="createBy" jdbcType="BIGINT"/>
+        <result column="update_by" property="updateBy" jdbcType="BIGINT"/>
+        <result column="remark" property="remark" jdbcType="VARCHAR"/>
+        <result column="tenant_id" property="tenantId" jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <sql id="Base_Column_List">
+        id, group_by_id, data_source, database, table_name, table_alias,
+        column_name, column_desc, data_type, fn, arguments, operator, value,
+        base_type, category_id, create_dept, del_flag, create_time,
+        update_time, create_by, update_by, remark, tenant_id
+    </sql>
+
+    <!-- 根据分组ID查询HAVING条件 -->
+    <select id="selectByGroupById" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List"/>
+        FROM analysis_group_by_having
+        WHERE group_by_id = #{groupById}
+        AND del_flag = '0'
+    </select>
+
+    <!-- 根据规则ID查询HAVING条件（通过关联分组表） -->
+    <select id="selectByRuleId" resultMap="BaseResultMap">
+        SELECT
+        h.id, h.group_by_id, h.data_source, h.database, h.table_name, h.table_alias,
+        h.column_name, h.column_desc, h.data_type, h.fn, h.arguments, h.operator, h.value,
+        h.base_type, h.category_id, h.create_dept, h.del_flag, h.create_time,
+        h.update_time, h.create_by, h.update_by, h.remark, h.tenant_id
+        FROM analysis_group_by_having h
+        INNER JOIN analysis_group_by g ON h.group_by_id = g.id
+        WHERE g.rule_id =#{ruleId, jdbcType=OTHER}::uuid
+        AND h.del_flag = '0'
+        AND g.del_flag = '0'
+        ORDER BY h.id ASC
+    </select>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/AnalysisGroupByMapper.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.AnalysisGroupByMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.AnalysisGroupBy">
+        <id column="id" property="id" jdbcType="BIGINT"/>
+        <result column="rule_id" property="ruleId" jdbcType="OTHER"/>
+        <result column="group_type" property="groupType" jdbcType="INTEGER"/>
+        <result column="window_type" property="windowType" jdbcType="VARCHAR"/>
+        <result column="create_dept" property="createDept" jdbcType="BIGINT"/>
+        <result column="del_flag" property="delFlag" jdbcType="CHAR"/>
+        <result column="create_time" property="createTime" jdbcType="TIMESTAMP"/>
+        <result column="update_time" property="updateTime" jdbcType="TIMESTAMP"/>
+        <result column="create_by" property="createBy" jdbcType="BIGINT"/>
+        <result column="update_by" property="updateBy" jdbcType="BIGINT"/>
+        <result column="remark" property="remark" jdbcType="VARCHAR"/>
+        <result column="tenant_id" property="tenantId" jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <resultMap id="WithWindowResultMap" type="com.common.entity.AnalysisGroupBy" extends="BaseResultMap">
+        <association property="window" javaType="com.common.entity.AnalysisGroupByWindow"
+                     column="id" select="com.common.mapper.AnalysisGroupByWindowMapper.selectByGroupById"/>
+    </resultMap>
+
+    <sql id="Base_Column_List">
+        id, rule_id, group_type, window_type,
+        create_dept, del_flag, create_time, update_time, create_by, update_by,
+        remark, tenant_id
+    </sql>
+
+    <!-- 根据规则ID查询分组配置 -->
+    <select id="selectByRuleId" resultMap="BaseResultMap">
+        SELECT
+            <include refid="Base_Column_List"/>
+        FROM analysis_group_by
+        WHERE rule_id = #{ruleId, jdbcType=OTHER}::uuid
+          AND del_flag = '0'
+    </select>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/AnalysisGroupByWindowMapper.xml

@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.AnalysisGroupByWindowMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.AnalysisGroupByWindow">
+        <id column="id" property="id" jdbcType="INTEGER"/>
+        <result column="group_by_id" property="groupById" jdbcType="INTEGER"/>
+        <result column="window_type" property="windowType" jdbcType="VARCHAR"/>
+        <result column="tumble_window_time_type" property="tumbleWindowTimeType" jdbcType="VARCHAR"/>
+        <result column="tumble_window_size" property="tumbleWindowSize" jdbcType="INTEGER"/>
+        <result column="tumble_window_size_unit" property="tumbleWindowSizeUnit" jdbcType="VARCHAR"/>
+        <result column="hop_window_time_type" property="hopWindowTimeType" jdbcType="VARCHAR"/>
+        <result column="hop_window_size" property="hopWindowSize" jdbcType="INTEGER"/>
+        <result column="hop_window_size_unit" property="hopWindowSizeUnit" jdbcType="VARCHAR"/>
+        <result column="hop_window_slide" property="hopWindowSlide" jdbcType="INTEGER"/>
+        <result column="hop_window_slide_unit" property="hopWindowSlideUnit" jdbcType="VARCHAR"/>
+        <result column="hop_window_alarm_once_per_window" property="hopWindowAlarmOncePerWindow" jdbcType="BOOLEAN"/>
+        <result column="session_window_time_type" property="sessionWindowTimeType" jdbcType="VARCHAR"/>
+        <result column="session_window_size" property="sessionWindowSize" jdbcType="INTEGER"/>
+        <result column="session_window_size_unit" property="sessionWindowSizeUnit" jdbcType="VARCHAR"/>
+        <result column="create_dept" property="createDept" jdbcType="BIGINT"/>
+        <result column="del_flag" property="delFlag" jdbcType="CHAR"/>
+        <result column="create_time" property="createTime" jdbcType="TIMESTAMP"/>
+        <result column="update_time" property="updateTime" jdbcType="TIMESTAMP"/>
+        <result column="create_by" property="createBy" jdbcType="BIGINT"/>
+        <result column="update_by" property="updateBy" jdbcType="BIGINT"/>
+        <result column="remark" property="remark" jdbcType="VARCHAR"/>
+        <result column="tenant_id" property="tenantId" jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <sql id="Base_Column_List">
+        id, group_by_id, window_type,
+        tumble_window_time_type, tumble_window_size, tumble_window_size_unit,
+        hop_window_time_type, hop_window_size, hop_window_size_unit,
+        hop_window_slide, hop_window_slide_unit, hop_window_alarm_once_per_window,
+        session_window_time_type, session_window_size, session_window_size_unit,
+        create_dept, del_flag, create_time, update_time, create_by, update_by,
+        remark, tenant_id
+    </sql>
+
+    <select id="selectByGroupById" resultMap="BaseResultMap">
+        SELECT
+            <include refid="Base_Column_List"/>
+        FROM analysis_group_by_window
+        WHERE group_by_id = #{groupById, jdbcType=INTEGER}
+          AND del_flag = '0'
+        LIMIT 1
+    </select>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/AnalysisTaskHistoryMapper.xml

@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.AnalysisTaskHistoryMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.AnalysisTaskHistory">
+        <id column="id" property="id" jdbcType="BIGINT"/>
+        <result column="rule_id" property="ruleId" jdbcType="VARCHAR"/>
+        <result column="start_time" property="startTime" jdbcType="TIMESTAMP"/>
+        <result column="end_time" property="endTime" jdbcType="TIMESTAMP"/>
+        <result column="duration_time" property="durationTime" jdbcType="BIGINT"/>
+        <result column="progress_percent" property="progressPercent" jdbcType="INTEGER"/>
+        <result column="input_count" property="inputCount" jdbcType="BIGINT"/>
+        <result column="output_count" property="outputCount" jdbcType="BIGINT"/>
+        <result column="status" property="status" jdbcType="VARCHAR"/>
+        <result column="create_dept" property="createDept" jdbcType="BIGINT"/>
+        <result column="del_flag" property="delFlag" jdbcType="CHAR"/>
+        <result column="create_time" property="createTime" jdbcType="TIMESTAMP"/>
+        <result column="update_time" property="updateTime" jdbcType="TIMESTAMP"/>
+        <result column="create_by" property="createBy" jdbcType="BIGINT"/>
+        <result column="update_by" property="updateBy" jdbcType="BIGINT"/>
+        <result column="remark" property="remark" jdbcType="VARCHAR"/>
+        <result column="tenant_id" property="tenantId" jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <sql id="Base_Column_List">
+        id, rule_id, start_time, end_time, duration_time, progress_percent,
+        input_count, output_count, status, create_dept, del_flag,
+        create_time, update_time, create_by, update_by, remark, tenant_id
+    </sql>
+
+    <!-- 插入任务历史记录 -->
+    <insert id="insert" parameterType="com.common.entity.AnalysisTaskHistory">
+        INSERT INTO analysis_task_history (
+        <include refid="Base_Column_List"/>
+        ) VALUES (
+        #{id}, #{ruleId}::uuid, #{startTime}, #{endTime}, #{durationTime}, #{progressPercent},
+        #{inputCount}, #{outputCount}, #{status}, #{createDept}, #{delFlag},
+        #{createTime}, #{updateTime}, #{createBy}, #{updateBy}, #{remark}, #{tenantId}
+        )
+    </insert>
+
+    <!-- 更新任务历史记录 -->
+    <update id="update" parameterType="com.common.entity.AnalysisTaskHistory">
+        UPDATE analysis_task_history
+        SET end_time = #{endTime},
+        duration_time = #{durationTime},
+        progress_percent = #{progressPercent},
+        input_count = #{inputCount},
+        output_count = #{outputCount},
+        status = #{status},
+        update_time = NOW()
+        <if test="remark != null">
+            ,remark = #{remark}
+        </if>
+        WHERE id = #{id}
+    </update>
+
+    <!-- 根据规则ID查询最近的任务历史 -->
+    <select id="selectRecentByRuleId" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List"/>
+        FROM analysis_task_history
+        WHERE rule_id =#{ruleId, jdbcType=OTHER}::uuid
+        AND del_flag = '0'
+        ORDER BY create_time DESC
+        <if test="limit != null and limit > 0">
+            LIMIT #{limit}
+        </if>
+    </select>
+
+    <!-- 根据规则ID和状态查询任务历史 -->
+    <select id="selectByRuleIdAndStatus" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List"/>
+        FROM analysis_task_history
+        WHERE rule_id =#{ruleId, jdbcType=OTHER}::uuid
+        AND status = #{status}
+        AND del_flag = '0'
+        ORDER BY create_time DESC
+        LIMIT 1
+    </select>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/AnalysisWhereConditionMapper.xml

@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.AnalysisWhereConditionMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.AnalysisWhereCondition">
+        <id column="cond_id" property="condId" jdbcType="INTEGER"/>
+        <result column="rule_id" property="ruleId" jdbcType="VARCHAR"/>
+        <result column="logical_op" property="logicalOp" jdbcType="VARCHAR"/>
+        <result column="seq_num" property="seqNum" jdbcType="INTEGER"/>
+        <result column="parent_cond_id" property="parentCondId" jdbcType="INTEGER"/>
+        <result column="create_dept" property="createDept" jdbcType="BIGINT"/>
+        <result column="del_flag" property="delFlag" jdbcType="CHAR"/>
+        <result column="create_time" property="createTime" jdbcType="TIMESTAMP"/>
+        <result column="update_time" property="updateTime" jdbcType="TIMESTAMP"/>
+        <result column="create_by" property="createBy" jdbcType="BIGINT"/>
+        <result column="update_by" property="updateBy" jdbcType="BIGINT"/>
+        <result column="remark" property="remark" jdbcType="VARCHAR"/>
+        <result column="tenant_id" property="tenantId" jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <sql id="Base_Column_List">
+        cond_id, rule_id, logical_op, seq_num, parent_cond_id,
+        create_dept, del_flag, create_time, update_time,
+        create_by, update_by, remark, tenant_id
+    </sql>
+
+    <!-- 根据规则ID查询WHERE条件 -->
+    <select id="selectByRuleId" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List"/>
+        FROM analysis_where_condition
+        WHERE rule_id = #{ruleId}::uuid
+        AND del_flag = '0'
+        ORDER BY seq_num ASC
+    </select>
+
+    <!-- 查询根节点条件（无父节点） -->
+    <select id="selectRootConditions" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List"/>
+        FROM analysis_where_condition
+        WHERE rule_id = #{ruleId}::uuid
+        AND (parent_cond_id IS NULL OR parent_cond_id = 0)
+        AND del_flag = '0'
+        ORDER BY seq_num ASC
+    </select>
+
+    <!-- 查询指定条件的子条件 -->
+    <select id="selectChildConditions" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List"/>
+        FROM analysis_where_condition
+        WHERE parent_cond_id = #{parentCondId}
+        AND del_flag = '0'
+        ORDER BY seq_num ASC
+    </select>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/AppLogMapper.xml

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.AppLogMapper">
+
+    <insert id="batchInsert" parameterType="list">
+        INSERT INTO applog (
+        es_index, es_type, es_id, es_score, dt_time, collect_time, log_type,
+        trace_id, method, app_name, ip, class_name, env, content, thread_name,
+        log_level, seq, indexed_at, log_date, created_at, updated_at
+        ) VALUES
+        <foreach collection="list" item="item" separator=",">
+            (
+            #{item.esIndex}, #{item.esType}, #{item.esId}, #{item.esScore}, #{item.dtTime},
+            #{item.collectTime}, #{item.logType}, #{item.traceId}, #{item.method},
+            #{item.appName}, #{item.ip}, #{item.className}, #{item.env}, #{item.content},
+            #{item.threadName}, #{item.logLevel}, #{item.seq}, #{item.indexedAt},
+            #{item.logDate}, #{item.createdAt}, #{item.updatedAt}
+            )
+        </foreach>
+    </insert>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/DeviceCollectTaskMapper.xml

@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<mapper namespace="com.common.mapper.DeviceCollectTaskMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.DeviceCollectTask">
+        <id column="id" property="id" />
+        <result column="created_at" property="createdAt" />
+        <result column="updated_at" property="updatedAt" />
+        <result column="deleted_at" property="deletedAt" />
+        <result column="device_id" property="deviceId" />
+        <result column="method" property="method" />
+        <result column="task_name" property="taskName" />
+        <result column="first_time" property="firstTime" />
+        <result column="last_success_time" property="lastSuccessTime" />
+        <result column="last_failed_time" property="lastFailedTime" />
+        <result column="detail_id" property="detailId" />
+        <result column="epm" property="epm" />
+        <result column="epm_peak" property="epmPeak" />
+        <result column="process_architecture" property="processArchitecture" />
+        <result column="task_count" property="taskCount" />
+        <result column="recent_discover_time" property="recentDiscoverTime" />
+        <result column="epm_upper_limit" property="epmUpperLimit" />
+    </resultMap>
+
+    <sql id="Base_Column_List">
+        id, created_at, updated_at, deleted_at, device_id, method, task_name,
+        first_time, last_success_time, last_failed_time, detail_id, epm, epm_peak,
+        process_architecture, task_count, recent_discover_time, epm_upper_limit
+    </sql>
+
+    <!-- 多条件组合查询 -->
+    <select id="selectByCondition" parameterType="com.common.entity.DeviceCollectTask" resultMap="BaseResultMap">
+        SELECT <include refid="Base_Column_List" />
+        FROM device_collect_task
+        <where>
+            <if test="deviceId != null">
+                AND device_id = #{deviceId}
+            </if>
+            <if test="method != null">
+                AND method = #{method}
+            </if>
+            <if test="taskName != null and taskName != ''">
+                AND task_name LIKE CONCAT('%', #{taskName}, '%')
+            </if>
+            <if test="detailId != null">
+                AND detail_id = #{detailId}
+            </if>
+            <if test="processArchitecture != null">
+                AND process_architecture = #{processArchitecture}
+            </if>
+            <if test="epmUpperLimit != null">
+                AND epm_upper_limit = #{epmUpperLimit}
+            </if>
+            <!-- 时间范围查询 -->
+            <if test="firstTime != null">
+                AND first_time >= #{firstTime}
+            </if>
+            <if test="lastSuccessTime != null">
+                AND last_success_time >= #{lastSuccessTime}
+            </if>
+        </where>
+        ORDER BY updated_at DESC
+    </select>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/DeviceDeviceMapper.xml

@@ -0,0 +1,238 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<mapper namespace="com.common.mapper.DeviceDeviceMapper">
+
+    <!-- 基础结果映射 -->
+    <resultMap id="BaseResultMap" type="com.common.entity.DeviceDevice">
+        <id column="id" property="id" />
+        <result column="created_at" property="createdAt" />
+        <result column="updated_at" property="updatedAt" />
+        <result column="deleted_at" property="deletedAt" />
+        <result column="name" property="name" />
+        <result column="ip" property="ip" />
+        <result column="device_group" property="deviceGroup" />
+        <result column="device_type" property="deviceType" />
+        <result column="vendor" property="vendor" />
+        <result column="product_name" property="productName" />
+        <result column="organization_id" property="organizationId" />
+        <result column="last_receive_time" property="lastReceiveTime" />
+        <result column="agent_id" property="agentId" />
+        <result column="detail_id" property="detailId" />
+        <result column="control_agent_id" property="controlAgentId" />
+        <result column="license_start_time" property="licenseStartTime" />
+        <result column="license_end_time" property="licenseEndTime" />
+        <result column="is_monitoring" property="isMonitoring" />
+        <result column="security_scope_id" property="securityScopeId" />
+        <result column="owner_id" property="ownerId" />
+        <result column="ssh_config_id" property="sshConfigId" />
+        <result column="status" property="status" />
+        <result column="created_by_id" property="createdById" />
+        <result column="decode_type" property="decodeType" />
+        <result column="miss_policy" property="missPolicy" />
+        <result column="tenant_id" property="tenantId" />
+        <result column="create_time" property="createTime" />
+        <result column="update_time" property="updateTime" />
+        <result column="create_by" property="createBy" />
+        <result column="update_by" property="updateBy" />
+        <result column="del_flag" property="delFlag" />
+        <result column="manager_name" property="managerName" />
+        <result column="today_parse_count" property="todayParseCount" />
+        <result column="today_non_log_count" property="todayNonLogCount" />
+        <result column="create_dept" property="createDept" />
+        <result column="device_collect_id" property="deviceCollectId" />
+    </resultMap>
+
+    <!-- 基础查询列 -->
+    <sql id="Base_Column_List">
+        id, created_at::timestamp , updated_at::timestamp, deleted_at::timestamp, name, ip, device_group, device_type,
+        vendor, product_name, organization_id, last_receive_time::timestamp, agent_id, detail_id,
+        control_agent_id, license_start_time::timestamp, license_end_time::timestamp, is_monitoring,
+        security_scope_id, owner_id, ssh_config_id, status, created_by_id, decode_type,
+        miss_policy, tenant_id, create_time::timestamp, update_time::timestamp, create_by, update_by, del_flag,
+        manager_name, today_parse_count, today_non_log_count, create_dept, device_collect_id
+    </sql>
+
+    <!-- 根据ID查询 -->
+    <select id="selectById" parameterType="java.lang.Integer" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE id = #{id}
+    </select>
+
+    <!-- 查询所有设备 -->
+    <select id="selectAll" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+    </select>
+
+    <!-- 根据IP查询 -->
+    <select id="selectByIp" parameterType="java.lang.String" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE ip = #{ip} and   del_flag='0'
+    </select>
+
+    <!-- 根据名称模糊查询 -->
+    <select id="selectByNameLike" parameterType="java.lang.String" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE name LIKE CONCAT('%', #{name}, '%')
+    </select>
+
+    <!-- 根据设备组查询 -->
+    <select id="selectByDeviceGroup" parameterType="java.lang.Integer" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE device_group = #{deviceGroup}
+    </select>
+
+    <!-- 根据设备类型查询 -->
+    <select id="selectByDeviceType" parameterType="java.lang.Integer" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE device_type = #{deviceType}
+    </select>
+
+    <!-- 根据组织ID查询 -->
+    <select id="selectByOrganizationId" parameterType="java.lang.Integer" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE organization_id = #{organizationId}
+    </select>
+
+    <!-- 根据状态查询 -->
+    <select id="selectByStatus" parameterType="java.lang.Short" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE status = #{status}
+    </select>
+
+    <!-- 多条件组合查询 -->
+    <select id="selectByCondition" parameterType="com.common.entity.DeviceDevice" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        <where>
+            <if test="name != null and name != ''">
+                AND name LIKE CONCAT('%', #{name}, '%')
+            </if>
+            <if test="ip != null and ip != ''">
+                AND ip = #{ip}
+            </if>
+            <if test="deviceGroup != null">
+                AND device_group = #{deviceGroup}
+            </if>
+            <if test="deviceType != null">
+                AND device_type = #{deviceType}
+            </if>
+            <if test="vendor != null and vendor != ''">
+                AND vendor = #{vendor}
+            </if>
+            <if test="organizationId != null">
+                AND organization_id = #{organizationId}
+            </if>
+            <if test="status != null">
+                AND status = #{status}
+            </if>
+            <if test="isMonitoring != null">
+                AND is_monitoring = #{isMonitoring}
+            </if>
+        </where>
+        ORDER BY created_at DESC
+    </select>
+
+    <!-- 动态条件查询 -->
+    <select id="selectByMap" parameterType="java.util.Map" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        <where>
+            <if test="name != null">
+                AND name LIKE CONCAT('%', #{name}, '%')
+            </if>
+            <if test="ip != null">
+                AND ip = #{ip}
+            </if>
+            <if test="deviceGroup != null">
+                AND device_group = #{deviceGroup}
+            </if>
+            <if test="status != null">
+                AND status = #{status}
+            </if>
+            <if test="vendor != null">
+                AND vendor = #{vendor}
+            </if>
+            <if test="startTime != null">
+                AND created_at >= #{startTime}
+            </if>
+            <if test="endTime != null">
+                AND created_at &lt;= #{endTime}
+            </if>
+        </where>
+    </select>
+
+    <!-- 分页查询 -->
+    <select id="selectByPage" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        ORDER BY id
+        LIMIT #{limit} OFFSET #{offset}
+    </select>
+
+    <!-- 统计总数 -->
+    <select id="count" resultType="java.lang.Long">
+        SELECT COUNT(*) FROM device_device
+    </select>
+
+    <!-- 根据条件统计 -->
+    <select id="countByCondition" parameterType="com.common.entity.DeviceDevice" resultType="java.lang.Long">
+        SELECT COUNT(*) FROM device_device
+        <where>
+            <if test="name != null and name != ''">
+                AND name LIKE CONCAT('%', #{name}, '%')
+            </if>
+            <if test="status != null">
+                AND status = #{status}
+            </if>
+            <if test="isMonitoring != null">
+                AND is_monitoring = #{isMonitoring}
+            </if>
+        </where>
+    </select>
+
+    <!-- 查询监控中的设备 -->
+    <select id="selectMonitoringDevices" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE is_monitoring = true
+    </select>
+
+    <!-- 查询未删除的设备 -->
+    <select id="selectActiveDevices" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE del_flag = '0'
+    </select>
+
+    <!-- 根据厂商查询 -->
+    <select id="selectByVendor" parameterType="java.lang.String" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE vendor = #{vendor}
+    </select>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/DeviceReceiveLogMapper.xml

@@ -0,0 +1,164 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.DeviceReceiveLogMapper">
+
+    <!-- 结果映射 -->
+    <resultMap id="BaseResultMap" type="com.common.entity.DeviceReceiveLog">
+        <id column="id" property="id" />
+        <result column="created_at" property="createdAt" />
+        <result column="device_collect_id" property="deviceCollectId" />
+        <result column="device_id" property="deviceId" />
+        <result column="device_ip" property="deviceIp" />
+        <result column="receive_time" property="receiveTime" />
+        <result column="receive_time_str" property="receiveTimeStr" />
+        <result column="syslog_message" property="syslogMessage" />
+    </resultMap>
+
+    <!-- 插入单条记录 -->
+    <insert id="insert" parameterType="com.common.entity.DeviceReceiveLog" useGeneratedKeys="true" keyProperty="id">
+        INSERT INTO device_receive_log (
+            created_at,
+            device_collect_id,
+            device_id,
+            device_ip,
+            receive_time,
+            receive_time_str,
+            syslog_message
+        ) VALUES (
+            COALESCE(#{createdAt}, NOW() AT TIME ZONE 'utc'),
+            #{deviceCollectId},
+            #{deviceId},
+            #{deviceIp}::inet,
+            #{receiveTime},
+            #{receiveTimeStr},
+            #{syslogMessage}
+        )
+    </insert>
+
+    <!-- 批量插入（高性能） -->
+    <insert id="batchInsert" parameterType="java.util.List">
+        INSERT INTO device_receive_log (
+        created_at,
+        device_collect_id,
+        device_id,
+        device_ip,
+        receive_time,
+        receive_time_str,
+        syslog_message
+        ) VALUES
+        <foreach collection="list" item="item" separator=",">
+            (
+            COALESCE(#{item.createdAt}, NOW() AT TIME ZONE 'utc'),
+            #{item.deviceCollectId},
+            #{item.deviceId},
+            #{item.deviceIp}::inet,
+            #{item.receiveTime},
+            #{item.receiveTimeStr},
+            #{item.syslogMessage}
+            )
+        </foreach>
+    </insert>
+
+    <!-- 根据ID查询 -->
+    <select id="selectById" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        WHERE id = #{id}
+    </select>
+
+    <!-- 根据设备ID查询 -->
+    <select id="selectByDeviceId" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        WHERE device_id = #{deviceId}
+        ORDER BY receive_time DESC
+    </select>
+
+    <!-- 根据采集探针ID查询 -->
+    <select id="selectByCollectId" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        WHERE device_collect_id = #{collectId}
+        ORDER BY receive_time DESC
+    </select>
+
+    <!-- 根据IP地址查询（使用PostgreSQL的inet操作符） -->
+    <select id="selectByDeviceIp" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        WHERE device_ip >>= #{deviceIp}::inet
+        ORDER BY receive_time DESC
+    </select>
+
+    <!-- 根据时间范围查询（利用created_at索引） -->
+    <select id="selectByTimeRange" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        WHERE created_at BETWEEN #{startTime} AND #{endTime}
+        ORDER BY created_at DESC
+    </select>
+
+    <!-- 多条件组合查询（动态SQL） -->
+    <select id="selectByCondition" parameterType="com.common.entity.DeviceReceiveLog" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        <where>
+            <if test="deviceId != null">
+                AND device_id = #{deviceId}
+            </if>
+            <if test="deviceCollectId != null">
+                AND device_collect_id = #{deviceCollectId}
+            </if>
+            <if test="deviceIp != null and deviceIp != ''">
+                AND device_ip >>= #{deviceIp}::inet
+            </if>
+            <if test="receiveTime != null">
+                AND receive_time >= #{receiveTime}
+            </if>
+            <if test="syslogMessage != null and syslogMessage != ''">
+                AND syslog_message LIKE CONCAT('%', #{syslogMessage}, '%')
+            </if>
+        </where>
+        ORDER BY created_at DESC
+    </select>
+
+    <!-- 统计数量 -->
+    <select id="countByCondition" parameterType="com.common.entity.DeviceReceiveLog" resultType="java.lang.Long">
+        SELECT COUNT(*) FROM device_receive_log
+        <where>
+            <if test="deviceId != null">
+                AND device_id = #{deviceId}
+            </if>
+            <if test="deviceCollectId != null">
+                AND device_collect_id = #{deviceCollectId}
+            </if>
+            <if test="deviceIp != null and deviceIp != ''">
+                AND device_ip >>= #{deviceIp}::inet
+            </if>
+            <if test="receiveTime != null">
+                AND receive_time >= #{receiveTime}
+            </if>
+        </where>
+    </select>
+
+    <!-- 删除时间范围内的数据 -->
+    <delete id="deleteByTimeRange">
+        DELETE FROM device_receive_log
+        WHERE created_at BETWEEN #{startTime} AND #{endTime}
+    </delete>
+
+    <!-- 获取最近N条记录 -->
+    <select id="selectRecent" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        ORDER BY created_at DESC
+        LIMIT #{limit}
+    </select>
+
+    <!-- 按设备分组统计 -->
+    <select id="countByDeviceGroup" resultType="java.util.Map">
+        SELECT
+            device_id,
+            COUNT(*) as log_count,
+            MIN(receive_time) as first_receive_time,
+            MAX(receive_time) as last_receive_time
+        FROM device_receive_log
+        GROUP BY device_id
+        ORDER BY log_count DESC
+    </select>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/DmColumnMapper.xml

@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<mapper namespace="com.common.mapper.DmColumnMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.DmColumn">
+
+        <id column="id" property="id" jdbcType="BIGINT"/>
+        <result column="created_at" property="createdAt"/>
+        <result column="updated_at" property="updatedAt" />
+        <result column="deleted_at" property="deletedAt" />
+        <result column="name" property="name" jdbcType="VARCHAR"/>
+        <result column="display_name" property="displayName" jdbcType="VARCHAR"/>
+        <result column="storage_data_type" property="storageDataType" jdbcType="BIGINT"/>
+        <result column="business_data_type" property="businessDataType" jdbcType="BIGINT"/>
+        <result column="is_built_in" property="isBuiltIn" jdbcType="BOOLEAN"/>
+        <result column="is_hidden" property="isHidden" jdbcType="BOOLEAN"/>
+        <result column="is_not_normalizable" property="isNotNormalizable" jdbcType="BOOLEAN"/>
+        <result column="is_required" property="isRequired" jdbcType="BOOLEAN"/>
+        <result column="category_id" property="categoryId" jdbcType="INTEGER"/>
+        <result column="custom_asset_category_id" property="customAssetCategoryId" jdbcType="INTEGER"/>
+        <result column="is_virtual" property="isVirtual" jdbcType="BOOLEAN"/>
+        <result column="table_id" property="tableId" jdbcType="INTEGER"/>
+        <result column="asset_table_id" property="assetTableId" jdbcType="INTEGER"/>
+        <result column="column_set_id" property="columnSetId" jdbcType="INTEGER"/>
+        <result column="base_type" property="baseType" jdbcType="INTEGER"/>
+        <result column="user_task_id" property="userTaskId" jdbcType="INTEGER"/>
+        <result column="created_by_id" property="createdById" jdbcType="BIGINT"/>
+        <result column="create_dept" property="createDept" jdbcType="BIGINT"/>
+        <result column="create_by" property="createBy" jdbcType="BIGINT"/>
+        <result column="create_time" property="createTime"/>
+        <result column="update_by" property="updateBy" jdbcType="BIGINT"/>
+        <result column="update_time" property="updateTime"/>
+    </resultMap>
+
+    <!-- 条件查询 -->
+    <select id="findByCondition" parameterType="com.common.entity.DmColumn" resultMap="BaseResultMap">
+        SELECT * FROM dm_column
+        WHERE deleted_at IS NULL
+        <if test="name != null and name != ''">
+            AND name = #{name}
+        </if>
+        <if test="displayName != null and displayName != ''">
+            AND display_name LIKE CONCAT('%', #{displayName}, '%')
+        </if>
+        <if test="isBuiltIn != null">
+            AND is_built_in = #{isBuiltIn}
+        </if>
+        <if test="isHidden != null">
+            AND is_hidden = #{isHidden}
+        </if>
+        <if test="isRequired != null">
+            AND is_required = #{isRequired}
+        </if>
+        <if test="categoryId != null">
+            AND category_id = #{categoryId}
+        </if>
+        <if test="tableId != null">
+            AND table_id = #{tableId}
+        </if>
+        ORDER BY id DESC
+    </select>
+
+
+
+    <select id="findById" parameterType="java.lang.Long" resultMap="BaseResultMap">
+         SELECT Id, created_at::timestamp as created_at ,
+          updated_at::timestamp as updated_at , deleted_at::timestamp as deleted_at , name, display_name,
+        storage_data_type, business_data_type, is_built_in, is_hidden,
+        is_not_normalizable, is_required, category_id, custom_asset_category_id,
+        is_virtual, table_id, asset_table_id, column_set_id, base_type,
+        user_task_id, created_by_id, create_dept, create_by, create_time::timestamp as create_time ,
+        update_by, update_time::timestamp as update_time
+         FROM dm_column
+        WHERE   id = #{id} AND deleted_at IS NULL
+    </select>
+
+
+    <!-- 查询全部正常字段-->
+
+    <select id="selectAllNormal" parameterType="java.lang.Long" resultType="java.util.LinkedHashMap">
+     SELECT Id, created_at::timestamp as created_at ,
+          updated_at::timestamp as updated_at , deleted_at::timestamp as deleted_at , name, display_name,
+        storage_data_type, business_data_type, is_built_in, is_hidden,
+        is_not_normalizable, is_required, category_id, custom_asset_category_id,
+        is_virtual, table_id, asset_table_id, column_set_id, base_type,
+        user_task_id, created_by_id, create_dept, create_by, create_time::timestamp as create_time ,
+        update_by, update_time::timestamp as update_time
+         FROM dm_column
+    where  deleted_at is  null and id  in ( select  distinct column_id  from dm_field_table_column  where   deleted_at is null
+    )
+ </select>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/DmNormalizeRuleMapper.xml

@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.DmNormalizeRuleMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.DmNormalizeRule">
+        <id column="id" property="id" />
+        <result column="created_at" property="createdAt" />
+        <result column="updated_at" property="updatedAt" />
+        <result column="deleted_at" property="deletedAt" />
+        <result column="name" property="name" />
+        <result column="display_name" property="displayName" />
+        <result column="description" property="description" />
+        <result column="is_built_in" property="isBuiltIn" />
+        <result column="is_running" property="isRunning" />
+        <result column="first_data_saved_at" property="firstDataSavedAt" />
+        <result column="data_type" property="dataType" />
+        <result column="field_cate_id" property="fieldCateId" />
+        <result column="log_parsed" property="logParsed" />
+        <result column="sample_logs" property="sampleLogs" typeHandler="org.apache.ibatis.type.ArrayTypeHandler" />
+        <result column="is_data_merge_enabled" property="isDataMergeEnabled" />
+        <result column="data_merge_interval" property="dataMergeInterval" />
+        <result column="data_merge_time_unit" property="dataMergeTimeUnit" />
+        <result column="data_merge_row_limit" property="dataMergeRowLimit" />
+        <result column="data_merge_columns" property="dataMergeColumns" />
+        <result column="data_storage_medium" property="dataStorageMedium" />
+        <result column="created_by_id" property="createdById" />
+        <result column="group_id" property="groupId" />
+        <result column="rule_content" property="ruleContent" />
+        <result column="built_in_version" property="builtInVersion" />
+        <result column="tenant_id" property="tenantId" />
+        <result column="create_time" property="createTime" />
+        <result column="update_time" property="updateTime" />
+        <result column="create_by" property="createBy" />
+        <result column="update_by" property="updateBy" />
+        <result column="del_flag" property="delFlag" />
+        <result column="create_dept" property="createDept" />
+    </resultMap>
+
+    <sql id="Base_Column_List">
+        id, created_at, updated_at, deleted_at, name, display_name, description,
+        is_built_in, is_running, first_data_saved_at, data_type, field_cate_id,
+        log_parsed, sample_logs, is_data_merge_enabled, data_merge_interval,
+        data_merge_time_unit, data_merge_row_limit, data_merge_columns,
+        data_storage_medium, created_by_id, group_id, rule_content,
+        built_in_version, tenant_id, create_time, update_time, create_by,
+        update_by, del_flag, create_dept
+    </sql>
+
+    <!-- 根据ID查询 -->
+    <select id="selectById" parameterType="java.lang.Long" resultMap="BaseResultMap">
+
+        SELECT
+        id,
+        created_at::timestamp as created_at,  <!-- 转换为 timestamp -->
+        updated_at::timestamp as updated_at,
+        deleted_at::timestamp as deleted_at,
+        first_data_saved_at::timestamp as first_data_saved_at,
+        create_time::timestamp as create_time,
+        update_time::timestamp as update_time,
+        name, display_name, description, is_built_in, is_running,
+        data_type, field_cate_id, log_parsed, sample_logs,
+        is_data_merge_enabled, data_merge_interval, data_merge_time_unit,
+        data_merge_row_limit, data_merge_columns, data_storage_medium,
+        created_by_id, group_id, rule_content, built_in_version, tenant_id,
+        create_by, update_by, del_flag, create_dept
+        FROM dm_normalize_rule
+        WHERE id = #{id} AND del_flag = '0'
+
+    </select>
+
+
+    <!-- 根据ID查询 -->
+    <select id="selectByDeviceId" parameterType="java.lang.Long" resultType="java.util.LinkedHashMap">
+
+        SELECT
+        id,
+        created_at::timestamp as created_at,  <!-- 转换为 timestamp -->
+        updated_at::timestamp as updated_at,
+        deleted_at::timestamp as deleted_at,
+        first_data_saved_at::timestamp as first_data_saved_at,
+        create_time::timestamp as create_time,
+        update_time::timestamp as update_time,
+        name, display_name, description, is_built_in, is_running,
+        data_type, field_cate_id, log_parsed, sample_logs,
+        is_data_merge_enabled, data_merge_interval, data_merge_time_unit,
+        data_merge_row_limit, data_merge_columns, data_storage_medium,
+        created_by_id, group_id, rule_content, built_in_version, tenant_id,
+        create_by, update_by, del_flag, create_dept
+        FROM dm_normalize_rule
+        WHERE id  in ( select  normalize_rule_id   from dm_normalize_rule_device  where device_id =#{id})  AND del_flag = '0'
+    </select>
+
+
+    <!-- 根据ID和租户ID查询 -->
+    <select id="selectByIdAndTenant" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM dm_normalize_rule
+        WHERE id = #{id} AND tenant_id = #{tenantId} AND del_flag = '0'
+    </select>
+
+    <!-- 根据ID更新 -->
+    <update id="updateById" parameterType="com.common.entity.DmNormalizeRule">
+        UPDATE dm_normalize_rule
+        <set>
+            <if test="updatedAt != null">updated_at = #{updatedAt},</if>
+            <if test="name != null">name = #{name},</if>
+            <if test="displayName != null">display_name = #{displayName},</if>
+            <if test="description != null">description = #{description},</if>
+            <if test="isBuiltIn != null">is_built_in = #{isBuiltIn},</if>
+            <if test="isRunning != null">is_running = #{isRunning},</if>
+            <if test="firstDataSavedAt != null">first_data_saved_at = #{firstDataSavedAt},</if>
+            <if test="dataType != null">data_type = #{dataType},</if>
+            <if test="fieldCateId != null">field_cate_id = #{fieldCateId},</if>
+            <if test="logParsed != null">log_parsed = #{logParsed},</if>
+            <if test="sampleLogs != null">sample_logs = #{sampleLogs, typeHandler=org.apache.ibatis.type.ArrayTypeHandler},</if>
+            <if test="isDataMergeEnabled != null">is_data_merge_enabled = #{isDataMergeEnabled},</if>
+            <if test="dataMergeInterval != null">data_merge_interval = #{dataMergeInterval},</if>
+            <if test="dataMergeTimeUnit != null">data_merge_time_unit = #{dataMergeTimeUnit},</if>
+            <if test="dataMergeRowLimit != null">data_merge_row_limit = #{dataMergeRowLimit},</if>
+            <if test="dataMergeColumns != null">data_merge_columns = #{dataMergeColumns},</if>
+            <if test="dataStorageMedium != null">data_storage_medium = #{dataStorageMedium},</if>
+            <if test="ruleContent != null">rule_content = #{ruleContent},</if>
+            <if test="builtInVersion != null">built_in_version = #{builtInVersion},</if>
+            <if test="updateTime != null">update_time = #{updateTime},</if>
+            <if test="updateBy != null">update_by = #{updateBy},</if>
+        </set>
+        WHERE id = #{id} AND del_flag = '0'
+    </update>
+
+    <!-- 根据ID和租户ID更新 -->
+    <update id="updateByIdAndTenant" parameterType="com.common.entity.DmNormalizeRule">
+        UPDATE dm_normalize_rule
+        <set>
+            <if test="updatedAt != null">updated_at = #{updatedAt},</if>
+            <if test="name != null">name = #{name},</if>
+            <if test="displayName != null">display_name = #{displayName},</if>
+            <if test="description != null">description = #{description},</if>
+            <if test="isBuiltIn != null">is_built_in = #{isBuiltIn},</if>
+            <if test="isRunning != null">is_running = #{isRunning},</if>
+            <if test="firstDataSavedAt != null">first_data_saved_at = #{firstDataSavedAt},</if>
+            <if test="dataType != null">data_type = #{dataType},</if>
+            <if test="fieldCateId != null">field_cate_id = #{fieldCateId},</if>
+            <if test="logParsed != null">log_parsed = #{logParsed},</if>
+            <if test="sampleLogs != null">sample_logs = #{sampleLogs, typeHandler=org.apache.ibatis.type.ArrayTypeHandler},</if>
+            <if test="isDataMergeEnabled != null">is_data_merge_enabled = #{isDataMergeEnabled},</if>
+            <if test="dataMergeInterval != null">data_merge_interval = #{dataMergeInterval},</if>
+            <if test="dataMergeTimeUnit != null">data_merge_time_unit = #{dataMergeTimeUnit},</if>
+            <if test="dataMergeRowLimit != null">data_merge_row_limit = #{dataMergeRowLimit},</if>
+            <if test="dataMergeColumns != null">data_merge_columns = #{dataMergeColumns},</if>
+            <if test="dataStorageMedium != null">data_storage_medium = #{dataStorageMedium},</if>
+            <if test="ruleContent != null">rule_content = #{ruleContent},</if>
+            <if test="builtInVersion != null">built_in_version = #{builtInVersion},</if>
+            <if test="updateTime != null">update_time = #{updateTime},</if>
+            <if test="updateBy != null">update_by = #{updateBy},</if>
+        </set>
+        WHERE id = #{id} AND tenant_id = #{tenantId} AND del_flag = '0'
+    </update>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/SecExceptionAlgorithmMapper.xml

@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.SecExceptionAlgorithmMapper">
+
+    <!-- 基本的结果映射，与注解方式一致 -->
+    <resultMap id="algorithmResultMap" type="com.common.entity.SecExceptionAlgorithm">
+        <id property="id" column="id" jdbcType="BIGINT"/>
+        <result property="algorithmName" column="algorithm_name" jdbcType="VARCHAR"/>
+        <result property="exceptionType" column="exception_type" jdbcType="VARCHAR"/>
+        <result property="dataSource" column="data_source" jdbcType="VARCHAR"/>
+        <result property="status" column="status" jdbcType="SMALLINT"/>
+        <result property="description" column="description" jdbcType="VARCHAR"/>
+        <result property="configInfo" column="config_info" jdbcType="VARCHAR"/>
+        <result property="operatorZipUrl" column="operator_zip_url" jdbcType="VARCHAR"/>
+        <result property="remark" column="remark" jdbcType="VARCHAR"/>
+        <result property="createBy" column="create_by" jdbcType="VARCHAR"/>
+        <result property="createTime" column="create_time" jdbcType="TIMESTAMP"/>
+        <result property="updateBy" column="update_by" jdbcType="VARCHAR"/>
+        <result property="updateTime" column="update_time" jdbcType="TIMESTAMP"/>
+        <result property="tenantId" column="tenant_id" jdbcType="VARCHAR"/>
+        <result property="delFlag" column="del_flag" jdbcType="CHAR"/>
+        <result property="createDept" column="create_dept" jdbcType="BIGINT"/>
+        <result property="apiUrl" column="api_url" jdbcType="VARCHAR"/>
+        <result property="apiMethod" column="api_method" jdbcType="VARCHAR"/>
+        <result property="respUrl" column="resp_url" jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <!-- 使用XML方式定义的findById方法 -->
+    <select id="findById" parameterType="java.lang.Long" resultMap="algorithmResultMap">
+        SELECT *
+        FROM sec_exception_algorithm
+        WHERE id = #{id, jdbcType=BIGINT}
+    </select>
+
+    <!-- 批量查询 -->
+    <select id="findByIds" parameterType="java.util.List" resultMap="algorithmResultMap">
+        SELECT *
+        FROM sec_exception_algorithm
+        WHERE id IN
+        <foreach collection="list" item="id" open="(" separator="," close=")">
+            #{id, jdbcType=BIGINT}
+        </foreach>
+        AND status = 1 AND del_flag = '0'
+    </select>
+
+    <!-- 条件查询 -->
+    <select id="findByCondition" parameterType="java.util.Map" resultMap="algorithmResultMap">
+        SELECT *
+        FROM sec_exception_algorithm
+        WHERE del_flag = '0'
+        <if test="status != null">
+            AND status = #{status, jdbcType=SMALLINT}
+        </if>
+        <if test="exceptionType != null and exceptionType != ''">
+            AND exception_type = #{exceptionType, jdbcType=VARCHAR}
+        </if>
+        <if test="dataSource != null and dataSource != ''">
+            AND data_source = #{dataSource, jdbcType=VARCHAR}
+        </if>
+        <if test="algorithmName != null and algorithmName != ''">
+            AND algorithm_name LIKE CONCAT('%', #{algorithmName, jdbcType=VARCHAR}, '%')
+        </if>
+        ORDER BY create_time DESC
+    </select>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/SyslogNonNormalMessageMapper.xml

@@ -0,0 +1,146 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.SyslogNonNormalMessageMapper">
+
+    <!-- 基础结果映射 -->
+    <resultMap id="BaseResultMap" type="com.common.entity.SyslogNonNormalMessage">
+        <id column="id" property="id" />
+        <result column="created_at" property="createdAt" />
+        <result column="log_time" property="logTime" />
+        <result column="device_id" property="deviceId" />
+        <result column="syslog_message" property="syslogMessage" />
+        <result column="syslog_uuid" property="syslogUuid" />
+        <result column="syslog_topic" property="syslogTopic" />
+        <result column="tenant_id" property="tenantId" />
+        <result column="create_time" property="createTime" />
+        <result column="update_time" property="updateTime" />
+        <result column="create_by" property="createBy" />
+        <result column="update_by" property="updateBy" />
+        <result column="create_dept" property="createDept" />
+        <result column="header_message" property="headerMessage" />
+        <result column="receive_time" property="receiveTime" />
+        <result column="rule_time" property="ruleTime" />
+        <result column="device_name" property="deviceName" />
+        <result column="etl_node" property="etlNode" />
+        <result column="collect_task_id" property="collectTaskId" />
+        <result column="collect_task_name" property="collectTaskName" />
+        <result column="reason" property="reason" />
+        <result column="reason_detail" property="reasonDetail" />
+        <result column="rule_result" property="ruleResult" />
+        <result column="del_flag" property="delFlag" />
+    </resultMap>
+
+    <!-- 批量插入 -->
+    <insert id="batchInsert" parameterType="java.util.List">
+        INSERT INTO syslog_non_normal_message (
+        id, created_at, log_time, device_id, syslog_message,
+        syslog_uuid, syslog_topic, tenant_id, create_time,
+        update_time, create_by, update_by, create_dept,
+        header_message, receive_time, rule_time, device_name,
+        etl_node, collect_task_id, collect_task_name, reason,
+        reason_detail, rule_result, del_flag
+        ) VALUES
+        <foreach collection="list" item="item" separator=",">
+            (
+            #{item.id},
+            #{item.createdAt},
+            #{item.logTime},
+            #{item.deviceId},
+            #{item.syslogMessage},
+            #{item.syslogUuid},
+            #{item.syslogTopic},
+            #{item.tenantId},
+            #{item.createTime},
+            #{item.updateTime},
+            #{item.createBy},
+            #{item.updateBy},
+            #{item.createDept},
+            #{item.headerMessage},
+            #{item.receiveTime},
+            #{item.ruleTime},
+            #{item.deviceName},
+            #{item.etlNode},
+            #{item.collectTaskId},
+            #{item.collectTaskName},
+            #{item.reason},
+            #{item.reasonDetail},
+            #{item.ruleResult},
+            #{item.delFlag}
+            )
+        </foreach>
+    </insert>
+
+    <!-- 动态更新 -->
+    <update id="updateByCondition" parameterType="com.common.entity.SyslogNonNormalMessage">
+        UPDATE syslog_non_normal_message
+        <set>
+            <if test="logTime != null">log_time = #{logTime},</if>
+            <if test="deviceId != null">device_id = #{deviceId},</if>
+            <if test="syslogMessage != null and syslogMessage != ''">syslog_message = #{syslogMessage},</if>
+            <if test="syslogUuid != null and syslogUuid != ''">syslog_uuid = #{syslogUuid},</if>
+            <if test="syslogTopic != null and syslogTopic != ''">syslog_topic = #{syslogTopic},</if>
+            <if test="tenantId != null and tenantId != ''">tenant_id = #{tenantId},</if>
+            <if test="updateTime != null">update_time = #{updateTime},</if>
+            <if test="updateBy != null">update_by = #{updateBy},</if>
+            <if test="headerMessage != null and headerMessage != ''">header_message = #{headerMessage},</if>
+            <if test="receiveTime != null">receive_time = #{receiveTime},</if>
+            <if test="ruleTime != null">rule_time = #{ruleTime},</if>
+            <if test="deviceName != null and deviceName != ''">device_name = #{deviceName},</if>
+            <if test="etlNode != null and etlNode != ''">etl_node = #{etlNode},</if>
+            <if test="collectTaskId != null">collect_task_id = #{collectTaskId},</if>
+            <if test="collectTaskName != null and collectTaskName != ''">collect_task_name = #{collectTaskName},</if>
+            <if test="reason != null and reason != ''">reason = #{reason},</if>
+            <if test="reasonDetail != null and reasonDetail != ''">reason_detail = #{reasonDetail},</if>
+            <if test="ruleResult != null and ruleResult != ''">rule_result = #{ruleResult},</if>
+            <if test="delFlag != null and delFlag != ''">del_flag = #{delFlag},</if>
+        </set>
+        WHERE id = #{id} AND del_flag = '0'
+    </update>
+
+    <!-- 根据条件查询 -->
+    <select id="selectByCondition" parameterType="map" resultMap="BaseResultMap">
+        SELECT * FROM syslog_non_normal_message
+        WHERE del_flag = '0'
+        <if test="deviceId != null">AND device_id = #{deviceId}</if>
+        <if test="tenantId != null and tenantId != ''">AND tenant_id = #{tenantId}</if>
+        <if test="ruleResult != null and ruleResult != ''">AND rule_result = #{ruleResult}</if>
+        <if test="collectTaskId != null">AND collect_task_id = #{collectTaskId}</if>
+        <if test="startTime != null">AND log_time >= #{startTime}</if>
+        <if test="endTime != null">AND log_time &lt;= #{endTime}</if>
+        <if test="deviceName != null and deviceName != ''">AND device_name LIKE CONCAT('%', #{deviceName}, '%')</if>
+        ORDER BY log_time DESC
+    </select>
+
+
+    <!-- 根据ID和创建时间批量查询 -->
+    <select id="getMessagesByIdsAndCreatedAts" resultType="com.common.entity.SyslogNonNormalMessage">
+        SELECT * FROM syslog_non_normal_message
+        WHERE del_flag = '0'
+        AND (
+        <foreach collection="ids" item="id" index="index" separator=" OR ">
+            (id = #{id} AND created_at = #{createdAts[${index}]}::timestamptz)
+        </foreach>
+        )
+    </select>
+
+    <!-- 根据ID列表批量查询 -->
+    <select id="getMessagesByIds" resultType="com.common.entity.SyslogNonNormalMessage">
+        SELECT * FROM syslog_non_normal_message
+        WHERE del_flag = '0'
+        AND id IN
+        <foreach collection="ids" item="id" open="(" separator="," close=")">
+            #{id}
+        </foreach>
+    </select>
+
+    <!-- 批量更新del_flag -->
+    <update id="updateBatchDelFlag">
+        UPDATE syslog_non_normal_message
+        SET del_flag = '1',
+        update_time = NOW()
+        WHERE id IN
+        <foreach collection="messages" item="item" open="(" separator="," close=")">
+            #{item.id}
+        </foreach>
+    </update>
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/SyslogNormalAlarmMapper.xml

@@ -0,0 +1,789 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.SyslogNormalAlarmMapper">
+
+
+    <insert id="insertDynamic" parameterType="map">
+        INSERT INTO syslog_normal_alarm
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="dataMap.id != null">id,</if>
+            <if test="dataMap.created_at != null">created_at,</if>
+            <if test="dataMap.log_time != null">log_time,</if>
+            <if test="dataMap.device_id != null">device_id,</if>
+            <if test="dataMap.webshell_type != null">webshell_type,</if>
+            <if test="dataMap.vuirs_type != null">vuirs_type,</if>
+            <if test="dataMap.vuirs_url != null">vuirs_url,</if>
+            <if test="dataMap.class_filename != null">class_filename,</if>
+            <if test="dataMap.class_path != null">class_path,</if>
+            <if test="dataMap.parent_class != null">parent_class,</if>
+            <if test="dataMap.jar_path != null">jar_path,</if>
+            <if test="dataMap.class_md5 != null">class_md5,</if>
+            <if test="dataMap.class_loader != null">class_loader,</if>
+            <if test="dataMap.class_hashcode != null">class_hashcode,</if>
+            <if test="dataMap.class_loader_hashcode != null">class_loader_hashcode,</if>
+            <if test="dataMap.tc_nameip != null">tc_nameip,</if>
+            <if test="dataMap.perform_sql != null">perform_sql,</if>
+            <if test="dataMap.tc_account != null">tc_account,</if>
+            <if test="dataMap.tc_appname != null">tc_appname,</if>
+            <if test="dataMap.process_uname != null">process_uname,</if>
+            <if test="dataMap.p_process_uname != null">p_process_uname,</if>
+            <if test="dataMap.container_name != null">container_name,</if>
+            <if test="dataMap.container_id != null">container_id,</if>
+            <if test="dataMap.http_resp_server != null">http_resp_server,</if>
+            <if test="dataMap.srcip_id != null">srcip_id,</if>
+            <if test="dataMap.cdnip != null">cdnip,</if>
+            <if test="dataMap.natip != null">natip,</if>
+            <if test="dataMap.mail_sender != null">mail_sender,</if>
+            <if test="dataMap.mail_receiver != null">mail_receiver,</if>
+            <if test="dataMap.vpn_mac != null">vpn_mac,</if>
+            <if test="dataMap.vpn_os != null">vpn_os,</if>
+            <if test="dataMap.vpn_user != null">vpn_user,</if>
+            <if test="dataMap.vpn_groupname != null">vpn_groupname,</if>
+            <if test="dataMap.vpn_access_ip != null">vpn_access_ip,</if>
+            <if test="dataMap.dest_ip_apt != null">dest_ip_apt,</if>
+            <if test="dataMap.origin_attack_result != null">origin_attack_result,</if>
+            <if test="dataMap.description != null">description,</if>
+            <if test="dataMap.solution != null">solution,</if>
+            <if test="dataMap.attack_cause != null">attack_cause,</if>
+            <if test="dataMap.username != null">username,</if>
+            <if test="dataMap.tc_flow_id != null">tc_flow_id,</if>
+            <if test="dataMap.login_result != null">login_result,</if>
+            <if test="dataMap.cmdline != null">cmdline,</if>
+            <if test="dataMap.origin_attack_action != null">origin_attack_action,</if>
+            <if test="dataMap.victim_domain != null">victim_domain,</if>
+            <if test="dataMap.vpn_deviceid != null">vpn_deviceid,</if>
+            <if test="dataMap.vpn_access_action != null">vpn_access_action,</if>
+            <if test="dataMap.file_access_time != null">file_access_time,</if>
+            <if test="dataMap.file_name != null">file_name,</if>
+            <if test="dataMap.tc_class != null">tc_class,</if>
+            <if test="dataMap.tc_name2 != null">tc_name2,</if>
+            <if test="dataMap.login_lasttime != null">login_lasttime,</if>
+            <if test="dataMap.origin_permissions != null">origin_permissions,</if>
+            <if test="dataMap.begin_permissions != null">begin_permissions,</if>
+            <if test="dataMap.print_time != null">print_time,</if>
+            <if test="dataMap.printer != null">printer,</if>
+            <if test="dataMap.printer_type != null">printer_type,</if>
+            <if test="dataMap.print_pages != null">print_pages,</if>
+            <if test="dataMap.print_copies != null">print_copies,</if>
+            <if test="dataMap.src_device != null">src_device,</if>
+            <if test="dataMap.dst_device != null">dst_device,</if>
+            <if test="dataMap.src_file != null">src_file,</if>
+            <if test="dataMap.src_file_type != null">src_file_type,</if>
+            <if test="dataMap.src_file_path != null">src_file_path,</if>
+            <if test="dataMap.dst_file != null">dst_file,</if>
+            <if test="dataMap.dst_file_type != null">dst_file_type,</if>
+            <if test="dataMap.dst_file_path != null">dst_file_path,</if>
+            <if test="dataMap.dlp_policy_name != null">dlp_policy_name,</if>
+            <if test="dataMap.dlp_policy_type != null">dlp_policy_type,</if>
+            <if test="dataMap.dst_upload_url != null">dst_upload_url,</if>
+            <if test="dataMap.process_uuid != null">process_uuid,</if>
+            <if test="dataMap.p_process_uuid != null">p_process_uuid,</if>
+            <if test="dataMap.env != null">env,</if>
+            <if test="dataMap.brute_force_service != null">brute_force_service,</if>
+            <if test="dataMap.vuirs_name != null">vuirs_name,</if>
+            <if test="dataMap.http_req_length != null">http_req_length,</if>
+            <if test="dataMap.http_req_content_type != null">http_req_content_type,</if>
+            <if test="dataMap.tc_scan_port != null">tc_scan_port,</if>
+            <if test="dataMap.tc_labels != null">tc_labels,</if>
+            <if test="dataMap.http_resp_content_type != null">http_resp_content_type,</if>
+            <if test="dataMap.dns_msg_type != null">dns_msg_type,</if>
+            <if test="dataMap.dns_answer_length != null">dns_answer_length,</if>
+            <if test="dataMap.dns_ioc != null">dns_ioc,</if>
+            <if test="dataMap.tx_bytes != null">tx_bytes,</if>
+            <if test="dataMap.rx_bytes != null">rx_bytes,</if>
+            <if test="dataMap.all_bytes != null">all_bytes,</if>
+            <if test="dataMap.duration_time != null">duration_time,</if>
+            <if test="dataMap.mail_attach_name != null">mail_attach_name,</if>
+            <if test="dataMap.mail_subject != null">mail_subject,</if>
+            <if test="dataMap.mail_message != null">mail_message,</if>
+            <if test="dataMap.mail_send_server != null">mail_send_server,</if>
+            <if test="dataMap.mail_agent != null">mail_agent,</if>
+            <if test="dataMap.tls_version != null">tls_version,</if>
+            <if test="dataMap.tls_server_cert != null">tls_server_cert,</if>
+            <if test="dataMap.tls_server_suite != null">tls_server_suite,</if>
+            <if test="dataMap.tls_client_suites_len != null">tls_client_suites_len,</if>
+            <if test="dataMap.tls_ja3 != null">tls_ja3,</if>
+            <if test="dataMap.tls_ja3s != null">tls_ja3s,</if>
+            <if test="dataMap.vpn_access_port != null">vpn_access_port,</if>
+            <if test="dataMap.log_topic != null">log_topic,</if>
+            <if test="dataMap.collect_time != null">collect_time,</if>
+            <if test="dataMap.src_is_intranetip != null">src_is_intranetip,</if>
+            <if test="dataMap.src_ip_ioc != null">src_ip_ioc,</if>
+            <if test="dataMap.src_ip_apt != null">src_ip_apt,</if>
+            <if test="dataMap.srcip_name != null">srcip_name,</if>
+            <if test="dataMap.tc_client != null">tc_client,</if>
+            <if test="dataMap.srcip_organization_id != null">srcip_organization_id,</if>
+            <if test="dataMap.dest_ip_intranetip != null">dest_ip_intranetip,</if>
+            <if test="dataMap.dest_ip_ioc != null">dest_ip_ioc,</if>
+            <if test="dataMap.desip_id != null">desip_id,</if>
+            <if test="dataMap.desip_name != null">desip_name,</if>
+            <if test="dataMap.tc_hostip != null">tc_hostip,</if>
+            <if test="dataMap.desip_organization_id != null">desip_organization_id,</if>
+            <if test="dataMap.origin_confidence != null">origin_confidence,</if>
+            <if test="dataMap.origin_malscore != null">origin_malscore,</if>
+            <if test="dataMap.attacker_icampaign != null">attacker_icampaign,</if>
+            <if test="dataMap.attacker_host_asset_id != null">attacker_host_asset_id,</if>
+            <if test="dataMap.attacker_organization_id != null">attacker_organization_id,</if>
+            <if test="dataMap.victim_host_asset_id != null">victim_host_asset_id,</if>
+            <if test="dataMap.victim_organization_id != null">victim_organization_id,</if>
+            <if test="dataMap.logout_time != null">logout_time,</if>
+            <if test="dataMap.http_req_line != null">http_req_line,</if>
+            <if test="dataMap.desip_security_scope_id != null">desip_security_scope_id,</if>
+            <if test="dataMap.srcip_security_scope_id != null">srcip_security_scope_id,</if>
+            <if test="dataMap.http_resp_length != null">http_resp_length,</if>
+            <if test="dataMap.tc_attack_type != null">tc_attack_type,</if>
+            <if test="dataMap.tc_realip != null">tc_realip,</if>
+            <if test="dataMap.attacker_ip_lists != null">attacker_ip_lists,</if>
+            <if test="dataMap.login_password != null">login_password,</if>
+            <if test="dataMap.detail != null">detail,</if>
+            <if test="dataMap.attacker_country_code != null">attacker_country_code,</if>
+            <if test="dataMap.attacker_region_code != null">attacker_region_code,</if>
+            <if test="dataMap.victim_region_code != null">victim_region_code,</if>
+            <if test="dataMap.payload != null">payload,</if>
+            <if test="dataMap.http_referer != null">http_referer,</if>
+            <if test="dataMap.http_user_agent != null">http_user_agent,</if>
+            <if test="dataMap.http_session != null">http_session,</if>
+            <if test="dataMap.http_query_string != null">http_query_string,</if>
+            <if test="dataMap.file_path != null">file_path,</if>
+            <if test="dataMap.file_permission != null">file_permission,</if>
+            <if test="dataMap.login_abnormal_type != null">login_abnormal_type,</if>
+            <if test="dataMap.file_tag != null">file_tag,</if>
+            <if test="dataMap.file_platform != null">file_platform,</if>
+            <if test="dataMap.target_ip != null">target_ip,</if>
+            <if test="dataMap.collect_date != null">collect_date,</if>
+            <if test="dataMap.tc_client_ip != null">tc_client_ip,</if>
+            <if test="dataMap.tc_server_ip != null">tc_server_ip,</if>
+            <if test="dataMap.tc_externalip != null">tc_externalip,</if>
+            <if test="dataMap.http_status_code != null">http_status_code,</if>
+            <if test="dataMap.device_domian != null">device_domian,</if>
+            <if test="dataMap.src_ip_str != null">src_ip_str,</if>
+            <if test="dataMap.src_port_str != null">src_port_str,</if>
+            <if test="dataMap.dest_ip_str != null">dest_ip_str,</if>
+            <if test="dataMap.dest_port_str != null">dest_port_str,</if>
+            <if test="dataMap.pcap != null">pcap,</if>
+            <if test="dataMap.ioc != null">ioc,</if>
+            <if test="dataMap.malicious_family != null">malicious_family,</if>
+            <if test="dataMap.vuln_cve != null">vuln_cve,</if>
+            <if test="dataMap.aliyun_type != null">aliyun_type,</if>
+            <if test="dataMap.attacker_host_asset_name != null">attacker_host_asset_name,</if>
+            <if test="dataMap.attacker_organization_name != null">attacker_organization_name,</if>
+            <if test="dataMap.ct_id != null">ct_id,</if>
+            <if test="dataMap.cve_list != null">cve_list,</if>
+            <if test="dataMap.desip_organization_name != null">desip_organization_name,</if>
+            <if test="dataMap.dest_ip_group != null">dest_ip_group,</if>
+            <if test="dataMap.file_gid != null">file_gid,</if>
+            <if test="dataMap.file_owner != null">file_owner,</if>
+            <if test="dataMap.file_ownergroup != null">file_ownergroup,</if>
+            <if test="dataMap.file_uid != null">file_uid,</if>
+            <if test="dataMap.http_resp_cookie != null">http_resp_cookie,</if>
+            <if test="dataMap.origin_rule_id != null">origin_rule_id,</if>
+            <if test="dataMap.origin_rule_name != null">origin_rule_name,</if>
+            <if test="dataMap.service_name != null">service_name,</if>
+            <if test="dataMap.src_ip_asset_group != null">src_ip_asset_group,</if>
+            <if test="dataMap.srcip_organization_name != null">srcip_organization_name,</if>
+            <if test="dataMap.victim_host_asset_name != null">victim_host_asset_name,</if>
+            <if test="dataMap.http_resp_codes != null">http_resp_codes,</if>
+            <if test="dataMap.victim_organization_name != null">victim_organization_name,</if>
+            <if test="dataMap.tc_type != null">tc_type,</if>
+            <if test="dataMap.direction != null">direction,</if>
+            <if test="dataMap.http_req_cookie != null">http_req_cookie,</if>
+            <if test="dataMap.http_req_protocol != null">http_req_protocol,</if>
+            <if test="dataMap.http_req_header_raw != null">http_req_header_raw,</if>
+            <if test="dataMap.http_url != null">http_url,</if>
+            <if test="dataMap.uname != null">uname,</if>
+            <if test="dataMap.origin_hostname != null">origin_hostname,</if>
+            <if test="dataMap.origin_os != null">origin_os,</if>
+            <if test="dataMap.origin_agent_mac != null">origin_agent_mac,</if>
+            <if test="dataMap.origin_host_id != null">origin_host_id,</if>
+            <if test="dataMap.origin_agent_version != null">origin_agent_version,</if>
+            <if test="dataMap.origin_agent_id != null">origin_agent_id,</if>
+            <if test="dataMap.origin_agent_name != null">origin_agent_name,</if>
+            <if test="dataMap.origin_work_group != null">origin_work_group,</if>
+            <if test="dataMap.origin_asset_group != null">origin_asset_group,</if>
+            <if test="dataMap.origin_local_port != null">origin_local_port,</if>
+            <if test="dataMap.origin_agent_ip != null">origin_agent_ip,</if>
+            <if test="dataMap.origin_internal_ip != null">origin_internal_ip,</if>
+            <if test="dataMap.origin_external_ip != null">origin_external_ip,</if>
+            <if test="dataMap.origin_local_addr != null">origin_local_addr,</if>
+            <if test="dataMap.agent_id != null">agent_id,</if>
+            <if test="dataMap.agent_name != null">agent_name,</if>
+            <if test="dataMap.tc_title != null">tc_title,</if>
+            <if test="dataMap.log_id != null">log_id,</if>
+            <if test="dataMap.event_date != null">event_date,</if>
+            <if test="dataMap.event_time_ts != null">event_time_ts,</if>
+            <if test="dataMap.event_level != null">event_level,</if>
+            <if test="dataMap.src_ip != null">src_ip ,</if>
+            <if test="dataMap.src_port != null">src_port,</if>
+            <if test="dataMap.dest_ip != null">dest_ip,</if>
+            <if test="dataMap.dest_port != null">dest_port,</if>
+            <if test="dataMap.event_time != null">event_time,</if>
+            <if test="dataMap.attacker_country != null">attacker_country,</if>
+            <if test="dataMap.src_mac != null">src_mac,</if>
+            <if test="dataMap.dest_mac != null">dest_mac,</if>
+            <if test="dataMap.proto != null">proto,</if>
+            <if test="dataMap.dev_id != null">dev_id,</if>
+            <if test="dataMap.created_time != null">created_time,</if>
+            <if test="dataMap.src_country != null">src_country,</if>
+            <if test="dataMap.src_country_code != null">src_country_code,</if>
+            <if test="dataMap.src_region != null">src_region,</if>
+            <if test="dataMap.src_region_code != null">src_region_code,</if>
+            <if test="dataMap.src_city != null">src_city,</if>
+            <if test="dataMap.src_lon != null">src_lon,</if>
+            <if test="dataMap.http_method != null">http_method,</if>
+            <if test="dataMap.http_host != null">http_host,</if>
+            <if test="dataMap.http_req_header != null">http_req_header,</if>
+            <if test="dataMap.http_req_body != null">http_req_body,</if>
+            <if test="dataMap.http_resp_header != null">http_resp_header,</if>
+            <if test="dataMap.http_resp_body != null">http_resp_body,</if>
+            <if test="dataMap.file_type != null">file_type,</if>
+            <if test="dataMap.file_md5 != null">file_md5,</if>
+            <if test="dataMap.file_size != null">file_size,</if>
+            <if test="dataMap.process != null">process,</if>
+            <if test="dataMap.start_time != null">start_time,</if>
+            <if test="dataMap.action != null">action,</if>
+            <if test="dataMap.attacker_region != null">attacker_region,</if>
+            <if test="dataMap.end_time != null">end_time,</if>
+            <if test="dataMap.file_created_time != null">file_created_time,</if>
+            <if test="dataMap.file_modified_time != null">file_modified_time,</if>
+            <if test="dataMap.tc_miguan_scan_port != null">tc_miguan_scan_port,</if>
+            <if test="dataMap.process_path != null">process_path,</if>
+            <if test="dataMap.parent_process_path != null">parent_process_path,</if>
+            <if test="dataMap.gname != null">gname,</if>
+            <if test="dataMap.exe_name != null">exe_name,</if>
+            <if test="dataMap.exe_path != null">exe_path,</if>
+            <if test="dataMap.login_time != null">login_time,</if>
+            <if test="dataMap.login_times != null">login_times,</if>
+            <if test="dataMap.check_item != null">check_item,</if>
+            <if test="dataMap.check_type != null">check_type,</if>
+            <if test="dataMap.attacker_ip != null">attacker_ip,</if>
+            <if test="dataMap.attacker_port != null">attacker_port,</if>
+            <if test="dataMap.victim_ip != null">victim_ip,</if>
+            <if test="dataMap.victim_port != null">victim_port,</if>
+            <if test="dataMap.attacker_city != null">attacker_city,</if>
+            <if test="dataMap.attacker_lon != null">attacker_lon,</if>
+            <if test="dataMap.attacker_lat != null">attacker_lat,</if>
+            <if test="dataMap.victim_country != null">victim_country,</if>
+            <if test="dataMap.victim_region != null">victim_region,</if>
+            <if test="dataMap.victim_city != null">victim_city,</if>
+            <if test="dataMap.victim_lon != null">victim_lon,</if>
+            <if test="dataMap.victim_lat != null">victim_lat,</if>
+            <if test="dataMap.origin_event_id != null">origin_event_id,</if>
+            <if test="dataMap.origin_event_name != null">origin_event_name,</if>
+            <if test="dataMap.origin_event_category != null">origin_event_category,</if>
+            <if test="dataMap.origin_event_level != null">origin_event_level,</if>
+            <if test="dataMap.origin_attack_chain != null">origin_attack_chain,</if>
+            <if test="dataMap.engine_type != null">engine_type,</if>
+            <if test="dataMap.evil_payload != null">evil_payload,</if>
+            <if test="dataMap.http_resp_status != null">http_resp_status,</if>
+            <if test="dataMap.dns_query != null">dns_query,</if>
+            <if test="dataMap.dns_query_type != null">dns_query_type,</if>
+            <if test="dataMap.dns_ttl != null">dns_ttl,</if>
+            <if test="dataMap.dns_answer != null">dns_answer,</if>
+            <if test="dataMap.dns_subdomains != null">dns_subdomains,</if>
+            <if test="dataMap.file_sha256 != null">file_sha256,</if>
+            <if test="dataMap.file_ssdeep != null">file_ssdeep,</if>
+            <if test="dataMap.victim_country_code != null">victim_country_code,</if>
+            <if test="dataMap.http_xff_ip != null">http_xff_ip,</if>
+            <if test="dataMap.tc_miguan_class != null">tc_miguan_class,</if>
+            <if test="dataMap.pid != null">pid,</if>
+            <if test="dataMap.ppid != null">ppid,</if>
+            <if test="dataMap.process_name != null">process_name,</if>
+            <if test="dataMap.backdoor_type != null">backdoor_type,</if>
+            <if test="dataMap.tty != null">tty,</if>
+            <if test="dataMap.sudo_user != null">sudo_user,</if>
+            <if test="dataMap.sudo_group != null">sudo_group,</if>
+            <if test="dataMap.origin_event_type != null">origin_event_type,</if>
+            <if test="dataMap.dest_domain != null">dest_domain,</if>
+            <if test="dataMap.shell_cmdline != null">shell_cmdline,</if>
+            <if test="dataMap.parent_cmdline != null">parent_cmdline,</if>
+            <if test="dataMap.attack_chain != null">attack_chain,</if>
+            <if test="dataMap.process_tree != null">process_tree,</if>
+            <if test="dataMap.host_file_sha256 != null">host_file_sha256,</if>
+            <if test="dataMap.host_file_md5 != null">host_file_md5,</if>
+            <if test="dataMap.host_file_size != null">host_file_size,</if>
+            <if test="dataMap.host_file_type != null">host_file_type,</if>
+            <if test="dataMap.dest_country != null">dest_country,</if>
+            <if test="dataMap.dest_country_code != null">dest_country_code,</if>
+            <if test="dataMap.log_origin != null">log_origin,</if>
+            <if test="dataMap.dest_region != null">dest_region,</if>
+            <if test="dataMap.src_lat != null">src_lat,</if>
+            <if test="dataMap.dest_region_code != null">dest_region_code,</if>
+            <if test="dataMap.dest_city != null">dest_city,</if>
+            <if test="dataMap.dest_lon != null">dest_lon,</if>
+            <if test="dataMap.dest_lat != null">dest_lat,</if>
+            <if test="dataMap.event_category != null">event_category,</if>
+            <if test="dataMap.attack_result != null">attack_result,</if>
+            <if test="dataMap.probe_ip != null">probe_ip,</if>
+            <if test="dataMap.device_ip != null">device_ip,</if>
+            <if test="dataMap.device_manufacturer != null">device_manufacturer,</if>
+            <if test="dataMap.device_name != null">device_name,</if>
+            <if test="dataMap.product_name != null">product_name,</if>
+            <if test="dataMap.__id != null">__id,</if>
+            <if test="dataMap.__count != null">__count,</if>
+            <if test="dataMap.__count_reason != null">__count_reason,</if>
+            <if test="dataMap.event_type != null">event_type,</if>
+            <if test="dataMap.protocol != null">protocol,</if>
+            <if test="dataMap.shell_cmd != null">shell_cmd,</if>
+            <if test="dataMap.parent_name != null">parent_name,</if>
+            <if test="dataMap.host_file_path != null">host_file_path,</if>
+            <if test="dataMap.uid != null">uid,</if>
+            <if test="dataMap.fall != null">fall,</if>
+            <if test="dataMap.tc_miguan_server_ip != null">tc_miguan_server_ip,</if>
+            <if test="dataMap.dev_type != null">dev_type,</if>
+            <if test="dataMap.collect_method != null">collect_method,</if>
+            <if test="dataMap.field_cate_id != null">field_cate_id,</if>
+            <if test="dataMap.device_type != null">device_type,</if>
+            <if test="dataMap.tc_miguan_client_ip != null">tc_miguan_client_ip,</if>
+            <if test="dataMap.tc_miguan_name != null">tc_miguan_name,</if>
+            <if test="dataMap.origin_total_packages != null">origin_total_packages,</if>
+            <if test="dataMap.origin_total_bytes != null">origin_total_bytes,</if>
+            <if test="dataMap.origin_peak_packages_rate != null">origin_peak_packages_rate,</if>
+            <if test="dataMap.origin_peak_bytes_rate != null">origin_peak_bytes_rate,</if>
+            <if test="dataMap.origin_peak_flows_rate != null">origin_peak_flows_rate,</if>
+            <if test="dataMap.apt_orgname != null">apt_orgname,</if>
+            <if test="dataMap.apt_orgmsg != null">apt_orgmsg,</if>
+            <if test="dataMap.mail_message_id != null">mail_message_id,</if>
+            <if test="dataMap.mail_bcc != null">mail_bcc,</if>
+            <if test="dataMap.mail_size != null">mail_size,</if>
+            <if test="dataMap.mail_attach_hashcode != null">mail_attach_hashcode,</if>
+            <if test="dataMap.mail_url != null">mail_url,</if>
+            <if test="dataMap.mail_cc != null">mail_cc,</if>
+            <if test="dataMap.algorithm != null">algorithm,</if>
+            <if test="dataMap.miningpool_ip != null">miningpool_ip,</if>
+            <if test="dataMap.process_md5 != null">process_md5,</if>
+            <if test="dataMap.pprocess_md5 != null">pprocess_md5,</if>
+            <if test="dataMap.source_servername != null">source_servername,</if>
+            <if test="dataMap.origin_source_servername != null">origin_source_servername,</if>
+            <if test="dataMap.mail_filename != null">mail_filename,</if>
+            <if test="dataMap.dst_upload_appname != null">dst_upload_appname,</if>
+            <if test="dataMap.target_port != null">target_port,</if>
+            <if test="dataMap.gid != null">gid,</if>
+            <if test="dataMap.origin_uid != null">origin_uid,</if>
+            <if test="dataMap.origin_gid != null">origin_gid,</if>
+            <if test="dataMap.target_ports != null">target_ports,</if>
+            <if test="dataMap.tc_miguan_name1 != null">tc_miguan_name1,</if>
+            <if test="dataMap.tc_miguan_class1 != null">tc_miguan_class1,</if>
+            <if test="dataMap.etl_time != null">etl_time,</if>
+            <if test="dataMap.tc_miguan_scan_port2 != null">tc_miguan_scan_port2,</if>
+            <if test="dataMap.desip_security_scope != null">desip_security_scope,</if>
+            <if test="dataMap.srcip_security_scope != null">srcip_security_scope,</if>
+            <if test="dataMap.collect_time_ts != null">collect_time_ts,</if>
+            <if test="dataMap.tc_miguan_scan_port1 != null">tc_miguan_scan_port1,</if>
+            <if test="dataMap.src_dev_name != null">src_dev_name,</if>
+            <if test="dataMap.collect_protocol != null">collect_protocol,</if>
+            <if test="dataMap.destination_system_type != null">destination_system_type,</if>
+            <if test="dataMap.destination_system != null">destination_system,</if>
+            <if test="dataMap.etl_host != null">etl_host,</if>
+            <if test="dataMap.normalize_rule_id != null">normalize_rule_id,</if>
+            <if test="dataMap.normalize_rule_name != null">normalize_rule_name,</if>
+            <if test="dataMap.syslog_uuid != null">syslog_uuid,</if>
+            <if test="dataMap.syslog_topic != null">syslog_topic,</if>
+        </trim>
+        VALUES
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="dataMap.id != null">#{dataMap.id},</if>
+            <if test="dataMap.created_at != null">#{dataMap.created_at},</if>
+            <if test="dataMap.log_time != null">#{dataMap.log_time},</if>
+            <if test="dataMap.device_id != null">#{dataMap.device_id},</if>
+            <if test="dataMap.webshell_type != null">#{dataMap.webshell_type},</if>
+            <if test="dataMap.vuirs_type != null">#{dataMap.vuirs_type},</if>
+            <if test="dataMap.vuirs_url != null">#{dataMap.vuirs_url},</if>
+            <if test="dataMap.class_filename != null">#{dataMap.class_filename},</if>
+            <if test="dataMap.class_path != null">#{dataMap.class_path},</if>
+            <if test="dataMap.parent_class != null">#{dataMap.parent_class},</if>
+            <if test="dataMap.jar_path != null">#{dataMap.jar_path},</if>
+            <if test="dataMap.class_md5 != null">#{dataMap.class_md5},</if>
+            <if test="dataMap.class_loader != null">#{dataMap.class_loader},</if>
+            <if test="dataMap.class_hashcode != null">#{dataMap.class_hashcode},</if>
+            <if test="dataMap.class_loader_hashcode != null">#{dataMap.class_loader_hashcode},</if>
+            <if test="dataMap.tc_nameip != null">#{dataMap.tc_nameip},</if>
+            <if test="dataMap.perform_sql != null">#{dataMap.perform_sql},</if>
+            <if test="dataMap.tc_account != null">#{dataMap.tc_account},</if>
+            <if test="dataMap.tc_appname != null">#{dataMap.tc_appname},</if>
+            <if test="dataMap.process_uname != null">#{dataMap.process_uname},</if>
+            <if test="dataMap.p_process_uname != null">#{dataMap.p_process_uname},</if>
+            <if test="dataMap.container_name != null">#{dataMap.container_name},</if>
+            <if test="dataMap.container_id != null">#{dataMap.container_id},</if>
+            <if test="dataMap.http_resp_server != null">#{dataMap.http_resp_server},</if>
+            <if test="dataMap.srcip_id != null">#{dataMap.srcip_id}::int8,</if>
+            <if test="dataMap.cdnip != null">#{dataMap.cdnip}::inet,</if>
+            <if test="dataMap.natip != null">#{dataMap.natip}::inet,</if>
+            <if test="dataMap.mail_sender != null">#{dataMap.mail_sender},</if>
+            <if test="dataMap.mail_receiver != null">#{dataMap.mail_receiver},</if>
+            <if test="dataMap.vpn_mac != null">#{dataMap.vpn_mac},</if>
+            <if test="dataMap.vpn_os != null">#{dataMap.vpn_os},</if>
+            <if test="dataMap.vpn_user != null">#{dataMap.vpn_user},</if>
+            <if test="dataMap.vpn_groupname != null">#{dataMap.vpn_groupname},</if>
+            <if test="dataMap.vpn_access_ip != null">#{dataMap.vpn_access_ip},</if>
+            <if test="dataMap.dest_ip_apt != null">#{dataMap.dest_ip_apt},</if>
+            <if test="dataMap.origin_attack_result != null">#{dataMap.origin_attack_result},</if>
+            <if test="dataMap.description != null">#{dataMap.description},</if>
+            <if test="dataMap.solution != null">#{dataMap.solution},</if>
+            <if test="dataMap.attack_cause != null">#{dataMap.attack_cause},</if>
+            <if test="dataMap.username != null">#{dataMap.username},</if>
+            <if test="dataMap.tc_flow_id != null">#{dataMap.tc_flow_id},</if>
+            <if test="dataMap.login_result != null">#{dataMap.login_result},</if>
+            <if test="dataMap.cmdline != null">#{dataMap.cmdline},</if>
+            <if test="dataMap.origin_attack_action != null">#{dataMap.origin_attack_action},</if>
+            <if test="dataMap.victim_domain != null">#{dataMap.victim_domain},</if>
+            <if test="dataMap.vpn_deviceid != null">#{dataMap.vpn_deviceid},</if>
+            <if test="dataMap.vpn_access_action != null">#{dataMap.vpn_access_action},</if>
+            <if test="dataMap.file_access_time != null">#{dataMap.file_access_time},</if>
+            <if test="dataMap.file_name != null">#{dataMap.file_name},</if>
+            <if test="dataMap.tc_class != null">#{dataMap.tc_class},</if>
+            <if test="dataMap.tc_name2 != null">#{dataMap.tc_name2},</if>
+            <if test="dataMap.login_lasttime != null">#{dataMap.login_lasttime},</if>
+            <if test="dataMap.origin_permissions != null">#{dataMap.origin_permissions},</if>
+            <if test="dataMap.begin_permissions != null">#{dataMap.begin_permissions},</if>
+            <if test="dataMap.print_time != null">#{dataMap.print_time},</if>
+            <if test="dataMap.printer != null">#{dataMap.printer},</if>
+            <if test="dataMap.printer_type != null">#{dataMap.printer_type},</if>
+            <if test="dataMap.print_pages != null">#{dataMap.print_pages}::int8,</if>
+            <if test="dataMap.print_copies != null">#{dataMap.print_copies}::int8,</if>
+            <if test="dataMap.src_device != null">#{dataMap.src_device},</if>
+            <if test="dataMap.dst_device != null">#{dataMap.dst_device},</if>
+            <if test="dataMap.src_file != null">#{dataMap.src_file},</if>
+            <if test="dataMap.src_file_type != null">#{dataMap.src_file_type},</if>
+            <if test="dataMap.src_file_path != null">#{dataMap.src_file_path},</if>
+            <if test="dataMap.dst_file != null">#{dataMap.dst_file},</if>
+            <if test="dataMap.dst_file_type != null">#{dataMap.dst_file_type},</if>
+            <if test="dataMap.dst_file_path != null">#{dataMap.dst_file_path},</if>
+            <if test="dataMap.dlp_policy_name != null">#{dataMap.dlp_policy_name},</if>
+            <if test="dataMap.dlp_policy_type != null">#{dataMap.dlp_policy_type},</if>
+            <if test="dataMap.dst_upload_url != null">#{dataMap.dst_upload_url},</if>
+            <if test="dataMap.process_uuid != null">#{dataMap.process_uuid},</if>
+            <if test="dataMap.p_process_uuid != null">#{dataMap.p_process_uuid},</if>
+            <if test="dataMap.env != null">#{dataMap.env},</if>
+            <if test="dataMap.brute_force_service != null">#{dataMap.brute_force_service},</if>
+            <if test="dataMap.vuirs_name != null">#{dataMap.vuirs_name},</if>
+            <if test="dataMap.http_req_length != null">#{dataMap.http_req_length}::int8,</if>
+            <if test="dataMap.http_req_content_type != null">#{dataMap.http_req_content_type},</if>
+            <if test="dataMap.tc_scan_port != null">#{dataMap.tc_scan_port}::inet,</if>
+            <if test="dataMap.tc_labels != null">#{dataMap.tc_labels}::inet,</if>
+            <if test="dataMap.http_resp_content_type != null">#{dataMap.http_resp_content_type},</if>
+            <if test="dataMap.dns_msg_type != null">#{dataMap.dns_msg_type},</if>
+            <if test="dataMap.dns_answer_length != null">#{dataMap.dns_answer_length},</if>
+            <if test="dataMap.dns_ioc != null">#{dataMap.dns_ioc},</if>
+            <if test="dataMap.tx_bytes != null">#{dataMap.tx_bytes}::double precision,</if>
+            <if test="dataMap.rx_bytes != null">#{dataMap.rx_bytes}::double precision,</if>
+            <if test="dataMap.all_bytes != null">#{dataMap.all_bytes}::double precision,</if>
+            <if test="dataMap.duration_time != null">#{dataMap.duration_time}::int8,</if>
+            <if test="dataMap.mail_attach_name != null">#{dataMap.mail_attach_name},</if>
+            <if test="dataMap.mail_subject != null">#{dataMap.mail_subject},</if>
+            <if test="dataMap.mail_message != null">#{dataMap.mail_message},</if>
+            <if test="dataMap.mail_send_server != null">#{dataMap.mail_send_server},</if>
+            <if test="dataMap.mail_agent != null">#{dataMap.mail_agent},</if>
+            <if test="dataMap.tls_version != null">#{dataMap.tls_version},</if>
+            <if test="dataMap.tls_server_cert != null">#{dataMap.tls_server_cert},</if>
+            <if test="dataMap.tls_server_suite != null">#{dataMap.tls_server_suite},</if>
+            <if test="dataMap.tls_client_suites_len != null">#{dataMap.tls_client_suites_len},</if>
+            <if test="dataMap.tls_ja3 != null">#{dataMap.tls_ja3},</if>
+            <if test="dataMap.tls_ja3s != null">#{dataMap.tls_ja3s},</if>
+            <if test="dataMap.vpn_access_port != null">#{dataMap.vpn_access_port},</if>
+            <if test="dataMap.log_topic != null">#{dataMap.log_topic},</if>
+            <if test="dataMap.collect_time != null">#{dataMap.collect_time},</if>
+            <if test="dataMap.src_is_intranetip != null">#{dataMap.src_is_intranetip},</if>
+            <if test="dataMap.src_ip_ioc != null">#{dataMap.src_ip_ioc},</if>
+            <if test="dataMap.src_ip_apt != null">#{dataMap.src_ip_apt},</if>
+            <if test="dataMap.srcip_name != null">#{dataMap.srcip_name},</if>
+            <if test="dataMap.tc_client != null">#{dataMap.tc_client},</if>
+            <if test="dataMap.srcip_organization_id != null">#{dataMap.srcip_organization_id}::int8,</if>
+            <if test="dataMap.dest_ip_intranetip != null">#{dataMap.dest_ip_intranetip},</if>
+            <if test="dataMap.dest_ip_ioc != null">#{dataMap.dest_ip_ioc},</if>
+            <if test="dataMap.desip_id != null">#{dataMap.desip_id}::int8,</if>
+            <if test="dataMap.desip_name != null">#{dataMap.desip_name},</if>
+            <if test="dataMap.tc_hostip != null">#{dataMap.tc_hostip}::inet,</if>
+            <if test="dataMap.desip_organization_id != null">#{dataMap.desip_organization_id}::int8,</if>
+            <if test="dataMap.origin_confidence != null">#{dataMap.origin_confidence},</if>
+            <if test="dataMap.origin_malscore != null">#{dataMap.origin_malscore},</if>
+            <if test="dataMap.attacker_icampaign != null">#{dataMap.attacker_icampaign},</if>
+            <if test="dataMap.attacker_host_asset_id != null">#{dataMap.attacker_host_asset_id}::int8,</if>
+            <if test="dataMap.attacker_organization_id != null">#{dataMap.attacker_organization_id}::int8,</if>
+            <if test="dataMap.victim_host_asset_id != null">#{dataMap.victim_host_asset_id}::int8,</if>
+            <if test="dataMap.victim_organization_id != null">#{dataMap.victim_organization_id}::int8,</if>
+            <if test="dataMap.logout_time != null">#{dataMap.logout_time},</if>
+            <if test="dataMap.http_req_line != null">#{dataMap.http_req_line},</if>
+            <if test="dataMap.desip_security_scope_id != null">#{dataMap.desip_security_scope_id},</if>
+            <if test="dataMap.srcip_security_scope_id != null">#{dataMap.srcip_security_scope_id},</if>
+            <if test="dataMap.http_resp_length != null">#{dataMap.http_resp_length}::int8,</if>
+            <if test="dataMap.tc_attack_type != null">#{dataMap.tc_attack_type},</if>
+            <if test="dataMap.tc_realip != null">#{dataMap.tc_realip}::inet,</if>
+            <if test="dataMap.attacker_ip_lists != null">#{dataMap.attacker_ip_lists},</if>
+            <if test="dataMap.login_password != null">#{dataMap.login_password},</if>
+            <if test="dataMap.detail != null">#{dataMap.detail},</if>
+            <if test="dataMap.attacker_country_code != null">#{dataMap.attacker_country_code},</if>
+            <if test="dataMap.attacker_region_code != null">#{dataMap.attacker_region_code},</if>
+            <if test="dataMap.victim_region_code != null">#{dataMap.victim_region_code},</if>
+            <if test="dataMap.payload != null">#{dataMap.payload},</if>
+            <if test="dataMap.http_referer != null">#{dataMap.http_referer},</if>
+            <if test="dataMap.http_user_agent != null">#{dataMap.http_user_agent},</if>
+            <if test="dataMap.http_session != null">#{dataMap.http_session},</if>
+            <if test="dataMap.http_query_string != null">#{dataMap.http_query_string},</if>
+            <if test="dataMap.file_path != null">#{dataMap.file_path},</if>
+            <if test="dataMap.file_permission != null">#{dataMap.file_permission},</if>
+            <if test="dataMap.login_abnormal_type != null">#{dataMap.login_abnormal_type},</if>
+            <if test="dataMap.file_tag != null">#{dataMap.file_tag},</if>
+            <if test="dataMap.file_platform != null">#{dataMap.file_platform},</if>
+            <if test="dataMap.target_ip != null">#{dataMap.target_ip}::inet,</if>
+            <if test="dataMap.collect_date != null">#{dataMap.collect_date},</if>
+            <if test="dataMap.tc_client_ip != null">#{dataMap.tc_client_ip}::inet,</if>
+            <if test="dataMap.tc_server_ip != null">#{dataMap.tc_server_ip}::inet,</if>
+            <if test="dataMap.tc_externalip != null">#{dataMap.tc_externalip}::inet,</if>
+            <if test="dataMap.http_status_code != null">#{dataMap.http_status_code}::int8,</if>
+            <if test="dataMap.device_domian != null">#{dataMap.device_domian},</if>
+            <if test="dataMap.src_ip_str != null">#{dataMap.src_ip_str},</if>
+            <if test="dataMap.src_port_str != null">#{dataMap.src_port_str},</if>
+            <if test="dataMap.dest_ip_str != null">  #{dataMap.dest_ip_str} ,</if>
+            <if test="dataMap.dest_port_str != null">CAST(#{dataMap.dest_port_str} AS text),</if>
+            <if test="dataMap.pcap != null">#{dataMap.pcap},</if>
+            <if test="dataMap.ioc != null">#{dataMap.ioc},</if>
+            <if test="dataMap.malicious_family != null">#{dataMap.malicious_family},</if>
+            <if test="dataMap.vuln_cve != null">#{dataMap.vuln_cve},</if>
+            <if test="dataMap.aliyun_type != null">#{dataMap.aliyun_type},</if>
+            <if test="dataMap.attacker_host_asset_name != null">#{dataMap.attacker_host_asset_name},</if>
+            <if test="dataMap.attacker_organization_name != null">#{dataMap.attacker_organization_name},</if>
+            <if test="dataMap.ct_id != null">#{dataMap.ct_id},</if>
+            <if test="dataMap.cve_list != null">#{dataMap.cve_list},</if>
+            <if test="dataMap.desip_organization_name != null">#{dataMap.desip_organization_name},</if>
+            <if test="dataMap.dest_ip_group != null">#{dataMap.dest_ip_group},</if>
+            <if test="dataMap.file_gid != null">#{dataMap.file_gid},</if>
+            <if test="dataMap.file_owner != null">#{dataMap.file_owner},</if>
+            <if test="dataMap.file_ownergroup != null">#{dataMap.file_ownergroup},</if>
+            <if test="dataMap.file_uid != null">#{dataMap.file_uid},</if>
+            <if test="dataMap.http_resp_cookie != null">#{dataMap.http_resp_cookie},</if>
+            <if test="dataMap.origin_rule_id != null">#{dataMap.origin_rule_id},</if>
+            <if test="dataMap.origin_rule_name != null">#{dataMap.origin_rule_name},</if>
+            <if test="dataMap.service_name != null">#{dataMap.service_name},</if>
+            <if test="dataMap.src_ip_asset_group != null">#{dataMap.src_ip_asset_group},</if>
+            <if test="dataMap.srcip_organization_name != null">#{dataMap.srcip_organization_name},</if>
+            <if test="dataMap.victim_host_asset_name != null">#{dataMap.victim_host_asset_name},</if>
+            <if test="dataMap.http_resp_codes != null">#{dataMap.http_resp_codes}::bigint,</if>
+            <if test="dataMap.victim_organization_name != null">#{dataMap.victim_organization_name},</if>
+            <if test="dataMap.tc_type != null">#{dataMap.tc_type},</if>
+            <if test="dataMap.direction != null">#{dataMap.direction},</if>
+            <if test="dataMap.http_req_cookie != null">#{dataMap.http_req_cookie},</if>
+            <if test="dataMap.http_req_protocol != null">#{dataMap.http_req_protocol},</if>
+            <if test="dataMap.http_req_header_raw != null">#{dataMap.http_req_header_raw},</if>
+            <if test="dataMap.http_url != null">#{dataMap.http_url},</if>
+            <if test="dataMap.uname != null">#{dataMap.uname},</if>
+            <if test="dataMap.origin_hostname != null">#{dataMap.origin_hostname},</if>
+            <if test="dataMap.origin_os != null">#{dataMap.origin_os},</if>
+            <if test="dataMap.origin_agent_mac != null">#{dataMap.origin_agent_mac},</if>
+            <if test="dataMap.origin_host_id != null">#{dataMap.origin_host_id},</if>
+            <if test="dataMap.origin_agent_version != null">#{dataMap.origin_agent_version},</if>
+            <if test="dataMap.origin_agent_id != null">#{dataMap.origin_agent_id},</if>
+            <if test="dataMap.origin_agent_name != null">#{dataMap.origin_agent_name},</if>
+            <if test="dataMap.origin_work_group != null">#{dataMap.origin_work_group},</if>
+            <if test="dataMap.origin_asset_group != null">#{dataMap.origin_asset_group},</if>
+            <if test="dataMap.origin_local_port != null">#{dataMap.origin_local_port}::int8,</if>
+            <if test="dataMap.origin_agent_ip != null">#{dataMap.origin_agent_ip}::inet,</if>
+            <if test="dataMap.origin_internal_ip != null">#{dataMap.origin_internal_ip}::inet,</if>
+            <if test="dataMap.origin_external_ip != null">#{dataMap.origin_external_ip}::inet,</if>
+            <if test="dataMap.origin_local_addr != null">#{dataMap.origin_local_addr}::inet,</if>
+            <if test="dataMap.agent_id != null">#{dataMap.agent_id}::int8,</if>
+            <if test="dataMap.agent_name != null">#{dataMap.agent_name},</if>
+            <if test="dataMap.tc_title != null">#{dataMap.tc_title},</if>
+            <if test="dataMap.log_id != null">#{dataMap.log_id},</if>
+            <if test="dataMap.event_date != null">#{dataMap.event_date},</if>
+            <if test="dataMap.event_time_ts != null">#{dataMap.event_time_ts},</if>
+            <if test="dataMap.event_level != null">#{dataMap.event_level}::int ,</if>
+            <if test="dataMap.src_ip != null">#{dataMap.src_ip}::inet,</if>
+            <if test="dataMap.src_port != null">#{dataMap.src_port}::BIGINT ,</if>
+            <if test="dataMap.dest_ip != null">#{dataMap.dest_ip}::inet,</if>
+            <if test="dataMap.dest_port != null">#{dataMap.dest_port}::BIGINT,</if>
+            <if test="dataMap.event_time != null">#{dataMap.event_time},</if>
+            <if test="dataMap.attacker_country != null">#{dataMap.attacker_country},</if>
+            <if test="dataMap.src_mac != null">#{dataMap.src_mac},</if>
+            <if test="dataMap.dest_mac != null">#{dataMap.dest_mac},</if>
+            <if test="dataMap.proto != null">#{dataMap.proto},</if>
+            <if test="dataMap.dev_id != null">#{dataMap.dev_id}::int8,</if>
+            <if test="dataMap.created_time != null">#{dataMap.created_time},</if>
+            <if test="dataMap.src_country != null">#{dataMap.src_country},</if>
+            <if test="dataMap.src_country_code != null">#{dataMap.src_country_code},</if>
+            <if test="dataMap.src_region != null">#{dataMap.src_region},</if>
+            <if test="dataMap.src_region_code != null">#{dataMap.src_region_code},</if>
+            <if test="dataMap.src_city != null">#{dataMap.src_city},</if>
+            <if test="dataMap.src_lon != null">#{dataMap.src_lon},</if>
+            <if test="dataMap.http_method != null">#{dataMap.http_method},</if>
+            <if test="dataMap.http_host != null">#{dataMap.http_host},</if>
+            <if test="dataMap.http_req_header != null">#{dataMap.http_req_header},</if>
+            <if test="dataMap.http_req_body != null">#{dataMap.http_req_body},</if>
+            <if test="dataMap.http_resp_header != null">#{dataMap.http_resp_header},</if>
+            <if test="dataMap.http_resp_body != null">#{dataMap.http_resp_body},</if>
+            <if test="dataMap.file_type != null">#{dataMap.file_type},</if>
+            <if test="dataMap.file_md5 != null">#{dataMap.file_md5},</if>
+            <if test="dataMap.file_size != null">#{dataMap.file_size},</if>
+            <if test="dataMap.process != null">#{dataMap.process},</if>
+            <if test="dataMap.start_time != null">#{dataMap.start_time},</if>
+            <if test="dataMap.action != null">#{dataMap.action},</if>
+            <if test="dataMap.attacker_region != null">#{dataMap.attacker_region},</if>
+            <if test="dataMap.end_time != null">#{dataMap.end_time},</if>
+            <if test="dataMap.file_created_time != null">#{dataMap.file_created_time},</if>
+            <if test="dataMap.file_modified_time != null">#{dataMap.file_modified_time},</if>
+            <if test="dataMap.tc_miguan_scan_port != null">#{dataMap.tc_miguan_scan_port}::inet,</if>
+            <if test="dataMap.process_path != null">#{dataMap.process_path},</if>
+            <if test="dataMap.parent_process_path != null">#{dataMap.parent_process_path},</if>
+            <if test="dataMap.gname != null">#{dataMap.gname},</if>
+            <if test="dataMap.exe_name != null">#{dataMap.exe_name},</if>
+            <if test="dataMap.exe_path != null">#{dataMap.exe_path},</if>
+            <if test="dataMap.login_time != null">#{dataMap.login_time},</if>
+            <if test="dataMap.login_times != null">#{dataMap.login_times}::int8,</if>
+            <if test="dataMap.check_item != null">#{dataMap.check_item},</if>
+            <if test="dataMap.check_type != null">#{dataMap.check_type},</if>
+            <if test="dataMap.attacker_ip != null">#{dataMap.attacker_ip}::inet,</if>
+            <if test="dataMap.attacker_port != null">#{dataMap.attacker_port}::int8,</if>
+            <if test="dataMap.victim_ip != null">#{dataMap.victim_ip}::inet,</if>
+            <if test="dataMap.victim_port != null">#{dataMap.victim_port}::int8,</if>
+            <if test="dataMap.attacker_city != null">#{dataMap.attacker_city},</if>
+            <if test="dataMap.attacker_lon != null">#{dataMap.attacker_lon},</if>
+            <if test="dataMap.attacker_lat != null">#{dataMap.attacker_lat},</if>
+            <if test="dataMap.victim_country != null">#{dataMap.victim_country},</if>
+            <if test="dataMap.victim_region != null">#{dataMap.victim_region},</if>
+            <if test="dataMap.victim_city != null">#{dataMap.victim_city},</if>
+            <if test="dataMap.victim_lon != null">#{dataMap.victim_lon},</if>
+            <if test="dataMap.victim_lat != null">#{dataMap.victim_lat},</if>
+            <if test="dataMap.origin_event_id != null">#{dataMap.origin_event_id},</if>
+            <if test="dataMap.origin_event_name != null">#{dataMap.origin_event_name},</if>
+            <if test="dataMap.origin_event_category != null">#{dataMap.origin_event_category},</if>
+            <if test="dataMap.origin_event_level != null">#{dataMap.origin_event_level},</if>
+            <if test="dataMap.origin_attack_chain != null">#{dataMap.origin_attack_chain},</if>
+            <if test="dataMap.engine_type != null">#{dataMap.engine_type},</if>
+            <if test="dataMap.evil_payload != null">#{dataMap.evil_payload},</if>
+            <if test="dataMap.http_resp_status != null">#{dataMap.http_resp_status},</if>
+            <if test="dataMap.dns_query != null">#{dataMap.dns_query},</if>
+            <if test="dataMap.dns_query_type != null">#{dataMap.dns_query_type},</if>
+            <if test="dataMap.dns_ttl != null">#{dataMap.dns_ttl},</if>
+            <if test="dataMap.dns_answer != null">#{dataMap.dns_answer},</if>
+            <if test="dataMap.dns_subdomains != null">#{dataMap.dns_subdomains},</if>
+            <if test="dataMap.file_sha256 != null">#{dataMap.file_sha256},</if>
+            <if test="dataMap.file_ssdeep != null">#{dataMap.file_ssdeep},</if>
+            <if test="dataMap.victim_country_code != null">#{dataMap.victim_country_code},</if>
+            <if test="dataMap.http_xff_ip != null">#{dataMap.http_xff_ip},</if>
+            <if test="dataMap.tc_miguan_class != null">#{dataMap.tc_miguan_class}::inet,</if>
+            <if test="dataMap.pid != null">#{dataMap.pid},</if>
+            <if test="dataMap.ppid != null">#{dataMap.ppid},</if>
+            <if test="dataMap.process_name != null">#{dataMap.process_name},</if>
+            <if test="dataMap.backdoor_type != null">#{dataMap.backdoor_type},</if>
+            <if test="dataMap.tty != null">#{dataMap.tty},</if>
+            <if test="dataMap.sudo_user != null">#{dataMap.sudo_user},</if>
+            <if test="dataMap.sudo_group != null">#{dataMap.sudo_group},</if>
+            <if test="dataMap.origin_event_type != null">#{dataMap.origin_event_type},</if>
+            <if test="dataMap.dest_domain != null">#{dataMap.dest_domain},</if>
+            <if test="dataMap.shell_cmdline != null">#{dataMap.shell_cmdline},</if>
+            <if test="dataMap.parent_cmdline != null">#{dataMap.parent_cmdline},</if>
+            <if test="dataMap.attack_chain != null">#{dataMap.attack_chain},</if>
+            <if test="dataMap.process_tree != null">#{dataMap.process_tree},</if>
+            <if test="dataMap.host_file_sha256 != null">#{dataMap.host_file_sha256},</if>
+            <if test="dataMap.host_file_md5 != null">#{dataMap.host_file_md5},</if>
+            <if test="dataMap.host_file_size != null">#{dataMap.host_file_size},</if>
+            <if test="dataMap.host_file_type != null">#{dataMap.host_file_type},</if>
+            <if test="dataMap.dest_country != null">#{dataMap.dest_country},</if>
+            <if test="dataMap.dest_country_code != null">#{dataMap.dest_country_code},</if>
+            <if test="dataMap.log_origin != null">#{dataMap.log_origin},</if>
+            <if test="dataMap.dest_region != null">#{dataMap.dest_region},</if>
+            <if test="dataMap.src_lat != null">#{dataMap.src_lat},</if>
+            <if test="dataMap.dest_region_code != null">#{dataMap.dest_region_code},</if>
+            <if test="dataMap.dest_city != null">#{dataMap.dest_city},</if>
+            <if test="dataMap.dest_lon != null">#{dataMap.dest_lon},</if>
+            <if test="dataMap.dest_lat != null">#{dataMap.dest_lat},</if>
+            <if test="dataMap.event_category != null">#{dataMap.event_category}::int4,</if>
+            <if test="dataMap.attack_result != null">#{dataMap.attack_result}::int4,</if>
+            <if test="dataMap.probe_ip != null">#{dataMap.probe_ip}::inet,</if>
+            <if test="dataMap.device_ip != null">#{dataMap.device_ip}::inet,</if>
+            <if test="dataMap.device_manufacturer != null">#{dataMap.device_manufacturer},</if>
+            <if test="dataMap.device_name != null">#{dataMap.device_name},</if>
+            <if test="dataMap.product_name != null">#{dataMap.product_name},</if>
+            <if test="dataMap.__id != null">#{dataMap.__id},</if>
+            <if test="dataMap.__count != null">#{dataMap.__count}::int8,</if>
+            <if test="dataMap.__count_reason != null">#{dataMap.__count_reason},</if>
+            <if test="dataMap.event_type != null">#{dataMap.event_type}::int,</if>
+            <if test="dataMap.protocol != null">#{dataMap.protocol},</if>
+            <if test="dataMap.shell_cmd != null">#{dataMap.shell_cmd},</if>
+            <if test="dataMap.parent_name != null">#{dataMap.parent_name},</if>
+            <if test="dataMap.host_file_path != null">#{dataMap.host_file_path},</if>
+            <if test="dataMap.uid != null">#{dataMap.uid},</if>
+            <if test="dataMap.fall != null">#{dataMap.fall}::int4,</if>
+            <if test="dataMap.tc_miguan_server_ip != null">#{dataMap.tc_miguan_server_ip}::inet,</if>
+            <if test="dataMap.dev_type != null">#{dataMap.dev_type}::int4,</if>
+            <if test="dataMap.collect_method != null">#{dataMap.collect_method}::int4,</if>
+            <if test="dataMap.field_cate_id != null">#{dataMap.field_cate_id}::int4,</if>
+            <if test="dataMap.device_type != null">#{dataMap.device_type}::int4,</if>
+            <if test="dataMap.tc_miguan_client_ip != null">#{dataMap.tc_miguan_client_ip}::inet,</if>
+            <if test="dataMap.tc_miguan_name != null">#{dataMap.tc_miguan_name}::inet,</if>
+            <if test="dataMap.origin_total_packages != null">#{dataMap.origin_total_packages}::int8,</if>
+            <if test="dataMap.origin_total_bytes != null">#{dataMap.origin_total_bytes}::int8,</if>
+            <if test="dataMap.origin_peak_packages_rate != null">#{dataMap.origin_peak_packages_rate}::int8,</if>
+            <if test="dataMap.origin_peak_bytes_rate != null">#{dataMap.origin_peak_bytes_rate}::int8,</if>
+            <if test="dataMap.origin_peak_flows_rate != null">#{dataMap.origin_peak_flows_rate}::int8,</if>
+            <if test="dataMap.apt_orgname != null">#{dataMap.apt_orgname},</if>
+            <if test="dataMap.apt_orgmsg != null">#{dataMap.apt_orgmsg},</if>
+            <if test="dataMap.mail_message_id != null">#{dataMap.mail_message_id},</if>
+            <if test="dataMap.mail_bcc != null">#{dataMap.mail_bcc},</if>
+            <if test="dataMap.mail_size != null">#{dataMap.mail_size},</if>
+            <if test="dataMap.mail_attach_hashcode != null">#{dataMap.mail_attach_hashcode},</if>
+            <if test="dataMap.mail_url != null">#{dataMap.mail_url},</if>
+            <if test="dataMap.mail_cc != null">#{dataMap.mail_cc},</if>
+            <if test="dataMap.algorithm != null">#{dataMap.algorithm},</if>
+            <if test="dataMap.miningpool_ip != null">#{dataMap.miningpool_ip}::inet,</if>
+            <if test="dataMap.process_md5 != null">#{dataMap.process_md5},</if>
+            <if test="dataMap.pprocess_md5 != null">#{dataMap.pprocess_md5},</if>
+            <if test="dataMap.source_servername != null">#{dataMap.source_servername},</if>
+            <if test="dataMap.origin_source_servername != null">#{dataMap.origin_source_servername},</if>
+            <if test="dataMap.mail_filename != null">#{dataMap.mail_filename},</if>
+            <if test="dataMap.dst_upload_appname != null">#{dataMap.dst_upload_appname},</if>
+            <if test="dataMap.target_port != null">#{dataMap.target_port}::int8,</if>
+            <if test="dataMap.gid != null">#{dataMap.gid},</if>
+            <if test="dataMap.origin_uid != null">#{dataMap.origin_uid},</if>
+            <if test="dataMap.origin_gid != null">#{dataMap.origin_gid},</if>
+            <if test="dataMap.target_ports != null">#{dataMap.target_ports}::int8,</if>
+            <if test="dataMap.tc_miguan_name1 != null">#{dataMap.tc_miguan_name1},</if>
+            <if test="dataMap.tc_miguan_class1 != null">#{dataMap.tc_miguan_class1},</if>
+            <if test="dataMap.etl_time != null">#{dataMap.etl_time},</if>
+            <if test="dataMap.tc_miguan_scan_port2 != null">#{dataMap.tc_miguan_scan_port2},</if>
+            <if test="dataMap.desip_security_scope != null">#{dataMap.desip_security_scope},</if>
+            <if test="dataMap.srcip_security_scope != null">#{dataMap.srcip_security_scope},</if>
+            <if test="dataMap.collect_time_ts != null">#{dataMap.collect_time_ts},</if>
+            <if test="dataMap.tc_miguan_scan_port1 != null">#{dataMap.tc_miguan_scan_port1}::inet,</if>
+            <if test="dataMap.src_dev_name != null">#{dataMap.src_dev_name},</if>
+            <if test="dataMap.collect_protocol != null">#{dataMap.collect_protocol},</if>
+            <if test="dataMap.destination_system_type != null">#{dataMap.destination_system_type},</if>
+            <if test="dataMap.destination_system != null">#{dataMap.destination_system},</if>
+            <if test="dataMap.etl_host != null">#{dataMap.etl_host},</if>
+            <if test="dataMap.normalize_rule_id != null">#{dataMap.normalize_rule_id},</if>
+            <if test="dataMap.normalize_rule_name != null">#{dataMap.normalize_rule_name},</if>
+            <if test="dataMap.syslog_uuid != null">#{dataMap.syslog_uuid},</if>
+            <if test="dataMap.syslog_topic != null">#{dataMap.syslog_topic},</if>
+        </trim>
+    </insert>
+    <!-- 使用实体类插入 -->
+    <insert id="insertByEntity" parameterType="com.common.entity.SyslogNormalData">
+        INSERT INTO syslog_normal_alarm
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="id != null">id,</if>
+            <if test="createdAt != null">created_at,</if>
+            <if test="logTime != null">log_time,</if>
+            <if test="deviceId != null">device_id,</if>
+            <!-- 其他字段类似，按照驼峰命名法 -->
+        </trim>
+        VALUES
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="id != null">#{id},</if>
+            <if test="createdAt != null">#{createdAt},</if>
+            <if test="logTime != null">#{logTime},</if>
+            <if test="deviceId != null">#{deviceId},</if>
+            <!-- 其他字段类似 -->
+        </trim>
+    </insert>
+
+    <!-- 批量插入 -->
+    <insert id="batchInsert" parameterType="map">
+        INSERT INTO syslog_normal_alarm
+        (id, log_time, src_ip, dest_ip, event_level)
+        VALUES
+        <foreach collection="dataList" item="item" separator=",">
+            (#{item.id}, #{item.log_time}, #{item.src_ip}, #{item.dest_ip}, #{item.event_level})
+        </foreach>
+    </insert>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/SyslogNormalDataMapper.xml

@@ -0,0 +1,925 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.SyslogNormalDataMapper">
+    <!-- 定义部分字段的结果映射 -->
+    <resultMap id="requiredFieldsMap" type="com.common.entity.SyslogNormalData">
+        <!-- 基础字段 -->
+        <id property="id" column="id" jdbcType="VARCHAR"/>
+        <result property="createdAt" column="created_at"
+                typeHandler="com.Modules.etl.handler.TimestamptzTypeHandler"/>
+        <result property="logTime" column="log_time"
+                typeHandler="com.Modules.etl.handler.TimestamptzTypeHandler"/>
+
+        <!-- 构建请求体所需的字段 -->
+        <result property="deviceIp" column="device_ip" jdbcType="VARCHAR"/>
+        <result property="destIp" column="dest_ip" jdbcType="VARCHAR"/>
+        <result property="destPort" column="dest_port" jdbcType="BIGINT"/>
+        <result property="destMac" column="dest_mac" jdbcType="VARCHAR"/>
+        <result property="srcIp" column="src_ip" jdbcType="VARCHAR"/>
+        <result property="srcPort" column="src_port" jdbcType="BIGINT"/>
+        <result property="srcMac" column="src_mac" jdbcType="VARCHAR"/>
+        <result property="hostFilePath" column="host_file_path" jdbcType="VARCHAR"/>
+        <result property="fileMd5" column="file_md5" jdbcType="VARCHAR"/>
+        <result property="fileName" column="file_name" jdbcType="VARCHAR"/>
+        <result property="destCity" column="dest_city" jdbcType="VARCHAR"/>
+        <result property="destCountry" column="dest_country" jdbcType="VARCHAR"/>
+        <result property="destLat" column="dest_lat" jdbcType="VARCHAR"/>
+        <result property="destLon" column="dest_lon" jdbcType="VARCHAR"/>
+        <result property="srcCity" column="src_city" jdbcType="VARCHAR"/>
+        <result property="srcCountry" column="src_country" jdbcType="VARCHAR"/>
+        <result property="srcCountryCode" column="src_country_code" jdbcType="VARCHAR"/>
+        <result property="srcLat" column="src_lat" jdbcType="VARCHAR"/>
+        <result property="srcLon" column="src_lon" jdbcType="VARCHAR"/>
+        <result property="httpHost" column="http_host" jdbcType="VARCHAR"/>
+        <result property="hostFileMd5" column="host_file_md5" jdbcType="VARCHAR"/>
+        <result property="httpReqHeaderRaw" column="http_req_header_raw" jdbcType="VARCHAR"/>
+        <result property="httpMethod" column="http_method" jdbcType="VARCHAR"/>
+        <result property="httpRespContentType" column="http_resp_content_type" jdbcType="VARCHAR"/>
+        <result property="proto" column="proto" jdbcType="VARCHAR"/>
+        <result property="httpReferer" column="http_referer" jdbcType="VARCHAR"/>
+        <result property="httpUrl" column="http_url" jdbcType="VARCHAR"/>
+        <result property="httpStatusCode" column="http_status_code" jdbcType="BIGINT"/>
+        <result property="vlanId" column="vlan_id" jdbcType="VARCHAR"/>
+
+        <!-- 其他可能需要的字段（可选） -->
+        <result property="eventDate" column="event_date"
+                typeHandler="com.Modules.etl.handler.TimestamptzTypeHandler"/>
+        <result property="attackResult" column="attack_result" jdbcType="INTEGER"/>
+        <result property="engineType" column="engine_type" jdbcType="VARCHAR"/>
+        <result property="syslogUuid" column="syslog_uuid" jdbcType="VARCHAR"/>
+        <result property="syslogTopic" column="syslog_topic" jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <!-- 只查询构建API请求体所需的字段 -->
+    <select id="findRequiredFieldsAfterTime" resultMap="requiredFieldsMap">
+        SELECT
+            id,
+            created_at,
+            log_time,
+            device_ip,
+            dest_ip,
+            dest_port,
+            dest_mac,
+            src_ip,
+            src_port,
+            src_mac,
+            host_file_path,
+            file_md5,
+            file_name,
+            dest_city,
+            dest_country,
+            dest_lat,
+            dest_lon,
+            src_city,
+            src_country,
+            src_country_code,
+            src_lat,
+            src_lon,
+            http_host,
+            host_file_md5,
+            http_req_header_raw,
+            http_method,
+            http_resp_content_type,
+            proto,
+            http_referer,
+            http_url,
+            http_status_code,
+            -- 可选字段
+            event_date,
+            attack_result,
+            engine_type,
+            syslog_uuid,
+            syslog_topic
+        FROM syslog_normal_data
+        WHERE created_at >= #{startTime}
+        ORDER BY created_at ASC
+        <!--  LIMIT 1000 -->
+    </select>
+
+    <!-- 分页查询版本 -->
+    <select id="findRequiredFieldsByPage" resultMap="requiredFieldsMap">
+        SELECT
+            id,
+            created_at,
+            log_time,
+            device_ip,
+            dest_ip,
+            dest_port,
+            dest_mac,
+            src_ip,
+            src_port,
+            src_mac,
+            host_file_path,
+            file_md5,
+            file_name,
+            dest_city,
+            dest_country,
+            dest_lat,
+            dest_lon,
+            src_city,
+            src_country,
+            src_country_code,
+            src_lat,
+            src_lon,
+            http_host,
+            host_file_md5,
+            http_req_header_raw,
+            http_method,
+            http_resp_content_type,
+            proto,
+            http_referer,
+            http_url,
+            http_status_code,
+            vlan_id
+        FROM syslog_normal_data
+        WHERE created_at >= #{startTime}
+        ORDER BY created_at ASC
+        <!-- LIMIT #{limit} OFFSET #{offset} -->
+
+    </select>
+
+    <insert id="insertDynamic" parameterType="map">
+        INSERT INTO syslog_normal_data
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="dataMap.id != null">id,</if>
+            <if test="dataMap.created_at != null">created_at,</if>
+            <if test="dataMap.log_time != null">log_time,</if>
+            <if test="dataMap.device_id != null">device_id,</if>
+            <if test="dataMap.webshell_type != null">webshell_type,</if>
+            <if test="dataMap.vuirs_type != null">vuirs_type,</if>
+            <if test="dataMap.vuirs_url != null">vuirs_url,</if>
+            <if test="dataMap.class_filename != null">class_filename,</if>
+            <if test="dataMap.class_path != null">class_path,</if>
+            <if test="dataMap.parent_class != null">parent_class,</if>
+            <if test="dataMap.jar_path != null">jar_path,</if>
+            <if test="dataMap.class_md5 != null">class_md5,</if>
+            <if test="dataMap.class_loader != null">class_loader,</if>
+            <if test="dataMap.class_hashcode != null">class_hashcode,</if>
+            <if test="dataMap.class_loader_hashcode != null">class_loader_hashcode,</if>
+            <if test="dataMap.tc_nameip != null">tc_nameip,</if>
+            <if test="dataMap.perform_sql != null">perform_sql,</if>
+            <if test="dataMap.tc_account != null">tc_account,</if>
+            <if test="dataMap.tc_appname != null">tc_appname,</if>
+            <if test="dataMap.process_uname != null">process_uname,</if>
+            <if test="dataMap.p_process_uname != null">p_process_uname,</if>
+            <if test="dataMap.container_name != null">container_name,</if>
+            <if test="dataMap.container_id != null">container_id,</if>
+            <if test="dataMap.http_resp_server != null">http_resp_server,</if>
+            <if test="dataMap.srcip_id != null">srcip_id,</if>
+            <if test="dataMap.cdnip != null">cdnip,</if>
+            <if test="dataMap.natip != null">natip,</if>
+            <if test="dataMap.mail_sender != null">mail_sender,</if>
+            <if test="dataMap.mail_receiver != null">mail_receiver,</if>
+            <if test="dataMap.vpn_mac != null">vpn_mac,</if>
+            <if test="dataMap.vpn_os != null">vpn_os,</if>
+            <if test="dataMap.vpn_user != null">vpn_user,</if>
+            <if test="dataMap.vpn_groupname != null">vpn_groupname,</if>
+            <if test="dataMap.vpn_access_ip != null">vpn_access_ip,</if>
+            <if test="dataMap.dest_ip_apt != null">dest_ip_apt,</if>
+            <if test="dataMap.origin_attack_result != null">origin_attack_result,</if>
+            <if test="dataMap.description != null">description,</if>
+            <if test="dataMap.solution != null">solution,</if>
+            <if test="dataMap.attack_cause != null">attack_cause,</if>
+            <if test="dataMap.username != null">username,</if>
+            <if test="dataMap.tc_flow_id != null">tc_flow_id,</if>
+            <if test="dataMap.login_result != null">login_result,</if>
+            <if test="dataMap.cmdline != null">cmdline,</if>
+            <if test="dataMap.origin_attack_action != null">origin_attack_action,</if>
+            <if test="dataMap.victim_domain != null">victim_domain,</if>
+            <if test="dataMap.vpn_deviceid != null">vpn_deviceid,</if>
+            <if test="dataMap.vpn_access_action != null">vpn_access_action,</if>
+            <if test="dataMap.file_access_time != null">file_access_time,</if>
+            <if test="dataMap.file_name != null">file_name,</if>
+            <if test="dataMap.tc_class != null">tc_class,</if>
+            <if test="dataMap.tc_name2 != null">tc_name2,</if>
+            <if test="dataMap.login_lasttime != null">login_lasttime,</if>
+            <if test="dataMap.origin_permissions != null">origin_permissions,</if>
+            <if test="dataMap.begin_permissions != null">begin_permissions,</if>
+            <if test="dataMap.print_time != null">print_time,</if>
+            <if test="dataMap.printer != null">printer,</if>
+            <if test="dataMap.printer_type != null">printer_type,</if>
+            <if test="dataMap.print_pages != null">print_pages,</if>
+            <if test="dataMap.print_copies != null">print_copies,</if>
+            <if test="dataMap.src_device != null">src_device,</if>
+            <if test="dataMap.dst_device != null">dst_device,</if>
+            <if test="dataMap.src_file != null">src_file,</if>
+            <if test="dataMap.src_file_type != null">src_file_type,</if>
+            <if test="dataMap.src_file_path != null">src_file_path,</if>
+            <if test="dataMap.dst_file != null">dst_file,</if>
+            <if test="dataMap.dst_file_type != null">dst_file_type,</if>
+            <if test="dataMap.dst_file_path != null">dst_file_path,</if>
+            <if test="dataMap.dlp_policy_name != null">dlp_policy_name,</if>
+            <if test="dataMap.dlp_policy_type != null">dlp_policy_type,</if>
+            <if test="dataMap.dst_upload_url != null">dst_upload_url,</if>
+            <if test="dataMap.process_uuid != null">process_uuid,</if>
+            <if test="dataMap.p_process_uuid != null">p_process_uuid,</if>
+            <if test="dataMap.env != null">env,</if>
+            <if test="dataMap.brute_force_service != null">brute_force_service,</if>
+            <if test="dataMap.vuirs_name != null">vuirs_name,</if>
+            <if test="dataMap.http_req_length != null">http_req_length,</if>
+            <if test="dataMap.http_req_content_type != null">http_req_content_type,</if>
+            <if test="dataMap.tc_scan_port != null">tc_scan_port,</if>
+            <if test="dataMap.tc_labels != null">tc_labels,</if>
+            <if test="dataMap.http_resp_content_type != null">http_resp_content_type,</if>
+            <if test="dataMap.dns_msg_type != null">dns_msg_type,</if>
+            <if test="dataMap.dns_answer_length != null">dns_answer_length,</if>
+            <if test="dataMap.dns_ioc != null">dns_ioc,</if>
+            <if test="dataMap.tx_bytes != null">tx_bytes,</if>
+            <if test="dataMap.rx_bytes != null">rx_bytes,</if>
+            <if test="dataMap.all_bytes != null">all_bytes,</if>
+            <if test="dataMap.duration_time != null">duration_time,</if>
+            <if test="dataMap.mail_attach_name != null">mail_attach_name,</if>
+            <if test="dataMap.mail_subject != null">mail_subject,</if>
+            <if test="dataMap.mail_message != null">mail_message,</if>
+            <if test="dataMap.mail_send_server != null">mail_send_server,</if>
+            <if test="dataMap.mail_agent != null">mail_agent,</if>
+            <if test="dataMap.tls_version != null">tls_version,</if>
+            <if test="dataMap.tls_server_cert != null">tls_server_cert,</if>
+            <if test="dataMap.tls_server_suite != null">tls_server_suite,</if>
+            <if test="dataMap.tls_client_suites_len != null">tls_client_suites_len,</if>
+            <if test="dataMap.tls_ja3 != null">tls_ja3,</if>
+            <if test="dataMap.tls_ja3s != null">tls_ja3s,</if>
+            <if test="dataMap.vpn_access_port != null">vpn_access_port,</if>
+            <if test="dataMap.log_topic != null">log_topic,</if>
+            <if test="dataMap.collect_time != null">collect_time,</if>
+            <if test="dataMap.src_is_intranetip != null">src_is_intranetip,</if>
+            <if test="dataMap.src_ip_ioc != null">src_ip_ioc,</if>
+            <if test="dataMap.src_ip_apt != null">src_ip_apt,</if>
+            <if test="dataMap.srcip_name != null">srcip_name,</if>
+            <if test="dataMap.tc_client != null">tc_client,</if>
+            <if test="dataMap.srcip_organization_id != null">srcip_organization_id,</if>
+            <if test="dataMap.dest_ip_intranetip != null">dest_ip_intranetip,</if>
+            <if test="dataMap.dest_ip_ioc != null">dest_ip_ioc,</if>
+            <if test="dataMap.desip_id != null">desip_id,</if>
+            <if test="dataMap.desip_name != null">desip_name,</if>
+            <if test="dataMap.tc_hostip != null">tc_hostip,</if>
+            <if test="dataMap.desip_organization_id != null">desip_organization_id,</if>
+            <if test="dataMap.origin_confidence != null">origin_confidence,</if>
+            <if test="dataMap.origin_malscore != null">origin_malscore,</if>
+            <if test="dataMap.attacker_icampaign != null">attacker_icampaign,</if>
+            <if test="dataMap.attacker_host_asset_id != null">attacker_host_asset_id,</if>
+            <if test="dataMap.attacker_organization_id != null">attacker_organization_id,</if>
+            <if test="dataMap.victim_host_asset_id != null">victim_host_asset_id,</if>
+            <if test="dataMap.victim_organization_id != null">victim_organization_id,</if>
+            <if test="dataMap.logout_time != null">logout_time,</if>
+            <if test="dataMap.http_req_line != null">http_req_line,</if>
+            <if test="dataMap.desip_security_scope_id != null">desip_security_scope_id,</if>
+            <if test="dataMap.srcip_security_scope_id != null">srcip_security_scope_id,</if>
+            <if test="dataMap.http_resp_length != null">http_resp_length,</if>
+            <if test="dataMap.tc_attack_type != null">tc_attack_type,</if>
+            <if test="dataMap.tc_realip != null">tc_realip,</if>
+            <if test="dataMap.attacker_ip_lists != null">attacker_ip_lists,</if>
+            <if test="dataMap.login_password != null">login_password,</if>
+            <if test="dataMap.detail != null">detail,</if>
+            <if test="dataMap.attacker_country_code != null">attacker_country_code,</if>
+            <if test="dataMap.attacker_region_code != null">attacker_region_code,</if>
+            <if test="dataMap.victim_region_code != null">victim_region_code,</if>
+            <if test="dataMap.payload != null">payload,</if>
+            <if test="dataMap.http_referer != null">http_referer,</if>
+            <if test="dataMap.http_user_agent != null">http_user_agent,</if>
+            <if test="dataMap.http_session != null">http_session,</if>
+            <if test="dataMap.http_query_string != null">http_query_string,</if>
+            <if test="dataMap.file_path != null">file_path,</if>
+            <if test="dataMap.file_permission != null">file_permission,</if>
+            <if test="dataMap.login_abnormal_type != null">login_abnormal_type,</if>
+            <if test="dataMap.file_tag != null">file_tag,</if>
+            <if test="dataMap.file_platform != null">file_platform,</if>
+            <if test="dataMap.target_ip != null">target_ip,</if>
+            <if test="dataMap.collect_date != null">collect_date,</if>
+            <if test="dataMap.tc_client_ip != null">tc_client_ip,</if>
+            <if test="dataMap.tc_server_ip != null">tc_server_ip,</if>
+            <if test="dataMap.tc_externalip != null">tc_externalip,</if>
+            <if test="dataMap.http_status_code != null">http_status_code,</if>
+            <if test="dataMap.device_domian != null">device_domian,</if>
+            <if test="dataMap.src_ip_str != null">src_ip_str,</if>
+            <if test="dataMap.src_port_str != null">src_port_str,</if>
+            <if test="dataMap.dest_ip_str != null">dest_ip_str,</if>
+            <if test="dataMap.dest_port_str != null">dest_port_str,</if>
+            <if test="dataMap.pcap != null">pcap,</if>
+            <if test="dataMap.ioc != null">ioc,</if>
+            <if test="dataMap.malicious_family != null">malicious_family,</if>
+            <if test="dataMap.vuln_cve != null">vuln_cve,</if>
+            <if test="dataMap.aliyun_type != null">aliyun_type,</if>
+            <if test="dataMap.attacker_host_asset_name != null">attacker_host_asset_name,</if>
+            <if test="dataMap.attacker_organization_name != null">attacker_organization_name,</if>
+            <if test="dataMap.ct_id != null">ct_id,</if>
+            <if test="dataMap.cve_list != null">cve_list,</if>
+            <if test="dataMap.desip_organization_name != null">desip_organization_name,</if>
+            <if test="dataMap.dest_ip_group != null">dest_ip_group,</if>
+            <if test="dataMap.file_gid != null">file_gid,</if>
+            <if test="dataMap.file_owner != null">file_owner,</if>
+            <if test="dataMap.file_ownergroup != null">file_ownergroup,</if>
+            <if test="dataMap.file_uid != null">file_uid,</if>
+            <if test="dataMap.http_resp_cookie != null">http_resp_cookie,</if>
+            <if test="dataMap.origin_rule_id != null">origin_rule_id,</if>
+            <if test="dataMap.origin_rule_name != null">origin_rule_name,</if>
+            <if test="dataMap.service_name != null">service_name,</if>
+            <if test="dataMap.src_ip_asset_group != null">src_ip_asset_group,</if>
+            <if test="dataMap.srcip_organization_name != null">srcip_organization_name,</if>
+            <if test="dataMap.victim_host_asset_name != null">victim_host_asset_name,</if>
+            <if test="dataMap.http_resp_codes != null">http_resp_codes,</if>
+            <if test="dataMap.victim_organization_name != null">victim_organization_name,</if>
+            <if test="dataMap.tc_type != null">tc_type,</if>
+            <if test="dataMap.direction != null">direction,</if>
+            <if test="dataMap.http_req_cookie != null">http_req_cookie,</if>
+            <if test="dataMap.http_req_protocol != null">http_req_protocol,</if>
+            <if test="dataMap.http_req_header_raw != null">http_req_header_raw,</if>
+            <if test="dataMap.http_url != null">http_url,</if>
+            <if test="dataMap.uname != null">uname,</if>
+            <if test="dataMap.origin_hostname != null">origin_hostname,</if>
+            <if test="dataMap.origin_os != null">origin_os,</if>
+            <if test="dataMap.origin_agent_mac != null">origin_agent_mac,</if>
+            <if test="dataMap.origin_host_id != null">origin_host_id,</if>
+            <if test="dataMap.origin_agent_version != null">origin_agent_version,</if>
+            <if test="dataMap.origin_agent_id != null">origin_agent_id,</if>
+            <if test="dataMap.origin_agent_name != null">origin_agent_name,</if>
+            <if test="dataMap.origin_work_group != null">origin_work_group,</if>
+            <if test="dataMap.origin_asset_group != null">origin_asset_group,</if>
+            <if test="dataMap.origin_local_port != null">origin_local_port,</if>
+            <if test="dataMap.origin_agent_ip != null">origin_agent_ip,</if>
+            <if test="dataMap.origin_internal_ip != null">origin_internal_ip,</if>
+            <if test="dataMap.origin_external_ip != null">origin_external_ip,</if>
+            <if test="dataMap.origin_local_addr != null">origin_local_addr,</if>
+            <if test="dataMap.agent_id != null">agent_id,</if>
+            <if test="dataMap.agent_name != null">agent_name,</if>
+            <if test="dataMap.tc_title != null">tc_title,</if>
+            <if test="dataMap.log_id != null">log_id,</if>
+            <if test="dataMap.event_date != null">event_date,</if>
+            <if test="dataMap.event_time_ts != null">event_time_ts,</if>
+            <if test="dataMap.event_level != null">event_level,</if>
+            <if test="dataMap.src_ip != null">src_ip ,</if>
+            <if test="dataMap.src_port != null">src_port,</if>
+            <if test="dataMap.dest_ip != null">dest_ip,</if>
+            <if test="dataMap.dest_port != null">dest_port,</if>
+            <if test="dataMap.event_time != null">event_time,</if>
+            <if test="dataMap.attacker_country != null">attacker_country,</if>
+            <if test="dataMap.src_mac != null">src_mac,</if>
+            <if test="dataMap.dest_mac != null">dest_mac,</if>
+            <if test="dataMap.proto != null">proto,</if>
+            <if test="dataMap.dev_id != null">dev_id,</if>
+            <if test="dataMap.created_time != null">created_time,</if>
+            <if test="dataMap.src_country != null">src_country,</if>
+            <if test="dataMap.src_country_code != null">src_country_code,</if>
+            <if test="dataMap.src_region != null">src_region,</if>
+            <if test="dataMap.src_region_code != null">src_region_code,</if>
+            <if test="dataMap.src_city != null">src_city,</if>
+            <if test="dataMap.src_lon != null">src_lon,</if>
+            <if test="dataMap.http_method != null">http_method,</if>
+            <if test="dataMap.http_host != null">http_host,</if>
+            <if test="dataMap.http_req_header != null">http_req_header,</if>
+            <if test="dataMap.http_req_body != null">http_req_body,</if>
+            <if test="dataMap.http_resp_header != null">http_resp_header,</if>
+            <if test="dataMap.http_resp_body != null">http_resp_body,</if>
+            <if test="dataMap.file_type != null">file_type,</if>
+            <if test="dataMap.file_md5 != null">file_md5,</if>
+            <if test="dataMap.file_size != null">file_size,</if>
+            <if test="dataMap.process != null">process,</if>
+            <if test="dataMap.start_time != null">start_time,</if>
+            <if test="dataMap.action != null">action,</if>
+            <if test="dataMap.attacker_region != null">attacker_region,</if>
+            <if test="dataMap.end_time != null">end_time,</if>
+            <if test="dataMap.file_created_time != null">file_created_time,</if>
+            <if test="dataMap.file_modified_time != null">file_modified_time,</if>
+            <if test="dataMap.tc_miguan_scan_port != null">tc_miguan_scan_port,</if>
+            <if test="dataMap.process_path != null">process_path,</if>
+            <if test="dataMap.parent_process_path != null">parent_process_path,</if>
+            <if test="dataMap.gname != null">gname,</if>
+            <if test="dataMap.exe_name != null">exe_name,</if>
+            <if test="dataMap.exe_path != null">exe_path,</if>
+            <if test="dataMap.login_time != null">login_time,</if>
+            <if test="dataMap.login_times != null">login_times,</if>
+            <if test="dataMap.check_item != null">check_item,</if>
+            <if test="dataMap.check_type != null">check_type,</if>
+            <if test="dataMap.attacker_ip != null">attacker_ip,</if>
+            <if test="dataMap.attacker_port != null">attacker_port,</if>
+            <if test="dataMap.victim_ip != null">victim_ip,</if>
+            <if test="dataMap.victim_port != null">victim_port,</if>
+            <if test="dataMap.attacker_city != null">attacker_city,</if>
+            <if test="dataMap.attacker_lon != null">attacker_lon,</if>
+            <if test="dataMap.attacker_lat != null">attacker_lat,</if>
+            <if test="dataMap.victim_country != null">victim_country,</if>
+            <if test="dataMap.victim_region != null">victim_region,</if>
+            <if test="dataMap.victim_city != null">victim_city,</if>
+            <if test="dataMap.victim_lon != null">victim_lon,</if>
+            <if test="dataMap.victim_lat != null">victim_lat,</if>
+            <if test="dataMap.origin_event_id != null">origin_event_id,</if>
+            <if test="dataMap.origin_event_name != null">origin_event_name,</if>
+            <if test="dataMap.origin_event_category != null">origin_event_category,</if>
+            <if test="dataMap.origin_event_level != null">origin_event_level,</if>
+            <if test="dataMap.origin_attack_chain != null">origin_attack_chain,</if>
+            <if test="dataMap.engine_type != null">engine_type,</if>
+            <if test="dataMap.evil_payload != null">evil_payload,</if>
+            <if test="dataMap.http_resp_status != null">http_resp_status,</if>
+            <if test="dataMap.dns_query != null">dns_query,</if>
+            <if test="dataMap.dns_query_type != null">dns_query_type,</if>
+            <if test="dataMap.dns_ttl != null">dns_ttl,</if>
+            <if test="dataMap.dns_answer != null">dns_answer,</if>
+            <if test="dataMap.dns_subdomains != null">dns_subdomains,</if>
+            <if test="dataMap.file_sha256 != null">file_sha256,</if>
+            <if test="dataMap.file_ssdeep != null">file_ssdeep,</if>
+            <if test="dataMap.victim_country_code != null">victim_country_code,</if>
+            <if test="dataMap.http_xff_ip != null">http_xff_ip,</if>
+            <if test="dataMap.tc_miguan_class != null">tc_miguan_class,</if>
+            <if test="dataMap.pid != null">pid,</if>
+            <if test="dataMap.ppid != null">ppid,</if>
+            <if test="dataMap.process_name != null">process_name,</if>
+            <if test="dataMap.backdoor_type != null">backdoor_type,</if>
+            <if test="dataMap.tty != null">tty,</if>
+            <if test="dataMap.sudo_user != null">sudo_user,</if>
+            <if test="dataMap.sudo_group != null">sudo_group,</if>
+            <if test="dataMap.origin_event_type != null">origin_event_type,</if>
+            <if test="dataMap.dest_domain != null">dest_domain,</if>
+            <if test="dataMap.shell_cmdline != null">shell_cmdline,</if>
+            <if test="dataMap.parent_cmdline != null">parent_cmdline,</if>
+            <if test="dataMap.attack_chain != null">attack_chain,</if>
+            <if test="dataMap.process_tree != null">process_tree,</if>
+            <if test="dataMap.host_file_sha256 != null">host_file_sha256,</if>
+            <if test="dataMap.host_file_md5 != null">host_file_md5,</if>
+            <if test="dataMap.host_file_size != null">host_file_size,</if>
+            <if test="dataMap.host_file_type != null">host_file_type,</if>
+            <if test="dataMap.dest_country != null">dest_country,</if>
+            <if test="dataMap.dest_country_code != null">dest_country_code,</if>
+            <if test="dataMap.log_origin != null">log_origin,</if>
+            <if test="dataMap.dest_region != null">dest_region,</if>
+            <if test="dataMap.src_lat != null">src_lat,</if>
+            <if test="dataMap.dest_region_code != null">dest_region_code,</if>
+            <if test="dataMap.dest_city != null">dest_city,</if>
+            <if test="dataMap.dest_lon != null">dest_lon,</if>
+            <if test="dataMap.dest_lat != null">dest_lat,</if>
+            <if test="dataMap.event_category != null">event_category,</if>
+            <if test="dataMap.attack_result != null">attack_result,</if>
+            <if test="dataMap.probe_ip != null">probe_ip,</if>
+            <if test="dataMap.device_ip != null">device_ip,</if>
+            <if test="dataMap.device_manufacturer != null">device_manufacturer,</if>
+            <if test="dataMap.device_name != null">device_name,</if>
+            <if test="dataMap.product_name != null">product_name,</if>
+            <if test="dataMap.__id != null">__id,</if>
+            <if test="dataMap.__count != null">__count,</if>
+            <if test="dataMap.__count_reason != null">__count_reason,</if>
+            <if test="dataMap.event_type != null">event_type,</if>
+            <if test="dataMap.protocol != null">protocol,</if>
+            <if test="dataMap.shell_cmd != null">shell_cmd,</if>
+            <if test="dataMap.parent_name != null">parent_name,</if>
+            <if test="dataMap.host_file_path != null">host_file_path,</if>
+            <if test="dataMap.uid != null">uid,</if>
+            <if test="dataMap.fall != null">fall,</if>
+            <if test="dataMap.tc_miguan_server_ip != null">tc_miguan_server_ip,</if>
+            <if test="dataMap.dev_type != null">dev_type,</if>
+            <if test="dataMap.collect_method != null">collect_method,</if>
+            <if test="dataMap.field_cate_id != null">field_cate_id,</if>
+            <if test="dataMap.device_type != null">device_type,</if>
+            <if test="dataMap.tc_miguan_client_ip != null">tc_miguan_client_ip,</if>
+            <if test="dataMap.tc_miguan_name != null">tc_miguan_name,</if>
+            <if test="dataMap.origin_total_packages != null">origin_total_packages,</if>
+            <if test="dataMap.origin_total_bytes != null">origin_total_bytes,</if>
+            <if test="dataMap.origin_peak_packages_rate != null">origin_peak_packages_rate,</if>
+            <if test="dataMap.origin_peak_bytes_rate != null">origin_peak_bytes_rate,</if>
+            <if test="dataMap.origin_peak_flows_rate != null">origin_peak_flows_rate,</if>
+            <if test="dataMap.apt_orgname != null">apt_orgname,</if>
+            <if test="dataMap.apt_orgmsg != null">apt_orgmsg,</if>
+            <if test="dataMap.mail_message_id != null">mail_message_id,</if>
+            <if test="dataMap.mail_bcc != null">mail_bcc,</if>
+            <if test="dataMap.mail_size != null">mail_size,</if>
+            <if test="dataMap.mail_attach_hashcode != null">mail_attach_hashcode,</if>
+            <if test="dataMap.mail_url != null">mail_url,</if>
+            <if test="dataMap.mail_cc != null">mail_cc,</if>
+            <if test="dataMap.algorithm != null">algorithm,</if>
+            <if test="dataMap.miningpool_ip != null">miningpool_ip,</if>
+            <if test="dataMap.process_md5 != null">process_md5,</if>
+            <if test="dataMap.pprocess_md5 != null">pprocess_md5,</if>
+            <if test="dataMap.source_servername != null">source_servername,</if>
+            <if test="dataMap.origin_source_servername != null">origin_source_servername,</if>
+            <if test="dataMap.mail_filename != null">mail_filename,</if>
+            <if test="dataMap.dst_upload_appname != null">dst_upload_appname,</if>
+            <if test="dataMap.target_port != null">target_port,</if>
+            <if test="dataMap.gid != null">gid,</if>
+            <if test="dataMap.origin_uid != null">origin_uid,</if>
+            <if test="dataMap.origin_gid != null">origin_gid,</if>
+            <if test="dataMap.target_ports != null">target_ports,</if>
+            <if test="dataMap.tc_miguan_name1 != null">tc_miguan_name1,</if>
+            <if test="dataMap.tc_miguan_class1 != null">tc_miguan_class1,</if>
+            <if test="dataMap.etl_time != null">etl_time,</if>
+            <if test="dataMap.tc_miguan_scan_port2 != null">tc_miguan_scan_port2,</if>
+            <if test="dataMap.desip_security_scope != null">desip_security_scope,</if>
+            <if test="dataMap.srcip_security_scope != null">srcip_security_scope,</if>
+            <if test="dataMap.collect_time_ts != null">collect_time_ts,</if>
+            <if test="dataMap.tc_miguan_scan_port1 != null">tc_miguan_scan_port1,</if>
+            <if test="dataMap.src_dev_name != null">src_dev_name,</if>
+            <if test="dataMap.collect_protocol != null">collect_protocol,</if>
+            <if test="dataMap.destination_system_type != null">destination_system_type,</if>
+            <if test="dataMap.destination_system != null">destination_system,</if>
+            <if test="dataMap.etl_host != null">etl_host,</if>
+            <if test="dataMap.normalize_rule_id != null">normalize_rule_id,</if>
+            <if test="dataMap.normalize_rule_name != null">normalize_rule_name,</if>
+            <if test="dataMap.syslog_uuid != null">syslog_uuid,</if>
+            <if test="dataMap.syslog_topic != null">syslog_topic,</if>
+        </trim>
+        VALUES
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="dataMap.id != null">#{dataMap.id},</if>
+            <if test="dataMap.created_at != null">#{dataMap.created_at},</if>
+            <if test="dataMap.log_time != null">#{dataMap.log_time},</if>
+            <if test="dataMap.device_id != null">#{dataMap.device_id},</if>
+            <if test="dataMap.webshell_type != null">#{dataMap.webshell_type},</if>
+            <if test="dataMap.vuirs_type != null">#{dataMap.vuirs_type},</if>
+            <if test="dataMap.vuirs_url != null">#{dataMap.vuirs_url},</if>
+            <if test="dataMap.class_filename != null">#{dataMap.class_filename},</if>
+            <if test="dataMap.class_path != null">#{dataMap.class_path},</if>
+            <if test="dataMap.parent_class != null">#{dataMap.parent_class},</if>
+            <if test="dataMap.jar_path != null">#{dataMap.jar_path},</if>
+            <if test="dataMap.class_md5 != null">#{dataMap.class_md5},</if>
+            <if test="dataMap.class_loader != null">#{dataMap.class_loader},</if>
+            <if test="dataMap.class_hashcode != null">#{dataMap.class_hashcode},</if>
+            <if test="dataMap.class_loader_hashcode != null">#{dataMap.class_loader_hashcode},</if>
+            <if test="dataMap.tc_nameip != null">#{dataMap.tc_nameip},</if>
+            <if test="dataMap.perform_sql != null">#{dataMap.perform_sql},</if>
+            <if test="dataMap.tc_account != null">#{dataMap.tc_account},</if>
+            <if test="dataMap.tc_appname != null">#{dataMap.tc_appname},</if>
+            <if test="dataMap.process_uname != null">#{dataMap.process_uname},</if>
+            <if test="dataMap.p_process_uname != null">#{dataMap.p_process_uname},</if>
+            <if test="dataMap.container_name != null">#{dataMap.container_name},</if>
+            <if test="dataMap.container_id != null">#{dataMap.container_id},</if>
+            <if test="dataMap.http_resp_server != null">#{dataMap.http_resp_server},</if>
+            <if test="dataMap.srcip_id != null">#{dataMap.srcip_id}::int8,</if>
+            <if test="dataMap.cdnip != null">#{dataMap.cdnip}::inet,</if>
+            <if test="dataMap.natip != null">#{dataMap.natip}::inet,</if>
+            <if test="dataMap.mail_sender != null">#{dataMap.mail_sender},</if>
+            <if test="dataMap.mail_receiver != null">#{dataMap.mail_receiver},</if>
+            <if test="dataMap.vpn_mac != null">#{dataMap.vpn_mac},</if>
+            <if test="dataMap.vpn_os != null">#{dataMap.vpn_os},</if>
+            <if test="dataMap.vpn_user != null">#{dataMap.vpn_user},</if>
+            <if test="dataMap.vpn_groupname != null">#{dataMap.vpn_groupname},</if>
+            <if test="dataMap.vpn_access_ip != null">#{dataMap.vpn_access_ip},</if>
+            <if test="dataMap.dest_ip_apt != null">#{dataMap.dest_ip_apt},</if>
+            <if test="dataMap.origin_attack_result != null">#{dataMap.origin_attack_result},</if>
+            <if test="dataMap.description != null">#{dataMap.description},</if>
+            <if test="dataMap.solution != null">#{dataMap.solution},</if>
+            <if test="dataMap.attack_cause != null">#{dataMap.attack_cause},</if>
+            <if test="dataMap.username != null">#{dataMap.username},</if>
+            <if test="dataMap.tc_flow_id != null">#{dataMap.tc_flow_id},</if>
+            <if test="dataMap.login_result != null">#{dataMap.login_result},</if>
+            <if test="dataMap.cmdline != null">#{dataMap.cmdline},</if>
+            <if test="dataMap.origin_attack_action != null">#{dataMap.origin_attack_action},</if>
+            <if test="dataMap.victim_domain != null">#{dataMap.victim_domain},</if>
+            <if test="dataMap.vpn_deviceid != null">#{dataMap.vpn_deviceid},</if>
+            <if test="dataMap.vpn_access_action != null">#{dataMap.vpn_access_action},</if>
+            <if test="dataMap.file_access_time != null">#{dataMap.file_access_time},</if>
+            <if test="dataMap.file_name != null">#{dataMap.file_name},</if>
+            <if test="dataMap.tc_class != null">#{dataMap.tc_class},</if>
+            <if test="dataMap.tc_name2 != null">#{dataMap.tc_name2},</if>
+            <if test="dataMap.login_lasttime != null">#{dataMap.login_lasttime},</if>
+            <if test="dataMap.origin_permissions != null">#{dataMap.origin_permissions},</if>
+            <if test="dataMap.begin_permissions != null">#{dataMap.begin_permissions},</if>
+            <if test="dataMap.print_time != null">#{dataMap.print_time},</if>
+            <if test="dataMap.printer != null">#{dataMap.printer},</if>
+            <if test="dataMap.printer_type != null">#{dataMap.printer_type},</if>
+            <if test="dataMap.print_pages != null">#{dataMap.print_pages}::int8,</if>
+            <if test="dataMap.print_copies != null">#{dataMap.print_copies}::int8,</if>
+            <if test="dataMap.src_device != null">#{dataMap.src_device},</if>
+            <if test="dataMap.dst_device != null">#{dataMap.dst_device},</if>
+            <if test="dataMap.src_file != null">#{dataMap.src_file},</if>
+            <if test="dataMap.src_file_type != null">#{dataMap.src_file_type},</if>
+            <if test="dataMap.src_file_path != null">#{dataMap.src_file_path},</if>
+            <if test="dataMap.dst_file != null">#{dataMap.dst_file},</if>
+            <if test="dataMap.dst_file_type != null">#{dataMap.dst_file_type},</if>
+            <if test="dataMap.dst_file_path != null">#{dataMap.dst_file_path},</if>
+            <if test="dataMap.dlp_policy_name != null">#{dataMap.dlp_policy_name},</if>
+            <if test="dataMap.dlp_policy_type != null">#{dataMap.dlp_policy_type},</if>
+            <if test="dataMap.dst_upload_url != null">#{dataMap.dst_upload_url},</if>
+            <if test="dataMap.process_uuid != null">#{dataMap.process_uuid},</if>
+            <if test="dataMap.p_process_uuid != null">#{dataMap.p_process_uuid},</if>
+            <if test="dataMap.env != null">#{dataMap.env},</if>
+            <if test="dataMap.brute_force_service != null">#{dataMap.brute_force_service},</if>
+            <if test="dataMap.vuirs_name != null">#{dataMap.vuirs_name},</if>
+            <if test="dataMap.http_req_length != null">#{dataMap.http_req_length}::int8,</if>
+            <if test="dataMap.http_req_content_type != null">#{dataMap.http_req_content_type},</if>
+            <if test="dataMap.tc_scan_port != null">#{dataMap.tc_scan_port}::inet,</if>
+            <if test="dataMap.tc_labels != null">#{dataMap.tc_labels}::inet,</if>
+            <if test="dataMap.http_resp_content_type != null">#{dataMap.http_resp_content_type},</if>
+            <if test="dataMap.dns_msg_type != null">#{dataMap.dns_msg_type},</if>
+            <if test="dataMap.dns_answer_length != null">#{dataMap.dns_answer_length},</if>
+            <if test="dataMap.dns_ioc != null">#{dataMap.dns_ioc},</if>
+            <if test="dataMap.tx_bytes != null">#{dataMap.tx_bytes}::double precision,</if>
+            <if test="dataMap.rx_bytes != null">#{dataMap.rx_bytes}::double precision,</if>
+            <if test="dataMap.all_bytes != null">#{dataMap.all_bytes}::double precision,</if>
+            <if test="dataMap.duration_time != null">#{dataMap.duration_time}::int8,</if>
+            <if test="dataMap.mail_attach_name != null">#{dataMap.mail_attach_name},</if>
+            <if test="dataMap.mail_subject != null">#{dataMap.mail_subject},</if>
+            <if test="dataMap.mail_message != null">#{dataMap.mail_message},</if>
+            <if test="dataMap.mail_send_server != null">#{dataMap.mail_send_server},</if>
+            <if test="dataMap.mail_agent != null">#{dataMap.mail_agent},</if>
+            <if test="dataMap.tls_version != null">#{dataMap.tls_version},</if>
+            <if test="dataMap.tls_server_cert != null">#{dataMap.tls_server_cert},</if>
+            <if test="dataMap.tls_server_suite != null">#{dataMap.tls_server_suite},</if>
+            <if test="dataMap.tls_client_suites_len != null">#{dataMap.tls_client_suites_len},</if>
+            <if test="dataMap.tls_ja3 != null">#{dataMap.tls_ja3},</if>
+            <if test="dataMap.tls_ja3s != null">#{dataMap.tls_ja3s},</if>
+            <if test="dataMap.vpn_access_port != null">#{dataMap.vpn_access_port},</if>
+            <if test="dataMap.log_topic != null">#{dataMap.log_topic},</if>
+            <if test="dataMap.collect_time != null">#{dataMap.collect_time},</if>
+            <if test="dataMap.src_is_intranetip != null">#{dataMap.src_is_intranetip},</if>
+            <if test="dataMap.src_ip_ioc != null">#{dataMap.src_ip_ioc},</if>
+            <if test="dataMap.src_ip_apt != null">#{dataMap.src_ip_apt},</if>
+            <if test="dataMap.srcip_name != null">#{dataMap.srcip_name},</if>
+            <if test="dataMap.tc_client != null">#{dataMap.tc_client},</if>
+            <if test="dataMap.srcip_organization_id != null">#{dataMap.srcip_organization_id}::int8,</if>
+            <if test="dataMap.dest_ip_intranetip != null">#{dataMap.dest_ip_intranetip},</if>
+            <if test="dataMap.dest_ip_ioc != null">#{dataMap.dest_ip_ioc},</if>
+            <if test="dataMap.desip_id != null">#{dataMap.desip_id}::int8,</if>
+            <if test="dataMap.desip_name != null">#{dataMap.desip_name},</if>
+            <if test="dataMap.tc_hostip != null">#{dataMap.tc_hostip}::inet,</if>
+            <if test="dataMap.desip_organization_id != null">#{dataMap.desip_organization_id}::int8,</if>
+            <if test="dataMap.origin_confidence != null">#{dataMap.origin_confidence},</if>
+            <if test="dataMap.origin_malscore != null">#{dataMap.origin_malscore},</if>
+            <if test="dataMap.attacker_icampaign != null">#{dataMap.attacker_icampaign},</if>
+            <if test="dataMap.attacker_host_asset_id != null">#{dataMap.attacker_host_asset_id}::int8,</if>
+            <if test="dataMap.attacker_organization_id != null">#{dataMap.attacker_organization_id}::int8,</if>
+            <if test="dataMap.victim_host_asset_id != null">#{dataMap.victim_host_asset_id}::int8,</if>
+            <if test="dataMap.victim_organization_id != null">#{dataMap.victim_organization_id}::int8,</if>
+            <if test="dataMap.logout_time != null">#{dataMap.logout_time},</if>
+            <if test="dataMap.http_req_line != null">#{dataMap.http_req_line},</if>
+            <if test="dataMap.desip_security_scope_id != null">#{dataMap.desip_security_scope_id},</if>
+            <if test="dataMap.srcip_security_scope_id != null">#{dataMap.srcip_security_scope_id},</if>
+            <if test="dataMap.http_resp_length != null">#{dataMap.http_resp_length}::int8,</if>
+            <if test="dataMap.tc_attack_type != null">#{dataMap.tc_attack_type},</if>
+            <if test="dataMap.tc_realip != null">#{dataMap.tc_realip}::inet,</if>
+            <if test="dataMap.attacker_ip_lists != null">#{dataMap.attacker_ip_lists},</if>
+            <if test="dataMap.login_password != null">#{dataMap.login_password},</if>
+            <if test="dataMap.detail != null">#{dataMap.detail},</if>
+            <if test="dataMap.attacker_country_code != null">#{dataMap.attacker_country_code},</if>
+            <if test="dataMap.attacker_region_code != null">#{dataMap.attacker_region_code},</if>
+            <if test="dataMap.victim_region_code != null">#{dataMap.victim_region_code},</if>
+            <if test="dataMap.payload != null">#{dataMap.payload},</if>
+            <if test="dataMap.http_referer != null">#{dataMap.http_referer},</if>
+            <if test="dataMap.http_user_agent != null">#{dataMap.http_user_agent},</if>
+            <if test="dataMap.http_session != null">#{dataMap.http_session},</if>
+            <if test="dataMap.http_query_string != null">#{dataMap.http_query_string},</if>
+            <if test="dataMap.file_path != null">#{dataMap.file_path},</if>
+            <if test="dataMap.file_permission != null">#{dataMap.file_permission},</if>
+            <if test="dataMap.login_abnormal_type != null">#{dataMap.login_abnormal_type},</if>
+            <if test="dataMap.file_tag != null">#{dataMap.file_tag},</if>
+            <if test="dataMap.file_platform != null">#{dataMap.file_platform},</if>
+            <if test="dataMap.target_ip != null">#{dataMap.target_ip}::inet,</if>
+            <if test="dataMap.collect_date != null">#{dataMap.collect_date},</if>
+            <if test="dataMap.tc_client_ip != null">#{dataMap.tc_client_ip}::inet,</if>
+            <if test="dataMap.tc_server_ip != null">#{dataMap.tc_server_ip}::inet,</if>
+            <if test="dataMap.tc_externalip != null">#{dataMap.tc_externalip}::inet,</if>
+            <if test="dataMap.http_status_code != null">#{dataMap.http_status_code}::int8,</if>
+            <if test="dataMap.device_domian != null">#{dataMap.device_domian},</if>
+            <if test="dataMap.src_ip_str != null">#{dataMap.src_ip_str},</if>
+            <if test="dataMap.src_port_str != null">#{dataMap.src_port_str},</if>
+            <if test="dataMap.dest_ip_str != null">  #{dataMap.dest_ip_str} ,</if>
+            <if test="dataMap.dest_port_str != null">CAST(#{dataMap.dest_port_str} AS text),</if>
+            <if test="dataMap.pcap != null">#{dataMap.pcap},</if>
+            <if test="dataMap.ioc != null">#{dataMap.ioc},</if>
+            <if test="dataMap.malicious_family != null">#{dataMap.malicious_family},</if>
+            <if test="dataMap.vuln_cve != null">#{dataMap.vuln_cve},</if>
+            <if test="dataMap.aliyun_type != null">#{dataMap.aliyun_type},</if>
+            <if test="dataMap.attacker_host_asset_name != null">#{dataMap.attacker_host_asset_name},</if>
+            <if test="dataMap.attacker_organization_name != null">#{dataMap.attacker_organization_name},</if>
+            <if test="dataMap.ct_id != null">#{dataMap.ct_id},</if>
+            <if test="dataMap.cve_list != null">#{dataMap.cve_list},</if>
+            <if test="dataMap.desip_organization_name != null">#{dataMap.desip_organization_name},</if>
+            <if test="dataMap.dest_ip_group != null">#{dataMap.dest_ip_group},</if>
+            <if test="dataMap.file_gid != null">#{dataMap.file_gid},</if>
+            <if test="dataMap.file_owner != null">#{dataMap.file_owner},</if>
+            <if test="dataMap.file_ownergroup != null">#{dataMap.file_ownergroup},</if>
+            <if test="dataMap.file_uid != null">#{dataMap.file_uid},</if>
+            <if test="dataMap.http_resp_cookie != null">#{dataMap.http_resp_cookie},</if>
+            <if test="dataMap.origin_rule_id != null">#{dataMap.origin_rule_id},</if>
+            <if test="dataMap.origin_rule_name != null">#{dataMap.origin_rule_name},</if>
+            <if test="dataMap.service_name != null">#{dataMap.service_name},</if>
+            <if test="dataMap.src_ip_asset_group != null">#{dataMap.src_ip_asset_group},</if>
+            <if test="dataMap.srcip_organization_name != null">#{dataMap.srcip_organization_name},</if>
+            <if test="dataMap.victim_host_asset_name != null">#{dataMap.victim_host_asset_name},</if>
+            <if test="dataMap.http_resp_codes != null">#{dataMap.http_resp_codes}::bigint,</if>
+            <if test="dataMap.victim_organization_name != null">#{dataMap.victim_organization_name},</if>
+            <if test="dataMap.tc_type != null">#{dataMap.tc_type},</if>
+            <if test="dataMap.direction != null">#{dataMap.direction},</if>
+            <if test="dataMap.http_req_cookie != null">#{dataMap.http_req_cookie},</if>
+            <if test="dataMap.http_req_protocol != null">#{dataMap.http_req_protocol},</if>
+            <if test="dataMap.http_req_header_raw != null">#{dataMap.http_req_header_raw},</if>
+            <if test="dataMap.http_url != null">#{dataMap.http_url},</if>
+            <if test="dataMap.uname != null">#{dataMap.uname},</if>
+            <if test="dataMap.origin_hostname != null">#{dataMap.origin_hostname},</if>
+            <if test="dataMap.origin_os != null">#{dataMap.origin_os},</if>
+            <if test="dataMap.origin_agent_mac != null">#{dataMap.origin_agent_mac},</if>
+            <if test="dataMap.origin_host_id != null">#{dataMap.origin_host_id},</if>
+            <if test="dataMap.origin_agent_version != null">#{dataMap.origin_agent_version},</if>
+            <if test="dataMap.origin_agent_id != null">#{dataMap.origin_agent_id},</if>
+            <if test="dataMap.origin_agent_name != null">#{dataMap.origin_agent_name},</if>
+            <if test="dataMap.origin_work_group != null">#{dataMap.origin_work_group},</if>
+            <if test="dataMap.origin_asset_group != null">#{dataMap.origin_asset_group},</if>
+            <if test="dataMap.origin_local_port != null">#{dataMap.origin_local_port}::int8,</if>
+            <if test="dataMap.origin_agent_ip != null">#{dataMap.origin_agent_ip}::inet,</if>
+            <if test="dataMap.origin_internal_ip != null">#{dataMap.origin_internal_ip}::inet,</if>
+            <if test="dataMap.origin_external_ip != null">#{dataMap.origin_external_ip}::inet,</if>
+            <if test="dataMap.origin_local_addr != null">#{dataMap.origin_local_addr}::inet,</if>
+            <if test="dataMap.agent_id != null">#{dataMap.agent_id}::int8,</if>
+            <if test="dataMap.agent_name != null">#{dataMap.agent_name},</if>
+            <if test="dataMap.tc_title != null">#{dataMap.tc_title},</if>
+            <if test="dataMap.log_id != null">#{dataMap.log_id},</if>
+            <if test="dataMap.event_date != null">#{dataMap.event_date},</if>
+            <if test="dataMap.event_time_ts != null">#{dataMap.event_time_ts},</if>
+            <if test="dataMap.event_level != null">#{dataMap.event_level}::int ,</if>
+            <if test="dataMap.src_ip != null">#{dataMap.src_ip}::inet,</if>
+            <if test="dataMap.src_port != null">#{dataMap.src_port}::BIGINT ,</if>
+            <if test="dataMap.dest_ip != null">#{dataMap.dest_ip}::inet,</if>
+            <if test="dataMap.dest_port != null">#{dataMap.dest_port}::BIGINT,</if>
+            <if test="dataMap.event_time != null">#{dataMap.event_time},</if>
+            <if test="dataMap.attacker_country != null">#{dataMap.attacker_country},</if>
+            <if test="dataMap.src_mac != null">#{dataMap.src_mac},</if>
+            <if test="dataMap.dest_mac != null">#{dataMap.dest_mac},</if>
+            <if test="dataMap.proto != null">#{dataMap.proto},</if>
+            <if test="dataMap.dev_id != null">#{dataMap.dev_id}::int8,</if>
+            <if test="dataMap.created_time != null">#{dataMap.created_time},</if>
+            <if test="dataMap.src_country != null">#{dataMap.src_country},</if>
+            <if test="dataMap.src_country_code != null">#{dataMap.src_country_code},</if>
+            <if test="dataMap.src_region != null">#{dataMap.src_region},</if>
+            <if test="dataMap.src_region_code != null">#{dataMap.src_region_code},</if>
+            <if test="dataMap.src_city != null">#{dataMap.src_city},</if>
+            <if test="dataMap.src_lon != null">#{dataMap.src_lon},</if>
+            <if test="dataMap.http_method != null">#{dataMap.http_method},</if>
+            <if test="dataMap.http_host != null">#{dataMap.http_host},</if>
+            <if test="dataMap.http_req_header != null">#{dataMap.http_req_header},</if>
+            <if test="dataMap.http_req_body != null">#{dataMap.http_req_body},</if>
+            <if test="dataMap.http_resp_header != null">#{dataMap.http_resp_header},</if>
+            <if test="dataMap.http_resp_body != null">#{dataMap.http_resp_body},</if>
+            <if test="dataMap.file_type != null">#{dataMap.file_type},</if>
+            <if test="dataMap.file_md5 != null">#{dataMap.file_md5},</if>
+            <if test="dataMap.file_size != null">#{dataMap.file_size},</if>
+            <if test="dataMap.process != null">#{dataMap.process},</if>
+            <if test="dataMap.start_time != null">#{dataMap.start_time},</if>
+            <if test="dataMap.action != null">#{dataMap.action},</if>
+            <if test="dataMap.attacker_region != null">#{dataMap.attacker_region},</if>
+            <if test="dataMap.end_time != null">#{dataMap.end_time},</if>
+            <if test="dataMap.file_created_time != null">#{dataMap.file_created_time},</if>
+            <if test="dataMap.file_modified_time != null">#{dataMap.file_modified_time},</if>
+            <if test="dataMap.tc_miguan_scan_port != null">#{dataMap.tc_miguan_scan_port}::inet,</if>
+            <if test="dataMap.process_path != null">#{dataMap.process_path},</if>
+            <if test="dataMap.parent_process_path != null">#{dataMap.parent_process_path},</if>
+            <if test="dataMap.gname != null">#{dataMap.gname},</if>
+            <if test="dataMap.exe_name != null">#{dataMap.exe_name},</if>
+            <if test="dataMap.exe_path != null">#{dataMap.exe_path},</if>
+            <if test="dataMap.login_time != null">#{dataMap.login_time},</if>
+            <if test="dataMap.login_times != null">#{dataMap.login_times}::int8,</if>
+            <if test="dataMap.check_item != null">#{dataMap.check_item},</if>
+            <if test="dataMap.check_type != null">#{dataMap.check_type},</if>
+            <if test="dataMap.attacker_ip != null">#{dataMap.attacker_ip}::inet,</if>
+            <if test="dataMap.attacker_port != null">#{dataMap.attacker_port}::int8,</if>
+            <if test="dataMap.victim_ip != null">#{dataMap.victim_ip}::inet,</if>
+            <if test="dataMap.victim_port != null">#{dataMap.victim_port}::int8,</if>
+            <if test="dataMap.attacker_city != null">#{dataMap.attacker_city},</if>
+            <if test="dataMap.attacker_lon != null">#{dataMap.attacker_lon},</if>
+            <if test="dataMap.attacker_lat != null">#{dataMap.attacker_lat},</if>
+            <if test="dataMap.victim_country != null">#{dataMap.victim_country},</if>
+            <if test="dataMap.victim_region != null">#{dataMap.victim_region},</if>
+            <if test="dataMap.victim_city != null">#{dataMap.victim_city},</if>
+            <if test="dataMap.victim_lon != null">#{dataMap.victim_lon},</if>
+            <if test="dataMap.victim_lat != null">#{dataMap.victim_lat},</if>
+            <if test="dataMap.origin_event_id != null">#{dataMap.origin_event_id},</if>
+            <if test="dataMap.origin_event_name != null">#{dataMap.origin_event_name},</if>
+            <if test="dataMap.origin_event_category != null">#{dataMap.origin_event_category},</if>
+            <if test="dataMap.origin_event_level != null">#{dataMap.origin_event_level},</if>
+            <if test="dataMap.origin_attack_chain != null">#{dataMap.origin_attack_chain},</if>
+            <if test="dataMap.engine_type != null">#{dataMap.engine_type},</if>
+            <if test="dataMap.evil_payload != null">#{dataMap.evil_payload},</if>
+            <if test="dataMap.http_resp_status != null">#{dataMap.http_resp_status},</if>
+            <if test="dataMap.dns_query != null">#{dataMap.dns_query},</if>
+            <if test="dataMap.dns_query_type != null">#{dataMap.dns_query_type},</if>
+            <if test="dataMap.dns_ttl != null">#{dataMap.dns_ttl},</if>
+            <if test="dataMap.dns_answer != null">#{dataMap.dns_answer},</if>
+            <if test="dataMap.dns_subdomains != null">#{dataMap.dns_subdomains},</if>
+            <if test="dataMap.file_sha256 != null">#{dataMap.file_sha256},</if>
+            <if test="dataMap.file_ssdeep != null">#{dataMap.file_ssdeep},</if>
+            <if test="dataMap.victim_country_code != null">#{dataMap.victim_country_code},</if>
+            <if test="dataMap.http_xff_ip != null">#{dataMap.http_xff_ip},</if>
+            <if test="dataMap.tc_miguan_class != null">#{dataMap.tc_miguan_class}::inet,</if>
+            <if test="dataMap.pid != null">#{dataMap.pid},</if>
+            <if test="dataMap.ppid != null">#{dataMap.ppid},</if>
+            <if test="dataMap.process_name != null">#{dataMap.process_name},</if>
+            <if test="dataMap.backdoor_type != null">#{dataMap.backdoor_type},</if>
+            <if test="dataMap.tty != null">#{dataMap.tty},</if>
+            <if test="dataMap.sudo_user != null">#{dataMap.sudo_user},</if>
+            <if test="dataMap.sudo_group != null">#{dataMap.sudo_group},</if>
+            <if test="dataMap.origin_event_type != null">#{dataMap.origin_event_type},</if>
+            <if test="dataMap.dest_domain != null">#{dataMap.dest_domain},</if>
+            <if test="dataMap.shell_cmdline != null">#{dataMap.shell_cmdline},</if>
+            <if test="dataMap.parent_cmdline != null">#{dataMap.parent_cmdline},</if>
+            <if test="dataMap.attack_chain != null">#{dataMap.attack_chain},</if>
+            <if test="dataMap.process_tree != null">#{dataMap.process_tree},</if>
+            <if test="dataMap.host_file_sha256 != null">#{dataMap.host_file_sha256},</if>
+            <if test="dataMap.host_file_md5 != null">#{dataMap.host_file_md5},</if>
+            <if test="dataMap.host_file_size != null">#{dataMap.host_file_size},</if>
+            <if test="dataMap.host_file_type != null">#{dataMap.host_file_type},</if>
+            <if test="dataMap.dest_country != null">#{dataMap.dest_country},</if>
+            <if test="dataMap.dest_country_code != null">#{dataMap.dest_country_code},</if>
+            <if test="dataMap.log_origin != null">#{dataMap.log_origin},</if>
+            <if test="dataMap.dest_region != null">#{dataMap.dest_region},</if>
+            <if test="dataMap.src_lat != null">#{dataMap.src_lat},</if>
+            <if test="dataMap.dest_region_code != null">#{dataMap.dest_region_code},</if>
+            <if test="dataMap.dest_city != null">#{dataMap.dest_city},</if>
+            <if test="dataMap.dest_lon != null">#{dataMap.dest_lon},</if>
+            <if test="dataMap.dest_lat != null">#{dataMap.dest_lat},</if>
+            <if test="dataMap.event_category != null">#{dataMap.event_category}::int4,</if>
+            <if test="dataMap.attack_result != null">#{dataMap.attack_result}::int4,</if>
+            <if test="dataMap.probe_ip != null">#{dataMap.probe_ip}::inet,</if>
+            <if test="dataMap.device_ip != null">#{dataMap.device_ip}::inet,</if>
+            <if test="dataMap.device_manufacturer != null">#{dataMap.device_manufacturer},</if>
+            <if test="dataMap.device_name != null">#{dataMap.device_name},</if>
+            <if test="dataMap.product_name != null">#{dataMap.product_name},</if>
+            <if test="dataMap.__id != null">#{dataMap.__id},</if>
+            <if test="dataMap.__count != null">#{dataMap.__count}::int8,</if>
+            <if test="dataMap.__count_reason != null">#{dataMap.__count_reason},</if>
+            <if test="dataMap.event_type != null">#{dataMap.event_type}::int,</if>
+            <if test="dataMap.protocol != null">#{dataMap.protocol},</if>
+            <if test="dataMap.shell_cmd != null">#{dataMap.shell_cmd},</if>
+            <if test="dataMap.parent_name != null">#{dataMap.parent_name},</if>
+            <if test="dataMap.host_file_path != null">#{dataMap.host_file_path},</if>
+            <if test="dataMap.uid != null">#{dataMap.uid},</if>
+            <if test="dataMap.fall != null">#{dataMap.fall}::int4,</if>
+            <if test="dataMap.tc_miguan_server_ip != null">#{dataMap.tc_miguan_server_ip}::inet,</if>
+            <if test="dataMap.dev_type != null">#{dataMap.dev_type}::int4,</if>
+            <if test="dataMap.collect_method != null">#{dataMap.collect_method}::int4,</if>
+            <if test="dataMap.field_cate_id != null">#{dataMap.field_cate_id}::int4,</if>
+            <if test="dataMap.device_type != null">#{dataMap.device_type}::int4,</if>
+            <if test="dataMap.tc_miguan_client_ip != null">#{dataMap.tc_miguan_client_ip}::inet,</if>
+            <if test="dataMap.tc_miguan_name != null">#{dataMap.tc_miguan_name}::inet,</if>
+            <if test="dataMap.origin_total_packages != null">#{dataMap.origin_total_packages}::int8,</if>
+            <if test="dataMap.origin_total_bytes != null">#{dataMap.origin_total_bytes}::int8,</if>
+            <if test="dataMap.origin_peak_packages_rate != null">#{dataMap.origin_peak_packages_rate}::int8,</if>
+            <if test="dataMap.origin_peak_bytes_rate != null">#{dataMap.origin_peak_bytes_rate}::int8,</if>
+            <if test="dataMap.origin_peak_flows_rate != null">#{dataMap.origin_peak_flows_rate}::int8,</if>
+            <if test="dataMap.apt_orgname != null">#{dataMap.apt_orgname},</if>
+            <if test="dataMap.apt_orgmsg != null">#{dataMap.apt_orgmsg},</if>
+            <if test="dataMap.mail_message_id != null">#{dataMap.mail_message_id},</if>
+            <if test="dataMap.mail_bcc != null">#{dataMap.mail_bcc},</if>
+            <if test="dataMap.mail_size != null">#{dataMap.mail_size},</if>
+            <if test="dataMap.mail_attach_hashcode != null">#{dataMap.mail_attach_hashcode},</if>
+            <if test="dataMap.mail_url != null">#{dataMap.mail_url},</if>
+            <if test="dataMap.mail_cc != null">#{dataMap.mail_cc},</if>
+            <if test="dataMap.algorithm != null">#{dataMap.algorithm},</if>
+            <if test="dataMap.miningpool_ip != null">#{dataMap.miningpool_ip}::inet,</if>
+            <if test="dataMap.process_md5 != null">#{dataMap.process_md5},</if>
+            <if test="dataMap.pprocess_md5 != null">#{dataMap.pprocess_md5},</if>
+            <if test="dataMap.source_servername != null">#{dataMap.source_servername},</if>
+            <if test="dataMap.origin_source_servername != null">#{dataMap.origin_source_servername},</if>
+            <if test="dataMap.mail_filename != null">#{dataMap.mail_filename},</if>
+            <if test="dataMap.dst_upload_appname != null">#{dataMap.dst_upload_appname},</if>
+            <if test="dataMap.target_port != null">#{dataMap.target_port}::int8,</if>
+            <if test="dataMap.gid != null">#{dataMap.gid},</if>
+            <if test="dataMap.origin_uid != null">#{dataMap.origin_uid},</if>
+            <if test="dataMap.origin_gid != null">#{dataMap.origin_gid},</if>
+            <if test="dataMap.target_ports != null">#{dataMap.target_ports}::int8,</if>
+            <if test="dataMap.tc_miguan_name1 != null">#{dataMap.tc_miguan_name1},</if>
+            <if test="dataMap.tc_miguan_class1 != null">#{dataMap.tc_miguan_class1},</if>
+            <if test="dataMap.etl_time != null">#{dataMap.etl_time},</if>
+            <if test="dataMap.tc_miguan_scan_port2 != null">#{dataMap.tc_miguan_scan_port2},</if>
+            <if test="dataMap.desip_security_scope != null">#{dataMap.desip_security_scope},</if>
+            <if test="dataMap.srcip_security_scope != null">#{dataMap.srcip_security_scope},</if>
+            <if test="dataMap.collect_time_ts != null">#{dataMap.collect_time_ts},</if>
+            <if test="dataMap.tc_miguan_scan_port1 != null">#{dataMap.tc_miguan_scan_port1}::inet,</if>
+            <if test="dataMap.src_dev_name != null">#{dataMap.src_dev_name},</if>
+            <if test="dataMap.collect_protocol != null">#{dataMap.collect_protocol},</if>
+            <if test="dataMap.destination_system_type != null">#{dataMap.destination_system_type},</if>
+            <if test="dataMap.destination_system != null">#{dataMap.destination_system},</if>
+            <if test="dataMap.etl_host != null">#{dataMap.etl_host},</if>
+            <if test="dataMap.normalize_rule_id != null">#{dataMap.normalize_rule_id},</if>
+            <if test="dataMap.normalize_rule_name != null">#{dataMap.normalize_rule_name},</if>
+            <if test="dataMap.syslog_uuid != null">#{dataMap.syslog_uuid},</if>
+            <if test="dataMap.syslog_topic != null">#{dataMap.syslog_topic},</if>
+        </trim>
+    </insert>
+
+    <!-- 使用实体类插入 -->
+    <insert id="insertByEntity" parameterType="com.common.entity.SyslogNormalData">
+        INSERT INTO syslog_normal_data
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="id != null">id,</if>
+            <if test="createdAt != null">created_at,</if>
+            <if test="logTime != null">log_time,</if>
+            <if test="deviceId != null">device_id,</if>
+            <!-- 其他字段类似，按照驼峰命名法 -->
+        </trim>
+        VALUES
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="id != null">#{id},</if>
+            <if test="createdAt != null">#{createdAt},</if>
+            <if test="logTime != null">#{logTime},</if>
+            <if test="deviceId != null">#{deviceId},</if>
+            <!-- 其他字段类似 -->
+        </trim>
+    </insert>
+
+    <!-- 批量插入 -->
+    <insert id="batchInsert" parameterType="map">
+        INSERT INTO syslog_normal_data
+        (id, log_time, src_ip, dest_ip, event_level)
+        VALUES
+        <foreach collection="dataList" item="item" separator=",">
+            (#{item.id}, #{item.log_time}, #{item.src_ip}, #{item.dest_ip}, #{item.event_level})
+        </foreach>
+    </insert>
+
+</mapper>

haobang-security-dm/syslog-consumer-rule/target/classes/mapper/XdrHoneypotMapper.xml

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper
+        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.XdrHoneypotMapper">
+
+    <resultMap id="xdrHoneypotResultMap" type="com.common.entity.XdrHoneypot">
+        <id property="id" column="id"/>
+        <result property="vcsource" column="vcsource"/>
+        <result property="dstartTime" column="dstart_time"/>
+        <result property="dtime" column="dtime"/>
+        <result property="riskLevel" column="risk_level"/>
+        <result property="vcconnection" column="vcconnection"/>
+        <result property="fileInfo" column="file_info"/>
+        <result property="extra" column="extra"/>
+        <result property="vctype" column="vctype"/>
+        <result property="agentSn" column="agent_sn"/>
+        <result property="agentName" column="agent_name"/>
+        <result property="honeypotId" column="honeypot_id"/>
+        <result property="honeypotName" column="honeypot_name"/>
+        <result property="srcIp" column="src_ip"/>
+        <result property="srcPort" column="src_port"/>
+        <result property="srcMac" column="src_mac"/>
+        <result property="destIp" column="dest_ip"/>
+        <result property="destPort" column="dest_port"/>
+        <result property="proxyIp" column="proxy_ip"/>
+        <result property="node" column="node"/>
+    </resultMap>
+
+    <!-- 批量插入 -->
+    <insert id="batchInsert" parameterType="java.util.List" useGeneratedKeys="true" keyProperty="id">
+        INSERT INTO xdr_honeypot (
+        vcsource, dstart_time, dtime, risk_level, vcconnection,
+        file_info, extra, vctype, agent_sn, agent_name,
+        honeypot_id, honeypot_name, src_ip, src_port, src_mac,
+        dest_ip, dest_port, proxy_ip, node
+        ) VALUES
+        <foreach collection="list" item="item" index="index" separator=",">
+            (
+            #{item.vcsource}, #{item.dstartTime}, #{item.dtime}, #{item.riskLevel}, #{item.vcconnection},
+            #{item.fileInfo}, #{item.extra}, #{item.vctype}, #{item.agentSn}, #{item.agentName},
+            #{item.honeypotId}, #{item.honeypotName}, #{item.srcIp}, #{item.srcPort}, #{item.srcMac},
+            #{item.destIp}, #{item.destPort}, #{item.proxyIp}, #{item.node}
+            )
+        </foreach>
+    </insert>
+
+</mapper>