nanChen/ai-security-xdr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1、新增功能探针联动处置、心跳在线检测

Browse Source 
2、syslog-consumer模块拆分 syslog-consumer-rule模块实现日志数据消费、解析、泛化入库。
This commit is contained in:
nanChen
2026-05-28 14:30:06 +08:00
parent 19c563b3f3
commit a360895292
1479 changed files with 116572 additions and 4549 deletions
Download Patch File Download Diff File Expand all files Collapse all files
haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/AccessLogAlertService.java
+24
View File
@@ -272,6 +272,9 @@ public class AccessLogAlertService {
logObject.put("_source.vlan_id", "");
logObject.put("_type", "skyeye-file");
//补充syslog_normal_data.device_id 字段
logObject.put("_source.device_id", logData.getDeviceId() != null ? logData.getDeviceId() : "");
requestArray.add(logObject);
}
@@ -416,12 +419,33 @@ public class AccessLogAlertService {
log.debug("算法:{},ID:{} ,AlarmNme:{} 没有返回 origin_log节点.",AlgorithmName, alarmVisit.getId(), alarmVisit.getAlarmName());
return false;
}
/** 旧版有BUG
alarmVisit.setAttackPort( new Integer[]{alarmResult.getInteger("_source.sport")} );
alarmVisit.setVictimPort( new Integer[]{alarmResult.getInteger("_source.dport")} );
alarmVisit.setAttackMethod(alarmResult.getString("_source.method") );
String deviceIp= alarmResult.getString("_source.device_ip");
//alarmVisit.setDeviceId( new Integer[]{ getDeviceID(deviceIp)} );
alarmVisit.setHttpStatus( alarmResult.getString("_source.status"));
**/
// _source.sport/dport 在 JSON 中为字符串类型,需要用 getString() 读取后 parseInt
String sportStr = originLogObject.getString("_source.sport");
if (sportStr != null && !sportStr.isEmpty()) {
alarmVisit.setAttackPort(new Integer[]{Integer.parseInt(sportStr)});
}
String dportStr = originLogObject.getString("_source.dport");
if (dportStr != null && !dportStr.isEmpty()) {
alarmVisit.setVictimPort(new Integer[]{Integer.parseInt(dportStr)});
}
alarmVisit.setAttackMethod(originLogObject.getString("_source.method"));
String deviceIp = originLogObject.getString("_source.device_ip");
//alarmVisit.setDeviceId( new Integer[]{ getDeviceID(deviceIp)} );
//补充alarm_visist.device_id
String deviceidStr = originLogObject.getString("_source.device_id");
if (deviceidStr != null && !deviceidStr.isEmpty()) {
alarmVisit.setDeviceId(new Integer[]{Integer.parseInt(deviceidStr)});
}
return true;
} catch (Exception e) {
log.error("算法:{} 补充原始记录日志字段异常。error:{} ",AlgorithmName,e.getMessage(), e );