SELECT id, created_at, log_time, device_ip, dest_ip, dest_port, dest_mac, src_ip, src_port, src_mac, host_file_path, file_md5, file_name, dest_city, dest_country, dest_lat, dest_lon, src_city, src_country, src_country_code, src_lat, src_lon, http_host, host_file_md5, http_req_header_raw, http_method, http_resp_content_type, proto, http_referer, http_url, http_status_code, -- 可选字段 event_date, attack_result, engine_type, syslog_uuid, syslog_topic FROM syslog_normal_data WHERE created_at >= #{startTime} ORDER BY created_at ASC SELECT id, created_at, log_time, device_ip, dest_ip, dest_port, dest_mac, src_ip, src_port, src_mac, host_file_path, file_md5, file_name, dest_city, dest_country, dest_lat, dest_lon, src_city, src_country, src_country_code, src_lat, src_lon, http_host, host_file_md5, http_req_header_raw, http_method, http_resp_content_type, proto, http_referer, http_url, http_status_code, vlan_id FROM syslog_normal_data WHERE created_at >= #{startTime} ORDER BY created_at ASC INSERT INTO syslog_normal_data id, created_at, log_time, device_id, webshell_type, vuirs_type, vuirs_url, class_filename, class_path, parent_class, jar_path, class_md5, class_loader, class_hashcode, class_loader_hashcode, tc_nameip, perform_sql, tc_account, tc_appname, process_uname, p_process_uname, container_name, container_id, http_resp_server, srcip_id, cdnip, natip, mail_sender, mail_receiver, vpn_mac, vpn_os, vpn_user, vpn_groupname, vpn_access_ip, dest_ip_apt, origin_attack_result, description, solution, attack_cause, username, tc_flow_id, login_result, cmdline, origin_attack_action, victim_domain, vpn_deviceid, vpn_access_action, file_access_time, file_name, tc_class, tc_name2, login_lasttime, origin_permissions, begin_permissions, print_time, printer, printer_type, print_pages, print_copies, src_device, dst_device, src_file, src_file_type, src_file_path, dst_file, dst_file_type, dst_file_path, dlp_policy_name, dlp_policy_type, dst_upload_url, process_uuid, p_process_uuid, env, brute_force_service, vuirs_name, http_req_length, http_req_content_type, tc_scan_port, tc_labels, http_resp_content_type, dns_msg_type, dns_answer_length, dns_ioc, tx_bytes, rx_bytes, all_bytes, duration_time, mail_attach_name, mail_subject, mail_message, mail_send_server, mail_agent, tls_version, tls_server_cert, tls_server_suite, tls_client_suites_len, tls_ja3, tls_ja3s, vpn_access_port, log_topic, collect_time, src_is_intranetip, src_ip_ioc, src_ip_apt, srcip_name, tc_client, srcip_organization_id, dest_ip_intranetip, dest_ip_ioc, desip_id, desip_name, tc_hostip, desip_organization_id, origin_confidence, origin_malscore, attacker_icampaign, attacker_host_asset_id, attacker_organization_id, victim_host_asset_id, victim_organization_id, logout_time, http_req_line, desip_security_scope_id, srcip_security_scope_id, http_resp_length, tc_attack_type, tc_realip, attacker_ip_lists, login_password, detail, attacker_country_code, attacker_region_code, victim_region_code, payload, http_referer, http_user_agent, http_session, http_query_string, file_path, file_permission, login_abnormal_type, file_tag, file_platform, target_ip, collect_date, tc_client_ip, tc_server_ip, tc_externalip, http_status_code, device_domian, src_ip_str, src_port_str, dest_ip_str, dest_port_str, pcap, ioc, malicious_family, vuln_cve, aliyun_type, attacker_host_asset_name, attacker_organization_name, ct_id, cve_list, desip_organization_name, dest_ip_group, file_gid, file_owner, file_ownergroup, file_uid, http_resp_cookie, origin_rule_id, origin_rule_name, service_name, src_ip_asset_group, srcip_organization_name, victim_host_asset_name, http_resp_codes, victim_organization_name, tc_type, direction, http_req_cookie, http_req_protocol, http_req_header_raw, http_url, uname, origin_hostname, origin_os, origin_agent_mac, origin_host_id, origin_agent_version, origin_agent_id, origin_agent_name, origin_work_group, origin_asset_group, origin_local_port, origin_agent_ip, origin_internal_ip, origin_external_ip, origin_local_addr, agent_id, agent_name, tc_title, log_id, event_date, event_time_ts, event_level, src_ip , src_port, dest_ip, dest_port, event_time, attacker_country, src_mac, dest_mac, proto, dev_id, created_time, src_country, src_country_code, src_region, src_region_code, src_city, src_lon, http_method, http_host, http_req_header, http_req_body, http_resp_header, http_resp_body, file_type, file_md5, file_size, process, start_time, action, attacker_region, end_time, file_created_time, file_modified_time, tc_miguan_scan_port, process_path, parent_process_path, gname, exe_name, exe_path, login_time, login_times, check_item, check_type, attacker_ip, attacker_port, victim_ip, victim_port, attacker_city, attacker_lon, attacker_lat, victim_country, victim_region, victim_city, victim_lon, victim_lat, origin_event_id, origin_event_name, origin_event_category, origin_event_level, origin_attack_chain, engine_type, evil_payload, http_resp_status, dns_query, dns_query_type, dns_ttl, dns_answer, dns_subdomains, file_sha256, file_ssdeep, victim_country_code, http_xff_ip, tc_miguan_class, pid, ppid, process_name, backdoor_type, tty, sudo_user, sudo_group, origin_event_type, dest_domain, shell_cmdline, parent_cmdline, attack_chain, process_tree, host_file_sha256, host_file_md5, host_file_size, host_file_type, dest_country, dest_country_code, log_origin, dest_region, src_lat, dest_region_code, dest_city, dest_lon, dest_lat, event_category, attack_result, probe_ip, device_ip, device_manufacturer, device_name, product_name, __id, __count, __count_reason, event_type, protocol, shell_cmd, parent_name, host_file_path, uid, fall, tc_miguan_server_ip, dev_type, collect_method, field_cate_id, device_type, tc_miguan_client_ip, tc_miguan_name, origin_total_packages, origin_total_bytes, origin_peak_packages_rate, origin_peak_bytes_rate, origin_peak_flows_rate, apt_orgname, apt_orgmsg, mail_message_id, mail_bcc, mail_size, mail_attach_hashcode, mail_url, mail_cc, algorithm, miningpool_ip, process_md5, pprocess_md5, source_servername, origin_source_servername, mail_filename, dst_upload_appname, target_port, gid, origin_uid, origin_gid, target_ports, tc_miguan_name1, tc_miguan_class1, etl_time, tc_miguan_scan_port2, desip_security_scope, srcip_security_scope, collect_time_ts, tc_miguan_scan_port1, src_dev_name, collect_protocol, destination_system_type, destination_system, etl_host, normalize_rule_id, normalize_rule_name, syslog_uuid, syslog_topic, VALUES #{dataMap.id}, #{dataMap.created_at}, #{dataMap.log_time}, #{dataMap.device_id}, #{dataMap.webshell_type}, #{dataMap.vuirs_type}, #{dataMap.vuirs_url}, #{dataMap.class_filename}, #{dataMap.class_path}, #{dataMap.parent_class}, #{dataMap.jar_path}, #{dataMap.class_md5}, #{dataMap.class_loader}, #{dataMap.class_hashcode}, #{dataMap.class_loader_hashcode}, #{dataMap.tc_nameip}, #{dataMap.perform_sql}, #{dataMap.tc_account}, #{dataMap.tc_appname}, #{dataMap.process_uname}, #{dataMap.p_process_uname}, #{dataMap.container_name}, #{dataMap.container_id}, #{dataMap.http_resp_server}, #{dataMap.srcip_id}::int8, #{dataMap.cdnip}::inet, #{dataMap.natip}::inet, #{dataMap.mail_sender}, #{dataMap.mail_receiver}, #{dataMap.vpn_mac}, #{dataMap.vpn_os}, #{dataMap.vpn_user}, #{dataMap.vpn_groupname}, #{dataMap.vpn_access_ip}, #{dataMap.dest_ip_apt}, #{dataMap.origin_attack_result}, #{dataMap.description}, #{dataMap.solution}, #{dataMap.attack_cause}, #{dataMap.username}, #{dataMap.tc_flow_id}, #{dataMap.login_result}, #{dataMap.cmdline}, #{dataMap.origin_attack_action}, #{dataMap.victim_domain}, #{dataMap.vpn_deviceid}, #{dataMap.vpn_access_action}, #{dataMap.file_access_time}, #{dataMap.file_name}, #{dataMap.tc_class}, #{dataMap.tc_name2}, #{dataMap.login_lasttime}, #{dataMap.origin_permissions}, #{dataMap.begin_permissions}, #{dataMap.print_time}, #{dataMap.printer}, #{dataMap.printer_type}, #{dataMap.print_pages}::int8, #{dataMap.print_copies}::int8, #{dataMap.src_device}, #{dataMap.dst_device}, #{dataMap.src_file}, #{dataMap.src_file_type}, #{dataMap.src_file_path}, #{dataMap.dst_file}, #{dataMap.dst_file_type}, #{dataMap.dst_file_path}, #{dataMap.dlp_policy_name}, #{dataMap.dlp_policy_type}, #{dataMap.dst_upload_url}, #{dataMap.process_uuid}, #{dataMap.p_process_uuid}, #{dataMap.env}, #{dataMap.brute_force_service}, #{dataMap.vuirs_name}, #{dataMap.http_req_length}::int8, #{dataMap.http_req_content_type}, #{dataMap.tc_scan_port}::inet, #{dataMap.tc_labels}::inet, #{dataMap.http_resp_content_type}, #{dataMap.dns_msg_type}, #{dataMap.dns_answer_length}, #{dataMap.dns_ioc}, #{dataMap.tx_bytes}::double precision, #{dataMap.rx_bytes}::double precision, #{dataMap.all_bytes}::double precision, #{dataMap.duration_time}::int8, #{dataMap.mail_attach_name}, #{dataMap.mail_subject}, #{dataMap.mail_message}, #{dataMap.mail_send_server}, #{dataMap.mail_agent}, #{dataMap.tls_version}, #{dataMap.tls_server_cert}, #{dataMap.tls_server_suite}, #{dataMap.tls_client_suites_len}, #{dataMap.tls_ja3}, #{dataMap.tls_ja3s}, #{dataMap.vpn_access_port}, #{dataMap.log_topic}, #{dataMap.collect_time}, #{dataMap.src_is_intranetip}, #{dataMap.src_ip_ioc}, #{dataMap.src_ip_apt}, #{dataMap.srcip_name}, #{dataMap.tc_client}, #{dataMap.srcip_organization_id}::int8, #{dataMap.dest_ip_intranetip}, #{dataMap.dest_ip_ioc}, #{dataMap.desip_id}::int8, #{dataMap.desip_name}, #{dataMap.tc_hostip}::inet, #{dataMap.desip_organization_id}::int8, #{dataMap.origin_confidence}, #{dataMap.origin_malscore}, #{dataMap.attacker_icampaign}, #{dataMap.attacker_host_asset_id}::int8, #{dataMap.attacker_organization_id}::int8, #{dataMap.victim_host_asset_id}::int8, #{dataMap.victim_organization_id}::int8, #{dataMap.logout_time}, #{dataMap.http_req_line}, #{dataMap.desip_security_scope_id}, #{dataMap.srcip_security_scope_id}, #{dataMap.http_resp_length}::int8, #{dataMap.tc_attack_type}, #{dataMap.tc_realip}::inet, #{dataMap.attacker_ip_lists}, #{dataMap.login_password}, #{dataMap.detail}, #{dataMap.attacker_country_code}, #{dataMap.attacker_region_code}, #{dataMap.victim_region_code}, #{dataMap.payload}, #{dataMap.http_referer}, #{dataMap.http_user_agent}, #{dataMap.http_session}, #{dataMap.http_query_string}, #{dataMap.file_path}, #{dataMap.file_permission}, #{dataMap.login_abnormal_type}, #{dataMap.file_tag}, #{dataMap.file_platform}, #{dataMap.target_ip}::inet, #{dataMap.collect_date}, #{dataMap.tc_client_ip}::inet, #{dataMap.tc_server_ip}::inet, #{dataMap.tc_externalip}::inet, #{dataMap.http_status_code}::int8, #{dataMap.device_domian}, #{dataMap.src_ip_str}, #{dataMap.src_port_str}, #{dataMap.dest_ip_str} , CAST(#{dataMap.dest_port_str} AS text), #{dataMap.pcap}, #{dataMap.ioc}, #{dataMap.malicious_family}, #{dataMap.vuln_cve}, #{dataMap.aliyun_type}, #{dataMap.attacker_host_asset_name}, #{dataMap.attacker_organization_name}, #{dataMap.ct_id}, #{dataMap.cve_list}, #{dataMap.desip_organization_name}, #{dataMap.dest_ip_group}, #{dataMap.file_gid}, #{dataMap.file_owner}, #{dataMap.file_ownergroup}, #{dataMap.file_uid}, #{dataMap.http_resp_cookie}, #{dataMap.origin_rule_id}, #{dataMap.origin_rule_name}, #{dataMap.service_name}, #{dataMap.src_ip_asset_group}, #{dataMap.srcip_organization_name}, #{dataMap.victim_host_asset_name}, #{dataMap.http_resp_codes}::bigint, #{dataMap.victim_organization_name}, #{dataMap.tc_type}, #{dataMap.direction}, #{dataMap.http_req_cookie}, #{dataMap.http_req_protocol}, #{dataMap.http_req_header_raw}, #{dataMap.http_url}, #{dataMap.uname}, #{dataMap.origin_hostname}, #{dataMap.origin_os}, #{dataMap.origin_agent_mac}, #{dataMap.origin_host_id}, #{dataMap.origin_agent_version}, #{dataMap.origin_agent_id}, #{dataMap.origin_agent_name}, #{dataMap.origin_work_group}, #{dataMap.origin_asset_group}, #{dataMap.origin_local_port}::int8, #{dataMap.origin_agent_ip}::inet, #{dataMap.origin_internal_ip}::inet, #{dataMap.origin_external_ip}::inet, #{dataMap.origin_local_addr}::inet, #{dataMap.agent_id}::int8, #{dataMap.agent_name}, #{dataMap.tc_title}, #{dataMap.log_id}, #{dataMap.event_date}, #{dataMap.event_time_ts}, #{dataMap.event_level}::int , #{dataMap.src_ip}::inet, #{dataMap.src_port}::BIGINT , #{dataMap.dest_ip}::inet, #{dataMap.dest_port}::BIGINT, #{dataMap.event_time}, #{dataMap.attacker_country}, #{dataMap.src_mac}, #{dataMap.dest_mac}, #{dataMap.proto}, #{dataMap.dev_id}::int8, #{dataMap.created_time}, #{dataMap.src_country}, #{dataMap.src_country_code}, #{dataMap.src_region}, #{dataMap.src_region_code}, #{dataMap.src_city}, #{dataMap.src_lon}, #{dataMap.http_method}, #{dataMap.http_host}, #{dataMap.http_req_header}, #{dataMap.http_req_body}, #{dataMap.http_resp_header}, #{dataMap.http_resp_body}, #{dataMap.file_type}, #{dataMap.file_md5}, #{dataMap.file_size}, #{dataMap.process}, #{dataMap.start_time}, #{dataMap.action}, #{dataMap.attacker_region}, #{dataMap.end_time}, #{dataMap.file_created_time}, #{dataMap.file_modified_time}, #{dataMap.tc_miguan_scan_port}::inet, #{dataMap.process_path}, #{dataMap.parent_process_path}, #{dataMap.gname}, #{dataMap.exe_name}, #{dataMap.exe_path}, #{dataMap.login_time}, #{dataMap.login_times}::int8, #{dataMap.check_item}, #{dataMap.check_type}, #{dataMap.attacker_ip}::inet, #{dataMap.attacker_port}::int8, #{dataMap.victim_ip}::inet, #{dataMap.victim_port}::int8, #{dataMap.attacker_city}, #{dataMap.attacker_lon}, #{dataMap.attacker_lat}, #{dataMap.victim_country}, #{dataMap.victim_region}, #{dataMap.victim_city}, #{dataMap.victim_lon}, #{dataMap.victim_lat}, #{dataMap.origin_event_id}, #{dataMap.origin_event_name}, #{dataMap.origin_event_category}, #{dataMap.origin_event_level}, #{dataMap.origin_attack_chain}, #{dataMap.engine_type}, #{dataMap.evil_payload}, #{dataMap.http_resp_status}, #{dataMap.dns_query}, #{dataMap.dns_query_type}, #{dataMap.dns_ttl}, #{dataMap.dns_answer}, #{dataMap.dns_subdomains}, #{dataMap.file_sha256}, #{dataMap.file_ssdeep}, #{dataMap.victim_country_code}, #{dataMap.http_xff_ip}, #{dataMap.tc_miguan_class}::inet, #{dataMap.pid}, #{dataMap.ppid}, #{dataMap.process_name}, #{dataMap.backdoor_type}, #{dataMap.tty}, #{dataMap.sudo_user}, #{dataMap.sudo_group}, #{dataMap.origin_event_type}, #{dataMap.dest_domain}, #{dataMap.shell_cmdline}, #{dataMap.parent_cmdline}, #{dataMap.attack_chain}, #{dataMap.process_tree}, #{dataMap.host_file_sha256}, #{dataMap.host_file_md5}, #{dataMap.host_file_size}, #{dataMap.host_file_type}, #{dataMap.dest_country}, #{dataMap.dest_country_code}, #{dataMap.log_origin}, #{dataMap.dest_region}, #{dataMap.src_lat}, #{dataMap.dest_region_code}, #{dataMap.dest_city}, #{dataMap.dest_lon}, #{dataMap.dest_lat}, #{dataMap.event_category}::int4, #{dataMap.attack_result}::int4, #{dataMap.probe_ip}::inet, #{dataMap.device_ip}::inet, #{dataMap.device_manufacturer}, #{dataMap.device_name}, #{dataMap.product_name}, #{dataMap.__id}, #{dataMap.__count}::int8, #{dataMap.__count_reason}, #{dataMap.event_type}::int, #{dataMap.protocol}, #{dataMap.shell_cmd}, #{dataMap.parent_name}, #{dataMap.host_file_path}, #{dataMap.uid}, #{dataMap.fall}::int4, #{dataMap.tc_miguan_server_ip}::inet, #{dataMap.dev_type}::int4, #{dataMap.collect_method}::int4, #{dataMap.field_cate_id}::int4, #{dataMap.device_type}::int4, #{dataMap.tc_miguan_client_ip}::inet, #{dataMap.tc_miguan_name}::inet, #{dataMap.origin_total_packages}::int8, #{dataMap.origin_total_bytes}::int8, #{dataMap.origin_peak_packages_rate}::int8, #{dataMap.origin_peak_bytes_rate}::int8, #{dataMap.origin_peak_flows_rate}::int8, #{dataMap.apt_orgname}, #{dataMap.apt_orgmsg}, #{dataMap.mail_message_id}, #{dataMap.mail_bcc}, #{dataMap.mail_size}, #{dataMap.mail_attach_hashcode}, #{dataMap.mail_url}, #{dataMap.mail_cc}, #{dataMap.algorithm}, #{dataMap.miningpool_ip}::inet, #{dataMap.process_md5}, #{dataMap.pprocess_md5}, #{dataMap.source_servername}, #{dataMap.origin_source_servername}, #{dataMap.mail_filename}, #{dataMap.dst_upload_appname}, #{dataMap.target_port}::int8, #{dataMap.gid}, #{dataMap.origin_uid}, #{dataMap.origin_gid}, #{dataMap.target_ports}::int8, #{dataMap.tc_miguan_name1}, #{dataMap.tc_miguan_class1}, #{dataMap.etl_time}, #{dataMap.tc_miguan_scan_port2}, #{dataMap.desip_security_scope}, #{dataMap.srcip_security_scope}, #{dataMap.collect_time_ts}, #{dataMap.tc_miguan_scan_port1}::inet, #{dataMap.src_dev_name}, #{dataMap.collect_protocol}, #{dataMap.destination_system_type}, #{dataMap.destination_system}, #{dataMap.etl_host}, #{dataMap.normalize_rule_id}, #{dataMap.normalize_rule_name}, #{dataMap.syslog_uuid}, #{dataMap.syslog_topic}, INSERT INTO syslog_normal_data id, created_at, log_time, device_id, VALUES #{id}, #{createdAt}, #{logTime}, #{deviceId}, INSERT INTO syslog_normal_data (id, log_time, src_ip, dest_ip, event_level) VALUES (#{item.id}, #{item.log_time}, #{item.src_ip}, #{item.dest_ip}, #{item.event_level})