Compare commits
21 Commits
Author | SHA1 | Date |
---|---|---|
TANGWY | 04cbb1c244 | 1 week ago |
TANGWY | e49d07391b | 1 month ago |
TANGWY | 1cd91ba637 | 1 month ago |
TANGWY | 6cc52bb685 | 1 month ago |
TANGWY | ef24c45eb9 | 1 month ago |
TANGWY | 4910576413 | 1 month ago |
TANGWY | e5e6fc0db8 | 2 months ago |
TANGWY | 216269d3cb | 2 months ago |
TANGWY | e0cbf716d5 | 3 months ago |
TANGWY | 1d0236c5d6 | 3 months ago |
TANGWY | 189d1c8cdd | 3 months ago |
TANGWY | 10096ae4ec | 3 months ago |
TANGWY | 315f1470ec | 3 months ago |
TANGWY | b97f549d89 | 3 months ago |
Yang | 4f7d2f018b | 3 months ago |
TANGWY | 3e379403df | 3 months ago |
TANGWY | c0a71b95d4 | 3 months ago |
Yang | 8b5d28b7e3 | 3 months ago |
Yang | bde11596e4 | 3 months ago |
TANGWY | bfaa289153 | 3 months ago |
TANGWY | e77a5ec76f | 3 months ago |
@ -1,65 +0,0 @@ |
|||||||
#!/usr/bin/python |
|
||||||
#encoding=utf-8 |
|
||||||
# author: tangwy |
|
||||||
|
|
||||||
import json |
|
||||||
import os,re |
|
||||||
import codecs |
|
||||||
import csv |
|
||||||
import ConfigParser |
|
||||||
from ipaddr import IPRange |
|
||||||
from elasticsearch import Elasticsearch |
|
||||||
|
|
||||||
conf_path = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'conf') |
|
||||||
ini_path = os.path.join(conf_path, 'conf.ini') |
|
||||||
config = ConfigParser.ConfigParser() |
|
||||||
config.read(ini_path) |
|
||||||
|
|
||||||
ES_HOST = config.get('COMMON', 'es_host') |
|
||||||
ES_PER_COUNT = config.get('COMMON', 'es_per_count') |
|
||||||
ES_INDEX_NAME = config.get('COMMON', 'es_index_name') |
|
||||||
|
|
||||||
CSV_FILE_PATH = config.get('COMMON', 'csv_file_path') |
|
||||||
|
|
||||||
# scroll查询数据 |
|
||||||
def get_es_data(start_time,end_time): |
|
||||||
es = Elasticsearch(ES_HOST) |
|
||||||
msg = es.search(index=ES_INDEX_NAME,scroll="3m",size=ES_PER_COUNT,_source_includes= ["cookies","url","sip","dip"], query={ |
|
||||||
"bool": { |
|
||||||
"filter": { |
|
||||||
"range": { |
|
||||||
"timestamp": { |
|
||||||
"gte": start_time, |
|
||||||
"lte": end_time |
|
||||||
} |
|
||||||
} |
|
||||||
} |
|
||||||
} |
|
||||||
}) |
|
||||||
|
|
||||||
result = msg['hits']['hits'] |
|
||||||
total = msg['hits']['total'] |
|
||||||
scroll_id = msg['_scroll_id'] |
|
||||||
|
|
||||||
for i in range(0,int(total["value"]/ES_PER_COUNT)+1): |
|
||||||
query_scroll = es.scroll(scroll_id=scroll_id, scroll='3m')["hits"]["hits"] |
|
||||||
result += query_scroll |
|
||||||
return result |
|
||||||
|
|
||||||
# 读取csv文件 获取ip归属地 |
|
||||||
def get_ip_area_relation(csv_file_path): |
|
||||||
iprange_map = {} |
|
||||||
with codecs.open(csv_file_path, mode='r',encoding='utf-8') as file: |
|
||||||
csv_reader = csv.reader(file) |
|
||||||
for row in csv_reader: |
|
||||||
headers = next(csv_reader) |
|
||||||
ip_start = headers[0] |
|
||||||
ip_end = headers[1] |
|
||||||
ip_range = IPRange(ip_start, ip_end) |
|
||||||
ip_area = headers[5] |
|
||||||
print (ip_area) |
|
||||||
for ip in ip_range: |
|
||||||
iprange_map[ip] = ip_area |
|
||||||
return iprange_map |
|
||||||
|
|
||||||
get_ip_area_relation("/tmp/data/ip_area_relation.csv") |
|
@ -1,5 +0,0 @@ |
|||||||
[COMMON] |
|
||||||
es_index_name = 'bsa_traffic*' |
|
||||||
es_host = 'http://10.65.74.3:19399' |
|
||||||
es_pre_count = 100 |
|
||||||
csv_file_path = "/tmp/data/ip_area_relation.csv" |
|
@ -0,0 +1,150 @@ |
|||||||
|
{ |
||||||
|
"white_list": { |
||||||
|
"ip": [ |
||||||
|
510400, |
||||||
|
510401, |
||||||
|
510402, |
||||||
|
510405, |
||||||
|
510406, |
||||||
|
510407, |
||||||
|
510404, |
||||||
|
510403, |
||||||
|
510030, |
||||||
|
510031, |
||||||
|
510009, |
||||||
|
510008, |
||||||
|
510004, |
||||||
|
510408, |
||||||
|
510410, |
||||||
|
510409 |
||||||
|
], |
||||||
|
"account": [ |
||||||
|
510400, |
||||||
|
510401, |
||||||
|
510402, |
||||||
|
510405, |
||||||
|
510406, |
||||||
|
510407, |
||||||
|
510404, |
||||||
|
510403, |
||||||
|
510030, |
||||||
|
510031, |
||||||
|
510009, |
||||||
|
510008, |
||||||
|
510004, |
||||||
|
510408, |
||||||
|
510410, |
||||||
|
510409 |
||||||
|
], |
||||||
|
"interface": [ |
||||||
|
510400, |
||||||
|
510401, |
||||||
|
510402, |
||||||
|
510405, |
||||||
|
510406, |
||||||
|
510407, |
||||||
|
510404, |
||||||
|
510403, |
||||||
|
510030, |
||||||
|
510031, |
||||||
|
510009, |
||||||
|
510008, |
||||||
|
510004, |
||||||
|
510408, |
||||||
|
510410, |
||||||
|
510409 |
||||||
|
], |
||||||
|
"menu": [ |
||||||
|
510400, |
||||||
|
510401, |
||||||
|
510402, |
||||||
|
510405, |
||||||
|
510406, |
||||||
|
510407, |
||||||
|
510404, |
||||||
|
510403, |
||||||
|
510030, |
||||||
|
510031, |
||||||
|
510009, |
||||||
|
510008, |
||||||
|
510004, |
||||||
|
510408, |
||||||
|
510410, |
||||||
|
510409 |
||||||
|
] |
||||||
|
}, |
||||||
|
"grey_list": { |
||||||
|
"ip": [ |
||||||
|
510400, |
||||||
|
510401, |
||||||
|
510402, |
||||||
|
510405, |
||||||
|
510406, |
||||||
|
510407, |
||||||
|
510404, |
||||||
|
510403, |
||||||
|
510030, |
||||||
|
510031, |
||||||
|
510009, |
||||||
|
510008, |
||||||
|
510004, |
||||||
|
510408, |
||||||
|
510410, |
||||||
|
510409 |
||||||
|
], |
||||||
|
"account": [ |
||||||
|
510400, |
||||||
|
510401, |
||||||
|
510402, |
||||||
|
510405, |
||||||
|
510406, |
||||||
|
510407, |
||||||
|
510404, |
||||||
|
510403, |
||||||
|
510030, |
||||||
|
510031, |
||||||
|
510009, |
||||||
|
510008, |
||||||
|
510004, |
||||||
|
510408, |
||||||
|
510410, |
||||||
|
510409 |
||||||
|
], |
||||||
|
"interface": [ |
||||||
|
510400, |
||||||
|
510401, |
||||||
|
510402, |
||||||
|
510405, |
||||||
|
510406, |
||||||
|
510407, |
||||||
|
510404, |
||||||
|
510403, |
||||||
|
510030, |
||||||
|
510031, |
||||||
|
510009, |
||||||
|
510008, |
||||||
|
510004, |
||||||
|
510408, |
||||||
|
510410, |
||||||
|
510409 |
||||||
|
], |
||||||
|
"menu": [ |
||||||
|
510400, |
||||||
|
510401, |
||||||
|
510402, |
||||||
|
510405, |
||||||
|
510406, |
||||||
|
510407, |
||||||
|
510404, |
||||||
|
510403, |
||||||
|
510030, |
||||||
|
510031, |
||||||
|
510009, |
||||||
|
510008, |
||||||
|
510004, |
||||||
|
510408, |
||||||
|
510410, |
||||||
|
510409 |
||||||
|
] |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,30 @@ |
|||||||
|
{ |
||||||
|
"search_limit": 15, |
||||||
|
"dip":["10.25.108.198","10.30.61.50","10.25.110.215"], |
||||||
|
"static_ext":[".js",".css",".png",".jpg",".ico",".html",".gif",".woff",".woff2",".ttf",".htm",".svg"], |
||||||
|
"region_dict":{ |
||||||
|
"10": "省公司", |
||||||
|
"11": "武汉分公司", |
||||||
|
"17": "襄阳分公司", |
||||||
|
"13": "鄂州分公司", |
||||||
|
"26": "孝感分公司", |
||||||
|
"25": "黄冈分公司", |
||||||
|
"12": "黄石分公司", |
||||||
|
"19": "咸宁分公司", |
||||||
|
"20": "荆州分公司", |
||||||
|
"14": "宜昌分公司", |
||||||
|
"15": "恩施分公司", |
||||||
|
"16": "十堰分公司", |
||||||
|
"24": "随州分公司", |
||||||
|
"23": "荆门分公司", |
||||||
|
"1801": "江汉分公司", |
||||||
|
"1802": "潜江分公司", |
||||||
|
"1803": "天门分公司" |
||||||
|
}, |
||||||
|
"black_url":[ |
||||||
|
"/fronttrace/service/busidetaillist", |
||||||
|
"/fronttrace/service/updatebusibrief", |
||||||
|
"/ngportal/ngportal/getEmergency.action", |
||||||
|
"/ui-custsvc/u-route/custsvc/common/authcheck/reLoadCookie" |
||||||
|
] |
||||||
|
} |
@ -0,0 +1,176 @@ |
|||||||
|
# coding:utf-8 |
||||||
|
|
||||||
|
import sys |
||||||
|
import uuid |
||||||
|
import json |
||||||
|
import time |
||||||
|
import random |
||||||
|
|
||||||
|
# path = str(sys.path[0]) |
||||||
|
# home_path = path.split("isop_uebaapiData")[0] |
||||||
|
# sys.path.append(home_path) |
||||||
|
from util import send_logs |
||||||
|
|
||||||
|
def alarm(cookies, api): |
||||||
|
"""2、HTTP日志""" |
||||||
|
inputstr = '''[{"msgtype":1,"hash":"8DE9-BDAB-F622-2FA8","dev_ip":"10.67.5.17","product":"uts"},{"sid":"6004744450036c44f815500016d00a5f5151105430a3ed","timestamp":1567673939,"sip":"10.67.0.52","sport":5624,"dip":"10.67.0.53","dport":80,"protocol":6,"app":3087428650795009,"app_proto":8,"direct":4,"app.detail":{"method":"GET","http_protocol":"1.1","ret_code":200,"host":"10.67.1.1","uri":"/webtest/uploadFile.php","referer":"http://[2222::65]/webtest/","content_type":" multipart/form-data; boundary=----WebKitFormBoundary2zcCUl4lQf1h7A7S","content_type_server":" text/html","server":"Apache/2.4.4 (Win32) OpenSSL/0.9.8y PHP/5.4.19","user_agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36","link":"","cookies":"loginmainacctid=wangshiguang;operatorId=d2601586;com.huawei.boss.CURRENT_MENUID=BLAR_ChargeCrm3_WEB;","content_encoding":"","location":"","content_length":70080,"content_length_server":200,"set_cookie":"","range":"","connection":"keep-alive","connection_server":"Keep-Alive","x_forwarded_for":"","post_data":"LS0tLS0tV2ViS2l0Rm9ybUJvdW5kYXJ5MnpjQ1VsNGxRZjFoN0E3Uw0KQ29udGVudC1EaXNwb3NpdGlvbjogZm9ybS1kYXRhOyBuYW1lPSJmaWxlIjsgZmlsZW5hbWU9IjAwMDFhZDQ0MWRjYjM4NjIxOGE3Njk5MmFjZjhiNzA1Ig0=","response_body":"VXBsb2FkOiAwMDAxYWQ0NDFkY2IzODYyMThhNzY5OTJhY2Y4YjcwNTxiciAvPlR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbTxiciAvPlNpemU6IDY4LjEyNzkyOTY4NzUgS2I8YnIgLz5UZW1wIGZpbGU6IEQ6XHhhbXBwXHRtcFxwaHA2ODI1LnRtcDxiciAvPjAwMDFhZDQ0MWRjYjM4NjIxOGE3Njk5MmFjZjhiNzA1IGFscmVhZHkgZXhpc3RzLiA="}}]''' |
||||||
|
inputarr = json.loads(inputstr, strict=False) |
||||||
|
# 随机生成timestamp |
||||||
|
inputarr[1]["timestamp"] = int(time.time()) |
||||||
|
inputarr[1]["sid"] = str(uuid.uuid1()) |
||||||
|
# inputarr[1]["sip"] = "10.67.4.33" |
||||||
|
inputarr[1]["sip"] = generate_random_ip() |
||||||
|
inputarr[1]["dip"] = "10.67.1.1" |
||||||
|
inputarr[1]["dport"] = "8180" |
||||||
|
inputarr[1]["app.detail"]["uri"] = "/alarmtest.action?BMECID=352432757&BMETimestamp=1692788489260&queryNumber=158713459" |
||||||
|
inputarr[1]["app.detail"]["host"] = api |
||||||
|
inputarr[1]["app.detail"]["cookies"] = cookies |
||||||
|
inputarr[1]["account"] = get_random_person() |
||||||
|
inputarr[1]["trojan_type"] = get_random_jobnum() |
||||||
|
inputarr[1]["worm_family"] = get_random_menu() |
||||||
|
inputarr[1]["interface"] = get_random_inteface() |
||||||
|
|
||||||
|
return json.dumps(inputarr) |
||||||
|
|
||||||
|
def generate_random_ip(): |
||||||
|
# 固定前缀 "192.168." |
||||||
|
prefix = "192.168." |
||||||
|
# 生成随机的第三和第四段IP地址 |
||||||
|
third_octet = 19 |
||||||
|
fourth_octet = random.randint(0, 50) |
||||||
|
# 拼接IP地址 |
||||||
|
ip = "{}{}.{}".format(prefix, third_octet, fourth_octet) |
||||||
|
return ip |
||||||
|
|
||||||
|
def AbIDVisitAPINums510404(): |
||||||
|
datalist = {"TCP_5011": list()} |
||||||
|
ID2Area = { |
||||||
|
"武汉": ["1101820", "1101821", "1101822", "1101823", "1101825"], |
||||||
|
"荆州": ["2001800", "2001801", "2001808"], |
||||||
|
"江汉": ["1801820", "1801810"], |
||||||
|
"省公司市场部": ["1002011", "1002012", "1002013"] |
||||||
|
} |
||||||
|
api_list = ["test.alarm.com/webtest", "alarm.com/testalarm", "business.system..alarmcom", "hhh.alarm.com", |
||||||
|
"good.alarm.com"] |
||||||
|
info_list = [ |
||||||
|
["u-locale=zh_CN;loginmainacctid=zhang3;operatorId=" + ID2Area["武汉"][ |
||||||
|
0] + ";com.huawei.boss.CURRENT_MENUID=BLAR_ChargeCrm3_WEB;", 60], |
||||||
|
["u-locale=zh_CN;loginmainacctid=zhang3;operatorId=" + ID2Area["荆州"][ |
||||||
|
2] + ";com.huawei.boss.CURRENT_MENUID=BLAR_ChargeCrm3_WEB;", 120] |
||||||
|
] |
||||||
|
for i in range(len(info_list)): |
||||||
|
cookies = info_list[i][0] |
||||||
|
count = info_list[i][1] |
||||||
|
for j in range(count): |
||||||
|
api = random.choice(api_list) |
||||||
|
datalist["TCP_5011"].append(alarm(cookies, api)) |
||||||
|
for key in datalist.keys(): |
||||||
|
send_logs(datalist[key]) |
||||||
|
return "510405场景的告警数据已生成" |
||||||
|
|
||||||
|
def get_random_jobnum(): |
||||||
|
# 定义包含不同前缀的字符串数组 |
||||||
|
prefix_strings = [ |
||||||
|
['10243', '10895', '10134', '10781', '10962'], # 10打头的字符串示例 |
||||||
|
['11089', '11057', '11023', '11016', '11030'], # 110打头的字符串示例 |
||||||
|
['14076', '14049', '14098', '14032', '14061'], # 140打头的字符串示例 |
||||||
|
['26054', '26013', '26087', '26029', '26061'], # 260打头的字符串示例 |
||||||
|
['20083', '20015', '20072', '20096', '20048'], # 200打头的字符串示例 |
||||||
|
['19035', '19017', '19049', '19082', '19096'], # 190打头的字符串示例 |
||||||
|
['180237', '180276', '180204', '180295', '180219'] # 1802打头的字符串示例 |
||||||
|
] |
||||||
|
|
||||||
|
# 随机选择一个前缀数组 |
||||||
|
selected_prefix_array = random.choice(prefix_strings) |
||||||
|
# 随机选择一个具体的字符串 |
||||||
|
selected_string = random.choice(selected_prefix_array) |
||||||
|
return selected_string |
||||||
|
|
||||||
|
def get_random_person(): |
||||||
|
people_list = [ |
||||||
|
"Alice", "Bob", "Charlie", "David", "Emma", "Frank", "Grace2","Alice2", "Bob2", "Charlie2", "David2", "Emma2", "Frank2", "Grace2" |
||||||
|
] |
||||||
|
|
||||||
|
random_person = random.choice(people_list) |
||||||
|
return random_person |
||||||
|
|
||||||
|
def get_random_menu(): |
||||||
|
# 定义系统菜单列表 |
||||||
|
system_menu = [ |
||||||
|
"开发", "测试", "部署", "配置", "设置", "安装", "卸载", "升级", "更新", |
||||||
|
"修复", "修正", "修补", "更新", "安全", "保护", "防护", "防御", "防止", |
||||||
|
"检查", "扫描", "监控", "跟踪", "追踪", "审计", "审查", "测试", "测量" |
||||||
|
] |
||||||
|
|
||||||
|
# 随机选择一个菜单项 |
||||||
|
random_menu_item = random.choice(system_menu) |
||||||
|
return random_menu_item |
||||||
|
|
||||||
|
def get_random_inteface(): |
||||||
|
# 定义系统菜单列表 |
||||||
|
system_menu = [ |
||||||
|
"http://bai1.doc.com/api", "http://bai2.doc.com/api", "http://bai3.doc.com/api", "http://bai4.doc.com/api", "http://bai5.doc.com/api", "http://bai12.doc.com/api","http://bai13.doc.com/api", "http://bai19.doc.com/api", |
||||||
|
"http://bai6.doc.com/api", "http://bai7.doc.com/api", "http://bai8.doc.com/api", "http://bai9.doc.com/api", "http://bai11.doc.com/api" |
||||||
|
] |
||||||
|
|
||||||
|
# 随机选择一个菜单项 |
||||||
|
random_menu_item = random.choice(system_menu) |
||||||
|
return random_menu_item |
||||||
|
|
||||||
|
if __name__ == '__main__': |
||||||
|
datalist = {"TCP_5011": list()} |
||||||
|
ID2Area = { |
||||||
|
"武汉": ["1101820", "1101821", "1101822", "1101823", "1101825"], |
||||||
|
"荆州": ["2001800", "2001801", "2001808"], |
||||||
|
"江汉": ["1801820", "1801810"], |
||||||
|
"省公司市场部": ["1002011", "1002012", "1002013"] |
||||||
|
} |
||||||
|
api_list = ["test.alarm.com/webtest", "alarm.com/testalarm", "business.system..alarmcom", "hhh.alarm.com", "good.alarm.com","baidu.com","sohu.com","xinlang.com","erpx.com"] |
||||||
|
info_list = [ |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 100], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 400], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 300], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 200], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 100], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 400], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 300], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 200], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 100], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 400], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 300], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 200], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 100], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 400], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 300], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 200], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 100], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 400], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 300], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 200], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 100], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 400], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 300], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 200], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 100], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 400], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 300], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 200], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 100], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 400], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 300], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 200], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 100], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 400], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 300], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 200] |
||||||
|
] |
||||||
|
|
||||||
|
for i in range(len(info_list)): |
||||||
|
cookies = info_list[i][0] |
||||||
|
count = info_list[i][1] |
||||||
|
for j in range(count): |
||||||
|
api = random.choice(api_list) |
||||||
|
datalist["TCP_5011"].append(alarm(cookies, api)) |
||||||
|
for key in datalist.keys(): |
||||||
|
send_logs(datalist[key]) |
||||||
|
print "510405场景的告警数据已生成" |
@ -0,0 +1,128 @@ |
|||||||
|
# coding:utf-8 |
||||||
|
|
||||||
|
import sys |
||||||
|
import uuid |
||||||
|
import json |
||||||
|
import time |
||||||
|
import random |
||||||
|
|
||||||
|
# path = str(sys.path[0]) |
||||||
|
# home_path = path.split("isop_uebaapiData")[0] |
||||||
|
# sys.path.append(home_path) |
||||||
|
from util import send_logs |
||||||
|
|
||||||
|
def alarm(cookies, api): |
||||||
|
"""2、HTTP日志""" |
||||||
|
inputstr = '''[{"msgtype":1,"hash":"8DE9-BDAB-F622-2FA8","dev_ip":"10.67.5.17","product":"uts"},{"sid":"6004744450036c44f815500016d00a5f5151105430a3ed","timestamp":1567673939,"sip":"10.67.0.52","sport":5624,"dip":"10.67.0.53","dport":80,"protocol":6,"app":3087428650795009,"app_proto":8,"direct":4,"app.detail":{"method":"GET","http_protocol":"1.1","ret_code":200,"host":"10.67.1.1","uri":"/webtest/uploadFile.php","referer":"http://[2222::65]/webtest/","content_type":" multipart/form-data; boundary=----WebKitFormBoundary2zcCUl4lQf1h7A7S","content_type_server":" text/html","server":"Apache/2.4.4 (Win32) OpenSSL/0.9.8y PHP/5.4.19","user_agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36","link":"","cookies":"loginmainacctid=wangshiguang;operatorId=d2601586;com.huawei.boss.CURRENT_MENUID=BLAR_ChargeCrm3_WEB;","content_encoding":"","location":"","content_length":70080,"content_length_server":200,"set_cookie":"","range":"","connection":"keep-alive","connection_server":"Keep-Alive","x_forwarded_for":"","post_data":"LS0tLS0tV2ViS2l0Rm9ybUJvdW5kYXJ5MnpjQ1VsNGxRZjFoN0E3Uw0KQ29udGVudC1EaXNwb3NpdGlvbjogZm9ybS1kYXRhOyBuYW1lPSJmaWxlIjsgZmlsZW5hbWU9IjAwMDFhZDQ0MWRjYjM4NjIxOGE3Njk5MmFjZjhiNzA1Ig0=","response_body":"VXBsb2FkOiAwMDAxYWQ0NDFkY2IzODYyMThhNzY5OTJhY2Y4YjcwNTxiciAvPlR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbTxiciAvPlNpemU6IDY4LjEyNzkyOTY4NzUgS2I8YnIgLz5UZW1wIGZpbGU6IEQ6XHhhbXBwXHRtcFxwaHA2ODI1LnRtcDxiciAvPjAwMDFhZDQ0MWRjYjM4NjIxOGE3Njk5MmFjZjhiNzA1IGFscmVhZHkgZXhpc3RzLiA="}}]''' |
||||||
|
inputarr = json.loads(inputstr, strict=False) |
||||||
|
# 随机生成timestamp |
||||||
|
inputarr[1]["timestamp"] = int(time.time()) |
||||||
|
inputarr[1]["sid"] = str(uuid.uuid1()) |
||||||
|
# inputarr[1]["sip"] = "10.67.4.33" |
||||||
|
inputarr[1]["sip"] = generate_random_ip() |
||||||
|
inputarr[1]["dip"] = "10.67.1.1" |
||||||
|
inputarr[1]["dport"] = "8180" |
||||||
|
inputarr[1]["app.detail"]["uri"] = "/alarmtest.action?BMECID=352432757&BMETimestamp=1692788489260&queryNumber=158713459" |
||||||
|
inputarr[1]["app.detail"]["host"] = api |
||||||
|
inputarr[1]["app.detail"]["cookies"] = cookies |
||||||
|
return json.dumps(inputarr) |
||||||
|
|
||||||
|
def generate_random_ip(): |
||||||
|
# 固定前缀 "192.168." |
||||||
|
prefix = "192.168." |
||||||
|
# 生成随机的第三和第四段IP地址 |
||||||
|
third_octet = 1 |
||||||
|
fourth_octet = random.randint(0, 50) |
||||||
|
# 拼接IP地址 |
||||||
|
ip = "{}{}.{}".format(prefix, third_octet, fourth_octet) |
||||||
|
return ip |
||||||
|
|
||||||
|
def AbIDVisitAPINums510404(): |
||||||
|
datalist = {"TCP_5011": list()} |
||||||
|
ID2Area = { |
||||||
|
"武汉": ["1101820", "1101821", "1101822", "1101823", "1101825"], |
||||||
|
"荆州": ["2001800", "2001801", "2001808"], |
||||||
|
"江汉": ["1801820", "1801810"], |
||||||
|
"省公司市场部": ["1002011", "1002012", "1002013"] |
||||||
|
} |
||||||
|
api_list = ["test.alarm.com/webtest", "alarm.com/testalarm", "business.system..alarmcom", "hhh.alarm.com", |
||||||
|
"good.alarm.com"] |
||||||
|
info_list = [ |
||||||
|
["u-locale=zh_CN;loginmainacctid=zhang3;operatorId=" + ID2Area["武汉"][ |
||||||
|
0] + ";com.huawei.boss.CURRENT_MENUID=BLAR_ChargeCrm3_WEB;", 60], |
||||||
|
["u-locale=zh_CN;loginmainacctid=zhang3;operatorId=" + ID2Area["荆州"][ |
||||||
|
2] + ";com.huawei.boss.CURRENT_MENUID=BLAR_ChargeCrm3_WEB;", 120] |
||||||
|
] |
||||||
|
for i in range(len(info_list)): |
||||||
|
cookies = info_list[i][0] |
||||||
|
count = info_list[i][1] |
||||||
|
for j in range(count): |
||||||
|
api = random.choice(api_list) |
||||||
|
datalist["TCP_5011"].append(alarm(cookies, api)) |
||||||
|
for key in datalist.keys(): |
||||||
|
send_logs(datalist[key]) |
||||||
|
return "510405场景的告警数据已生成" |
||||||
|
|
||||||
|
def get_random_jobnum(): |
||||||
|
# 定义包含不同前缀的字符串数组 |
||||||
|
prefix_strings = [ |
||||||
|
['10243', '10895', '10134', '10781', '10962'], # 10打头的字符串示例 |
||||||
|
['11089', '11057', '11023', '11016', '11030'], # 110打头的字符串示例 |
||||||
|
['14076', '14049', '14098', '14032', '14061'], # 140打头的字符串示例 |
||||||
|
['26054', '26013', '26087', '26029', '26061'], # 260打头的字符串示例 |
||||||
|
['20083', '20015', '20072', '20096', '20048'], # 200打头的字符串示例 |
||||||
|
['19035', '19017', '19049', '19082', '19096'], # 190打头的字符串示例 |
||||||
|
['180237', '180276', '180204', '180295', '180219'] # 1802打头的字符串示例 |
||||||
|
] |
||||||
|
|
||||||
|
# 随机选择一个前缀数组 |
||||||
|
selected_prefix_array = random.choice(prefix_strings) |
||||||
|
# 随机选择一个具体的字符串 |
||||||
|
selected_string = random.choice(selected_prefix_array) |
||||||
|
return selected_string |
||||||
|
|
||||||
|
def get_random_person(): |
||||||
|
people_list = [ |
||||||
|
"Alice", "Bob", "Charlie", "David", "Emma", "Frank", "Grace", "Henry", "Isabel", "Jack", |
||||||
|
"Kate", "Liam", "Mia", "Noah", "Olivia" |
||||||
|
# 继续添加更多的名称... |
||||||
|
] |
||||||
|
|
||||||
|
random_person = random.choice(people_list) |
||||||
|
return random_person |
||||||
|
|
||||||
|
def get_random_menu(): |
||||||
|
# 定义系统菜单列表 |
||||||
|
system_menu = [ |
||||||
|
"主页", "设置", "个人资料", "消息", "通知", "帮助", "帐户", "关于", "联系我们", "服务", |
||||||
|
"购物车", "订单", "支付", "地址", "密码" |
||||||
|
] |
||||||
|
|
||||||
|
# 随机选择一个菜单项 |
||||||
|
random_menu_item = random.choice(system_menu) |
||||||
|
return random_menu_item |
||||||
|
|
||||||
|
if __name__ == '__main__': |
||||||
|
datalist = {"TCP_5011": list()} |
||||||
|
ID2Area = { |
||||||
|
"武汉": ["1101820", "1101821", "1101822", "1101823", "1101825"], |
||||||
|
"荆州": ["2001800", "2001801", "2001808"], |
||||||
|
"江汉": ["1801820", "1801810"], |
||||||
|
"省公司市场部": ["1002011", "1002012", "1002013"] |
||||||
|
} |
||||||
|
api_list = ["test.alarm.com/webtest", "alarm.com/testalarm", "business.system..alarmcom", "hhh.alarm.com", "good.alarm.com","baidu.com","sohu.com","xinlang.com","erpx.com"] |
||||||
|
info_list = [ |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||||
|
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000] |
||||||
|
] |
||||||
|
|
||||||
|
|
||||||
|
for i in range(len(info_list)): |
||||||
|
cookies = info_list[i][0] |
||||||
|
count = info_list[i][1] |
||||||
|
for j in range(count): |
||||||
|
api = random.choice(api_list) |
||||||
|
datalist["TCP_5011"].append(alarm(cookies, api)) |
||||||
|
for key in datalist.keys(): |
||||||
|
send_logs(datalist[key]) |
||||||
|
print "510405场景的告警数据已生成" |
@ -0,0 +1,31 @@ |
|||||||
|
# coding=utf-8 |
||||||
|
""" |
||||||
|
@Author: tangwy |
||||||
|
@FileName: user_cron.py |
||||||
|
@DateTime: 2024/7/15 |
||||||
|
@Description: ueba数据清洗定时任务 将文件数据写入pg |
||||||
|
""" |
||||||
|
from __future__ import unicode_literals |
||||||
|
import traceback |
||||||
|
from uebaMetricsAnalysis.utils.ext_logging import logger_cron |
||||||
|
from uebaMetricsAnalysis.utils.file_to_pg import entry |
||||||
|
|
||||||
|
JOB_STATUS ={ |
||||||
|
"RUNNING":1, |
||||||
|
"FINISH":2, |
||||||
|
"ERROR":3 |
||||||
|
} |
||||||
|
|
||||||
|
class DataInsertCron: |
||||||
|
#每5分钟执行一次 |
||||||
|
def processing(self): |
||||||
|
try: |
||||||
|
logger_cron.info("INSERT:开始执行") |
||||||
|
entry() |
||||||
|
logger_cron.info("INSERT:"+"执行完成") |
||||||
|
except Exception ,e: |
||||||
|
err_info=traceback.format_exc() |
||||||
|
logger_cron.error("INSERT:"+"执行失败,"+err_info) |
||||||
|
raise |
||||||
|
if __name__ == '__main__': |
||||||
|
DataInsertCron().processing() |
@ -0,0 +1,25 @@ |
|||||||
|
# coding=utf-8 |
||||||
|
""" |
||||||
|
@Author: tanangwy |
||||||
|
@FileName: ueba_cron_file_merge.py |
||||||
|
@DateTime: 2024/7/17 14:19 |
||||||
|
@Description:ueba数据合并job,每小时执行一次 |
||||||
|
""" |
||||||
|
from __future__ import unicode_literals |
||||||
|
import traceback |
||||||
|
from uebaMetricsAnalysis.utils.ext_logging import logger_cron |
||||||
|
from uebaMetricsAnalysis.utils.file_merge import entry |
||||||
|
|
||||||
|
class FileMergeCron: |
||||||
|
#每1小时执行一次 |
||||||
|
def processing(self): |
||||||
|
try: |
||||||
|
logger_cron.info("FILE_MERGE:开始执行") |
||||||
|
entry() |
||||||
|
logger_cron.info("FILE_MERGE:"+"执行完成") |
||||||
|
except Exception ,e: |
||||||
|
err_info=traceback.format_exc() |
||||||
|
logger_cron.error("FILE_MERGE:"+"执行失败,"+err_info) |
||||||
|
raise |
||||||
|
if __name__ == '__main__': |
||||||
|
FileMergeCron().processing() |
@ -0,0 +1,74 @@ |
|||||||
|
# coding=utf-8 |
||||||
|
""" |
||||||
|
@Author: tangwy |
||||||
|
@FileName: ueba_cron_pg.py |
||||||
|
@DateTime: 2024/7/09 14:19 |
||||||
|
@Description: 定时清洗es数据 |
||||||
|
""" |
||||||
|
from __future__ import unicode_literals |
||||||
|
|
||||||
|
import random,string |
||||||
|
import traceback,json |
||||||
|
import time,threading |
||||||
|
from uebaMetricsAnalysis.utils.ext_logging import logger_cron |
||||||
|
from uebaMetricsAnalysis.utils.db2json import DBUtils, DBType |
||||||
|
from uebaMetricsAnalysis.utils.base_dataclean_pg import entry |
||||||
|
|
||||||
|
JOB_STATUS ={ |
||||||
|
"RUNNING":1, |
||||||
|
"FINISH":2, |
||||||
|
"ERROR":3 |
||||||
|
} |
||||||
|
|
||||||
|
|
||||||
|
class DataCleanCron: |
||||||
|
#生成job_id |
||||||
|
def generate_job_id(self): |
||||||
|
timestamp = int(time.time() * 1000) |
||||||
|
random_letters = ''.join(random.choice(string.ascii_letters) for _ in range(7)) |
||||||
|
return str(timestamp) + random_letters |
||||||
|
|
||||||
|
#每5分钟执行一次 |
||||||
|
def processing(self): |
||||||
|
logger_cron.info("JOB:接收到执行指令") |
||||||
|
job_id =self.generate_job_id() |
||||||
|
task_run_count =0 |
||||||
|
try: |
||||||
|
start,end,status,run_count,jobid= DBUtils.get_job_period() |
||||||
|
if jobid !="": |
||||||
|
job_id=jobid |
||||||
|
if end<start: |
||||||
|
logger_cron.info("JOB:"+job_id+"开始时间大于结束时间不执行") |
||||||
|
return |
||||||
|
logger_cron.info("JOB:"+job_id+"开始执行") |
||||||
|
if status ==1: |
||||||
|
logger_cron.info("JOB:"+job_id+"正在运行中不执行") |
||||||
|
return |
||||||
|
|
||||||
|
#延迟15分钟读取es数据 |
||||||
|
if start is None or end is None: |
||||||
|
logger_cron.info("JOB:"+job_id+"结束时间大于(服务器时间-15分钟)不执行") |
||||||
|
return |
||||||
|
|
||||||
|
task_run_count = run_count+1 |
||||||
|
logger_cron.info("JOB:"+job_id+"运行参数:{},{}".format(start,end)) |
||||||
|
logger_cron.info("JOB:"+job_id+"准备将job写入job表") |
||||||
|
DBUtils.insert_job_record(job_id,start,end,JOB_STATUS.get("RUNNING")) |
||||||
|
logger_cron.info("JOB:"+job_id+"完成job表写入") |
||||||
|
|
||||||
|
logger_cron.info("JOB:"+job_id+"准备获取es数据") |
||||||
|
entry(start,end,job_id) |
||||||
|
logger_cron.info("JOB:"+job_id+"完成es数据获取") |
||||||
|
DBUtils.write_job_status(job_id,JOB_STATUS.get("FINISH"),"",task_run_count) |
||||||
|
logger_cron.info("JOB:"+job_id+"更新job表状态完成") |
||||||
|
|
||||||
|
except Exception ,e: |
||||||
|
err_info=traceback.format_exc() |
||||||
|
logger_cron.error("JOB:"+job_id+"执行失败:"+err_info) |
||||||
|
DBUtils.write_job_status(job_id,JOB_STATUS.get("ERROR"),err_info,task_run_count) |
||||||
|
raise |
||||||
|
|
||||||
|
if __name__ == '__main__': |
||||||
|
DataCleanCron().processing() |
||||||
|
|
||||||
|
|
@ -0,0 +1,33 @@ |
|||||||
|
[ |
||||||
|
{ |
||||||
|
"task_name": "ueba_cron", |
||||||
|
"task_type": 1, |
||||||
|
"exec_cmd": "python /home/master/ISOP/apps/uebaMetricsAnalysis/cron/ueba_cron_pg.py", |
||||||
|
"task_owner": "uebaMetricsAnalysis", |
||||||
|
"run_mode": 1, |
||||||
|
"duration_args": "0 */5 * * * ?", |
||||||
|
"retry_nums": 3, |
||||||
|
"is_enable": 1, |
||||||
|
"task_description": "每5分钟执行一次数据清洗" |
||||||
|
},{ |
||||||
|
"task_name": "ueba_cron_file_merge", |
||||||
|
"task_type": 1, |
||||||
|
"exec_cmd": "python /home/master/ISOP/apps/uebaMetricsAnalysis/cron/ueba_cron_file_merge.py", |
||||||
|
"task_owner": "uebaMetricsAnalysis", |
||||||
|
"run_mode": 1, |
||||||
|
"duration_args": "0 0/30 * * * ?", |
||||||
|
"retry_nums": 3, |
||||||
|
"is_enable": 1, |
||||||
|
"task_description": "每半时执行一次 将清洗的数据做合并" |
||||||
|
},{ |
||||||
|
"task_name": "ueba_cron_data_insert", |
||||||
|
"task_type": 1, |
||||||
|
"exec_cmd": "python /home/master/ISOP/apps/uebaMetricsAnalysis/cron/ueba_cron_data_insert.py", |
||||||
|
"task_owner": "uebaMetricsAnalysis", |
||||||
|
"run_mode": 1, |
||||||
|
"duration_args": "0 10 1 * * ?", |
||||||
|
"retry_nums": 3, |
||||||
|
"is_enable": 1, |
||||||
|
"task_description": "凌晨1点10分执行一次 将汇总数据写入pg" |
||||||
|
} |
||||||
|
] |
@ -0,0 +1,221 @@ |
|||||||
|
{ |
||||||
|
"summary": { |
||||||
|
"ip": [ |
||||||
|
{ |
||||||
|
"company": "孝感分公司", |
||||||
|
"req_frequency": 122, |
||||||
|
"frequency_rate": 0.2, |
||||||
|
"ip_count": 323, |
||||||
|
"ip_rate": 0.3, |
||||||
|
"ip_avg": 0.43, |
||||||
|
"trend": 0.3 |
||||||
|
}, |
||||||
|
{ |
||||||
|
"company": "宜昌分公司", |
||||||
|
"req_frequency": 122, |
||||||
|
"frequency_rate": 0.2, |
||||||
|
"ip_count": 323, |
||||||
|
"ip_rate": 0.3, |
||||||
|
"ip_avg": 0.43, |
||||||
|
"trend": 0.3 |
||||||
|
}, |
||||||
|
{ |
||||||
|
"company": "随州分公司", |
||||||
|
"req_frequency": 122, |
||||||
|
"frequency_rate": 0.2, |
||||||
|
"ip_count": 323, |
||||||
|
"ip_rate": 0.3, |
||||||
|
"ip_avg": 0.43, |
||||||
|
"trend": 0.3 |
||||||
|
}, |
||||||
|
{ |
||||||
|
"company": "黄冈分公司", |
||||||
|
"req_frequency": 122, |
||||||
|
"frequency_rate": 0.2, |
||||||
|
"ip_count": 323, |
||||||
|
"ip_rate": 0.3, |
||||||
|
"ip_avg": 0.43, |
||||||
|
"trend": 0.3 |
||||||
|
}, |
||||||
|
{ |
||||||
|
"company": "省公司", |
||||||
|
"req_frequency": 122, |
||||||
|
"frequency_rate": 0.2, |
||||||
|
"ip_count": 323, |
||||||
|
"ip_rate": 0.3, |
||||||
|
"ip_avg": 0.43, |
||||||
|
"trend": 0.3 |
||||||
|
} |
||||||
|
], |
||||||
|
"account": [ |
||||||
|
{ |
||||||
|
"company": "湖北公司", |
||||||
|
"req_frequency": 122, |
||||||
|
"frequency_rate": 0.2, |
||||||
|
"account_count": 323, |
||||||
|
"account_rate": 0.3, |
||||||
|
"account_avg": 0.43, |
||||||
|
"trend": 0.3 |
||||||
|
}, |
||||||
|
{ |
||||||
|
"company": "宜昌公司", |
||||||
|
"req_frequency": 122, |
||||||
|
"frequency_rate": 0.2, |
||||||
|
"account_count": 323, |
||||||
|
"account_rate": 0.3, |
||||||
|
"account_avg": 0.43, |
||||||
|
"trend": 0.3 |
||||||
|
} |
||||||
|
], |
||||||
|
"interface": [ |
||||||
|
{ |
||||||
|
"interface_addr": "/getuser", |
||||||
|
"req_frequency": 122, |
||||||
|
"frequency_rate": 0.2, |
||||||
|
"frequency_avg": 0.43, |
||||||
|
"trend": 0.3 |
||||||
|
}, |
||||||
|
{ |
||||||
|
"interface_addr": "/getcpminfo", |
||||||
|
"req_frequency": 122, |
||||||
|
"frequency_rate": 0.2, |
||||||
|
"frequency_avg": 0.43, |
||||||
|
"trend": 0.3 |
||||||
|
} |
||||||
|
], |
||||||
|
"menu": [ |
||||||
|
{ |
||||||
|
"menu_name": "接口地址", |
||||||
|
"req_frequency": 122, |
||||||
|
"frequency_rate": 0.2, |
||||||
|
"frequency_avg": 0.43, |
||||||
|
"trend": 0.3 |
||||||
|
}, |
||||||
|
{ |
||||||
|
"menu_name": "接口地址", |
||||||
|
"req_frequency": 122, |
||||||
|
"frequency_rate": 0.2, |
||||||
|
"frequency_avg": 0.43, |
||||||
|
"trend": 0.3 |
||||||
|
} |
||||||
|
] |
||||||
|
}, |
||||||
|
"detail": { |
||||||
|
"ip": { |
||||||
|
"湖北公司": [ |
||||||
|
{ |
||||||
|
"req_ip": "xxx.xx.xx.x", |
||||||
|
"req_frequency": 22 |
||||||
|
}, |
||||||
|
{ |
||||||
|
"req_ip": "xx1x.xx.xx.x", |
||||||
|
"req_frequency": 21 |
||||||
|
} |
||||||
|
], |
||||||
|
"宜昌公司": [ |
||||||
|
{ |
||||||
|
"req_ip": "xxx.xx.xx.x", |
||||||
|
"req_frequency": 22 |
||||||
|
}, |
||||||
|
{ |
||||||
|
"req_ip": "xx1x.xx.xx.x", |
||||||
|
"req_frequency": 21 |
||||||
|
} |
||||||
|
] |
||||||
|
}, |
||||||
|
"account": { |
||||||
|
"湖北公司": [ |
||||||
|
{ |
||||||
|
"req_account": "admin", |
||||||
|
"req_frequency": 22, |
||||||
|
"req_jobnum": 98799 |
||||||
|
}, |
||||||
|
{ |
||||||
|
"req_account": "admin", |
||||||
|
"req_frequency": 22, |
||||||
|
"req_jobnum": 98799 |
||||||
|
} |
||||||
|
], |
||||||
|
"宜昌公司": [ |
||||||
|
{ |
||||||
|
"req_account": "admin", |
||||||
|
"req_frequency": 22, |
||||||
|
"req_jobnum": 98799 |
||||||
|
}, |
||||||
|
{ |
||||||
|
"req_account": "admin", |
||||||
|
"req_frequency": 22, |
||||||
|
"req_jobnum": 98799 |
||||||
|
} |
||||||
|
] |
||||||
|
}, |
||||||
|
"interface": { |
||||||
|
"接口1": [ |
||||||
|
{ |
||||||
|
"interface_addr": "接口地址", |
||||||
|
"req_frequency": 122, |
||||||
|
"req_ip": "xxx.xx.xx.x", |
||||||
|
"req_account": 0.2, |
||||||
|
"req_jobnum": 0.2 |
||||||
|
}, |
||||||
|
{ |
||||||
|
"interface_addr": "接口地址", |
||||||
|
"req_frequency": 122, |
||||||
|
"req_ip": "xxx.xx.xx.x", |
||||||
|
"req_account": 0.2, |
||||||
|
"req_jobnum": 0.2 |
||||||
|
} |
||||||
|
], |
||||||
|
"接口2": [ |
||||||
|
{ |
||||||
|
"interface_addr": "接口地址", |
||||||
|
"req_frequency": 122, |
||||||
|
"req_ip": "xxx.xx.xx.x", |
||||||
|
"req_account": 0.2, |
||||||
|
"req_jobnum": 0.2 |
||||||
|
}, |
||||||
|
{ |
||||||
|
"interface_addr": "接口地址", |
||||||
|
"req_frequency": 122, |
||||||
|
"req_ip": "xxx.xx.xx.x", |
||||||
|
"req_account": 0.2, |
||||||
|
"req_jobnum": 0.2 |
||||||
|
} |
||||||
|
] |
||||||
|
}, |
||||||
|
"menu": { |
||||||
|
"菜单1": [ |
||||||
|
{ |
||||||
|
"menu_name": "接口地址", |
||||||
|
"req_frequency": 122, |
||||||
|
"req_ip": "xxx.xx.xx.x", |
||||||
|
"req_account": 0.2, |
||||||
|
"req_jobnum": 0.2 |
||||||
|
}, |
||||||
|
{ |
||||||
|
"menu_name": "接口地址", |
||||||
|
"req_frequency": 122, |
||||||
|
"req_ip": "xxx.xx.xx.x", |
||||||
|
"req_account": 0.2, |
||||||
|
"req_jobnum": 0.2 |
||||||
|
} |
||||||
|
], |
||||||
|
"菜单2": [ |
||||||
|
{ |
||||||
|
"menu_name": "接口地址", |
||||||
|
"req_frequency": 122, |
||||||
|
"req_ip": "xxx.xx.xx.x", |
||||||
|
"req_account": 0.2, |
||||||
|
"req_jobnum": 0.2 |
||||||
|
}, |
||||||
|
{ |
||||||
|
"menu_name": "接口地址", |
||||||
|
"req_frequency": 122, |
||||||
|
"req_ip": "xxx.xx.xx.x", |
||||||
|
"req_account": 0.2, |
||||||
|
"req_jobnum": 0.2 |
||||||
|
} |
||||||
|
] |
||||||
|
} |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,7 @@ |
|||||||
|
-- 更新数据 |
||||||
|
delete from isop_diting.tb_cep_attr where attr_name = 'trojan_type'; |
||||||
|
delete from isop_diting.tb_cep_attr where attr_name = 'account'; |
||||||
|
delete from isop_diting.tb_cep_attr where attr_name = 'worm_family'; |
||||||
|
delete from isop_diting.tb_cep_attr where attr_name = 'service_name'; |
||||||
|
INSERT INTO isop_diting.tb_cep_attr (attr_name, attr_type, is_system,is_common) |
||||||
|
VALUES ('trojan_type', 'String', '1','1'),('service_name', 'String','1','1'),('worm_family', 'String','1','1'),('account', 'String','1','1'); |
@ -0,0 +1,25 @@ |
|||||||
|
CREATE SCHEMA if not exists ueba_analysis_schema; |
||||||
|
CREATE TABLE if not EXISTS ueba_analysis_schema.logs ( |
||||||
|
id SERIAL, |
||||||
|
menu VARCHAR(50), |
||||||
|
interface VARCHAR(300), |
||||||
|
ip INET, |
||||||
|
account VARCHAR(30), |
||||||
|
jobnum VARCHAR(30), |
||||||
|
count int, |
||||||
|
logdate date NOT NULL, |
||||||
|
company VARCHAR(30), |
||||||
|
data_type int) |
||||||
|
PARTITION BY RANGE (logdate); |
||||||
|
CREATE TABLE if not EXISTS ueba_analysis_schema.jobs ( |
||||||
|
job_id VARCHAR(50), |
||||||
|
start_time TIMESTAMP , |
||||||
|
end_time TIMESTAMP , |
||||||
|
status int, |
||||||
|
run_count int, |
||||||
|
created_at TIMESTAMP DEFAULT NOW(), |
||||||
|
complate_time TIMESTAMP, |
||||||
|
err text |
||||||
|
); |
||||||
|
CREATE INDEX if not exists idx_logdate_data_type ON ueba_analysis_schema.logs (logdate,data_type); |
||||||
|
CREATE INDEX if not exists idx_job_id ON ueba_analysis_schema.jobs (job_id); |
@ -0,0 +1 @@ |
|||||||
|
(window.webpackJsonpuebaMetricsAnalysis_name_=window.webpackJsonpuebaMetricsAnalysis_name_||[]).push([[6],{"5i7Q":function(b,a,A){"use strict";A.r(a);var n=A("CcnG"),d=function(){return function(){}}(),e=A("pMnS"),o=A("EdU/"),i=A("QfCi"),c=A("/Yna"),t=A("JRKe"),g=A("8WaK"),u=A("Sq/J"),f=A("CghO"),r=A("Ed4d"),l=A("Ip0R"),s=A("gIcY"),h=A("M2Lx"),p=A("zC/G"),m=A("eDkP"),z=A("Fzqc"),k=A("6dbk"),M=A("nBas"),C=A("Xuik"),j=A("9UnD"),v=A("WAj7"),w=A("ZYCi"),O=A("dWZg"),x=A("y9Pr"),y=A("08s3"),H=A("28A0"),J=A("J+Fg"),R=A("4c35"),S=A("qAlS"),q=A("n8Rd"),D=A("xouH"),L=A("QvIU"),P=A("vGXY"),Q=A("z6Tj"),W=A("0x7Z"),B=A("bQgi"),F=A("iO/g"),G=A("5uwh"),T=A("IOtJ"),K=A("kwqV"),N=A("wx2m"),X=A("KMFx"),Y=A("Kb1l"),Z=A("rBva"),E=A("els3"),I=A("kgsp"),U=A("8Bmj"),_=A("H+n6"),V=A("MP3s"),$=A("8e7N"),bb=A("uTmk"),ab=A("hlDO"),Ab=A("eNAM"),nb=A("ukEd"),db=A("OsWL"),eb=A("OiR+"),ob=A("iHsM"),ib=A("D3Pk"),cb=A("FMzt"),tb=A("Ee7L"),gb=A("tNz9"),ub=A("QQsT"),fb=A("nH7t"),rb=A("ZLNL"),lb=A("UjjO"),sb=A("hKCq"),hb=A("Hw1A"),pb=A("tZ8a"),mb=A("X5Tt"),zb=A("h5O1"),kb=A("HJO+"),Mb=A("cg/a"),Cb=A("YMkR"),jb=A("SL+W"),vb=A("XLv6"),wb=A("ygly"),Ob=A("GSSa"),xb=A("a/fG"),yb=A("X4wW"),Hb=A("dJ6Q"),Jb=A("6Cds"),Rb=A("Gxy2"),Sb=A("fR1W"),qb={tag:"isoc",breadcrumb:"\u8fd0\u7ef4\u914d\u7f6e"};w.p.forChild([{path:"config",loadChildren:"./config/config.module#ConfigModule",data:qb},{path:"",loadChildren:"./config/config.module#ConfigModule"}]),A.d(a,"RoutesModuleNgFactory",(function(){return Db}));var Db=n.pb(d,[],(function(b){return n.zb([n.Ab(512,n.j,n.eb,[[8,[e.a,o.a,i.a,c.a,t.a,g.a,u.a,f.a,r.a]],[3,n.j],n.y]),n.Ab(4608,l.n,l.m,[n.v,[2,l.F]]),n.Ab(4608,s.s,s.s,[]),n.Ab(4608,s.e,s.e,[]),n.Ab(4608,h.c,h.c,[]),n.Ab(5120,p.j,p.h,[[3,p.j],p.k]),n.Ab(4608,m.d,m.d,[m.k,m.f,n.j,m.i,m.g,n.r,n.A,l.d,z.b,[2,l.h]]),n.Ab(5120,m.l,m.m,[m.d]),n.Ab(5120,p.v,p.D,[l.d,[3,p.v]]),n.Ab(4608,k.f,k.f,[m.d]),n.Ab(4608,M.c,M.c,[m.d]),n.Ab(4608,C.g,C.g,[m.d,n.r,n.j,n.g]),n.Ab(4608,j.f,j.f,[m.d,n.r,n.j,n.g]),n.Ab(4608,v.d,v.d,[[3,v.d]]),n.Ab(4608,v.f,v.f,[m.d,p.j,v.d]),n.Ab(1073742336,l.c,l.c,[]),n.Ab(1073742336,w.p,w.p,[[2,w.v],[2,w.m]]),n.Ab(1073742336,s.q,s.q,[]),n.Ab(1073742336,s.i,s.i,[]),n.Ab(1073742336,s.o,s.o,[]),n.Ab(1073742336,h.d,h.d,[]),n.Ab(1073742336,O.b,O.b,[]),n.Ab(1073742336,p.B,p.B,[]),n.Ab(1073742336,x.b,x.b,[]),n.Ab(1073742336,y.c,y.c,[]),n.Ab(1073742336,p.i,p.i,[]),n.Ab(1073742336,H.c,H.c,[]),n.Ab(1073742336,J.d,J.d,[]),n.Ab(1073742336,z.a,z.a,[]),n.Ab(1073742336,R.e,R.e,[]),n.Ab(1073742336,S.g,S.g,[]),n.Ab(1073742336,m.h,m.h,[]),n.Ab(1073742336,p.m,p.m,[]),n.Ab(1073742336,q.c,q.c,[]),n.Ab(1073742336,p.u,p.u,[]),n.Ab(1073742336,p.t,p.t,[]),n.Ab(1073742336,D.h,D.h,[]),n.Ab(1073742336,L.a,L.a,[]),n.Ab(1073742336,P.a,P.a,[]),n.Ab(1073742336,Q.b,Q.b,[]),n.Ab(1073742336,W.a,W.a,[]),n.Ab(1073742336,B.d,B.d,[]),n.Ab(1073742336,F.a,F.a,[]),n.Ab(1073742336,G.a,G.a,[]),n.Ab(1073742336,T.a,T.a,[]),n.Ab(1073742336,k.d,k.d,[]),n.Ab(1073742336,K.e,K.e,[]),n.Ab(1073742336,N.c,N.c,[]),n.Ab(1073742336,X.b,X.b,[]),n.Ab(1073742336,Y.a,Y.a,[]),n.Ab(1073742336,Z.b,Z.b,[]),n.Ab(1073742336,E.c,E.c,[]),n.Ab(1073742336,I.a,I.a,[]),n.Ab(1073742336,U.b,U.b,[]),n.Ab(1073742336,_.a,_.a,[]),n.Ab(1073742336,V.a,V.a,[]),n.Ab(1073742336,$.a,$.a,[]),n.Ab(1073742336,bb.a,bb.a,[]),n.Ab(1073742336,ab.b,ab.b,[]),n.Ab(1073742336,Ab.b,Ab.b,[]),n.Ab(1073742336,nb.a,nb.a,[]),n.Ab(1073742336,db.b,db.b,[]),n.Ab(1073742336,eb.a,eb.a,[]),n.Ab(1073742336,ob.a,ob.a,[]),n.Ab(1073742336,ib.a,ib.a,[]),n.Ab(1073742336,cb.a,cb.a,[]),n.Ab(1073742336,tb.a,tb.a,[]),n.Ab(1073742336,gb.a,gb.a,[]),n.Ab(1073742336,ub.a,ub.a,[]),n.Ab(1073742336,fb.a,fb.a,[]),n.Ab(1073742336,rb.b,rb.b,[]),n.Ab(1073742336,lb.b,lb.b,[]),n.Ab(1073742336,sb.g,sb.g,[]),n.Ab(1073742336,sb.b,sb.b,[]),n.Ab(1073742336,M.b,M.b,[]),n.Ab(1073742336,hb.g,hb.g,[]),n.Ab(1073742336,pb.a,pb.a,[]),n.Ab(1073742336,mb.a,mb.a,[]),n.Ab(1073742336,zb.a,zb.a,[]),n.Ab(1073742336,kb.a,kb.a,[]),n.Ab(1073742336,C.f,C.f,[]),n.Ab(1073742336,j.e,j.e,[]),n.Ab(1073742336,Mb.b,Mb.b,[]),n.Ab(1073742336,Cb.b,Cb.b,[]),n.Ab(1073742336,v.e,v.e,[]),n.Ab(1073742336,jb.a,jb.a,[]),n.Ab(1073742336,vb.a,vb.a,[]),n.Ab(1073742336,wb.a,wb.a,[]),n.Ab(1073742336,Ob.a,Ob.a,[]),n.Ab(1073742336,xb.a,xb.a,[]),n.Ab(1073742336,yb.a,yb.a,[]),n.Ab(1073742336,Hb.a,Hb.a,[]),n.Ab(1073742336,Jb.a,Jb.a,[]),n.Ab(1073742336,Rb.f,Rb.f,[]),n.Ab(1073742336,Sb.a,Sb.a,[]),n.Ab(1073742336,d,d,[]),n.Ab(256,p.k,!1,[]),n.Ab(256,C.b,{nzAnimate:!0,nzDuration:3e3,nzMaxStack:7,nzPauseOnHover:!0,nzTop:24},[]),n.Ab(256,j.b,{nzTop:"24px",nzBottom:"24px",nzPlacement:"topRight",nzDuration:4500,nzMaxStack:7,nzPauseOnHover:!0,nzAnimate:!0},[]),n.Ab(256,H.b,Sb.b,[]),n.Ab(1024,w.k,(function(){return[[{path:"config",loadChildren:"./config/config.module#ConfigModule",data:qb},{path:"",loadChildren:"./config/config.module#ConfigModule"}]]}),[])])}))}}]); |
After Width: | Height: | Size: 3.2 KiB |
After Width: | Height: | Size: 1.8 KiB |
After Width: | Height: | Size: 83 KiB |
After Width: | Height: | Size: 733 B |
After Width: | Height: | Size: 608 B |
After Width: | Height: | Size: 674 B |
After Width: | Height: | Size: 669 B |
After Width: | Height: | Size: 836 B |
After Width: | Height: | Size: 2.3 KiB |
After Width: | Height: | Size: 2.4 KiB |
After Width: | Height: | Size: 951 B |
After Width: | Height: | Size: 809 B |
After Width: | Height: | Size: 526 B |
After Width: | Height: | Size: 452 B |
After Width: | Height: | Size: 457 B |
After Width: | Height: | Size: 295 B |
After Width: | Height: | Size: 326 B |
After Width: | Height: | Size: 1.5 KiB |
After Width: | Height: | Size: 1.5 KiB |
After Width: | Height: | Size: 364 B |
After Width: | Height: | Size: 200 B |
After Width: | Height: | Size: 352 B |
After Width: | Height: | Size: 267 B |
After Width: | Height: | Size: 314 B |
After Width: | Height: | Size: 984 B |
After Width: | Height: | Size: 279 B |
After Width: | Height: | Size: 372 B |
After Width: | Height: | Size: 847 B |
After Width: | Height: | Size: 161 B |
After Width: | Height: | Size: 161 B |
After Width: | Height: | Size: 163 B |
After Width: | Height: | Size: 162 B |
After Width: | Height: | Size: 430 B |
After Width: | Height: | Size: 322 B |
After Width: | Height: | Size: 347 B |
After Width: | Height: | Size: 566 B |
After Width: | Height: | Size: 570 B |
After Width: | Height: | Size: 300 B |
After Width: | Height: | Size: 408 B |
After Width: | Height: | Size: 468 B |
After Width: | Height: | Size: 234 B |
After Width: | Height: | Size: 399 B |
After Width: | Height: | Size: 425 B |
After Width: | Height: | Size: 442 B |
After Width: | Height: | Size: 1.4 KiB |
After Width: | Height: | Size: 1.5 KiB |
After Width: | Height: | Size: 301 B |
After Width: | Height: | Size: 710 B |
After Width: | Height: | Size: 604 B |
After Width: | Height: | Size: 2.2 KiB |
After Width: | Height: | Size: 374 B |
After Width: | Height: | Size: 477 B |
After Width: | Height: | Size: 269 B |
After Width: | Height: | Size: 463 B |
After Width: | Height: | Size: 320 B |
After Width: | Height: | Size: 1.1 KiB |
After Width: | Height: | Size: 425 B |
After Width: | Height: | Size: 305 B |
After Width: | Height: | Size: 685 B |
After Width: | Height: | Size: 640 B |
After Width: | Height: | Size: 665 B |
After Width: | Height: | Size: 504 B |
After Width: | Height: | Size: 799 B |
After Width: | Height: | Size: 318 B |
After Width: | Height: | Size: 343 B |
After Width: | Height: | Size: 980 B |
After Width: | Height: | Size: 1008 B |
After Width: | Height: | Size: 415 B |
After Width: | Height: | Size: 439 B |
After Width: | Height: | Size: 390 B |
After Width: | Height: | Size: 805 B |
After Width: | Height: | Size: 703 B |
After Width: | Height: | Size: 276 B |