1、修改删除关键字,2、完善monitor用例,3、完善删除策略对象用例
This commit is contained in:
lyf
@@ -59,14 +59,14 @@ Delete-test
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId38}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId39}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId40}
|
||||
# ${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId41}
|
||||
# ${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId42}
|
||||
# ${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId43}
|
||||
# ${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId44}
|
||||
# ${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId45}
|
||||
# ${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId46}
|
||||
# ${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId47}
|
||||
# ${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId48}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId41}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId42}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId43}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId44}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId45}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId46}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${monitor_objectId47}
|
||||
|
||||
#删除策略
|
||||
${policyIds} set Variable ${monitor_policyId}
|
||||
${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId1}
|
||||
@@ -109,14 +109,14 @@ Delete-test
|
||||
${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId38}
|
||||
${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId39}
|
||||
${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId40}
|
||||
# ${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId41}
|
||||
# ${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId42}
|
||||
# ${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId43}
|
||||
# ${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId44}
|
||||
# ${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId45}
|
||||
# ${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId46}
|
||||
# ${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId47}
|
||||
# ${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId48}
|
||||
${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId41}
|
||||
${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId42}
|
||||
${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId43}
|
||||
${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId44}
|
||||
${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId45}
|
||||
${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId46}
|
||||
${policyIds} Catenate SEPARATOR=, ${policyIds} ${monitor_policyId47}
|
||||
|
||||
|
||||
#删除Application
|
||||
${appId} set Variable ${monitor_applicationId}
|
||||
@@ -160,63 +160,91 @@ Delete-test
|
||||
${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId38}
|
||||
${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId39}
|
||||
${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId40}
|
||||
# ${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId41}
|
||||
# ${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId42}
|
||||
# ${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId43}
|
||||
# ${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId44}
|
||||
# ${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId45}
|
||||
# ${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId46}
|
||||
# ${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId47}
|
||||
# ${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId48}
|
||||
${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId41}
|
||||
${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId42}
|
||||
${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId43}
|
||||
${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId44}
|
||||
${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId45}
|
||||
${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId46}
|
||||
${appId} Catenate SEPARATOR=, ${appId} ${monitor_applicationId47}
|
||||
|
||||
|
||||
|
||||
#删除Signatures
|
||||
${signaturesId} set Variable ${monitor_signaturesId}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId1}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId2}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId3}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId4}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId5}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId6}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId7}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId8}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId9}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId10}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId11}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId12}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId13}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId14}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId15}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId16}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId17}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId18}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId19}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId20}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId21}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId22}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId23}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId24}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId25}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId26}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId27}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId28}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId29}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId30}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId31}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId32}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId33}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId34}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId35}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId36}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId37}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId38}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId39}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId40}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId41}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId42}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId43}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId44}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId45}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId46}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId47}
|
||||
# ${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId48}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId1}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId2}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId3}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId4}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId5}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId6}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId7}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId8}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId9}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId10}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId11}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId12}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId13}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId14}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId15}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId16}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId17}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId18}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId19}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId20}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId21}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId22}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId23}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId24}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId25}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId26}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId27}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId28}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId29}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId30}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId31}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId32}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId33}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId34}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId35}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId36}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId37}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId38}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId39}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId40}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId41}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId42}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId43}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId44}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId45}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId46}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId47}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId48}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId49}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId50}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId51}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId52}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId53}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId54}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId55}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId56}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId57}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId58}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId59}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId60}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId61}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId62}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId63}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId64}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId65}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId66}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId67}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId68}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId69}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId70}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId71}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId72}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId73}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId74}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId75}
|
||||
${signaturesId} Catenate SEPARATOR=, ${signaturesId} ${monitor_signaturesId76}
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
*** Settings ***
|
||||
Force Tags api security_policy monitor
|
||||
#Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectIds} ${appId} ${signaturesId}
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||||
@@ -15,7 +16,8 @@ Library DateTime
|
||||
@{profiles}
|
||||
${objectIds} ${EMPTY}
|
||||
*** Test Cases ***
|
||||
Monitor-test-001
|
||||
Monitor-Application-Signatures-udp.payload.c2s_first_data-001
|
||||
[Tags] monitor 自建application signatures udp.payload.c2s_first_data
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -41,7 +43,8 @@ Monitor-test-001
|
||||
insert_policyId_to_file1 monitor_signaturesId ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId ${objectId}
|
||||
|
||||
Monitor-test-002
|
||||
Monitor-Application-Signatures-udp.payload.s2c_first_data-002
|
||||
[Tags] monitor 自建application signatures udp.payload.s2c_first_data
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -67,7 +70,8 @@ Monitor-test-002
|
||||
insert_policyId_to_file1 monitor_signaturesId1 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId1 ${objectId}
|
||||
|
||||
Monitor-test-003
|
||||
Monitor-Application-Signatures-udp.srcport-003
|
||||
[Tags] monitor 自建application signatures udp.srcport
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -92,7 +96,8 @@ Monitor-test-003
|
||||
insert_policyId_to_file1 monitor_applicationId2 ${appId}
|
||||
insert_policyId_to_file1 monitor_signaturesId2 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId2 ${objectId}
|
||||
Monitor-test-004
|
||||
Monitor-Application-Signatures-udp.dstport-004
|
||||
[Tags] monitor 自建application signatures udp.dstport
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -118,7 +123,8 @@ Monitor-test-004
|
||||
insert_policyId_to_file1 monitor_signaturesId3 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId3 ${objectId}
|
||||
|
||||
Monitor-test-005
|
||||
Monitor-Application-Signatures-tcp.payload.c2s_first_data-005
|
||||
[Tags] monitor 自建application signatures tcp.payload.c2s_first_data
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -144,7 +150,8 @@ Monitor-test-005
|
||||
insert_policyId_to_file1 monitor_signaturesId4 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId4 ${objectId}
|
||||
|
||||
Monitor-test-006
|
||||
Monitor-Application-Signatures-tcp.payload.s2c_first_data-006
|
||||
[Tags] monitor 自建application signatures tcp.payload.s2c_first_data
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -169,7 +176,9 @@ Monitor-test-006
|
||||
insert_policyId_to_file1 monitor_applicationId5 ${appId}
|
||||
insert_policyId_to_file1 monitor_signaturesId5 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId5 ${objectId}
|
||||
Monitor-test-007
|
||||
|
||||
Monitor-Application-Signatures-tcp.analysis.create_with_syn-007
|
||||
[Tags] monitor 自建application signatures tcp.analysis.create_with_syn
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -194,7 +203,9 @@ Monitor-test-007
|
||||
insert_policyId_to_file1 monitor_applicationId6 ${appId}
|
||||
insert_policyId_to_file1 monitor_signaturesId6 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId6 ${objectId}
|
||||
Monitor-test-008
|
||||
|
||||
Monitor-Application-Signatures-tcp.payload-008
|
||||
[Tags] monitor 自建application signatures tcp.payload
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -220,7 +231,8 @@ Monitor-test-008
|
||||
insert_policyId_to_file1 monitor_signaturesId7 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId7 ${objectId}
|
||||
|
||||
Monitor-test-009
|
||||
Monitor-Application-Signatures-tcp.srcport-009
|
||||
[Tags] monitor 自建application signatures tcp.srcport
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -246,7 +258,8 @@ Monitor-test-009
|
||||
insert_policyId_to_file1 monitor_signaturesId8 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId8 ${objectId}
|
||||
|
||||
Monitor-test-010
|
||||
Monitor-Application-Signatures-tcp.dstport-010
|
||||
[Tags] monitor 自建application signatures tcp.dstport
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -272,7 +285,8 @@ Monitor-test-010
|
||||
insert_policyId_to_file1 monitor_signaturesId9 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId9 ${objectId}
|
||||
|
||||
Monitor-test-011
|
||||
Monitor-Application-Signatures-general.session.analysis.app_id-011
|
||||
[Tags] monitor 自建application signatures general.session.analysis.app_id ssl
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -298,7 +312,8 @@ Monitor-test-011
|
||||
insert_policyId_to_file1 monitor_signaturesId10 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId10 ${objectId}
|
||||
|
||||
Monitor-test-012
|
||||
Monitor-Application-Signatures-general.session.analysis.app_id-012
|
||||
[Tags] monitor 自建application signatures general.session.analysis.app_id http
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -324,7 +339,8 @@ Monitor-test-012
|
||||
insert_policyId_to_file1 monitor_signaturesId11 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId11 ${objectId}
|
||||
|
||||
Monitor-test-013
|
||||
Monitor-Application-Signatures-general.session.analysis.app_id-013
|
||||
[Tags] monitor 自建application signatures general.session.analysis.app_id dns
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -350,7 +366,8 @@ Monitor-test-013
|
||||
insert_policyId_to_file1 monitor_signaturesId12 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId12 ${objectId}
|
||||
|
||||
Monitor-test-014
|
||||
Monitor-Application-Signatures-general.session.analysis.app_id-014
|
||||
[Tags] monitor 自建application signatures general.session.analysis.app_id ftp
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -376,7 +393,8 @@ Monitor-test-014
|
||||
insert_policyId_to_file1 monitor_signaturesId13 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId13 ${objectId}
|
||||
|
||||
Monitor-test-015
|
||||
Monitor-Application-Signatures-general.session.analysis.app_id-015
|
||||
[Tags] monitor 自建application signatures general.session.analysis.app_id mail
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -402,7 +420,8 @@ Monitor-test-015
|
||||
insert_policyId_to_file1 monitor_signaturesId14 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId14 ${objectId}
|
||||
|
||||
Monitor-test-016
|
||||
Monitor-Application-Signatures-general.c2s_session_size-016
|
||||
[Tags] monitor 自建application signatures general.c2s_session_size
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -428,7 +447,8 @@ Monitor-test-016
|
||||
insert_policyId_to_file1 monitor_signaturesId15 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId15 ${objectId}
|
||||
|
||||
Monitor-test-017
|
||||
Monitor-Application-Signatures-general.s2c_session_size-017
|
||||
[Tags] monitor 自建application signatures general.s2c_session_size
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -454,7 +474,8 @@ Monitor-test-017
|
||||
insert_policyId_to_file1 monitor_signaturesId16 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId16 ${objectId}
|
||||
|
||||
Monitor-test-018
|
||||
Monitor-Application-Signatures-ip.payload-018
|
||||
[Tags] monitor 自建application signatures ip.payload
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -480,7 +501,8 @@ Monitor-test-018
|
||||
insert_policyId_to_file1 monitor_signaturesId17 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId17 ${objectId}
|
||||
|
||||
Monitor-test-019
|
||||
Monitor-Application-Signatures-ip.src-019
|
||||
[Tags] monitor 自建application signatures ip.src
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -506,7 +528,8 @@ Monitor-test-019
|
||||
insert_policyId_to_file1 monitor_signaturesId18 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId18 ${objectId}
|
||||
|
||||
Monitor-test-020
|
||||
Monitor-Application-Signatures-ip.dst-020
|
||||
[Tags] monitor 自建application signatures ip.dst
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -532,7 +555,8 @@ Monitor-test-020
|
||||
insert_policyId_to_file1 monitor_signaturesId19 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId19 ${objectId}
|
||||
|
||||
Monitor-test-021
|
||||
Monitor-Application-Signatures-dns.qry.name-021
|
||||
[Tags] monitor 自建application signatures dns.qry.name
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -558,7 +582,8 @@ Monitor-test-021
|
||||
insert_policyId_to_file1 monitor_signaturesId20 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId20 ${objectId}
|
||||
|
||||
Monitor-test-022
|
||||
Monitor-Application-Signatures-dns.qry.name-022
|
||||
[Tags] monitor 自建application signatures dns.qry.name
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -584,7 +609,8 @@ Monitor-test-022
|
||||
insert_policyId_to_file1 monitor_signaturesId21 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId21 ${objectId}
|
||||
|
||||
Monitor-test-023
|
||||
Monitor-Application-Signatures-http.host-023
|
||||
[Tags] monitor 自建application signatures http.host
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -610,7 +636,8 @@ Monitor-test-023
|
||||
insert_policyId_to_file1 monitor_signaturesId22 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId22 ${objectId}
|
||||
|
||||
Monitor-test-024
|
||||
Monitor-Application-Signatures-http.host-024
|
||||
[Tags] monitor 自建application signatures http.host
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -636,7 +663,8 @@ Monitor-test-024
|
||||
insert_policyId_to_file1 monitor_signaturesId23 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId23 ${objectId}
|
||||
|
||||
Monitor-test-025
|
||||
Monitor-Application-Signatures-http.uri-025
|
||||
[Tags] monitor 自建application signatures http.uri
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -662,7 +690,8 @@ Monitor-test-025
|
||||
insert_policyId_to_file1 monitor_signaturesId24 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId24 ${objectId}
|
||||
|
||||
Monitor-test-026
|
||||
Monitor-Application-Signatures-http.uri-026
|
||||
[Tags] monitor 自建application signatures http.uri
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -688,7 +717,8 @@ Monitor-test-026
|
||||
insert_policyId_to_file1 monitor_signaturesId25 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId25 ${objectId}
|
||||
|
||||
Monitor-test-027
|
||||
Monitor-Application-Signatures-http.user_agent-027
|
||||
[Tags] monitor 自建application signatures http.user_agent
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -714,7 +744,8 @@ Monitor-test-027
|
||||
insert_policyId_to_file1 monitor_signaturesId26 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId26 ${objectId}
|
||||
|
||||
Monitor-test-028
|
||||
Monitor-Application-Signatures-http.user_agent-028
|
||||
[Tags] monitor 自建application signatures http.user_agent
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -740,7 +771,8 @@ Monitor-test-028
|
||||
insert_policyId_to_file1 monitor_signaturesId27 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId27 ${objectId}
|
||||
|
||||
Monitor-test-029
|
||||
Monitor-Application-Signatures-http.content_type-029
|
||||
[Tags] monitor 自建application signatures http.content_type
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -766,7 +798,8 @@ Monitor-test-029
|
||||
insert_policyId_to_file1 monitor_signaturesId28 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId28 ${objectId}
|
||||
|
||||
Monitor-test-030
|
||||
Monitor-Application-Signatures-http.content_type-030
|
||||
[Tags] monitor 自建application signatures http.content_type
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -792,7 +825,8 @@ Monitor-test-030
|
||||
insert_policyId_to_file1 monitor_signaturesId29 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId29 ${objectId}
|
||||
|
||||
Monitor-test-031
|
||||
Monitor-Application-Signatures-http.content_encoding-031
|
||||
[Tags] monitor 自建application signatures http.content_encoding
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -818,7 +852,8 @@ Monitor-test-031
|
||||
insert_policyId_to_file1 monitor_signaturesId30 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId30 ${objectId}
|
||||
|
||||
Monitor-test-032
|
||||
Monitor-Application-Signatures-http.content_encoding-032
|
||||
[Tags] monitor 自建application signatures http.content_encoding
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -844,7 +879,8 @@ Monitor-test-032
|
||||
insert_policyId_to_file1 monitor_signaturesId31 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId31 ${objectId}
|
||||
|
||||
Monitor-test-033
|
||||
Monitor-Application-Signatures-http.referer-033
|
||||
[Tags] monitor 自建application signatures http.referer
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -870,7 +906,8 @@ Monitor-test-033
|
||||
insert_policyId_to_file1 monitor_signaturesId32 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId32 ${objectId}
|
||||
|
||||
Monitor-test-034
|
||||
Monitor-Application-Signatures-http.cookie-034
|
||||
[Tags] monitor 自建application signatures http.cookie
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -896,7 +933,8 @@ Monitor-test-034
|
||||
insert_policyId_to_file1 monitor_signaturesId33 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId33 ${objectId}
|
||||
|
||||
Monitor-test-035
|
||||
Monitor-Application-Signatures-http.set_cookie-035
|
||||
[Tags] monitor 自建application signatures http.set_cookie
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -922,7 +960,8 @@ Monitor-test-035
|
||||
insert_policyId_to_file1 monitor_signaturesId34 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId34 ${objectId}
|
||||
|
||||
Monitor-test-036
|
||||
Monitor-Application-Signatures-quic.sni-036
|
||||
[Tags] monitor 自建application signatures quic.sni
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -948,7 +987,8 @@ Monitor-test-036
|
||||
insert_policyId_to_file1 monitor_signaturesId35 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId35 ${objectId}
|
||||
|
||||
Monitor-test-037
|
||||
Monitor-Application-Signatures-ssl.handshake.extensions_server_name-037
|
||||
[Tags] monitor 自建application signatures ssl.handshake.extensions_server_name
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -974,7 +1014,8 @@ Monitor-test-037
|
||||
insert_policyId_to_file1 monitor_signaturesId36 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId36 ${objectId}
|
||||
|
||||
Monitor-test-038
|
||||
Monitor-Application-Signatures-ssl.handshake.extensions_server_name-038
|
||||
[Tags] monitor 自建application signatures ssl.handshake.extensions_server_name
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -1000,7 +1041,8 @@ Monitor-test-038
|
||||
insert_policyId_to_file1 monitor_signaturesId37 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId37 ${objectId}
|
||||
|
||||
Monitor-test-039
|
||||
Monitor-Application-Signatures-ssl.handshake.cert.serial_number-039
|
||||
[Tags] monitor 自建application signatures ssl.handshake.cert.serial_number
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -1026,7 +1068,8 @@ Monitor-test-039
|
||||
insert_policyId_to_file1 monitor_signaturesId38 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId38 ${objectId}
|
||||
|
||||
Monitor-test-040
|
||||
Monitor-Application-Signatures-ssl.handshake.cert.serial_number-040
|
||||
[Tags] monitor 自建application signatures ssl.handshake.cert.serial_number
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -1052,7 +1095,8 @@ Monitor-test-040
|
||||
insert_policyId_to_file1 monitor_signaturesId39 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId39 ${objectId}
|
||||
|
||||
Monitor-test-041
|
||||
Monitor-Application-Signatures-ssl.handshake.certificate.subject_common_name-041
|
||||
[Tags] monitor 自建application signatures ssl.handshake.certificate.subject_common_name
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
@@ -1078,4 +1122,337 @@ Monitor-test-041
|
||||
insert_policyId_to_file1 monitor_signaturesId40 ${signaturesId}
|
||||
insert_policyId_to_file1 monitor_objectId40 ${objectId}
|
||||
|
||||
Monitor-Application-Signatures-group-042
|
||||
[Tags] monitor 自建application signatures 多特征组合:ssl.handshake.extensions_server_name+tcp.analysis.create_with_syn+packet_layer+ip.src+tcp.payload
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody1} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_1","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"ssl.handshake.extensions_server_name","layer":"session_layer","stage":1,"attributeType":"string","attributeId":15,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"yandex.ru","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"ssl","luaProfileId":0}]}]}]}
|
||||
${signaturesId1} AddSignature ${signaturesBody1}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody2} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_2","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.analysis.create_with_syn","layer":"session_layer","stage":1,"attributeType":"bool","attributeId":5,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0}]}]}]}
|
||||
${signaturesId2} AddSignature ${signaturesBody2}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody3} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_3","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.dstport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":81,"objectId":[],"lowBoundary":"443","upBoundary":"443","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0}]}]}]}
|
||||
${signaturesId3} AddSignature ${signaturesBody3}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody4} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_4","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"ip.src","layer":"packet_layer","stage":0,"attributeType":"ip","attributeId":75,"objectId":[${objectId}],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"ip","luaProfileId":0}]}]}]}
|
||||
${signaturesId4} AddSignature ${signaturesBody4}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody5} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_5","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.payload","layer":"packet_layer","stage":0,"attributeType":"string","attributeId":9,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"yandex.ru","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0}]}]}]}
|
||||
${signaturesId5} AddSignature ${signaturesBody5}
|
||||
|
||||
Comment 创建Application
|
||||
${applicationBody} Set Variable {"opAction":"add","returnData":1,"appObj":{"appId":"","appName":"${TEST NAME}","standardPorts":"","isValid":1,"appProperties":{"parentAppId":0,"category":"networking","subcategory":"proxy","technology":"peer-to-peer","risk":"3","characteristics":"","denyAction":0,"continueScanning":0,"tcpTimeout":0,"udpTimeout":0,"tcpHalfClose":null,"tcpTimeWait":null},"appSurrogates":[{"appSuid":null,"group_by":"session","time_window":0,"ordered_match":"no","show":false,"signature_sequence":[{"signature_id":${signaturesId1},"exclude":0,"iconColor":""},{"signature_id":${signaturesId2},"exclude":0,"iconColor":""},{"signature_id":${signaturesId3},"exclude":0,"iconColor":""},{"signature_id":${signaturesId4},"exclude":0,"iconColor":""},{"signature_id":${signaturesId5},"exclude":0,"iconColor":""}]}]}}
|
||||
${appId} AddApplication ${applicationBody}
|
||||
|
||||
Comment 查询Application,获取AppIDObject
|
||||
${appidobject} GetAppIdObjects ${appId}
|
||||
Comment 创建策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"${TEST NAME}"} isValid=${1} appIdObjects=${appidobject}
|
||||
${rescode} ${policyIds} AddPolicies 1 ${policyDict} v2
|
||||
log ${policyIds}[0][policyIds][0]
|
||||
insert_policyId_to_file1 monitor_policyId41 ${policyIds}[0][policyIds][0]
|
||||
insert_policyId_to_file1 monitor_applicationId41 ${appId}
|
||||
insert_policyId_to_file1 monitor_signaturesId41 ${signaturesId1}
|
||||
insert_policyId_to_file1 monitor_signaturesId42 ${signaturesId2}
|
||||
insert_policyId_to_file1 monitor_signaturesId43 ${signaturesId3}
|
||||
insert_policyId_to_file1 monitor_signaturesId44 ${signaturesId4}
|
||||
insert_policyId_to_file1 monitor_signaturesId45 ${signaturesId5}
|
||||
insert_policyId_to_file1 monitor_objectId41 ${objectId}
|
||||
|
||||
|
||||
Monitor-Application-Signatures-group-043
|
||||
[Tags] monitor 自建application signatures 多特征组合:ip.payload+ip.src+general.session.analysis.app_id+tcp.payload.s2c_first_data
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody1} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_1","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"ip.payload","layer":"packet_layer","stage":0,"attributeType":"string","attributeId":7,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"www.youtube.com","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"ip","luaProfileId":0}]}]}]}
|
||||
${signaturesId1} AddSignature ${signaturesBody1}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody2} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_2","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"ip.src","layer":"packet_layer","stage":0,"attributeType":"ip","attributeId":75,"objectId":[${objectId}],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"ip","luaProfileId":0}]}]}]}
|
||||
${signaturesId2} AddSignature ${signaturesBody2}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody3} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_3","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"general.session.analysis.app_id","layer":"session_layer","stage":2,"attributeType":"numeric","attributeId":65,"objectId":[],"lowBoundary":126,"upBoundary":126,"exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"general","luaProfileId":0}]}]}]}
|
||||
${signaturesId3} AddSignature ${signaturesBody3}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody4} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_4","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.payload.s2c_first_data","layer":"session_layer","stage":2,"attributeType":"string","attributeId":3,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"google.com","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0}]}]}]}
|
||||
${signaturesId4} AddSignature ${signaturesBody4}
|
||||
|
||||
Comment 创建Application
|
||||
${applicationBody} Set Variable {"opAction":"add","returnData":1,"appObj":{"appId":"","appName":"${TEST NAME}","standardPorts":"","isValid":1,"appProperties":{"parentAppId":0,"category":"networking","subcategory":"proxy","technology":"peer-to-peer","risk":"3","characteristics":"","denyAction":0,"continueScanning":0,"tcpTimeout":0,"udpTimeout":0,"tcpHalfClose":null,"tcpTimeWait":null},"appSurrogates":[{"appSuid":null,"group_by":"session","time_window":0,"ordered_match":"no","show":false,"signature_sequence":[{"signature_id":${signaturesId1},"exclude":0,"iconColor":""},{"signature_id":${signaturesId2},"exclude":0,"iconColor":""},{"signature_id":${signaturesId3},"exclude":0,"iconColor":""},{"signature_id":${signaturesId4},"exclude":0,"iconColor":""}]}]}}
|
||||
${appId} AddApplication ${applicationBody}
|
||||
|
||||
Comment 查询Application,获取AppIDObject
|
||||
${appidobject} GetAppIdObjects ${appId}
|
||||
Comment 创建策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"${TEST NAME}"} isValid=${1} appIdObjects=${appidobject}
|
||||
${rescode} ${policyIds} AddPolicies 1 ${policyDict} v2
|
||||
log ${policyIds}[0][policyIds][0]
|
||||
insert_policyId_to_file1 monitor_policyId42 ${policyIds}[0][policyIds][0]
|
||||
insert_policyId_to_file1 monitor_applicationId42 ${appId}
|
||||
insert_policyId_to_file1 monitor_signaturesId46 ${signaturesId1}
|
||||
insert_policyId_to_file1 monitor_signaturesId47 ${signaturesId2}
|
||||
insert_policyId_to_file1 monitor_signaturesId48 ${signaturesId3}
|
||||
insert_policyId_to_file1 monitor_signaturesId49 ${signaturesId4}
|
||||
insert_policyId_to_file1 monitor_objectId42 ${objectId}
|
||||
|
||||
Monitor-Application-Signatures-group-044
|
||||
[Tags] monitor 自建application signatures 多特征组合:tcp.payload.c2s_first_data="scontent.xx.fbcdn.net" or "facebook.com"+tcp.dstport=443+ssl.handshake.extensions_server_name="scontent.xx.fbcdn.net" or "facebook.com"+tcp.srcport=443
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody1} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_1","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.payload.c2s_first_data","layer":"session_layer","stage":1,"attributeType":"string","attributeId":1,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"scontent.xx.fbcdn.net","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0},{"sigObjectName":"Condition 1","attributeName":"tcp.payload.c2s_first_data","layer":"session_layer","stage":1,"attributeType":"string","attributeId":1,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"facebook.com","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0,"Case-insensitive":false}]}]}]}
|
||||
${signaturesId1} AddSignature ${signaturesBody1}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody2} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_2","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.dstport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":81,"objectId":[],"lowBoundary":"443","upBoundary":"443","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0}]}]}]}
|
||||
${signaturesId2} AddSignature ${signaturesBody2}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody3} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_3","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"ssl.handshake.extensions_server_name","layer":"session_layer","stage":1,"attributeType":"string","attributeId":15,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"scontent.xx.fbcdn.net","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"ssl","luaProfileId":0},{"sigObjectName":"Condition 1","attributeName":"ssl.handshake.extensions_server_name","layer":"session_layer","stage":1,"attributeType":"string","attributeId":15,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"facebook.com","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"ssl","luaProfileId":0}]}]}]}
|
||||
${signaturesId3} AddSignature ${signaturesBody3}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody4} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_4","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.srcport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":79,"objectId":[],"lowBoundary":"443","upBoundary":"443","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0}]}]}]}
|
||||
${signaturesId4} AddSignature ${signaturesBody4}
|
||||
|
||||
Comment 创建Application
|
||||
${applicationBody} Set Variable {"opAction":"add","returnData":1,"appObj":{"appId":"","appName":"${TEST NAME}","standardPorts":"","isValid":1,"appProperties":{"parentAppId":0,"category":"networking","subcategory":"proxy","technology":"peer-to-peer","risk":"3","characteristics":"","denyAction":0,"continueScanning":0,"tcpTimeout":0,"udpTimeout":0,"tcpHalfClose":null,"tcpTimeWait":null},"appSurrogates":[{"appSuid":null,"group_by":"session","time_window":0,"ordered_match":"no","show":false,"signature_sequence":[{"signature_id":${signaturesId1},"exclude":0,"iconColor":""},{"signature_id":${signaturesId2},"exclude":0,"iconColor":""},{"signature_id":${signaturesId3},"exclude":0,"iconColor":""},{"signature_id":${signaturesId4},"exclude":0,"iconColor":""}]}]}}
|
||||
${appId} AddApplication ${applicationBody}
|
||||
|
||||
Comment 查询Application,获取AppIDObject
|
||||
${appidobject} GetAppIdObjects ${appId}
|
||||
Comment 创建策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"${TEST NAME}"} isValid=${1} appIdObjects=${appidobject}
|
||||
${rescode} ${policyIds} AddPolicies 1 ${policyDict} v2
|
||||
log ${policyIds}[0][policyIds][0]
|
||||
insert_policyId_to_file1 monitor_policyId43 ${policyIds}[0][policyIds][0]
|
||||
insert_policyId_to_file1 monitor_applicationId43 ${appId}
|
||||
insert_policyId_to_file1 monitor_signaturesId50 ${signaturesId1}
|
||||
insert_policyId_to_file1 monitor_signaturesId51 ${signaturesId2}
|
||||
insert_policyId_to_file1 monitor_signaturesId52 ${signaturesId3}
|
||||
insert_policyId_to_file1 monitor_signaturesId53 ${signaturesId4}
|
||||
insert_policyId_to_file1 monitor_objectId43 ${objectId}
|
||||
|
||||
Monitor-Application-Signatures-group-045
|
||||
[Tags] monitor 自建application signatures 多特征组合:tcp.payload.c2s_first_data=1603(原始字节)+tcp.payload.s2c_first_data=1603(原始字节)+tcp.payload=0101(原始字节)+tcp.srcport=62016或443或63291+tcp.dstport=62016或443或63291+ip.src=192.168.50.59+ssl.handshake.extensions_server_name =biliapi
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody1} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_1","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.payload.c2s_first_data","layer":"session_layer","stage":1,"attributeType":"string","attributeId":1,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"1603","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":1,"protocol":"tcp","luaProfileId":0,"Case-insensitive":false}]}]}]}
|
||||
${signaturesId1} AddSignature ${signaturesBody1}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody2} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_2","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.payload.s2c_first_data","layer":"session_layer","stage":2,"attributeType":"string","attributeId":3,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"1603","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":1,"protocol":"tcp","luaProfileId":0,"Case-insensitive":false}]}]}]}
|
||||
${signaturesId2} AddSignature ${signaturesBody2}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody3} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_3","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.payload","layer":"packet_layer","stage":0,"attributeType":"string","attributeId":9,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"0101","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":1,"protocol":"tcp","luaProfileId":0,"Case-insensitive":false}]}]}]}
|
||||
${signaturesId3} AddSignature ${signaturesBody3}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody4} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_4","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.srcport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":79,"objectId":[],"lowBoundary":"62016","upBoundary":"62016","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0},{"sigObjectName":"Condition 1","attributeName":"tcp.srcport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":79,"objectId":[],"lowBoundary":"443","upBoundary":"443","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0},{"sigObjectName":"Condition 1","attributeName":"tcp.srcport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":79,"objectId":[],"lowBoundary":"63291","upBoundary":"63291","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0}]}]}]}
|
||||
${signaturesId4} AddSignature ${signaturesBody4}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody5} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_5","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.dstport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":79,"objectId":[],"lowBoundary":"62016","upBoundary":"62016","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0},{"sigObjectName":"Condition 1","attributeName":"tcp.dstport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":79,"objectId":[],"lowBoundary":"443","upBoundary":"443","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0},{"sigObjectName":"Condition 1","attributeName":"tcp.dstport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":79,"objectId":[],"lowBoundary":"63291","upBoundary":"63291","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0}]}]}]}
|
||||
${signaturesId5} AddSignature ${signaturesBody5}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody6} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_6","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"ip.src","layer":"packet_layer","stage":0,"attributeType":"ip","attributeId":75,"objectId":[${objectId}],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"ip","luaProfileId":0}]}]}]}
|
||||
${signaturesId6} AddSignature ${signaturesBody6}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody7} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_7","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"ssl.handshake.extensions_server_name","layer":"session_layer","stage":1,"attributeType":"string","attributeId":15,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"biliapi","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"ssl","luaProfileId":0}]}]}]}
|
||||
${signaturesId7} AddSignature ${signaturesBody7}
|
||||
|
||||
Comment 创建Application
|
||||
${applicationBody} Set Variable {"opAction":"add","returnData":1,"appObj":{"appId":"","appName":"${TEST NAME}","standardPorts":"","isValid":1,"appProperties":{"parentAppId":0,"category":"networking","subcategory":"proxy","technology":"peer-to-peer","risk":"3","characteristics":"","denyAction":0,"continueScanning":0,"tcpTimeout":0,"udpTimeout":0,"tcpHalfClose":null,"tcpTimeWait":null},"appSurrogates":[{"appSuid":null,"group_by":"session","time_window":0,"ordered_match":"no","show":false,"signature_sequence":[{"signature_id":${signaturesId1},"exclude":0,"iconColor":""},{"signature_id":${signaturesId2},"exclude":0,"iconColor":""},{"signature_id":${signaturesId3},"exclude":0,"iconColor":""},{"signature_id":${signaturesId4},"exclude":0,"iconColor":""},{"signature_id":${signaturesId5},"exclude":0,"iconColor":""},{"signature_id":${signaturesId6},"exclude":0,"iconColor":""},{"signature_id":${signaturesId7},"exclude":0,"iconColor":""}]}]}}
|
||||
${appId} AddApplication ${applicationBody}
|
||||
|
||||
Comment 查询Application,获取AppIDObject
|
||||
${appidobject} GetAppIdObjects ${appId}
|
||||
Comment 创建策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"${TEST NAME}"} isValid=${1} appIdObjects=${appidobject}
|
||||
${rescode} ${policyIds} AddPolicies 1 ${policyDict} v2
|
||||
log ${policyIds}[0][policyIds][0]
|
||||
insert_policyId_to_file1 monitor_policyId44 ${policyIds}[0][policyIds][0]
|
||||
insert_policyId_to_file1 monitor_applicationId44 ${appId}
|
||||
insert_policyId_to_file1 monitor_signaturesId54 ${signaturesId1}
|
||||
insert_policyId_to_file1 monitor_signaturesId55 ${signaturesId2}
|
||||
insert_policyId_to_file1 monitor_signaturesId56 ${signaturesId3}
|
||||
insert_policyId_to_file1 monitor_signaturesId57 ${signaturesId4}
|
||||
insert_policyId_to_file1 monitor_signaturesId58 ${signaturesId5}
|
||||
insert_policyId_to_file1 monitor_signaturesId59 ${signaturesId6}
|
||||
insert_policyId_to_file1 monitor_signaturesId60 ${signaturesId7}
|
||||
insert_policyId_to_file1 monitor_objectId44 ${objectId}
|
||||
|
||||
Monitor-Application-Signatures-group-046
|
||||
[Tags] monitor 自建application signatures 多特征组合:http.host=hdslb+http.user_agent=Mozilla+http.content_type=image/jpeg+ssl.handshake.extensions_server_name =biliapi
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody1} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_1","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"http.host","layer":"session_layer","stage":1,"attributeType":"string","attributeId":45,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"hdslb","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"http","luaProfileId":0}]}]}]}
|
||||
${signaturesId1} AddSignature ${signaturesBody1}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody2} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_2","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"http.user_agent","layer":"session_layer","stage":1,"attributeType":"string","attributeId":49,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"Mozilla","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"http","luaProfileId":0}]}]}]}
|
||||
${signaturesId2} AddSignature ${signaturesBody2}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody3} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_3","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"http.content_type","layer":"session_layer","stage":1,"attributeType":"string","attributeId":51,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"image","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"http","luaProfileId":0},{"sigObjectName":"Condition 1","attributeName":"http.content_type","layer":"session_layer","stage":1,"attributeType":"string","attributeId":51,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"jpeg","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"http","luaProfileId":0}]}]}]}
|
||||
${signaturesId3} AddSignature ${signaturesBody3}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody4} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_4","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"ssl.handshake.extensions_server_name","layer":"session_layer","stage":1,"attributeType":"string","attributeId":15,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"biliapi","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"ssl","luaProfileId":0}]}]}]}
|
||||
${signaturesId4} AddSignature ${signaturesBody4}
|
||||
|
||||
Comment 创建Application
|
||||
${applicationBody} Set Variable {"opAction":"add","returnData":1,"appObj":{"appId":"","appName":"${TEST NAME}","standardPorts":"","isValid":1,"appProperties":{"parentAppId":0,"category":"networking","subcategory":"proxy","technology":"peer-to-peer","risk":"3","characteristics":"","denyAction":0,"continueScanning":0,"tcpTimeout":0,"udpTimeout":0,"tcpHalfClose":null,"tcpTimeWait":null},"appSurrogates":[{"appSuid":null,"group_by":"session","time_window":0,"ordered_match":"no","show":false,"signature_sequence":[{"signature_id":${signaturesId1},"exclude":0,"iconColor":""},{"signature_id":${signaturesId2},"exclude":0,"iconColor":""},{"signature_id":${signaturesId3},"exclude":0,"iconColor":""},{"signature_id":${signaturesId4},"exclude":0,"iconColor":""}]}]}}
|
||||
${appId} AddApplication ${applicationBody}
|
||||
|
||||
Comment 查询Application,获取AppIDObject
|
||||
${appidobject} GetAppIdObjects ${appId}
|
||||
Comment 创建策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"${TEST NAME}"} isValid=${1} appIdObjects=${appidobject}
|
||||
${rescode} ${policyIds} AddPolicies 1 ${policyDict} v2
|
||||
log ${policyIds}[0][policyIds][0]
|
||||
insert_policyId_to_file1 monitor_policyId45 ${policyIds}[0][policyIds][0]
|
||||
insert_policyId_to_file1 monitor_applicationId45 ${appId}
|
||||
insert_policyId_to_file1 monitor_signaturesId61 ${signaturesId1}
|
||||
insert_policyId_to_file1 monitor_signaturesId62 ${signaturesId2}
|
||||
insert_policyId_to_file1 monitor_signaturesId63 ${signaturesId3}
|
||||
insert_policyId_to_file1 monitor_signaturesId64 ${signaturesId4}
|
||||
insert_policyId_to_file1 monitor_objectId45 ${objectId}
|
||||
|
||||
Monitor-Application-Signatures-group-047
|
||||
[Tags] monitor 自建application signatures 多特征组合:ssl.handshake.extensions_server_name=skype.com+tcp.dstport=443+udp.srcport=59193或3478+udp.payload.s2c_first_data=local+udp.payload.c2s_first_data=tcmedia+tcp.payload=skype
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody1} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_1","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.dstport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":81,"objectId":[],"lowBoundary":"443","upBoundary":"443","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0}]}]}]}
|
||||
${signaturesId1} AddSignature ${signaturesBody1}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody2} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_2","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"udp.srcport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":83,"objectId":[],"lowBoundary":"59193","upBoundary":"59193","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"udp","luaProfileId":0},{"sigObjectName":"Condition 1","attributeName":"udp.srcport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":83,"objectId":[],"lowBoundary":"3478","upBoundary":"3478","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"udp","luaProfileId":0}]}]}]}
|
||||
${signaturesId2} AddSignature ${signaturesBody2}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody3} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_3","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"udp.payload.s2c_first_data","layer":"session_layer","stage":1,"attributeType":"string","attributeId":69,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"local","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"udp","luaProfileId":0}]}]}]}
|
||||
${signaturesId3} AddSignature ${signaturesBody3}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody4} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_4","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"udp.payload.c2s_first_data","layer":"session_layer","stage":1,"attributeType":"string","attributeId":67,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"tcmedia","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"udp","luaProfileId":0}]}]}]}
|
||||
${signaturesId4} AddSignature ${signaturesBody4}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody5} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_5","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.payload","layer":"packet_layer","stage":0,"attributeType":"string","attributeId":9,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"skype","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0}]}]}]}
|
||||
${signaturesId5} AddSignature ${signaturesBody5}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody6} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_6","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"ssl.handshake.extensions_server_name","layer":"session_layer","stage":1,"attributeType":"string","attributeId":15,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"skype.com","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"ssl","luaProfileId":0}]}]}]}
|
||||
${signaturesId6} AddSignature ${signaturesBody6}
|
||||
|
||||
Comment 创建Application
|
||||
${applicationBody} Set Variable {"opAction":"add","returnData":1,"appObj":{"appId":"","appName":"${TEST NAME}","standardPorts":"","isValid":1,"appProperties":{"parentAppId":0,"category":"networking","subcategory":"proxy","technology":"peer-to-peer","risk":"3","characteristics":"","denyAction":0,"continueScanning":0,"tcpTimeout":0,"udpTimeout":0,"tcpHalfClose":null,"tcpTimeWait":null},"appSurrogates":[{"appSuid":null,"group_by":"session","time_window":0,"ordered_match":"no","show":false,"signature_sequence":[{"signature_id":${signaturesId1},"exclude":0,"iconColor":""},{"signature_id":${signaturesId2},"exclude":0,"iconColor":""},{"signature_id":${signaturesId3},"exclude":0,"iconColor":""},{"signature_id":${signaturesId4},"exclude":0,"iconColor":""},{"signature_id":${signaturesId5},"exclude":0,"iconColor":""},{"signature_id":${signaturesId6},"exclude":0,"iconColor":""}]}]}}
|
||||
${appId} AddApplication ${applicationBody}
|
||||
|
||||
Comment 查询Application,获取AppIDObject
|
||||
${appidobject} GetAppIdObjects ${appId}
|
||||
Comment 创建策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"${TEST NAME}"} isValid=${1} appIdObjects=${appidobject}
|
||||
${rescode} ${policyIds} AddPolicies 1 ${policyDict} v2
|
||||
log ${policyIds}[0][policyIds][0]
|
||||
insert_policyId_to_file1 monitor_policyId46 ${policyIds}[0][policyIds][0]
|
||||
insert_policyId_to_file1 monitor_applicationId46 ${appId}
|
||||
insert_policyId_to_file1 monitor_signaturesId65 ${signaturesId1}
|
||||
insert_policyId_to_file1 monitor_signaturesId66 ${signaturesId2}
|
||||
insert_policyId_to_file1 monitor_signaturesId67 ${signaturesId3}
|
||||
insert_policyId_to_file1 monitor_signaturesId68 ${signaturesId4}
|
||||
insert_policyId_to_file1 monitor_signaturesId69 ${signaturesId5}
|
||||
insert_policyId_to_file1 monitor_signaturesId70 ${signaturesId6}
|
||||
insert_policyId_to_file1 monitor_objectId46 ${objectId}
|
||||
|
||||
Monitor-Application-Signatures-group-048
|
||||
[Tags] monitor 自建application signatures 多特征组合:tcp.payload.c2s_first_data=c68b(原始字节)+tcp.payload.s2c_first_data=f353(原始字节)+tcp.payload=bde8(原始字节)+tcp.srcport=51327或443+tcp.dstport=51327或443+ip.src=192.168.50.59
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=192.168.50.59 port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody1} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_1","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.payload.c2s_first_data","layer":"session_layer","stage":1,"attributeType":"string","attributeId":1,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"c68b","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":1,"protocol":"tcp","luaProfileId":0,"Case-insensitive":false}]}]}]}
|
||||
${signaturesId1} AddSignature ${signaturesBody1}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody2} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_2","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.payload.s2c_first_data","layer":"session_layer","stage":2,"attributeType":"string","attributeId":3,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"f353","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":1,"protocol":"tcp","luaProfileId":0,"Case-insensitive":false}]}]}]}
|
||||
${signaturesId2} AddSignature ${signaturesBody2}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody3} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_3","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.payload","layer":"packet_layer","stage":0,"attributeType":"string","attributeId":9,"objectId":[],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"bde8","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":1,"protocol":"tcp","luaProfileId":0,"Case-insensitive":false}]}]}]}
|
||||
${signaturesId3} AddSignature ${signaturesBody3}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody4} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_4","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.srcport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":79,"objectId":[],"lowBoundary":"51327","upBoundary":"51327","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0},{"sigObjectName":"Condition 1","attributeName":"tcp.srcport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":79,"objectId":[],"lowBoundary":"443","upBoundary":"443","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0}]}]}]}
|
||||
${signaturesId4} AddSignature ${signaturesBody4}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody5} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_5","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"tcp.dstport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":81,"objectId":[],"lowBoundary":"51327","upBoundary":"51327","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0},{"sigObjectName":"Condition 1","attributeName":"tcp.dstport","layer":"packet_layer","stage":0,"attributeType":"numeric","attributeId":81,"objectId":[],"lowBoundary":"443","upBoundary":"443","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"tcp","luaProfileId":0}]}]}]}
|
||||
${signaturesId5} AddSignature ${signaturesBody5}
|
||||
|
||||
Comment 创建Signatures
|
||||
${signaturesBody6} Set Variable {"returnData":1,"opAction":"add","signatures":[{"signatureName":"${TEST NAME}_6","profileModifiedTime":"","iconColor":"","signatureDesc":"","andConditions":[{"sigObjectName":"Condition 1","orConditions":[{"sigObjectName":"null","attributeName":"ip.src","layer":"packet_layer","stage":0,"attributeType":"ip","attributeId":75,"objectId":[${objectId}],"lowBoundary":"","upBoundary":"","exprType":0,"enableOffset":false,"keywordObj":[{"keywords":"","offset":"","depth":""}],"attributeFlag":1,"matchMethod":0,"isHexbin":0,"protocol":"ip","luaProfileId":0}]}]}]}
|
||||
${signaturesId6} AddSignature ${signaturesBody6}
|
||||
|
||||
Comment 创建Application
|
||||
${applicationBody} Set Variable {"opAction":"add","returnData":1,"appObj":{"appId":"","appName":"${TEST NAME}","standardPorts":"","isValid":1,"appProperties":{"parentAppId":0,"category":"networking","subcategory":"proxy","technology":"peer-to-peer","risk":"3","characteristics":"","denyAction":0,"continueScanning":0,"tcpTimeout":0,"udpTimeout":0,"tcpHalfClose":null,"tcpTimeWait":null},"appSurrogates":[{"appSuid":null,"group_by":"session","time_window":0,"ordered_match":"no","show":false,"signature_sequence":[{"signature_id":${signaturesId1},"exclude":0,"iconColor":""},{"signature_id":${signaturesId2},"exclude":0,"iconColor":""},{"signature_id":${signaturesId3},"exclude":0,"iconColor":""},{"signature_id":${signaturesId4},"exclude":0,"iconColor":""},{"signature_id":${signaturesId5},"exclude":0,"iconColor":""},{"signature_id":${signaturesId6},"exclude":0,"iconColor":""}]}]}}
|
||||
${appId} AddApplication ${applicationBody}
|
||||
|
||||
Comment 查询Application,获取AppIDObject
|
||||
${appidobject} GetAppIdObjects ${appId}
|
||||
Comment 创建策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"${TEST NAME}"} isValid=${1} appIdObjects=${appidobject}
|
||||
${rescode} ${policyIds} AddPolicies 1 ${policyDict} v2
|
||||
log ${policyIds}[0][policyIds][0]
|
||||
insert_policyId_to_file1 monitor_policyId47 ${policyIds}[0][policyIds][0]
|
||||
insert_policyId_to_file1 monitor_applicationId47 ${appId}
|
||||
insert_policyId_to_file1 monitor_signaturesId71 ${signaturesId1}
|
||||
insert_policyId_to_file1 monitor_signaturesId72 ${signaturesId2}
|
||||
insert_policyId_to_file1 monitor_signaturesId73 ${signaturesId3}
|
||||
insert_policyId_to_file1 monitor_signaturesId74 ${signaturesId4}
|
||||
insert_policyId_to_file1 monitor_signaturesId75 ${signaturesId5}
|
||||
insert_policyId_to_file1 monitor_signaturesId76 ${signaturesId6}
|
||||
insert_policyId_to_file1 monitor_objectId47 ${objectId}
|
||||
|
||||
Reference in New Issue
Block a user