2024-01-17 19:20:45 +08:00
|
|
|
|
package com.realtime.protection.server.alertmessage;
|
|
|
|
|
|
|
2024-01-22 15:41:20 +08:00
|
|
|
|
import com.baomidou.dynamic.datasource.annotation.DSTransactional;
|
2024-01-25 17:29:54 +08:00
|
|
|
|
import com.realtime.protection.configuration.entity.alert.AlertMessage;
|
2024-02-01 09:08:45 +08:00
|
|
|
|
import com.realtime.protection.configuration.entity.defense.template.ProtectLevel;
|
2024-01-18 23:35:56 +08:00
|
|
|
|
import com.realtime.protection.configuration.entity.task.FiveTupleWithMask;
|
2024-01-17 19:20:45 +08:00
|
|
|
|
import com.realtime.protection.configuration.entity.task.TaskCommandInfo;
|
2024-01-19 15:45:06 +08:00
|
|
|
|
import com.realtime.protection.configuration.utils.enums.StateEnum;
|
2024-01-21 00:51:10 +08:00
|
|
|
|
import com.realtime.protection.configuration.utils.enums.TaskTypeEnum;
|
2024-01-19 15:45:06 +08:00
|
|
|
|
import com.realtime.protection.server.command.CommandService;
|
2024-01-17 19:20:45 +08:00
|
|
|
|
import org.springframework.stereotype.Service;
|
2024-01-21 00:51:10 +08:00
|
|
|
|
|
|
|
|
|
|
import java.util.List;
|
|
|
|
|
|
|
2024-01-17 19:20:45 +08:00
|
|
|
|
|
2024-01-22 15:05:15 +08:00
|
|
|
|
|
2024-01-17 19:20:45 +08:00
|
|
|
|
@Service
|
|
|
|
|
|
public class AlertMessageService {
|
|
|
|
|
|
private final CommandService commandService;
|
2024-01-18 23:35:56 +08:00
|
|
|
|
private final AlertMessageMapper alertMessageMapper;
|
2024-01-17 19:20:45 +08:00
|
|
|
|
|
2024-01-22 23:29:50 +08:00
|
|
|
|
public AlertMessageService(
|
|
|
|
|
|
CommandService commandService,
|
2024-01-18 23:35:56 +08:00
|
|
|
|
AlertMessageMapper alertMessageMapper) {
|
2024-01-17 19:20:45 +08:00
|
|
|
|
this.commandService = commandService;
|
2024-01-18 23:35:56 +08:00
|
|
|
|
this.alertMessageMapper = alertMessageMapper;
|
2024-01-17 19:20:45 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2024-01-21 00:51:10 +08:00
|
|
|
|
@DSTransactional
|
2024-01-18 23:35:56 +08:00
|
|
|
|
public void processAlertMessage(AlertMessage alertMessage) {
|
2024-01-21 00:51:10 +08:00
|
|
|
|
TaskCommandInfo dynamicTaskCommandInfo = generateDynamicCommand(alertMessage);
|
|
|
|
|
|
|
|
|
|
|
|
Integer taskStatus = dynamicTaskCommandInfo.getTaskStatus();
|
|
|
|
|
|
Integer taskType = dynamicTaskCommandInfo.getTaskType();
|
|
|
|
|
|
|
2024-01-22 23:29:50 +08:00
|
|
|
|
if (taskType == TaskTypeEnum.DYNAMIC.getTaskType())//实时
|
2024-01-22 15:05:15 +08:00
|
|
|
|
switch (StateEnum.getStateEnumByNum(taskStatus)) {
|
|
|
|
|
|
case RUNNING:
|
2024-01-22 23:29:50 +08:00
|
|
|
|
insertCommandAndAlertMessage(dynamicTaskCommandInfo, true, true, alertMessage);
|
2024-01-21 00:51:10 +08:00
|
|
|
|
break;
|
2024-01-22 15:05:15 +08:00
|
|
|
|
case PAUSED:
|
2024-01-22 23:29:50 +08:00
|
|
|
|
insertCommandAndAlertMessage(dynamicTaskCommandInfo, false, true, alertMessage);
|
2024-01-21 00:51:10 +08:00
|
|
|
|
break;
|
|
|
|
|
|
default://主要是stop
|
|
|
|
|
|
//command不入库
|
|
|
|
|
|
//alertmessage入库
|
2024-01-22 23:29:50 +08:00
|
|
|
|
insertAlertMessageOnly(alertMessage);
|
2024-01-21 00:51:10 +08:00
|
|
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
|
|
else if (taskType == TaskTypeEnum.JUDGED.getTaskType())//研判后
|
2024-01-22 15:05:15 +08:00
|
|
|
|
switch (StateEnum.getStateEnumByNum(taskStatus)) {
|
|
|
|
|
|
case RUNNING:
|
2024-01-22 23:29:50 +08:00
|
|
|
|
insertCommandAndAlertMessage(dynamicTaskCommandInfo, true, false, alertMessage);
|
2024-01-21 00:51:10 +08:00
|
|
|
|
break;
|
2024-01-22 15:05:15 +08:00
|
|
|
|
case PAUSED:
|
2024-01-22 23:29:50 +08:00
|
|
|
|
insertCommandAndAlertMessage(dynamicTaskCommandInfo, false, false, alertMessage);
|
2024-01-21 00:51:10 +08:00
|
|
|
|
break;
|
|
|
|
|
|
default://主要是stop
|
|
|
|
|
|
//command不入库
|
|
|
|
|
|
//alertmessage入库
|
2024-01-22 23:29:50 +08:00
|
|
|
|
insertAlertMessageOnly(alertMessage);
|
2024-01-21 00:51:10 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private TaskCommandInfo generateDynamicCommand(AlertMessage alertMessage){
|
2024-01-17 19:20:45 +08:00
|
|
|
|
Long taskId = alertMessage.getTaskId();
|
2024-01-22 23:29:50 +08:00
|
|
|
|
Integer DynamicRuleId = alertMessage.getDynamicRuleId();
|
2024-01-21 00:51:10 +08:00
|
|
|
|
// 查task信息
|
|
|
|
|
|
// (1)查询生成指令所需信息:和alertMessage中的fiveTuple信息 合并成 TaskCommandInfo;
|
|
|
|
|
|
// (2)额外信息:并额外查询templateId、protectLevel和taskStatus
|
2024-01-22 23:29:50 +08:00
|
|
|
|
TaskCommandInfo dynamicCommandInfo = alertMessageMapper.getDynamicTaskInfos(taskId, DynamicRuleId);
|
2024-01-29 23:41:13 +08:00
|
|
|
|
if (dynamicCommandInfo == null || dynamicCommandInfo.getTemplateId() == null){
|
|
|
|
|
|
throw new IllegalArgumentException("taskId: " + taskId + " DynamicRuleId: " + DynamicRuleId + " 不正确");
|
2024-01-24 14:06:49 +08:00
|
|
|
|
}
|
2024-01-21 00:51:10 +08:00
|
|
|
|
// 根据templateId、protectLevel获取策略模板
|
2024-01-18 23:35:56 +08:00
|
|
|
|
ProtectLevel templateProtectLevel = alertMessageMapper.queryTemplateProtectLevel(
|
2024-01-21 00:51:10 +08:00
|
|
|
|
dynamicCommandInfo.getTemplateId(),
|
|
|
|
|
|
dynamicCommandInfo.getProtectLevel());
|
|
|
|
|
|
//根据策略模板和alertMessage中的FiveTupleWithMask生成要下发五元组信息
|
|
|
|
|
|
FiveTupleWithMask fiveTupleWithMaskNew = updateFiveTupleWithMask(alertMessage.getFiveTupleWithMask(),
|
|
|
|
|
|
templateProtectLevel);
|
|
|
|
|
|
//指令加入策略模板筛选后的fiveTupleWithMaskNew
|
|
|
|
|
|
dynamicCommandInfo.setFiveTupleWithMask(fiveTupleWithMaskNew);
|
2024-01-17 19:20:45 +08:00
|
|
|
|
|
2024-01-21 00:51:10 +08:00
|
|
|
|
return dynamicCommandInfo;
|
|
|
|
|
|
}
|
2024-01-17 19:20:45 +08:00
|
|
|
|
|
2024-01-21 00:51:10 +08:00
|
|
|
|
@DSTransactional
|
2024-01-22 23:29:50 +08:00
|
|
|
|
private void insertCommandAndAlertMessage(TaskCommandInfo dynamicTaskCommandInfo,
|
|
|
|
|
|
Boolean isValid,
|
|
|
|
|
|
Boolean isJudged,
|
|
|
|
|
|
AlertMessage alertMessage){
|
2024-01-21 00:51:10 +08:00
|
|
|
|
//command入库
|
|
|
|
|
|
dynamicTaskCommandInfo.setIsValid(isValid);
|
2024-01-22 23:29:50 +08:00
|
|
|
|
dynamicTaskCommandInfo.setIsJudged(isJudged);
|
2024-01-21 00:51:10 +08:00
|
|
|
|
String commandUUID = commandService.createCommand(dynamicTaskCommandInfo);
|
2024-01-22 15:05:15 +08:00
|
|
|
|
|
2024-01-21 00:51:10 +08:00
|
|
|
|
//alertmessage入库
|
|
|
|
|
|
alertMessage.setCommandUUID(commandUUID);
|
|
|
|
|
|
alertMessageMapper.insertAlertMessage(alertMessage);
|
2024-01-17 19:20:45 +08:00
|
|
|
|
}
|
2024-01-22 23:29:50 +08:00
|
|
|
|
private void insertAlertMessageOnly(AlertMessage alertMessage){
|
2024-01-21 00:51:10 +08:00
|
|
|
|
//alertmessage入库
|
|
|
|
|
|
alertMessage.setCommandUUID(null);
|
|
|
|
|
|
alertMessageMapper.insertAlertMessage(alertMessage);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private FiveTupleWithMask updateFiveTupleWithMask(FiveTupleWithMask fiveTupleWithMask, ProtectLevel templateProtectLevel) {
|
|
|
|
|
|
|
|
|
|
|
|
FiveTupleWithMask newFiveTupleWithMask = new FiveTupleWithMask();
|
|
|
|
|
|
newFiveTupleWithMask.copyFiveTupleWithMask(fiveTupleWithMask);
|
2024-01-18 23:35:56 +08:00
|
|
|
|
|
|
|
|
|
|
if(!templateProtectLevel.getHasProtectObjectIP()){
|
2024-01-21 00:51:10 +08:00
|
|
|
|
newFiveTupleWithMask.setDestinationIP(null);
|
|
|
|
|
|
newFiveTupleWithMask.setMaskDestinationIP(null);
|
2024-01-18 23:35:56 +08:00
|
|
|
|
}
|
|
|
|
|
|
if(!templateProtectLevel.getHasProtectObjectPort()){
|
2024-01-21 00:51:10 +08:00
|
|
|
|
newFiveTupleWithMask.setDestinationPort(null);
|
|
|
|
|
|
newFiveTupleWithMask.setMaskDestinationPort(null);
|
2024-01-18 23:35:56 +08:00
|
|
|
|
}
|
|
|
|
|
|
if(!templateProtectLevel.getHasPeerIP()){
|
2024-01-21 00:51:10 +08:00
|
|
|
|
newFiveTupleWithMask.setSourceIP(null);
|
|
|
|
|
|
newFiveTupleWithMask.setMaskSourceIP(null);
|
2024-01-18 23:35:56 +08:00
|
|
|
|
}
|
|
|
|
|
|
if(!templateProtectLevel.getHasPeerPort()){
|
2024-01-21 00:51:10 +08:00
|
|
|
|
newFiveTupleWithMask.setSourcePort(null);
|
|
|
|
|
|
newFiveTupleWithMask.setMaskSourcePort(null);
|
2024-01-18 23:35:56 +08:00
|
|
|
|
}
|
|
|
|
|
|
if (!templateProtectLevel.getHasProtocol()) {
|
2024-01-21 00:51:10 +08:00
|
|
|
|
newFiveTupleWithMask.setProtocol(null);
|
|
|
|
|
|
newFiveTupleWithMask.setMaskProtocol(null);
|
2024-01-18 23:35:56 +08:00
|
|
|
|
}
|
|
|
|
|
|
//目前告警信息还只是五元组,没有url、dns
|
2024-01-21 00:51:10 +08:00
|
|
|
|
return newFiveTupleWithMask;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public List<AlertMessage> queryAlarmsByCommandId(String commandId) {
|
2024-01-22 15:05:15 +08:00
|
|
|
|
|
2024-01-21 00:51:10 +08:00
|
|
|
|
return alertMessageMapper.queryAlermsByCommandId(commandId);
|
2024-01-18 23:35:56 +08:00
|
|
|
|
}
|
2024-01-17 19:20:45 +08:00
|
|
|
|
}
|
