1、修改策略模板的isFullFlow和isProtectObjectIPSrc为isProtectObjectDst和isProtectObjectSrc。并做其他相应修改
2、动态规则分页查询增加返回策略模板名称
This commit is contained in:
PushM
@@ -34,4 +34,10 @@ public class ProtectLevel {
|
||||
|
||||
@Schema(description = "该防护等级防护对象ip地址是否作为源ip地址")
|
||||
private Boolean isProtectObjectIPSrc = false;
|
||||
|
||||
@Schema(description = "该防护等级防护对象ip地址是否作为目的地址")
|
||||
private Boolean isProtectObjectDst = false;
|
||||
@Schema(description = "该防护等级防护对象ip地址是否作为源地址")
|
||||
private Boolean isProtectObjectSrc = false;
|
||||
|
||||
}
|
||||
|
||||
@@ -60,11 +60,17 @@ public class TemplateNew {
|
||||
@Schema(description = "该防护等级是否需要提取DNS")
|
||||
private Boolean hasDNS = false;
|
||||
|
||||
@Schema(description = "该防护等级是处置防护对象的全流量or单向流量")
|
||||
private Boolean isFullFlow = false;
|
||||
// @Schema(description = "该防护等级防护对象ip地址是否作为目的地址")
|
||||
// private Boolean isFullFlow = false;
|
||||
//
|
||||
// @Schema(description = "该防护等级防护对象ip地址是否作为源地址")
|
||||
// private Boolean isProtectObjectIPSrc = false;
|
||||
|
||||
@Schema(description = "该防护等级防护对象ip地址是否作为源ip地址")
|
||||
private Boolean isProtectObjectIPSrc = false;
|
||||
@Schema(description = "该防护等级防护对象ip地址是否作为目的地址")
|
||||
private Boolean isProtectObjectDst = false;
|
||||
|
||||
@Schema(description = "该防护等级防护对象ip地址是否作为源地址")
|
||||
private Boolean isProtectObjectSrc = false;
|
||||
|
||||
@JsonProperty("template_used_times")
|
||||
@Schema(description = "防御策略模板使用次数", example = "20", accessMode = Schema.AccessMode.READ_ONLY)
|
||||
|
||||
@@ -56,6 +56,10 @@ public class DynamicRuleObject {
|
||||
@Schema(description = "响应时回复防护对象完整信息", accessMode = Schema.AccessMode.READ_ONLY)
|
||||
private List<ProtectObject> protectObjects;
|
||||
|
||||
@JsonProperty("strategy_template_name")
|
||||
@Schema(description = "动态规则选择的策略模板", accessMode = Schema.AccessMode.READ_ONLY)
|
||||
private String templateName;
|
||||
|
||||
|
||||
//还没有建立外键
|
||||
@JsonProperty("dynamic_rule_create_user_id")
|
||||
|
||||
@@ -32,6 +32,10 @@ public class AlertMessageService {
|
||||
public void processAlertMessage(AlertMessage alertMessage) {
|
||||
//根据告警信息——>生成指令
|
||||
List<TaskCommandInfo> dynamicTaskCommandInfoList = generateDynamicCommand(alertMessage);
|
||||
//可能isProtectSrcOrDst和isProtectSrcOrDst都为FALSE,说明没有生成指令
|
||||
if(dynamicTaskCommandInfoList == null || dynamicTaskCommandInfoList.isEmpty()){
|
||||
return;
|
||||
}
|
||||
//获取任务状态,设置指令的isValid字段,且是否生成指令入库(除了RUNING\PAUSED状态,其他都不入command库)。
|
||||
Integer taskStatus = dynamicTaskCommandInfoList.get(0).getTaskStatus();
|
||||
//获取任务类型,设置指令的isJudged字段。
|
||||
@@ -87,7 +91,9 @@ public class AlertMessageService {
|
||||
//根据策略模板的is_full_flow字段,如果是双向流量会生成两个fiveTuple,所以返回List
|
||||
List<FiveTupleWithMask> fiveTupleWithMaskNew = updateFiveTupleWithMask(alertMessage.getFiveTupleWithMask(),
|
||||
alertMessage.getProtectIsSrcOrDst(), templateProtectLevel);
|
||||
|
||||
if(fiveTupleWithMaskNew.isEmpty()){
|
||||
return null;
|
||||
}
|
||||
//根据fiveTuple生成动态指令信息
|
||||
List<TaskCommandInfo> dynamicCommandInfoList = new ArrayList<>();
|
||||
if (fiveTupleWithMaskNew.size() == 2){
|
||||
@@ -235,7 +241,7 @@ public class AlertMessageService {
|
||||
command2.setProtocol(fiveTupleWithMask.getProtocol());
|
||||
command2.setProtocol(fiveTupleWithMask.getMaskProtocol());
|
||||
}
|
||||
|
||||
/*
|
||||
//若需要处置全方向流量,防护对象为源和目的的五元组都生成指令下发
|
||||
if(templateProtectLevel.getIsFullFlow()){
|
||||
newFiveTupleWithMask.add(command1);
|
||||
@@ -249,6 +255,18 @@ public class AlertMessageService {
|
||||
newFiveTupleWithMask.add(command1);
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
//若需要处置全方向流量,防护对象为源和目的的五元组都生成指令下发
|
||||
|
||||
// 判断防护对象为源还是目的,生成指令
|
||||
if(templateProtectLevel.getIsProtectObjectIPSrc()){
|
||||
newFiveTupleWithMask.add(command2);
|
||||
}
|
||||
if (templateProtectLevel.getIsProtectObjectDst()){
|
||||
newFiveTupleWithMask.add(command1);
|
||||
}
|
||||
|
||||
|
||||
//目前告警信息还只是五元组,没有url、dns
|
||||
return newFiveTupleWithMask;
|
||||
|
||||
Reference in New Issue
Block a user