1、修改策略模板的isFullFlow和isProtectObjectIPSrc为isProtectObjectDst和isProtectObjectSrc。并做其他相应修改
2、动态规则分页查询增加返回策略模板名称
This commit is contained in:
PushM
@@ -34,4 +34,10 @@ public class ProtectLevel {
|
||||
|
||||
@Schema(description = "该防护等级防护对象ip地址是否作为源ip地址")
|
||||
private Boolean isProtectObjectIPSrc = false;
|
||||
|
||||
@Schema(description = "该防护等级防护对象ip地址是否作为目的地址")
|
||||
private Boolean isProtectObjectDst = false;
|
||||
@Schema(description = "该防护等级防护对象ip地址是否作为源地址")
|
||||
private Boolean isProtectObjectSrc = false;
|
||||
|
||||
}
|
||||
|
||||
@@ -60,11 +60,17 @@ public class TemplateNew {
|
||||
@Schema(description = "该防护等级是否需要提取DNS")
|
||||
private Boolean hasDNS = false;
|
||||
|
||||
@Schema(description = "该防护等级是处置防护对象的全流量or单向流量")
|
||||
private Boolean isFullFlow = false;
|
||||
// @Schema(description = "该防护等级防护对象ip地址是否作为目的地址")
|
||||
// private Boolean isFullFlow = false;
|
||||
//
|
||||
// @Schema(description = "该防护等级防护对象ip地址是否作为源地址")
|
||||
// private Boolean isProtectObjectIPSrc = false;
|
||||
|
||||
@Schema(description = "该防护等级防护对象ip地址是否作为源ip地址")
|
||||
private Boolean isProtectObjectIPSrc = false;
|
||||
@Schema(description = "该防护等级防护对象ip地址是否作为目的地址")
|
||||
private Boolean isProtectObjectDst = false;
|
||||
|
||||
@Schema(description = "该防护等级防护对象ip地址是否作为源地址")
|
||||
private Boolean isProtectObjectSrc = false;
|
||||
|
||||
@JsonProperty("template_used_times")
|
||||
@Schema(description = "防御策略模板使用次数", example = "20", accessMode = Schema.AccessMode.READ_ONLY)
|
||||
|
||||
@@ -56,6 +56,10 @@ public class DynamicRuleObject {
|
||||
@Schema(description = "响应时回复防护对象完整信息", accessMode = Schema.AccessMode.READ_ONLY)
|
||||
private List<ProtectObject> protectObjects;
|
||||
|
||||
@JsonProperty("strategy_template_name")
|
||||
@Schema(description = "动态规则选择的策略模板", accessMode = Schema.AccessMode.READ_ONLY)
|
||||
private String templateName;
|
||||
|
||||
|
||||
//还没有建立外键
|
||||
@JsonProperty("dynamic_rule_create_user_id")
|
||||
|
||||
@@ -32,6 +32,10 @@ public class AlertMessageService {
|
||||
public void processAlertMessage(AlertMessage alertMessage) {
|
||||
//根据告警信息——>生成指令
|
||||
List<TaskCommandInfo> dynamicTaskCommandInfoList = generateDynamicCommand(alertMessage);
|
||||
//可能isProtectSrcOrDst和isProtectSrcOrDst都为FALSE,说明没有生成指令
|
||||
if(dynamicTaskCommandInfoList == null || dynamicTaskCommandInfoList.isEmpty()){
|
||||
return;
|
||||
}
|
||||
//获取任务状态,设置指令的isValid字段,且是否生成指令入库(除了RUNING\PAUSED状态,其他都不入command库)。
|
||||
Integer taskStatus = dynamicTaskCommandInfoList.get(0).getTaskStatus();
|
||||
//获取任务类型,设置指令的isJudged字段。
|
||||
@@ -87,7 +91,9 @@ public class AlertMessageService {
|
||||
//根据策略模板的is_full_flow字段,如果是双向流量会生成两个fiveTuple,所以返回List
|
||||
List<FiveTupleWithMask> fiveTupleWithMaskNew = updateFiveTupleWithMask(alertMessage.getFiveTupleWithMask(),
|
||||
alertMessage.getProtectIsSrcOrDst(), templateProtectLevel);
|
||||
|
||||
if(fiveTupleWithMaskNew.isEmpty()){
|
||||
return null;
|
||||
}
|
||||
//根据fiveTuple生成动态指令信息
|
||||
List<TaskCommandInfo> dynamicCommandInfoList = new ArrayList<>();
|
||||
if (fiveTupleWithMaskNew.size() == 2){
|
||||
@@ -235,7 +241,7 @@ public class AlertMessageService {
|
||||
command2.setProtocol(fiveTupleWithMask.getProtocol());
|
||||
command2.setProtocol(fiveTupleWithMask.getMaskProtocol());
|
||||
}
|
||||
|
||||
/*
|
||||
//若需要处置全方向流量,防护对象为源和目的的五元组都生成指令下发
|
||||
if(templateProtectLevel.getIsFullFlow()){
|
||||
newFiveTupleWithMask.add(command1);
|
||||
@@ -249,6 +255,18 @@ public class AlertMessageService {
|
||||
newFiveTupleWithMask.add(command1);
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
//若需要处置全方向流量,防护对象为源和目的的五元组都生成指令下发
|
||||
|
||||
// 判断防护对象为源还是目的,生成指令
|
||||
if(templateProtectLevel.getIsProtectObjectIPSrc()){
|
||||
newFiveTupleWithMask.add(command2);
|
||||
}
|
||||
if (templateProtectLevel.getIsProtectObjectDst()){
|
||||
newFiveTupleWithMask.add(command1);
|
||||
}
|
||||
|
||||
|
||||
//目前告警信息还只是五元组,没有url、dns
|
||||
return newFiveTupleWithMask;
|
||||
|
||||
@@ -36,8 +36,8 @@
|
||||
<result column="has_protocol" property="hasProtocol"/>
|
||||
<result column="has_url" property="hasURL"/>
|
||||
<result column="has_dns" property="hasDNS"/>
|
||||
<result column="is_full_flow" property="isFullFlow"/>
|
||||
<result column="is_protect_object_src" property="isProtectObjectIPSrc"/>
|
||||
<result column="is_protect_object_dst" property="isProtectObjectDst"/>
|
||||
<result column="is_protect_object_src" property="isProtectObjectSrc"/>
|
||||
</resultMap>
|
||||
|
||||
<resultMap id="alertMessageMap" type="com.realtime.protection.configuration.entity.alert.AlertMessage">
|
||||
@@ -143,7 +143,7 @@
|
||||
has_protocol,
|
||||
has_url,
|
||||
has_dns,
|
||||
is_full_flow,
|
||||
is_protect_object_dst,
|
||||
is_protect_object_src
|
||||
FROM t_strategy_template_new
|
||||
WHERE strategy_template_id = #{templateId}
|
||||
|
||||
@@ -161,10 +161,11 @@
|
||||
<result column="dynamic_rule_create_username" property="dynamicRuleCreateUsername"/>
|
||||
<result column="dynamic_rule_create_depart" property="dynamicRuleCreateDepart"/>
|
||||
<result column="template_id" property="templateId"/>
|
||||
<result column="dynamic_rule_protec_level" property="dynamicRuleProtectLevel"/>
|
||||
<result column="dynamic_rule_protect_level" property="dynamicRuleProtectLevel"/>
|
||||
<result column="dynamic_rule_priority" property="dynamicRulePriority"/>
|
||||
<result column="dynamic_rule_frequency" property="dynamicRuleFrequency"/>
|
||||
<result column="dynamic_rule_create_user_id" property="dynamicRuleCreateUserId"/>
|
||||
|
||||
</resultMap>
|
||||
|
||||
<resultMap id="dynamicRulePageQueryMap" type="com.realtime.protection.configuration.entity.rule.dynamicrule.DynamicRuleObject">
|
||||
@@ -179,11 +180,13 @@
|
||||
<result column="dynamic_rule_frequency" property="dynamicRuleFrequency"/>
|
||||
<result column="audit_status" property="auditStatus"/>
|
||||
<!-- <result column="protect_object_id" property="protectObjectIds"/>-->
|
||||
<result column="strategy_template_name" property="dynamicRuleEventType"/>
|
||||
<result column="event_type" property="dynamicRuleEventType"/>
|
||||
<result column="strategy_template_source_system" property="dynamicRuleSourceSystem"/>
|
||||
<result column="event_type" property="dynamicRuleSourceSystem"/>
|
||||
<!-- <result column="event_type" property="dynamicRuleSourceSystem"/>-->
|
||||
<result column="protect_level" property="dynamicRuleProtectLevel"/>
|
||||
|
||||
<result column="strategy_template_name" property="templateName"/>
|
||||
|
||||
<result column="audit_status" property="auditStatus"/>
|
||||
<result column="dynamic_rule_display_id" property="dynamicRuleDisplayId"/>
|
||||
<result column="audit_user_name" property="auditUserName"/>
|
||||
@@ -270,8 +273,8 @@
|
||||
<result column="has_dns" property="hasDNS"/>
|
||||
<result column="has_peer_ip" property="hasPeerIP"/>
|
||||
<result column="has_peer_port" property="hasPeerPort"/>
|
||||
<result column="is_full_flow" property="isFullFlow"/>
|
||||
<result column="is_protect_object_src" property="isProtectObjectIPSrc"/>
|
||||
<result column="is_protect_object_dst" property="isProtectObjectDst"/>
|
||||
<result column="is_protect_object_src" property="isProtectObjectSrc"/>
|
||||
|
||||
</resultMap>
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
INSERT INTO t_strategy_template_new(strategy_template_name, strategy_template_source_system,
|
||||
has_protect_object_ip, has_protect_object_port,
|
||||
has_protocol, has_url, has_dns,
|
||||
has_peer_ip, has_peer_port, is_full_flow, is_protect_object_src,
|
||||
has_peer_ip, has_peer_port, is_protect_object_dst, is_protect_object_src,
|
||||
strategy_template_create_user_id, strategy_template_create_username,
|
||||
strategy_template_create_depart,
|
||||
strategy_template_description, strategy_template_display_id,
|
||||
@@ -15,8 +15,8 @@
|
||||
VALUE (#{template.templateName}, #{template.sourceSystem},
|
||||
#{template.hasProtectObjectIP}, #{template.hasProtectObjectPort},
|
||||
#{template.hasProtocol}, #{template.hasURL}, #{template.hasDNS},
|
||||
#{template.hasPeerIP}, #{template.hasPeerPort}, #{template.isFullFlow},
|
||||
#{template.isProtectObjectIPSrc},
|
||||
#{template.hasPeerIP}, #{template.hasPeerPort}, #{template.isProtectObjectDst},
|
||||
#{template.isProtectObjectSrc},
|
||||
#{template.createUserId}, #{template.createUsername}, #{template.createDepart},
|
||||
#{template.description}, #{template.templateDisplayId},
|
||||
#{template.eventType}, #{template.protectLevel})
|
||||
@@ -37,8 +37,8 @@
|
||||
<if test="template.hasDNS != null">has_dns = #{template.hasDNS},</if>
|
||||
<if test="template.hasPeerIP != null">has_peer_ip = #{template.hasPeerIP},</if>
|
||||
<if test="template.hasPeerPort != null">has_peer_port = #{template.hasPeerPort},</if>
|
||||
<if test="template.isFullFlow != null">is_full_flow = #{template.isFullFlow},</if>
|
||||
<if test="template.isProtectObjectIPSrc != null">is_protect_object_src = #{template.isProtectObjectIPSrc},</if>
|
||||
<if test="template.isProtectObjectDst != null">is_protect_object_dst = #{template.isProtectObjectDst},</if>
|
||||
<if test="template.isProtectObjectSrc != null">is_protect_object_src = #{template.isProtectObjectSrc},</if>
|
||||
|
||||
modify_time = NOW()
|
||||
</set>
|
||||
@@ -104,8 +104,8 @@
|
||||
<result column="has_dns" property="hasDNS"/>
|
||||
<result column="has_peer_ip" property="hasPeerIP"/>
|
||||
<result column="has_peer_port" property="hasPeerPort"/>
|
||||
<result column="is_full_flow" property="isFullFlow"/>
|
||||
<result column="is_protect_object_src" property="isProtectObjectIPSrc"/>
|
||||
<result column="is_protect_object_dst" property="isProtectObjectDst"/>
|
||||
<result column="is_protect_object_src" property="isProtectObjectSrc"/>
|
||||
|
||||
</resultMap>
|
||||
|
||||
|
||||
@@ -4,12 +4,13 @@ import com.github.xiaoymin.knife4j.annotations.Ignore;
|
||||
import com.realtime.protection.configuration.entity.alert.AlertMessage;
|
||||
import com.realtime.protection.configuration.entity.defense.object.ProtectObject;
|
||||
import com.realtime.protection.configuration.entity.defense.template.Template;
|
||||
import com.realtime.protection.configuration.entity.defense.template.TemplateNew;
|
||||
import com.realtime.protection.configuration.entity.rule.dynamicrule.DynamicRuleObject;
|
||||
import com.realtime.protection.configuration.entity.task.FiveTupleWithMask;
|
||||
import com.realtime.protection.configuration.entity.task.Task;
|
||||
import com.realtime.protection.configuration.exception.DorisStartException;
|
||||
import com.realtime.protection.server.defense.object.ProtectObjectService;
|
||||
import com.realtime.protection.server.defense.template.TemplateService;
|
||||
import com.realtime.protection.server.defense.templatenew.TemplateService;
|
||||
import com.realtime.protection.server.rule.dynamicrule.DynamicRuleService;
|
||||
import com.realtime.protection.server.task.TaskService;
|
||||
import com.realtime.protection.server.task.status.StateChangeService;
|
||||
@@ -50,8 +51,8 @@ public class AlertMessageTest {
|
||||
null, null, null, null,
|
||||
null, null, null, null,
|
||||
null, null, 1, 1);
|
||||
List<Template> templates = templateService.queryTemplates(
|
||||
null, null, null, null, null,1, 1);
|
||||
List<TemplateNew> templates = templateService.queryTemplates(
|
||||
null, null, null, null, null,null,null,1, 1);
|
||||
|
||||
DynamicRuleObject object = new DynamicRuleObject();
|
||||
object.setDynamicRuleName("UpdateDynamicRule2");
|
||||
|
||||
@@ -46,7 +46,7 @@ class TemplateServiceTest extends ProtectionApplicationTests {
|
||||
|
||||
ProtectLevel protectLevelHigh = new ProtectLevel();
|
||||
protectLevelHigh.setHasDNS(true);
|
||||
protectLevelHigh.setIsFullFlow(true);
|
||||
// protectLevelHigh.setIsFullFlow(true);
|
||||
|
||||
template.setProtectLevelLow(protectLevelLow);
|
||||
template.setProtectLevelMedium(protectLevelMedium);
|
||||
|
||||
@@ -3,6 +3,7 @@ package com.realtime.protection.server.task;
|
||||
import com.realtime.protection.ProtectionApplicationTests;
|
||||
import com.realtime.protection.configuration.entity.defense.object.ProtectObject;
|
||||
import com.realtime.protection.configuration.entity.defense.template.Template;
|
||||
import com.realtime.protection.configuration.entity.defense.template.TemplateNew;
|
||||
import com.realtime.protection.configuration.entity.rule.dynamicrule.DynamicRuleObject;
|
||||
import com.realtime.protection.configuration.entity.rule.staticrule.StaticRuleObject;
|
||||
import com.realtime.protection.configuration.entity.task.DynamicTaskInfo;
|
||||
@@ -11,7 +12,7 @@ import com.realtime.protection.configuration.entity.task.TaskCommandInfo;
|
||||
import com.realtime.protection.configuration.exception.DorisStartException;
|
||||
import com.realtime.protection.server.command.CommandService;
|
||||
import com.realtime.protection.server.defense.object.ProtectObjectService;
|
||||
import com.realtime.protection.server.defense.template.TemplateService;
|
||||
import com.realtime.protection.server.defense.templatenew.TemplateService;
|
||||
import com.realtime.protection.server.rule.dynamicrule.DynamicRuleService;
|
||||
import com.realtime.protection.server.rule.staticrule.StaticRuleService;
|
||||
import com.realtime.protection.server.task.status.StateChangeService;
|
||||
@@ -294,8 +295,8 @@ class TaskServiceTest extends ProtectionApplicationTests {
|
||||
null, null, null, null,
|
||||
null, null, null, null,
|
||||
null, null, 1, 1);
|
||||
List<Template> templates = templateService.queryTemplates(
|
||||
null, null, null,null, null,1, 1);
|
||||
List<TemplateNew> templates = templateService.queryTemplates(
|
||||
null, null, null,null, null,null,null,1, 1);
|
||||
|
||||
DynamicRuleObject object = new DynamicRuleObject();
|
||||
object.setDynamicRuleName("testStartDynamicTask");
|
||||
@@ -329,7 +330,7 @@ class TaskServiceTest extends ProtectionApplicationTests {
|
||||
//审核状态
|
||||
taskService.changeTaskAuditStatus(taskId, 2);
|
||||
//启动任务
|
||||
// stateChangeService.changeState(2, taskId, false);
|
||||
stateChangeService.changeState(2, taskId, false);
|
||||
|
||||
// System.out.println(commandService.queryCommandInfos(taskId, null, null, null, null, 1, 5));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user