AlertMessage:
1、alertmessage添加is_distribute(待删除)、command_uuid、create_time、modify_time、alert_message_uuid属性。 2、AlertMessageController添加queryAlarmsByCommandId方法,根据commandUUID查询alertmessage 3、AlertMessageMapper添加新建、查询alertmessage 4、service重写处理alertmessage逻辑,现在alertmessage的isdistribute不需要了,需要删除 Command: 1、service添加updateCommandVaid方法,用于对研判后任务生成的指令研判下发 Task: 1、TaskCommandInfo类添加taskStatus,减少AlertMessageService的查询,并做了标注 2、Controller添加研判后任务下发指令\停止指令的方法validCommandInfoByTaskId StaticRule、DynamicRule、WhiteList: 1、添加分页查询返回数据总数
This commit is contained in:
Hao Miao
@@ -5,9 +5,15 @@ import com.realtime.protection.configuration.entity.rule.dynamicrule.AlertMessag
|
||||
import com.realtime.protection.configuration.entity.task.FiveTupleWithMask;
|
||||
import com.realtime.protection.configuration.entity.task.TaskCommandInfo;
|
||||
import com.realtime.protection.configuration.utils.enums.StateEnum;
|
||||
import com.realtime.protection.configuration.utils.enums.TaskTypeEnum;
|
||||
import com.realtime.protection.server.command.CommandService;
|
||||
import com.realtime.protection.server.task.TaskService;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
import com.baomidou.dynamic.datasource.annotation.DSTransactional;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
|
||||
@Service
|
||||
public class AlertMessageService {
|
||||
@@ -22,52 +28,119 @@ public class AlertMessageService {
|
||||
this.alertMessageMapper = alertMessageMapper;
|
||||
}
|
||||
|
||||
@DSTransactional
|
||||
public void processAlertMessage(AlertMessage alertMessage) {
|
||||
Long taskId = alertMessage.getTaskId();
|
||||
//检查task status是否为running?
|
||||
Integer taskStatus = taskService.queryTaskStatus(taskId);
|
||||
Integer temp = StateEnum.RUNNING.getStateNum();
|
||||
// if (taskStatus != StateEnum.RUNNING.getStateNum()) {
|
||||
// return;
|
||||
// }
|
||||
TaskCommandInfo dynamicTaskCommandInfo = generateDynamicCommand(alertMessage);
|
||||
|
||||
//查task信息,和alertMessage中的fiveTuple信息 合并成 TaskCommandInfo
|
||||
TaskCommandInfo dynamicTaskCommandInfo = alertMessageMapper.getDynamicTaskInfos(taskId);
|
||||
|
||||
//根据策略模板更新五元组
|
||||
ProtectLevel templateProtectLevel = alertMessageMapper.queryTemplateProtectLevel(
|
||||
dynamicTaskCommandInfo.getTemplateId(),
|
||||
dynamicTaskCommandInfo.getProtectLevel(),
|
||||
alertMessage.getFiveTupleWithMask());
|
||||
updateFiveTupleWithMask(alertMessage.getFiveTupleWithMask(), templateProtectLevel);
|
||||
dynamicTaskCommandInfo.setFiveTupleWithMask(alertMessage.getFiveTupleWithMask());
|
||||
|
||||
// command入库
|
||||
commandService.createCommand(dynamicTaskCommandInfo);
|
||||
Integer taskStatus = dynamicTaskCommandInfo.getTaskStatus();
|
||||
Integer taskType = dynamicTaskCommandInfo.getTaskType();
|
||||
|
||||
if (taskType == TaskTypeEnum.DYNAMIC.getTaskType())//动态
|
||||
switch (taskStatus) {
|
||||
case 2://running
|
||||
insertCommandAndAlertMessage(dynamicTaskCommandInfo, true, alertMessage, true);
|
||||
break;
|
||||
case 3://Paused
|
||||
insertCommandAndAlertMessage(dynamicTaskCommandInfo, false, alertMessage, true);
|
||||
break;
|
||||
default://主要是stop
|
||||
//command不入库
|
||||
//alertmessage入库
|
||||
insertAlertMessageOnly(alertMessage, true);
|
||||
break;
|
||||
}
|
||||
else if (taskType == TaskTypeEnum.JUDGED.getTaskType())//研判后
|
||||
switch (taskStatus) {
|
||||
case 2://running
|
||||
insertCommandAndAlertMessage(dynamicTaskCommandInfo, false, alertMessage, false);
|
||||
break;
|
||||
case 3://Paused
|
||||
insertCommandAndAlertMessage(dynamicTaskCommandInfo, false, alertMessage, false);
|
||||
break;
|
||||
default://主要是stop
|
||||
//command不入库
|
||||
//alertmessage入库
|
||||
insertAlertMessageOnly(alertMessage, false);
|
||||
}
|
||||
}
|
||||
|
||||
private void updateFiveTupleWithMask(FiveTupleWithMask alertMessageFiveTupleW, ProtectLevel templateProtectLevel) {
|
||||
|
||||
private TaskCommandInfo generateDynamicCommand(AlertMessage alertMessage){
|
||||
Long taskId = alertMessage.getTaskId();
|
||||
|
||||
// 查task信息
|
||||
// (1)查询生成指令所需信息:和alertMessage中的fiveTuple信息 合并成 TaskCommandInfo;
|
||||
// (2)额外信息:并额外查询templateId、protectLevel和taskStatus
|
||||
TaskCommandInfo dynamicCommandInfo = alertMessageMapper.getDynamicTaskInfos(taskId);
|
||||
|
||||
// 根据templateId、protectLevel获取策略模板
|
||||
ProtectLevel templateProtectLevel = alertMessageMapper.queryTemplateProtectLevel(
|
||||
dynamicCommandInfo.getTemplateId(),
|
||||
dynamicCommandInfo.getProtectLevel());
|
||||
//根据策略模板和alertMessage中的FiveTupleWithMask生成要下发五元组信息
|
||||
FiveTupleWithMask fiveTupleWithMaskNew = updateFiveTupleWithMask(alertMessage.getFiveTupleWithMask(),
|
||||
templateProtectLevel);
|
||||
//指令加入策略模板筛选后的fiveTupleWithMaskNew
|
||||
dynamicCommandInfo.setFiveTupleWithMask(fiveTupleWithMaskNew);
|
||||
|
||||
return dynamicCommandInfo;
|
||||
}
|
||||
|
||||
@DSTransactional
|
||||
private void insertCommandAndAlertMessage(TaskCommandInfo dynamicTaskCommandInfo, Boolean isValid,
|
||||
AlertMessage alertMessage, Boolean isDistribute){
|
||||
//command入库
|
||||
dynamicTaskCommandInfo.setIsValid(isValid);
|
||||
String commandUUID = commandService.createCommand(dynamicTaskCommandInfo);
|
||||
if (true){
|
||||
throw new RuntimeException("test");
|
||||
}
|
||||
//alertmessage入库
|
||||
alertMessage.setIsDistribute(isDistribute);
|
||||
alertMessage.setCommandUUID(commandUUID);
|
||||
alertMessageMapper.insertAlertMessage(alertMessage);
|
||||
}
|
||||
private void insertAlertMessageOnly(AlertMessage alertMessage, Boolean isDistribute){
|
||||
//alertmessage入库
|
||||
alertMessage.setIsDistribute(isDistribute);
|
||||
alertMessage.setCommandUUID(null);
|
||||
alertMessageMapper.insertAlertMessage(alertMessage);
|
||||
}
|
||||
|
||||
|
||||
|
||||
private FiveTupleWithMask updateFiveTupleWithMask(FiveTupleWithMask fiveTupleWithMask, ProtectLevel templateProtectLevel) {
|
||||
|
||||
FiveTupleWithMask newFiveTupleWithMask = new FiveTupleWithMask();
|
||||
newFiveTupleWithMask.copyFiveTupleWithMask(fiveTupleWithMask);
|
||||
|
||||
if(!templateProtectLevel.getHasProtectObjectIP()){
|
||||
alertMessageFiveTupleW.setDestinationIP(null);
|
||||
alertMessageFiveTupleW.setMaskDestinationIP(null);
|
||||
newFiveTupleWithMask.setDestinationIP(null);
|
||||
newFiveTupleWithMask.setMaskDestinationIP(null);
|
||||
}
|
||||
if(!templateProtectLevel.getHasProtectObjectPort()){
|
||||
alertMessageFiveTupleW.setDestinationPort(null);
|
||||
alertMessageFiveTupleW.setMaskDestinationPort(null);
|
||||
newFiveTupleWithMask.setDestinationPort(null);
|
||||
newFiveTupleWithMask.setMaskDestinationPort(null);
|
||||
}
|
||||
if(!templateProtectLevel.getHasPeerIP()){
|
||||
alertMessageFiveTupleW.setSourceIP(null);
|
||||
alertMessageFiveTupleW.setMaskSourceIP(null);
|
||||
newFiveTupleWithMask.setSourceIP(null);
|
||||
newFiveTupleWithMask.setMaskSourceIP(null);
|
||||
}
|
||||
if(!templateProtectLevel.getHasPeerPort()){
|
||||
alertMessageFiveTupleW.setSourcePort(null);
|
||||
alertMessageFiveTupleW.setMaskSourcePort(null);
|
||||
newFiveTupleWithMask.setSourcePort(null);
|
||||
newFiveTupleWithMask.setMaskSourcePort(null);
|
||||
}
|
||||
if (!templateProtectLevel.getHasProtocol()) {
|
||||
alertMessageFiveTupleW.setProtocol(null);
|
||||
alertMessageFiveTupleW.setMaskProtocol(null);
|
||||
newFiveTupleWithMask.setProtocol(null);
|
||||
newFiveTupleWithMask.setMaskProtocol(null);
|
||||
}
|
||||
//目前告警信息还只是五元组,没有url、dns
|
||||
return newFiveTupleWithMask;
|
||||
}
|
||||
|
||||
|
||||
|
||||
public List<AlertMessage> queryAlarmsByCommandId(String commandId) {
|
||||
return alertMessageMapper.queryAlermsByCommandId(commandId);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user