1、添加AlertMessage http接口，接收告警信息。

2、AlertMessage对象增加dynamicRuleId属性。需要发送时也携带dynamicRuleId字段 3、AlertMessageService添加获取dynamicRule对应的template，并根据template对AlertMessage中的FiveTupleWithMask进行筛选策略模板所需字段；添加生成TaskCommandInfo入Doris库 4、TaskCommandInfo新增templateId、protectLevel属性，方便AlertMessageService中查询任务的策略模板 5、前端响应字段的bug修复
2024-01-18 23:35:56 +08:00
parent 914b0f0e2a
commit cb6ca74df7
10 changed files with 181 additions and 19 deletions
--- a/src/main/java/com/realtime/protection/configuration/entity/rule/dynamicrule/AlertMessage.java
+++ b/src/main/java/com/realtime/protection/configuration/entity/rule/dynamicrule/AlertMessage.java
@@ -12,4 +12,7 @@ public class AlertMessage {
    @JsonProperty("five_tuple_with_mask")
    private FiveTupleWithMask fiveTupleWithMask;

+    @JsonProperty("dynamic_rule_id")
+    private Integer dynamicRuleId;
+
 }
--- a/src/main/java/com/realtime/protection/configuration/entity/rule/dynamicrule/DynamicRuleObject.java
+++ b/src/main/java/com/realtime/protection/configuration/entity/rule/dynamicrule/DynamicRuleObject.java
@@ -3,6 +3,8 @@ package com.realtime.protection.configuration.entity.rule.dynamicrule;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.realtime.protection.configuration.entity.defense.object.ProtectObject;
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.Max;
+import jakarta.validation.constraints.Min;
 import jakarta.validation.constraints.NotEmpty;
 import jakarta.validation.constraints.NotNull;
 import lombok.Data;
@@ -71,7 +73,9 @@ public class DynamicRuleObject {
    private Integer templateId;
    @NotNull
    @JsonProperty("dynamic_rule_protect_level")
-    @Schema(description = "防护等级", example = "1", requiredMode = Schema.RequiredMode.REQUIRED)
+    @Max(value = 3)
+    @Min(value = 1)
+    @Schema(description = "防护等级：1代表日常态、2代表应急态、3代表紧急态", example = "1", requiredMode = Schema.RequiredMode.REQUIRED)
    private Integer dynamicRuleProtectLevel;

    @NotNull
--- a/src/main/java/com/realtime/protection/configuration/entity/task/TaskCommandInfo.java
+++ b/src/main/java/com/realtime/protection/configuration/entity/task/TaskCommandInfo.java
@@ -65,4 +65,9 @@ public class TaskCommandInfo {

    @Schema(description = "最新下发时间", accessMode = Schema.AccessMode.READ_ONLY)
    private LocalDateTime latestSendTime;
+
+    @Schema(description = "防御策略模板ID", accessMode = Schema.AccessMode.READ_ONLY)
+    private Integer templateId;
+    @Schema(description = "防护等级", accessMode = Schema.AccessMode.READ_ONLY)
+    private Integer protectLevel;
 }
--- a/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageController.java
+++ b/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageController.java
@@ -21,7 +21,7 @@ public class AlertMessageController

    @PostMapping("/new")
    public ResponseResult receiveAlertMessage(@RequestBody @Valid AlertMessage alertMessage){
-        alertMessageService.receiveAlertMessage(alertMessage);
+        alertMessageService.processAlertMessage(alertMessage);
        return ResponseResult.ok();
    }

--- a/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageMapper.java
+++ b/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageMapper.java
@@ -0,0 +1,16 @@
+package com.realtime.protection.server.alertmessage;
+
+import com.realtime.protection.configuration.entity.defense.template.ProtectLevel;
+import com.realtime.protection.configuration.entity.task.FiveTupleWithMask;
+import com.realtime.protection.configuration.entity.task.TaskCommandInfo;
+import org.apache.ibatis.annotations.Mapper;
+
+
+@Mapper
+public interface AlertMessageMapper {
+
+    TaskCommandInfo getDynamicTaskInfos(Long taskId) ;
+
+
+    ProtectLevel queryTemplateProtectLevel(Integer templateId, Integer protectLevel, FiveTupleWithMask fiveTupleWithMask);
+}
--- a/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageService.java
+++ b/src/main/java/com/realtime/protection/server/alertmessage/AlertMessageService.java
@@ -1,7 +1,8 @@
 package com.realtime.protection.server.alertmessage;

+import com.realtime.protection.configuration.entity.defense.template.ProtectLevel;
 import com.realtime.protection.configuration.entity.rule.dynamicrule.AlertMessage;
-import com.realtime.protection.configuration.entity.task.Task;
+import com.realtime.protection.configuration.entity.task.FiveTupleWithMask;
 import com.realtime.protection.configuration.entity.task.TaskCommandInfo;
 import com.realtime.protection.server.task.TaskService;
 import org.springframework.stereotype.Service;
@@ -11,28 +12,62 @@ import com.realtime.protection.configuration.utils.enums.StateEnum;
@Service
 public class AlertMessageService {
    private final CommandService commandService;
+    private final AlertMessageMapper alertMessageMapper;
    private final TaskService taskService;

-    public AlertMessageService(CommandService commandService,TaskService taskService) {
+    public AlertMessageService(CommandService commandService,TaskService taskService,
+    AlertMessageMapper alertMessageMapper) {
        this.commandService = commandService;
        this.taskService = taskService;
+        this.alertMessageMapper = alertMessageMapper;
    }

-    public void receiveAlertMessage(AlertMessage alertMessage) {
+    public void processAlertMessage(AlertMessage alertMessage) {
        Long taskId = alertMessage.getTaskId();
-        //查task信息
-        Task task = taskService.queryTask(taskId);
        //检查task status是否为running？
-//        if (task.getTaskStatus() != StateEnum.RUNNING.getStateNum()) {
+        Integer taskStatus = taskService.queryTaskStatus(taskId);
+        Integer temp = StateEnum.RUNNING.getStateNum();
+//        if (taskStatus != StateEnum.RUNNING.getStateNum()) {
 //            return;
 //        }

-        //task信息和alertMessage中的fiveTuple信息 合并成 TaskCommandInfo
-        TaskCommandInfo dynamicTaskCommandInfo = new TaskCommandInfo();
+        //查task信息,和alertMessage中的fiveTuple信息 合并成 TaskCommandInfo
+        TaskCommandInfo dynamicTaskCommandInfo = alertMessageMapper.getDynamicTaskInfos(taskId);

+        //根据策略模板更新五元组
+        ProtectLevel templateProtectLevel = alertMessageMapper.queryTemplateProtectLevel(
+                dynamicTaskCommandInfo.getTemplateId(),
+                dynamicTaskCommandInfo.getProtectLevel(),
+                alertMessage.getFiveTupleWithMask());
+        updateFiveTupleWithMask(alertMessage.getFiveTupleWithMask(), templateProtectLevel);
+        dynamicTaskCommandInfo.setFiveTupleWithMask(alertMessage.getFiveTupleWithMask());

-        //command入库
-        //commandService.createCommand(staticTaskCommandInfo);
+//        command入库
+        commandService.createCommand(dynamicTaskCommandInfo);

    }
+
+    private void updateFiveTupleWithMask(FiveTupleWithMask alertMessageFiveTupleW, ProtectLevel templateProtectLevel) {
+        if(!templateProtectLevel.getHasProtectObjectIP()){
+            alertMessageFiveTupleW.setDestinationIP(null);
+            alertMessageFiveTupleW.setMaskDestinationIP(null);
+        }
+        if(!templateProtectLevel.getHasProtectObjectPort()){
+            alertMessageFiveTupleW.setDestinationPort(null);
+            alertMessageFiveTupleW.setMaskDestinationPort(null);
+        }
+        if(!templateProtectLevel.getHasPeerIP()){
+            alertMessageFiveTupleW.setSourceIP(null);
+            alertMessageFiveTupleW.setMaskSourceIP(null);
+        }
+        if(!templateProtectLevel.getHasPeerPort()){
+            alertMessageFiveTupleW.setSourcePort(null);
+            alertMessageFiveTupleW.setMaskSourcePort(null);
+        }
+        if (!templateProtectLevel.getHasProtocol()) {
+            alertMessageFiveTupleW.setProtocol(null);
+            alertMessageFiveTupleW.setMaskProtocol(null);
+        }
+        //目前告警信息还只是五元组，没有url、dns
+    }
 }