gfwleak/enderbyendera-realtime-protection
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1、添加AlertMessage http接口,接收告警信息。

Browse Source 
2、AlertMessage对象增加dynamicRuleId属性。需要发送时也携带dynamicRuleId字段
3、AlertMessageService添加获取dynamicRule对应的template,并根据template对AlertMessage中的FiveTupleWithMask进行筛选策略模板所需字段;添加生成TaskCommandInfo入Doris库
4、TaskCommandInfo新增templateId、protectLevel属性,方便AlertMessageService中查询任务的策略模板
5、前端响应字段的bug修复
This commit is contained in:
Hao Miao
2024-01-18 23:35:56 +08:00
parent 914b0f0e2a
commit cb6ca74df7
10 changed files with 181 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/main/java/com/realtime/protection/server/alertmessage/AlertMessageService.java
View File

@@ -1,7 +1,8 @@
package com.realtime.protection.server.alertmessage;
import com.realtime.protection.configuration.entity.defense.template.ProtectLevel;
import com.realtime.protection.configuration.entity.rule.dynamicrule.AlertMessage;
import com.realtime.protection.configuration.entity.task.Task;
import com.realtime.protection.configuration.entity.task.FiveTupleWithMask;
import com.realtime.protection.configuration.entity.task.TaskCommandInfo;
import com.realtime.protection.server.task.TaskService;
import org.springframework.stereotype.Service;
@@ -11,28 +12,62 @@ import com.realtime.protection.configuration.utils.enums.StateEnum;
@Service
public class AlertMessageService {
private final CommandService commandService;
private final AlertMessageMapper alertMessageMapper;
private final TaskService taskService;
public AlertMessageService(CommandService commandService,TaskService taskService) {
public AlertMessageService(CommandService commandService,TaskService taskService,
AlertMessageMapper alertMessageMapper) {
this.commandService = commandService;
this.taskService = taskService;
this.alertMessageMapper = alertMessageMapper;
}
public void receiveAlertMessage(AlertMessage alertMessage) {
public void processAlertMessage(AlertMessage alertMessage) {
Long taskId = alertMessage.getTaskId();
//查task信息
Task task = taskService.queryTask(taskId);
//检查task status是否为running
// if (task.getTaskStatus() != StateEnum.RUNNING.getStateNum()) {
Integer taskStatus = taskService.queryTaskStatus(taskId);
Integer temp = StateEnum.RUNNING.getStateNum();
// if (taskStatus != StateEnum.RUNNING.getStateNum()) {
// return;
// }
//task信息和alertMessage中的fiveTuple信息 合并成 TaskCommandInfo
TaskCommandInfo dynamicTaskCommandInfo = new TaskCommandInfo();
//task信息,和alertMessage中的fiveTuple信息 合并成 TaskCommandInfo
TaskCommandInfo dynamicTaskCommandInfo = alertMessageMapper.getDynamicTaskInfos(taskId);
//根据策略模板更新五元组
ProtectLevel templateProtectLevel = alertMessageMapper.queryTemplateProtectLevel(
dynamicTaskCommandInfo.getTemplateId(),
dynamicTaskCommandInfo.getProtectLevel(),
alertMessage.getFiveTupleWithMask());
updateFiveTupleWithMask(alertMessage.getFiveTupleWithMask(), templateProtectLevel);
dynamicTaskCommandInfo.setFiveTupleWithMask(alertMessage.getFiveTupleWithMask());
//command入库
//commandService.createCommand(staticTaskCommandInfo);
// command入库
commandService.createCommand(dynamicTaskCommandInfo);
}
private void updateFiveTupleWithMask(FiveTupleWithMask alertMessageFiveTupleW, ProtectLevel templateProtectLevel) {
if(!templateProtectLevel.getHasProtectObjectIP()){
alertMessageFiveTupleW.setDestinationIP(null);
alertMessageFiveTupleW.setMaskDestinationIP(null);
}
if(!templateProtectLevel.getHasProtectObjectPort()){
alertMessageFiveTupleW.setDestinationPort(null);
alertMessageFiveTupleW.setMaskDestinationPort(null);
}
if(!templateProtectLevel.getHasPeerIP()){
alertMessageFiveTupleW.setSourceIP(null);
alertMessageFiveTupleW.setMaskSourceIP(null);
}
if(!templateProtectLevel.getHasPeerPort()){
alertMessageFiveTupleW.setSourcePort(null);
alertMessageFiveTupleW.setMaskSourcePort(null);
}
if (!templateProtectLevel.getHasProtocol()) {
alertMessageFiveTupleW.setProtocol(null);
alertMessageFiveTupleW.setMaskProtocol(null);
}
//目前告警信息还只是五元组没有url、dns
}
}