44abfe096c
1、alertmessage添加is_distribute(待删除)、command_uuid、create_time、modify_time、alert_message_uuid属性。 2、AlertMessageController添加queryAlarmsByCommandId方法,根据commandUUID查询alertmessage 3、AlertMessageMapper添加新建、查询alertmessage 4、service重写处理alertmessage逻辑,现在alertmessage的isdistribute不需要了,需要删除 Command: 1、service添加updateCommandVaid方法,用于对研判后任务生成的指令研判下发 Task: 1、TaskCommandInfo类添加taskStatus,减少AlertMessageService的查询,并做了标注 2、Controller添加研判后任务下发指令\停止指令的方法validCommandInfoByTaskId StaticRule、DynamicRule、WhiteList: 1、添加分页查询返回数据总数
147 lines
6.3 KiB
Java
147 lines
6.3 KiB
Java
package com.realtime.protection.server.alertmessage;
|
||
|
||
import com.realtime.protection.configuration.entity.defense.template.ProtectLevel;
|
||
import com.realtime.protection.configuration.entity.rule.dynamicrule.AlertMessage;
|
||
import com.realtime.protection.configuration.entity.task.FiveTupleWithMask;
|
||
import com.realtime.protection.configuration.entity.task.TaskCommandInfo;
|
||
import com.realtime.protection.configuration.utils.enums.StateEnum;
|
||
import com.realtime.protection.configuration.utils.enums.TaskTypeEnum;
|
||
import com.realtime.protection.server.command.CommandService;
|
||
import com.realtime.protection.server.task.TaskService;
|
||
import org.springframework.stereotype.Service;
|
||
import org.springframework.transaction.annotation.Transactional;
|
||
import com.baomidou.dynamic.datasource.annotation.DSTransactional;
|
||
|
||
import java.util.List;
|
||
|
||
|
||
@Service
|
||
public class AlertMessageService {
|
||
private final CommandService commandService;
|
||
private final AlertMessageMapper alertMessageMapper;
|
||
private final TaskService taskService;
|
||
|
||
public AlertMessageService(CommandService commandService,TaskService taskService,
|
||
AlertMessageMapper alertMessageMapper) {
|
||
this.commandService = commandService;
|
||
this.taskService = taskService;
|
||
this.alertMessageMapper = alertMessageMapper;
|
||
}
|
||
|
||
@DSTransactional
|
||
public void processAlertMessage(AlertMessage alertMessage) {
|
||
TaskCommandInfo dynamicTaskCommandInfo = generateDynamicCommand(alertMessage);
|
||
|
||
Integer taskStatus = dynamicTaskCommandInfo.getTaskStatus();
|
||
Integer taskType = dynamicTaskCommandInfo.getTaskType();
|
||
|
||
if (taskType == TaskTypeEnum.DYNAMIC.getTaskType())//动态
|
||
switch (taskStatus) {
|
||
case 2://running
|
||
insertCommandAndAlertMessage(dynamicTaskCommandInfo, true, alertMessage, true);
|
||
break;
|
||
case 3://Paused
|
||
insertCommandAndAlertMessage(dynamicTaskCommandInfo, false, alertMessage, true);
|
||
break;
|
||
default://主要是stop
|
||
//command不入库
|
||
//alertmessage入库
|
||
insertAlertMessageOnly(alertMessage, true);
|
||
break;
|
||
}
|
||
else if (taskType == TaskTypeEnum.JUDGED.getTaskType())//研判后
|
||
switch (taskStatus) {
|
||
case 2://running
|
||
insertCommandAndAlertMessage(dynamicTaskCommandInfo, false, alertMessage, false);
|
||
break;
|
||
case 3://Paused
|
||
insertCommandAndAlertMessage(dynamicTaskCommandInfo, false, alertMessage, false);
|
||
break;
|
||
default://主要是stop
|
||
//command不入库
|
||
//alertmessage入库
|
||
insertAlertMessageOnly(alertMessage, false);
|
||
}
|
||
}
|
||
|
||
|
||
private TaskCommandInfo generateDynamicCommand(AlertMessage alertMessage){
|
||
Long taskId = alertMessage.getTaskId();
|
||
|
||
// 查task信息
|
||
// (1)查询生成指令所需信息:和alertMessage中的fiveTuple信息 合并成 TaskCommandInfo;
|
||
// (2)额外信息:并额外查询templateId、protectLevel和taskStatus
|
||
TaskCommandInfo dynamicCommandInfo = alertMessageMapper.getDynamicTaskInfos(taskId);
|
||
|
||
// 根据templateId、protectLevel获取策略模板
|
||
ProtectLevel templateProtectLevel = alertMessageMapper.queryTemplateProtectLevel(
|
||
dynamicCommandInfo.getTemplateId(),
|
||
dynamicCommandInfo.getProtectLevel());
|
||
//根据策略模板和alertMessage中的FiveTupleWithMask生成要下发五元组信息
|
||
FiveTupleWithMask fiveTupleWithMaskNew = updateFiveTupleWithMask(alertMessage.getFiveTupleWithMask(),
|
||
templateProtectLevel);
|
||
//指令加入策略模板筛选后的fiveTupleWithMaskNew
|
||
dynamicCommandInfo.setFiveTupleWithMask(fiveTupleWithMaskNew);
|
||
|
||
return dynamicCommandInfo;
|
||
}
|
||
|
||
@DSTransactional
|
||
private void insertCommandAndAlertMessage(TaskCommandInfo dynamicTaskCommandInfo, Boolean isValid,
|
||
AlertMessage alertMessage, Boolean isDistribute){
|
||
//command入库
|
||
dynamicTaskCommandInfo.setIsValid(isValid);
|
||
String commandUUID = commandService.createCommand(dynamicTaskCommandInfo);
|
||
if (true){
|
||
throw new RuntimeException("test");
|
||
}
|
||
//alertmessage入库
|
||
alertMessage.setIsDistribute(isDistribute);
|
||
alertMessage.setCommandUUID(commandUUID);
|
||
alertMessageMapper.insertAlertMessage(alertMessage);
|
||
}
|
||
private void insertAlertMessageOnly(AlertMessage alertMessage, Boolean isDistribute){
|
||
//alertmessage入库
|
||
alertMessage.setIsDistribute(isDistribute);
|
||
alertMessage.setCommandUUID(null);
|
||
alertMessageMapper.insertAlertMessage(alertMessage);
|
||
}
|
||
|
||
|
||
|
||
private FiveTupleWithMask updateFiveTupleWithMask(FiveTupleWithMask fiveTupleWithMask, ProtectLevel templateProtectLevel) {
|
||
|
||
FiveTupleWithMask newFiveTupleWithMask = new FiveTupleWithMask();
|
||
newFiveTupleWithMask.copyFiveTupleWithMask(fiveTupleWithMask);
|
||
|
||
if(!templateProtectLevel.getHasProtectObjectIP()){
|
||
newFiveTupleWithMask.setDestinationIP(null);
|
||
newFiveTupleWithMask.setMaskDestinationIP(null);
|
||
}
|
||
if(!templateProtectLevel.getHasProtectObjectPort()){
|
||
newFiveTupleWithMask.setDestinationPort(null);
|
||
newFiveTupleWithMask.setMaskDestinationPort(null);
|
||
}
|
||
if(!templateProtectLevel.getHasPeerIP()){
|
||
newFiveTupleWithMask.setSourceIP(null);
|
||
newFiveTupleWithMask.setMaskSourceIP(null);
|
||
}
|
||
if(!templateProtectLevel.getHasPeerPort()){
|
||
newFiveTupleWithMask.setSourcePort(null);
|
||
newFiveTupleWithMask.setMaskSourcePort(null);
|
||
}
|
||
if (!templateProtectLevel.getHasProtocol()) {
|
||
newFiveTupleWithMask.setProtocol(null);
|
||
newFiveTupleWithMask.setMaskProtocol(null);
|
||
}
|
||
//目前告警信息还只是五元组,没有url、dns
|
||
return newFiveTupleWithMask;
|
||
}
|
||
|
||
|
||
|
||
public List<AlertMessage> queryAlarmsByCommandId(String commandId) {
|
||
return alertMessageMapper.queryAlermsByCommandId(commandId);
|
||
}
|
||
}
|