CN 24.04 单机版本增加对server_domain的处理

cyber_narrator/upgrade/2024/CN-24.04/groot_stream/etl_session_record_kafka_to_cn_kafka

@@ -43,6 +43,17 @@ processing_pipelines:
         parameters:
           value_expression: "recv_time == null ? kafka_recv_time : recv_time"
 
+      - function: DOMAIN
+        lookup_fields: [ http_host, ssl_sni, dtls_sni, quic_sni ]
+        output_fields: [ cn_server_domain ]
+        parameters:
+          option: FIRST_SIGNIFICANT_SUBDOMAIN
+
+      - function: EVAL
+        output_fields: [ server_domain ]
+        parameters:
+          value_expression: "server_domain == null ? cn_server_domain : server_domain"
+
       - function: EVAL
         output_fields: [ domain ]
         parameters:

cyber_narrator/upgrade/2024/CN-24.04/groot_stream/udf.plugins

@@ -19,3 +19,4 @@ com.geedgenetworks.core.udf.cn.ArrayElementsPrepend
 com.geedgenetworks.core.udf.cn.IntelligenceIndicatorLookup
 com.geedgenetworks.core.udf.SnowflakeId
 com.geedgenetworks.core.udf.UnixTimestampConverter
+com.geedgenetworks.core.udf.Domain