{ "compile_table": "TSG_COMPILE", "group2compile_table": "TSG_GROUP_COMPILE_RELATION", "group2group_table": "TSG_GROUP_GROUP_RELATION", "rules": [ { "compile_id": 1, "service": 0, "action": 1, "do_blacklist": 0, "do_log": 1, "tags": "{}", "user_region": "{}", "is_valid": "yes", "evaluation_order": "2.111", "groups": [ { "group_name":"OBJ_DST_IP_ADDR", "virtual_table":"TSG_SECURITY_SOURCE_ADDR", "not_flag" : 0, "regions": [ { "table_type": "ip_plus", "table_name": "TSG_OBJ_IP_ADDR", "table_content": { "addr_type": "ipv4", "addr_format": "range", "ip1": "0.0.0.0", "ip2": "255.255.255.255", "port_format": "range", "port1": "0", "port2": "0", "protocol": 0, "direction": "double" } } ] } ] }, { "compile_id": 2, "service": 0, "action": 16, "do_blacklist": 0, "do_log": 1, "tags": "{}", "user_region": "{\"method\":\"rate_limit\",\"bps\":1024,\"packet_capture\":{\"enable\":1,\"capture_depth\":2000}}", "is_valid": "yes", "evaluation_order": "2.111", "groups": [ { "group_name": "OBJ_DST_IP_ADDR", "virtual_table": "TSG_SECURITY_SOURCE_ADDR", "not_flag": 0, "regions": [ { "table_type": "ip_plus", "table_name": "TSG_OBJ_IP_ADDR", "table_content": { "addr_type": "ipv4", "addr_format": "range", "ip1": "0.0.0.0", "ip2": "255.255.255.255", "format": "range", "port1": "0", "port2": "0", "protocol": 0, "direction": "double" } } ] } ] }, { "compile_id": 3, "service": 0, "action": 1, "do_blacklist": 0, "do_log": 1, "tags": "{}", "user_region": "{}", "is_valid": "yes", "evaluation_order": "0.0", "groups": [ { "not_flag": 0, "clause_index": 0, "virtual_table": "TSG_SECURITY_TUNNEL", "regions": [ { "table_name": "TSG_OBJ_TUNNEL_ID", "table_type": "interval", "table_content": { "low_boundary": 900, "up_boundary": 1003 } } ] } ] }, { "compile_id": 4, "service": 0, "action": 16, "do_blacklist": 0, "do_log": 1, "tags": "{}", "user_region": "{\"method\":\"rate_limit\",\"bps\":1024,\"packet_capture\":{\"enable\":1,\"capture_depth\":2000}}", "is_valid": "yes", "evaluation_order": "0.0", "groups": [ { "not_flag": 0, "clause_index": 0, "virtual_table": "TSG_SECURITY_TUNNEL", "regions": [ { "table_name": "TSG_OBJ_TUNNEL_ID", "table_type": "interval", "table_content": { "low_boundary": 900, "up_boundary": 1003 } } ] } ] } ], "plugin_table": [ { "table_name": "APP_ID_DICT", "table_content": [ "67\thttp\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"drop\",\"after_n_packets\":0,\"send_icmp_unreachable\":1,\"send_tcp_reset\":1}\t0\t60\t120\t30\t30\t1", "68\thttps\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\",\"bps\":1000}\t0\t0\t0\t0\t0\t1", "4\tunknown\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1", "70\thttps\t1\tssl\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\",\"bps\":1000}\t0\t0\t0\t0\t0\t1" ] }, { "table_name": "TSG_DYN_MOBILE_IDENTITY_APN_TEID", "table_content": [ "1\t111039813\t460045157065560\t861440152009856\t111039813.cmiott.gxqli.mcto60g.com\t8626070583075127\t1", "2\t111052899\t460045157053102\t861440152041083\t111052899.cmiott.wkctf.mcto60g.com\t8626070583008402\t1" ] }, { "table_name": "TSG_IP_ASN_BUILT_IN", "table_content": [ ] }, { "table_name": "TSG_IP_ASN_USER_DEFINED", "table_content": [ ] }, { "table_name": "TSG_IP_LOCATION_BUILT_IN", "table_content": [ "6777621\t1819730\t4\t124.156.128.0\t124.156.191.255\t22.25\t114.1667\t50.0\ten\tAS\tAsia\tHK\tHong\\bKong\tOther\tOther\tOther\tRoad1\tAsia/Hong_Kong\t1", "3716523\t1814992\t4\t192.168.50.1\t192.168.50.255\t34.7725\t113.7266\t50.0\ten\tAS\tAsia\tCN\tChina\tBeijing\tBeijing\tXin\\bXi\\bGang\tRoad1\tAsia/Shanghai\t1" ] }, { "table_name": "TSG_IP_LOCATION_USER_DEFINED", "table_content": [ "371652\t181499\t4\t192.168.50.10\t192.168.50.255\t34.7725\t113.7266\t50.0\ten\tAS\tAsia\tCN\tChina\tBeijing\tBeijing\tHua\\bYan\\bBei\\bLi\tRoad1\tAsia/Shanghai\t1" ] }, { "table_name": "TSG_FQDN_CATEGORY_BUILT_IN", "table_content": [ "106285681\t4\t106285681.201198.com\t1\t1", "106285682\t5\t106285682.201198.com\t1\t1", "106285688\t8\t106285688.201198.com\t1\t1", "106285689\t9\t106285689.201198.com\t1\t1", "106285690\t9\t106285689.201198.com\t1\t1", "106285691\t10\t1106285683.201198.com\t1\t1" ] }, { "table_name": "TSG_FQDN_CATEGORY_USER_DEFINED", "table_content": [ "1106285681\t4\t1106285681.201198.com\t1\t1", "1106285682\t5\t1106285682.201198.com\t1\t1", "1106285683\t6\t1106285683.201198.com\t1\t1", "1106285684\t7\t1106285684.201198.com\t1\t1", "1106285685\t7\t1106285684.201198.com\t1\t1" ] }, { "table_name": "TSG_TUNNEL_CATALOG", "table_content": [ "977\t1.1.1.1-1.1.1.1\tGTP\t1367\t1", "978\t1.1.1.1-1.1.1.1\tGTP\t1367&1605\t1" ] }, { "table_name": "TSG_TUNNEL_ENDPOINT", "table_content": [ "989\t4\t192.50.0.0\t192.50.255.255\ttest\t1", "990\t4\t192.50.0.0\t192.50.255.255\ttest\t1", "991\t4\t192.40.128.0\t192.40.255.255\ttest\t1", "992\t4\t192.40.0.0\t192.40.127.255\ttest\t1" ] }, { "table_name": "TSG_TUNNEL_LABEL", "table_content": [ "15560\t15560\tVLAN_ID\t1", "15561\t15561\tVLAN_ID\t1" ] }, { "table_name": "TSG_DYN_SUBSCRIBER_IP", "table_content": [ "1299\t4\t192.168.56.28\ttest5628\t1", "1300\t4\t192.168.56.27\ttest5627\t1" ] }, { "table_name": "TSG_PROFILE_DNS_RECORDS", "table_content": [ "8119\teditTypeA\tA\t[{\"value\":\"1.1.1.1\",\"priority\":null},{\"value\":\"2.2.2.2\",\"priority\":null},{\"value\":\"3.3.3.3\",\"priority\":null}]\t1", "7961\tFile\tAAAA\t[{\"value\":\"1030::C9B4:FF12:48AA:1A2B\",\"priority\":null},{\"value\":\"1030::C9B4:FF12:48AA:1A2C\",\"priority\":null}]\t1", "7701\tTypeCNAME\tCNAME\t[{\"value\":\"www.facebook.com\",\"priority\":null},{\"value\":\"www.twitter.com\",\"priority\":null}]\t1" ] }, { "table_name": "TSG_PROFILE_RESPONSE_PAGES", "table_content": [ "957\ttest-html-1\thtml\tforeign_files/TSG_PROFILE_RESPONSE_PAGES.1\t1", "958\ttest-html-2\thtml\tforeign_files/TSG_PROFILE_RESPONSE_PAGES.2\t1" ] }, { "table_name": "TSG_PROFILE_TRAFFIC_MIRROR", "table_content": [ "845\t168.50.28yinyong\t[3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34]\t1", "123\ttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest\t[66]\t1" ] }, { "table_name": "T_VSYS_INFO", "table_content": [ "6\t1\t1" ] } ] }