1、AlertMessage实体类增加content字段,并同步mapper中新增、查询方法增加content字段
2、DynamicRuleObject实体类新增log_rule_id属性,并同步mapper中新增、查询方法增加log_rule_id字段 3、StaticRule新建增加ip、maskip是否匹配的判断,批量新建和更新还没增加。
This commit is contained in:
Hao Miao
@@ -5,19 +5,23 @@ import com.fasterxml.jackson.annotation.JsonProperty;
|
||||
import com.realtime.protection.configuration.entity.task.FiveTupleWithMask;
|
||||
import lombok.Data;
|
||||
|
||||
|
||||
@Data
|
||||
public class AlertMessage {
|
||||
|
||||
@JsonProperty("task_id")
|
||||
private Long taskId;
|
||||
|
||||
@JsonProperty("dynamic_rule_id")
|
||||
@JsonProperty("rule_id")
|
||||
private Integer dynamicRuleId;
|
||||
|
||||
|
||||
@JsonProperty("five_tuple_with_mask")
|
||||
private FiveTupleWithMask fiveTupleWithMask;
|
||||
|
||||
@JsonProperty("content")
|
||||
private String content;
|
||||
|
||||
// @JsonProperty("is_distribute")
|
||||
// private Boolean isDistribute;//待删除
|
||||
|
||||
|
||||
@@ -91,4 +91,8 @@ public class DynamicRuleObject {
|
||||
@Schema(description = "频率", example = "1", requiredMode = Schema.RequiredMode.REQUIRED)
|
||||
private Integer dynamicRuleFrequency;
|
||||
|
||||
@NotNull
|
||||
@JsonProperty("log_rule_id")
|
||||
@Schema(description = "筛选条件-日志规则id", example = "1", requiredMode = Schema.RequiredMode.REQUIRED)
|
||||
private Integer logRuleId;
|
||||
}
|
||||
|
||||
@@ -19,7 +19,7 @@ public class AlertMessageController
|
||||
@PostMapping("/new")
|
||||
public ResponseResult receiveAlertMessage(@RequestBody @Valid AlertMessage alertMessage){
|
||||
alertMessageService.processAlertMessage(alertMessage);
|
||||
return ResponseResult.ok();
|
||||
return ResponseResult.ok().setData("success", true);
|
||||
}
|
||||
|
||||
//实时任务、研判后任务:查看指令对应的告警信息
|
||||
|
||||
@@ -70,8 +70,8 @@ public class AlertMessageService {
|
||||
// (1)查询生成指令所需信息:和alertMessage中的fiveTuple信息 合并成 TaskCommandInfo;
|
||||
// (2)额外信息:并额外查询templateId、protectLevel和taskStatus
|
||||
TaskCommandInfo dynamicCommandInfo = alertMessageMapper.getDynamicTaskInfos(taskId, DynamicRuleId);
|
||||
if (dynamicCommandInfo.getTemplateId() == null){
|
||||
throw new IllegalArgumentException("taskId: " + taskId + " DynamicRuleId: " + DynamicRuleId + " 不匹配");
|
||||
if (dynamicCommandInfo == null || dynamicCommandInfo.getTemplateId() == null){
|
||||
throw new IllegalArgumentException("taskId: " + taskId + " DynamicRuleId: " + DynamicRuleId + " 不正确");
|
||||
}
|
||||
// 根据templateId、protectLevel获取策略模板
|
||||
ProtectLevel templateProtectLevel = alertMessageMapper.queryTemplateProtectLevel(
|
||||
|
||||
@@ -26,8 +26,6 @@ public class DynamicRuleService {
|
||||
@Transactional
|
||||
public Integer newDynamicRuleObject(DynamicRuleObject dynamicRule) {
|
||||
|
||||
dynamicRuleMapper.newDynamicRule(dynamicRule);
|
||||
|
||||
//判断protectObject id是否有效
|
||||
boolean ProtectObjIdValid = dynamicRule.getProtectObjectIds().stream()
|
||||
.allMatch(
|
||||
@@ -36,6 +34,8 @@ public class DynamicRuleService {
|
||||
if (!ProtectObjIdValid) {
|
||||
throw new IllegalArgumentException("protect object id is invalid");
|
||||
}
|
||||
|
||||
dynamicRuleMapper.newDynamicRule(dynamicRule);
|
||||
Integer dynamicRuleId = dynamicRule.getDynamicRuleId();
|
||||
dynamicRule.getProtectObjectIds().forEach(
|
||||
protectObjectId -> dynamicRuleMapper.newDynamicRulProtectObjectConcat(dynamicRuleId, protectObjectId));
|
||||
@@ -104,9 +104,10 @@ public class DynamicRuleService {
|
||||
//template在表中删除了,需要重新设置template(感觉这种情况不多见)
|
||||
dynamicRuleObject.setDynamicRuleSourceSystem("need reset");
|
||||
dynamicRuleObject.setDynamicRuleEventType("need reset");
|
||||
}
|
||||
}else{
|
||||
dynamicRuleObject.setDynamicRuleSourceSystem(template.getSourceSystem());
|
||||
dynamicRuleObject.setDynamicRuleEventType(template.getTemplateName());
|
||||
}
|
||||
|
||||
return dynamicRuleObject;
|
||||
}
|
||||
|
||||
@@ -7,6 +7,9 @@ import com.realtime.protection.configuration.utils.status.AuditStatusValidator;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import java.net.InetAddress;
|
||||
import java.net.UnknownHostException;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
@@ -25,17 +28,39 @@ public class StaticRuleService {
|
||||
this.sqlSessionWrapper = sqlSessionWrapper;
|
||||
}
|
||||
|
||||
private static int ipToInt(String ip) {
|
||||
try {
|
||||
byte[] bytes = InetAddress.getByName(ip).getAddress();
|
||||
return ByteBuffer.wrap(bytes).getInt();
|
||||
} catch (UnknownHostException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
private Boolean isIpMaskValid(String ip, String mip) {
|
||||
if (ip == null && mip != null) throw new IllegalArgumentException("有ip掩码但没设置ip");
|
||||
if (mip == null) return true;
|
||||
|
||||
int ipToInt = ipToInt(ip);
|
||||
int mipToInt = ipToInt(mip);
|
||||
return ( ipToInt == (ipToInt & mipToInt) ) ;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
新建静态规则
|
||||
*/
|
||||
public Integer newStaticRuleObject(StaticRuleObject object) {
|
||||
public Integer newStaticRuleObject(StaticRuleObject object) {
|
||||
|
||||
object.setStaticRuleCreateTime(LocalDateTime.now());
|
||||
object.setStaticRuleAuditStatus(0);
|
||||
/*
|
||||
待开发:设置静态规则对象的创建用户、用户所属部门等属性
|
||||
*/
|
||||
if (!isIpMaskValid(object.getStaticRuleSip(),object.getStaticRuleMsip()) ||
|
||||
!isIpMaskValid(object.getStaticRuleDip(),object.getStaticRuleMdip())
|
||||
){
|
||||
throw new IllegalArgumentException("IP和IP掩码不匹配");
|
||||
}
|
||||
staticRuleMapper.newStaticRuleObject(object);
|
||||
|
||||
return object.getStaticRuleId();
|
||||
|
||||
@@ -43,6 +43,7 @@
|
||||
|
||||
<result column="CREATE_TIME" property="createTime"/>
|
||||
<result column="LAST_UPDATE" property="modifyTime"/>
|
||||
<result column="CONTENT" property="content"/>
|
||||
|
||||
<association property="fiveTupleWithMask">
|
||||
<result column="ADDR_TYPE" property="addrType"/>
|
||||
@@ -56,6 +57,7 @@
|
||||
<result column="MASK_DST_IP" property="maskDestinationIP"/>
|
||||
<result column="MASK_DST_PORT" property="maskDestinationPort"/>
|
||||
<result column="MASK_PROTOCOL" property="maskProtocol"/>
|
||||
|
||||
</association>
|
||||
|
||||
</resultMap>
|
||||
@@ -78,7 +80,8 @@
|
||||
COMMAND_UUID,
|
||||
CREATE_TIME,
|
||||
LAST_UPDATE,
|
||||
ALERT_MESSAGE_ID)
|
||||
ALERT_MESSAGE_ID,
|
||||
CONTENT)
|
||||
values (
|
||||
#{taskId},
|
||||
#{dynamicRuleId},
|
||||
@@ -96,7 +99,8 @@
|
||||
#{commandUUID},
|
||||
NOW(),
|
||||
NOW(),
|
||||
UUID())
|
||||
UUID(),
|
||||
#{content})
|
||||
|
||||
</insert>
|
||||
|
||||
@@ -175,7 +179,8 @@
|
||||
t_alertmessage.COMMAND_UUID,
|
||||
|
||||
t_alertmessage.CREATE_TIME,
|
||||
t_alertmessage.LAST_UPDATE
|
||||
t_alertmessage.LAST_UPDATE,
|
||||
t_alertmessage.CONTENT
|
||||
|
||||
from t_alertmessage
|
||||
where
|
||||
|
||||
@@ -13,14 +13,14 @@
|
||||
create_time, modify_time, dynamic_rule_create_username,
|
||||
dynamic_rule_create_depart, template_id, dynamic_rule_protect_level,
|
||||
dynamic_rule_priority, dynamic_rule_range,
|
||||
dynamic_rule_frequency, dynamic_rule_create_user_id)
|
||||
dynamic_rule_frequency, dynamic_rule_create_user_id, log_rule_id)
|
||||
values (#{object.dynamicRuleName},
|
||||
NOW(), #{object.dynamicRuleModifyTime},
|
||||
#{object.dynamicRuleCreateUsername}, #{object.dynamicRuleCreateDepart},
|
||||
#{object.templateId}, #{object.dynamicRuleProtectLevel},
|
||||
#{object.dynamicRulePriority}, #{object.dynamicRuleRange},
|
||||
#{object.dynamicRuleFrequency},
|
||||
#{object.dynamicRuleCreateUserId})
|
||||
#{object.dynamicRuleCreateUserId},#{object.logRuleId})
|
||||
|
||||
</insert>
|
||||
|
||||
@@ -35,7 +35,7 @@
|
||||
create_time, modify_time, dynamic_rule_create_username,
|
||||
dynamic_rule_create_depart, template_id, dynamic_rule_protect_level,
|
||||
dynamic_rule_priority, dynamic_rule_range,
|
||||
dynamic_rule_frequency, dynamic_rule_create_user_id
|
||||
dynamic_rule_frequency, dynamic_rule_create_user_id,log_rule_id
|
||||
)
|
||||
values
|
||||
<foreach collection="dynamicRuleObjects" item="object" separator=",">
|
||||
@@ -45,7 +45,7 @@
|
||||
#{object.templateId}, #{object.dynamicRuleProtectLevel},
|
||||
#{object.dynamicRulePriority}, #{object.dynamicRuleRange},
|
||||
#{object.dynamicRuleFrequency},
|
||||
#{object.dynamicRuleCreateUserId})
|
||||
#{object.dynamicRuleCreateUserId},#{object.logRuleId})
|
||||
</foreach>
|
||||
</insert>
|
||||
<insert id="newDynamicRulProtectObjectsConcat">
|
||||
|
||||
@@ -1,38 +1,82 @@
|
||||
package com.realtime.protection.server.alertmessage;
|
||||
|
||||
import com.realtime.protection.configuration.entity.alert.AlertMessage;
|
||||
import com.realtime.protection.configuration.entity.defense.object.ProtectObject;
|
||||
import com.realtime.protection.configuration.entity.defense.template.Template;
|
||||
import com.realtime.protection.configuration.entity.rule.dynamicrule.DynamicRuleObject;
|
||||
import com.realtime.protection.configuration.entity.task.FiveTupleWithMask;
|
||||
import com.realtime.protection.configuration.entity.task.Task;
|
||||
import com.realtime.protection.server.defense.object.ProtectObjectService;
|
||||
import com.realtime.protection.server.defense.template.TemplateService;
|
||||
import com.realtime.protection.server.rule.dynamicrule.DynamicRuleService;
|
||||
import com.realtime.protection.server.task.TaskService;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.List;
|
||||
|
||||
@SpringBootTest
|
||||
public class AlertMessageTest {
|
||||
|
||||
private final AlertMessageService alertMessageService;
|
||||
private final ProtectObjectService protectObjectService;
|
||||
private final TemplateService templateService;
|
||||
private final DynamicRuleService dynamicRuleService;
|
||||
private final TaskService taskService;
|
||||
@Autowired
|
||||
public AlertMessageTest(AlertMessageService alertMessageService) {
|
||||
public AlertMessageTest(AlertMessageService alertMessageService
|
||||
,ProtectObjectService protectObjectService,TemplateService templateService,
|
||||
DynamicRuleService dynamicRuleService,TaskService taskService) {
|
||||
this.alertMessageService = alertMessageService;
|
||||
this.protectObjectService = protectObjectService;
|
||||
this.templateService = templateService;
|
||||
this.dynamicRuleService = dynamicRuleService;
|
||||
this.taskService = taskService;
|
||||
}
|
||||
|
||||
@Test
|
||||
void testReceiveAlertMessage() {
|
||||
/*
|
||||
for (int i = 1; i < 4; i++) {
|
||||
AlertMessage alertMessage = new AlertMessage();
|
||||
FiveTupleWithMask fiveTupleWithMask = new FiveTupleWithMask();
|
||||
fiveTupleWithMask.setSourceIP("1.1.1." + i);
|
||||
fiveTupleWithMask.setMaskSourceIP("255.255.255.0");
|
||||
fiveTupleWithMask.setDestinationIP("2.2.3." + i);
|
||||
fiveTupleWithMask.setMaskDestinationIP("255.255.255.255");
|
||||
fiveTupleWithMask.setSourcePort("80");
|
||||
fiveTupleWithMask.setDestinationPort("80");
|
||||
fiveTupleWithMask.setProtocol("TCP");
|
||||
|
||||
alertMessage.setTaskId(1937L);
|
||||
alertMessage.setFiveTupleWithMask(fiveTupleWithMask);
|
||||
alertMessage.setDynamicRuleId(31);
|
||||
alertMessageService.processAlertMessage(alertMessage);
|
||||
}
|
||||
*/
|
||||
List<ProtectObject> protectObject = protectObjectService.queryProtectObjects(null, null, 1, 1);
|
||||
List<Template> templates = templateService.queryTemplates(null, 1, 1);
|
||||
|
||||
DynamicRuleObject object = new DynamicRuleObject();
|
||||
object.setDynamicRuleName("UpdateDynamicRule2");
|
||||
object.setDynamicRuleFrequency(1);
|
||||
object.setDynamicRulePriority(1);
|
||||
object.setDynamicRuleRange("北京");
|
||||
object.setDynamicRuleProtectLevel(2);
|
||||
object.setTemplateId(templates.get(0).getTemplateId());
|
||||
object.setProtectObjectIds(List.of(new Integer[]{protectObject.get(0).getProtectObjectId()}));
|
||||
Integer dynamicRuleId = dynamicRuleService.newDynamicRuleObject(object);
|
||||
|
||||
|
||||
Task task = new Task();
|
||||
task.setTaskName("dong态测试2");
|
||||
LocalDateTime taskStartTime = LocalDateTime.now().plusMinutes(1);
|
||||
LocalDateTime taskEndTime = LocalDateTime.now().plusYears(5);
|
||||
task.setTaskStartTime(taskStartTime);
|
||||
task.setTaskEndTime(taskEndTime);
|
||||
task.setTaskAct("阻断");
|
||||
task.setTaskType(2);
|
||||
task.setTaskCreateUserId(1);
|
||||
task.setTaskCreateUsername("xxx");
|
||||
task.setTaskCreateDepart("xxx");
|
||||
task.setDynamicRuleIds(List.of(new Integer[]{dynamicRuleId}));
|
||||
|
||||
Long taskId = taskService.newTask(task);
|
||||
|
||||
AlertMessage alert = new AlertMessage();
|
||||
FiveTupleWithMask fiveTupleWithMask = new FiveTupleWithMask();
|
||||
fiveTupleWithMask.setSourceIP("1.1.1.1");
|
||||
|
||||
alert.setDynamicRuleId(dynamicRuleId);
|
||||
alert.setTaskId(taskId);
|
||||
alert.setFiveTupleWithMask(fiveTupleWithMask);
|
||||
alert.setContent("testcontent");
|
||||
alertMessageService.processAlertMessage(alert);
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -35,18 +35,19 @@ public class DynamicRuleServiceTest extends ProtectionApplicationTests {
|
||||
|
||||
@Test
|
||||
void testNewDynamicRule() {
|
||||
List<ProtectObject> protectObject = protectObjectService.queryProtectObjects(null, null, 1, 1);
|
||||
List<Template> templates = templateService.queryTemplates(null, 1, 1);
|
||||
|
||||
DynamicRuleObject object = new DynamicRuleObject();
|
||||
object.setDynamicRuleName("UpdateDynamicRule2");
|
||||
object.setDynamicRuleFrequency(1);
|
||||
object.setDynamicRulePriority(1);
|
||||
object.setDynamicRuleRange("北京");
|
||||
object.setDynamicRuleProtectLevel(2);
|
||||
object.setTemplateId(1);
|
||||
object.setProtectObjectIds(List.of(new Integer[]{5521, 5520}));
|
||||
|
||||
|
||||
// Integer objectId = dynamicRuleService.newDynamicRuleObject(object);
|
||||
// assertTrue(objectId > 0);
|
||||
object.setTemplateId(templates.get(0).getTemplateId());
|
||||
object.setLogRuleId(1);
|
||||
object.setProtectObjectIds(List.of(new Integer[]{protectObject.get(0).getProtectObjectId()}));
|
||||
Integer dynamicRuleId = dynamicRuleService.newDynamicRuleObject(object);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -7,7 +7,6 @@ import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
@@ -26,13 +25,16 @@ public class StaticRuleServiceTest extends ProtectionApplicationTests {
|
||||
void setUp() {
|
||||
staticRuleTest = new StaticRuleObject();
|
||||
staticRuleTest.setStaticRuleName("test_staticrule");
|
||||
staticRuleTest.setStaticRuleCreateTime(LocalDateTime.now());
|
||||
staticRuleTest.setStaticRuleCreateUsername("mh");
|
||||
staticRuleTest.setStaticRuleCreateDepart("mmeess");
|
||||
staticRuleTest.setStaticRuleCreateUserId(2);
|
||||
staticRuleTest.setStaticRuleAuditStatus(0);
|
||||
|
||||
staticRuleTest.setStaticRuleSip("1.1.2.3");
|
||||
staticRuleTest.setStaticRuleSip("1.1.2.0");
|
||||
staticRuleTest.setStaticRuleMsip("255.255.255.0");
|
||||
|
||||
// staticRuleTest.setStaticRuleDip("1.1.1.2");
|
||||
// staticRuleTest.setStaticRuleMdip("255.255.255.0");
|
||||
staticRuleTest.setStaticRuleSport(80);
|
||||
|
||||
staticRuleTest.setStaticRulePriority(1);
|
||||
@@ -43,25 +45,7 @@ public class StaticRuleServiceTest extends ProtectionApplicationTests {
|
||||
|
||||
@Test
|
||||
void testNewStaticRule(){
|
||||
Integer i = 0;
|
||||
while(i<2) {
|
||||
i++;
|
||||
StaticRuleObject object = new StaticRuleObject();
|
||||
|
||||
object.setStaticRuleName("test_staticrule" + i);
|
||||
//object.setStaticRuleCreateTime(LocalDateTime.now());
|
||||
object.setStaticRuleCreateUsername("boy" + i);
|
||||
object.setStaticRuleCreateDepart("2chu" + i);
|
||||
object.setStaticRuleCreateUserId(i);
|
||||
object.setStaticRuleSip("1.1.1." + i);
|
||||
object.setStaticRuleSport(i);
|
||||
object.setStaticRuleDip("2.2.3." + i);
|
||||
object.setStaticRulePriority(2);
|
||||
object.setStaticRuleFrequency(1);
|
||||
object.setStaticRuleRange("北京");
|
||||
|
||||
Integer id = staticRuleService.newStaticRuleObject(object);
|
||||
}
|
||||
staticRuleService.newStaticRuleObject(staticRuleTest);
|
||||
//assertTrue(id>0);
|
||||
}
|
||||
@Test
|
||||
|
||||
Reference in New Issue
Block a user