diff options
| author | 李皓宸 <[email protected]> | 2019-07-19 09:53:56 +0800 |
|---|---|---|
| committer | 李皓宸 <[email protected]> | 2019-07-19 09:53:56 +0800 |
| commit | a5dd4ca6f159e942d7504cc7d69e93e172ff9841 (patch) | |
| tree | e00dc433d103478d7faf4f8b52fcd291c3edce09 | |
| parent | 9550d5c04d30c195e247667ac7ebd861979f2b1e (diff) | |
1.文件离线扫描结果接口 删除 malware_type字段space_mapping_20190603
添加mal_classification,mal_behaviour,mal_environment,mal_family,mal_variant字段
2.新增用户账户采集接口
6 files changed, 269 insertions, 13 deletions
diff --git a/src/main/java/com/nis/domain/restful/NtcHttpObjscanResultLog.java b/src/main/java/com/nis/domain/restful/NtcHttpObjscanResultLog.java index 9ea6dc8..d3e3e4d 100644 --- a/src/main/java/com/nis/domain/restful/NtcHttpObjscanResultLog.java +++ b/src/main/java/com/nis/domain/restful/NtcHttpObjscanResultLog.java @@ -14,12 +14,27 @@ public class NtcHttpObjscanResultLog extends NtcHttpCollectLog { @ApiModelProperty(value = "恶意文件命中病毒ID", required = true)
private int malwareId;
- @ApiModelProperty(value = "恶意病毒类型", required = true)
- private String malwareType;
+ // @ApiModelProperty(value = "恶意病毒类型", required = true)
+ // private String malwareType;
- @ApiModelProperty(value = "恶意病毒名称", required = true)
+ @ApiModelProperty(value = "恶意病毒全称", required = true)
private String malwareName;
+ @ApiModelProperty(value = "恶意病毒分类", required = true)
+ private String malClassification;
+
+ @ApiModelProperty(value = "恶意病毒行为", required = true)
+ private String malBehaviour;
+
+ @ApiModelProperty(value = "恶意病毒宿主环境", required = true)
+ private String malEnvironment;
+
+ @ApiModelProperty(value = "恶意病毒家族", required = true)
+ private String malFamily;
+
+ @ApiModelProperty(value = "恶意病毒变种", required = true)
+ private String malVariant;
+
public String getTopicName() {
return topicName;
}
@@ -36,14 +51,6 @@ public class NtcHttpObjscanResultLog extends NtcHttpCollectLog { this.malwareId = malwareId;
}
- public String getMalwareType() {
- return malwareType;
- }
-
- public void setMalwareType(String malwareType) {
- this.malwareType = malwareType;
- }
-
public String getMalwareName() {
return malwareName;
}
@@ -52,4 +59,44 @@ public class NtcHttpObjscanResultLog extends NtcHttpCollectLog { this.malwareName = malwareName;
}
+ public String getMalClassification() {
+ return malClassification;
+ }
+
+ public void setMalClassification(String malClassification) {
+ this.malClassification = malClassification;
+ }
+
+ public String getMalBehaviour() {
+ return malBehaviour;
+ }
+
+ public void setMalBehaviour(String malBehaviour) {
+ this.malBehaviour = malBehaviour;
+ }
+
+ public String getMalEnvironment() {
+ return malEnvironment;
+ }
+
+ public void setMalEnvironment(String malEnvironment) {
+ this.malEnvironment = malEnvironment;
+ }
+
+ public String getMalFamily() {
+ return malFamily;
+ }
+
+ public void setMalFamily(String malFamily) {
+ this.malFamily = malFamily;
+ }
+
+ public String getMalVariant() {
+ return malVariant;
+ }
+
+ public void setMalVariant(String malVariant) {
+ this.malVariant = malVariant;
+ }
+
}
diff --git a/src/main/java/com/nis/domain/restful/NtcUserAccountCollectLog.java b/src/main/java/com/nis/domain/restful/NtcUserAccountCollectLog.java new file mode 100644 index 0000000..d6a093e --- /dev/null +++ b/src/main/java/com/nis/domain/restful/NtcUserAccountCollectLog.java @@ -0,0 +1,71 @@ +package com.nis.domain.restful; + +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.nis.domain.LogEntity; +import com.wordnik.swagger.annotations.ApiModelProperty; + +/** + * @author A.Chen + * @date 2019年7月18日15:57:21 + * @Description: 用户采集结果表 + */ +public class NtcUserAccountCollectLog extends LogEntity { + + private static final long serialVersionUID = 2553033624540656138L; + + @ApiModelProperty(value = "域名", required = true) + protected String domain; + + @ApiModelProperty(value = "用户账户", required = true) + protected String account; + + @ApiModelProperty(value = "用户手机号", required = true) + protected String phoneNumber; + + @ApiModelProperty(value = "用户邮箱", required = true) + protected String email; + + protected String searchDomain; + + public String getAccount() { + return account; + } + + public String getDomain() { + return domain; + } + + public void setDomain(String domain) { + this.domain = domain; + } + + public void setAccount(String account) { + this.account = account; + } + + public String getPhoneNumber() { + return phoneNumber; + } + + public void setPhoneNumber(String phoneNumber) { + this.phoneNumber = phoneNumber; + } + + public String getEmail() { + return email; + } + + public void setEmail(String email) { + this.email = email; + } + + @JsonIgnore + public String getSearchDomain() { + return searchDomain; + } + + public void setSearchDomain(String searchDomain) { + this.searchDomain = searchDomain; + } + +}
\ No newline at end of file diff --git a/src/main/java/com/nis/web/controller/restful/NtcLogSearchController.java b/src/main/java/com/nis/web/controller/restful/NtcLogSearchController.java index dc41779..ac1b16c 100644 --- a/src/main/java/com/nis/web/controller/restful/NtcLogSearchController.java +++ b/src/main/java/com/nis/web/controller/restful/NtcLogSearchController.java @@ -1183,4 +1183,37 @@ public class NtcLogSearchController extends BaseRestController { return serviceLogResponse(auditLogThread, System.currentTimeMillis() - start, request, "文件离线扫描结果采集日志检索成功", page, 0); } + + @RequestMapping(value = "/ntcUserAccountCollectLogs", method = RequestMethod.GET) + @ApiOperation(value = "用户账户采集日志查询", httpMethod = "GET", notes = "用户账户采集日志") + public Map<String, ?> ntcUserAccountCollectLog(Page page, NtcUserAccountCollectLog ntcUserAccountCollectLog, Model model, HttpServletRequest request, + HttpServletResponse response) { + long start = System.currentTimeMillis(); + AuditLogThread auditLogThread = super.saveRequestLog(servicesRequestLogService, Constants.OPACTION_GET, request, + null); + try { + resetTime(ntcUserAccountCollectLog); + ntcLogService.queryConditionCheck(auditLogThread, start, ntcUserAccountCollectLog, NtcUserAccountCollectLog.class, page); + // logDataService.getData(page, ntcHttpRecordLog); + // 将数据源切换到本地clickhouse + CustomerContextHolder.setCustomerType(CustomerContextHolder.DATA_SOURCE_B); + NtcCollectLogsService.getNtcUserAccountCollectLogList(page, ntcUserAccountCollectLog); + CustomerContextHolder.clearCustomerType(); + } catch (Exception e) { + auditLogThread.setExceptionInfo("用户账户采集日志检索失败:" + e.getMessage()); + logger.error("用户账户采集日志检索失败:" + ExceptionUtil.getExceptionMsg(e)); + if (e instanceof RestServiceException) { + throw new RestServiceException(auditLogThread, System.currentTimeMillis() - start, + "用户账户采集日志检索失败:" + e.getMessage(), ((RestServiceException) e).getErrorCode()); + } else if (e instanceof ServiceRuntimeException) { + throw new ServiceRuntimeException(auditLogThread, System.currentTimeMillis() - start, + "用户账户采集日志志检索失败:" + e.getMessage(), ((ServiceRuntimeException) e).getErrorCode()); + } else { + throw new ServiceRuntimeException(auditLogThread, System.currentTimeMillis() - start, + "用户账户采集日志检索失败:" + e.getMessage(), RestBusinessCode.service_runtime_error.getValue()); + } + } + + return serviceLogResponse(auditLogThread, System.currentTimeMillis() - start, request, "用户账户采集日志检索成功", page, 0); + } } diff --git a/src/main/java/com/nis/web/dao/NtcCollectLogsDao.java b/src/main/java/com/nis/web/dao/NtcCollectLogsDao.java index 9e61340..7ef6538 100644 --- a/src/main/java/com/nis/web/dao/NtcCollectLogsDao.java +++ b/src/main/java/com/nis/web/dao/NtcCollectLogsDao.java @@ -31,4 +31,7 @@ public interface NtcCollectLogsDao { //文件扫描结果采集 查询
List<NtcHttpObjscanResultLog> findNtcHttpObjscanResultLogList(NtcHttpObjscanResultLog ntcHttpObjscanResultLog);
+
+ //用户账户采集 查询
+ List<NtcUserAccountCollectLog> findNtcUserAccountCollectLogList(NtcUserAccountCollectLog ntcUserAccountCollectLog);
}
diff --git a/src/main/java/com/nis/web/dao/NtcCollectLogsDao.xml b/src/main/java/com/nis/web/dao/NtcCollectLogsDao.xml index d089542..36ee122 100644 --- a/src/main/java/com/nis/web/dao/NtcCollectLogsDao.xml +++ b/src/main/java/com/nis/web/dao/NtcCollectLogsDao.xml @@ -217,8 +217,50 @@ <result column="topic_name" jdbcType="VARCHAR" property="topicName" />
<result column="malware_id" jdbcType="INTEGER" property="malwareId" />
- <result column="malware_type" jdbcType="VARCHAR" property="malwareType" />
<result column="malware_name" jdbcType="VARCHAR" property="malwareName" />
+ <result column="mal_classification" jdbcType="VARCHAR" property="malClassification" />
+ <result column="mal_behaviour" jdbcType="VARCHAR" property="malBehaviour" />
+ <result column="mal_environment" jdbcType="VARCHAR" property="malEnvironment" />
+ <result column="mal_family" jdbcType="VARCHAR" property="malFamily" />
+ <result column="mal_variant" jdbcType="VARCHAR" property="malVariant" />
+
+ </resultMap>
+
+ <resultMap id="NtcUserAccountCollectLogMap" type="com.nis.domain.restful.NtcUserAccountCollectLog">
+ <result column="cfg_id" jdbcType="BIGINT" property="cfgId" />
+ <result column="found_time" jdbcType="TIMESTAMP" property="foundTime" />
+ <result column="recv_time" jdbcType="TIMESTAMP" property="recvTime" />
+ <result column="trans_proto" jdbcType="VARCHAR" property="transProto" />
+ <result column="addr_type" jdbcType="INTEGER" property="addrType" />
+ <result column="d_ip" jdbcType="VARCHAR" property="dIp" />
+ <result column="s_ip" jdbcType="VARCHAR" property="sIp" />
+ <result column="d_port" jdbcType="VARCHAR" property="dPort" />
+ <result column="s_port" jdbcType="VARCHAR" property="sPort" />
+ <result column="service" jdbcType="INTEGER" property="service" />
+ <result column="entrance_id" jdbcType="BIGINT" property="entranceId" />
+ <result column="device_id" jdbcType="INTEGER" property="deviceId" />
+ <result column="direction" jdbcType="INTEGER" property="direction" />
+ <result column="stream_dir" jdbcType="INTEGER" property="streamDir" />
+ <result column="cap_ip" jdbcType="VARCHAR" property="capIp" />
+ <result column="addr_list" jdbcType="VARCHAR" property="addrList" />
+ <result column="user_region" jdbcType="VARCHAR" property="userRegion" />
+ <result column="server_locate" jdbcType="VARCHAR" property="serverLocate" />
+ <result column="client_locate" jdbcType="VARCHAR" property="clientLocate" />
+ <result column="s_asn" jdbcType="VARCHAR" property="sAsn" />
+ <result column="d_asn" jdbcType="VARCHAR" property="dAsn" />
+ <result column="s_subscribe_id" jdbcType="VARCHAR" property="sSubscribeId" />
+ <result column="d_subscribe_id" jdbcType="VARCHAR" property="dSubscribeId" />
+ <result column="scene_file" jdbcType="VARCHAR" property="sceneFile" />
+ <result column="link_id" jdbcType="BIGINT" property="linkId" />
+ <result column="encap_type" jdbcType="INTEGER" property="encapType" />
+ <result column="inner_smac" jdbcType="VARCHAR" property="innerSmac" />
+ <result column="inner_dmac" jdbcType="VARCHAR" property="innerDmac" />
+
+ <result column="domain" jdbcType="VARCHAR" property="domain" />
+ <result column="account" jdbcType="VARCHAR" property="account" />
+ <result column="phone_number" jdbcType="VARCHAR" property="phoneNumber" />
+ <result column="email" jdbcType="VARCHAR" property="email" />
+
</resultMap>
<sql id="BaseColumn">
@@ -561,7 +603,8 @@ <select id="findNtcHttpObjscanResultLogList" parameterType="com.nis.domain.restful.NtcHttpObjscanResultLog" resultMap="NtcHttpObjscanResultLogMap">
select url,req_hdr_file,req_hdr_key,req_body_file,req_body_key,
- res_hdr_file,res_hdr_key,res_body_file,res_body_key,topic_name,malware_id,malware_type,malware_name
+ res_hdr_file,res_hdr_key,res_body_file,res_body_key,topic_name,malware_id,malware_name,mal_classification,mal_behaviour,
+ mal_environment,mal_family,mal_variant
<include refid="BaseColumn"/>
from ntc_http_objscan_result
<where>
@@ -605,5 +648,51 @@ </otherwise>
</choose>
</select>
+
+ <select id="findNtcUserAccountCollectLogList" parameterType="com.nis.domain.restful.NtcUserAccountCollectLog" resultMap="NtcUserAccountCollectLogMap">
+ select domain,account,phone_number,email
+ <include refid="BaseColumn"/>
+ from ntc_collect_user_account
+ <where>
+ <if test="searchFoundStartTime !=null and searchFoundStartTime !=''">
+ and found_time >= toDateTime(#{searchFoundStartTime})
+ </if>
+ <if test="searchFoundEndTime !=null and searchFoundEndTime !=''">
+ and found_time < toDateTime(#{searchFoundEndTime})
+ </if>
+ <if test="searchEntranceId !=null and searchEntranceId !=''">
+ and entrance_id = ${searchEntranceId}
+ </if>
+ <if test="searchCapIp !=null and searchCapIp !=''">
+ and cap_ip = #{searchCapIp}
+ </if>
+ <if test="searchTransProto !=null and searchTransProto !=''">
+ and trans_proto = #{searchTransProto}
+ </if>
+ <if test="searchDIp !=null and searchDIp !=''">
+ and d_ip = #{searchDIp}
+ </if>
+ <if test="searchSIp !=null and searchSIp !=''">
+ and s_ip = #{searchSIp}
+ </if>
+ <if test="searchDPort !=null and searchDPort !=''">
+ and d_port = ${searchDPort}
+ </if>
+ <if test="searchSPort !=null and searchSPort !=''">
+ and s_port = ${searchSPort}
+ </if>
+ <if test="searchDomain !=null and searchDomain !=''">
+ and domain LIKE concat(concat('%',#{searchDomain}),'%')
+ </if>
+ </where>
+ <choose>
+ <when test="page !=null and page.orderBy !=null and page.orderBy !=''">
+ ORDER BY ${page.orderBy}
+ </when>
+ <otherwise>
+ ORDER BY found_time DESC
+ </otherwise>
+ </choose>
+ </select>
</mapper>
\ No newline at end of file diff --git a/src/main/java/com/nis/web/service/NtcCollectLogsService.java b/src/main/java/com/nis/web/service/NtcCollectLogsService.java index f709fb7..c774c92 100644 --- a/src/main/java/com/nis/web/service/NtcCollectLogsService.java +++ b/src/main/java/com/nis/web/service/NtcCollectLogsService.java @@ -15,6 +15,7 @@ import com.nis.domain.restful.NtcDnsLog; import com.nis.domain.restful.NtcHttpCollectLog;
import com.nis.domain.restful.NtcHttpObjscanResultLog;
import com.nis.domain.restful.NtcHttpRecordLog;
+import com.nis.domain.restful.NtcUserAccountCollectLog;
import com.nis.domain.restful.NtcVoipCollectLog;
import com.nis.restful.RestBusinessCode;
import com.nis.restful.RestServiceException;
@@ -120,6 +121,18 @@ public class NtcCollectLogsService extends BaseService { }
return page;
}
+
+ // 查询用户账户采集 日志数据
+ public Page<?> getNtcUserAccountCollectLogList(Page page, NtcUserAccountCollectLog entity) {
+ entity.setPage(page);
+ entity.setDomain(checkUrlAndFormat(entity.getSearchDomain()));
+ List<NtcUserAccountCollectLog> findNtcUserAccountCollectLogList = ntcCollectLogsDao.findNtcUserAccountCollectLogList(entity);
+ page.setList(findNtcUserAccountCollectLogList);
+ if (page.getLast() > 100) {
+ page.setLast(100);
+ }
+ return page;
+ }
public String checkUrlAndFormat(String params) {
if (!StringUtil.isBlank(params)) {
|