fix: CN-1697 threshold类型检测逻辑调整

2 files changed, 7 insertions, 5 deletions

diff --git a/cn-admin/src/main/java/net/geedge/modules/detection/entity/MatchDto.java b/cn-admin/src/main/java/net/geedge/modules/detection/entity/MatchDto.java
index 88109ee..6ce3586 100644
--- a/cn-admin/src/main/java/net/geedge/modules/detection/entity/MatchDto.java
+++ b/cn-admin/src/main/java/net/geedge/modules/detection/entity/MatchDto.java
@@ -49,10 +49,12 @@ public class MatchDto {
 		
 	private String event_info;
 	
-	private Integer threshold_num;
+	private Integer threshold_value;
 	
-	private Integer records_num;
-		
+	private Integer metric_value;
+
+	private Integer unit;
+
 	private Long start_time;
 	
 	private Long end_time;
diff --git a/cn-admin/src/main/resources/db/R__AZ_magic_api_file.sql b/cn-admin/src/main/resources/db/R__AZ_magic_api_file.sql
index 28b2204..926e290 100644
--- a/cn-admin/src/main/resources/db/R__AZ_magic_api_file.sql
+++ b/cn-admin/src/main/resources/db/R__AZ_magic_api_file.sql
@@ -203,8 +203,8 @@ INSERT INTO `magic_api_file` VALUES ('/api/v1/detection/event/key统计.ms', '{\
 INSERT INTO `magic_api_file` VALUES ('/api/v1/detection/event/事件列表.ms', '{\n  \"properties\" : { },\n  \"id\" : \"copy1723081726883d65154\",\n  \"script\" : null,\n  \"groupId\" : \"420b0a1c8135477db8d371a9bb30d2c9\",\n  \"name\" : \"事件列表\",\n  \"createTime\" : null,\n  \"updateTime\" : 1724148273678,\n  \"lock\" : null,\n  \"createBy\" : null,\n  \"updateBy\" : null,\n  \"path\" : \"/list\",\n  \"method\" : \"GET\",\n  \"parameters\" : [ {\n    \"name\" : \"startTime\",\n    \"value\" : \"1\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"endTime\",\n    \"value\" : \"9999999\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"resource\",\n    \"value\" : \"status=0\",\n    \"description\" : null,\n    \"required\" : false,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"isGroup\",\n    \"value\" : null,\n    \"description\" : null,\n    \"required\" : false,\n    \"dataType\" : \"Integer\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"pageNo\",\n    \"value\" : \"1\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"Integer\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"pageSize\",\n    \"value\" : \"10\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"Integer\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  } ],\n  \"options\" : [ ],\n  \"requestBody\" : \"\",\n  \"headers\" : [ {\n    \"name\" : \"cn-Authorization\",\n    \"value\" : \"a0e623d7-47f8-475b-a0a5-5d77f76601c1\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  } ],\n  \"paths\" : [ ],\n  \"responseBody\" : \"{\\n    \\\"code\\\": 999,\\n    \\\"time\\\": \\\"2024-08-08 02:33:26\\\",\\n    \\\"message\\\": \\\"Expected a \':\' after a key at 43 [character 44 line 1]\\\"\\n}\",\n  \"description\" : null,\n  \"requestBodyDefinition\" : null,\n  \"responseBodyDefinition\" : null\n}\r\n================================\r\nimport net.geedge.common.utils.ObjectUtils\r\nimport net.geedge.common.utils.FreeMarkerUtil as freeMarkerUtil;\r\nimport net.geedge.common.utils.JSONUtil as jsonUtil;\r\nimport net.geedge.modules.entity.service.EntityExplorerService as EntityExplorerService;\r\nimport \'@/pre/timeHandle\' as preHandle;\r\nimport \'@/post/table\' as postHandle;\r\nimport \'@/public/postGalaxyResult\' as postGalaxyResult;\r\nimport \'@/pre/pageFieldsHandle\' as pageFieldsHandle;\r\n\r\n/**\r\n * 入参整理 包括调用公共函数\r\n */\r\nvar parameter={\r\n    \"startTime\":startTime,\r\n    \"endTime\":endTime,\r\n    \"resource\":resource,\r\n    \"isGroup\":isGroup,\r\n    \"pageNo\":pageNo,\r\n    \"pageSize\":pageSize\r\n}\r\npageFieldsHandle(parameter);\r\npreHandle(parameter);\r\nparameter.resource = EntityExplorerService.parseExpression(parameter.resource,\"securityEventMetadata\");\r\n\r\nif (parameter.isGroup==\"\" || is_null(parameter.isGroup)){\r\n    parameter.isGroup = 0;\r\n}\r\n/**\r\n * 接口sql相关内容整理 通过freemarker模板生成最后执行语句\r\n */\r\nvar q = \"{\\\"query\\\":\\\"SELECT <#if isGroup == 1>key_fields AS key_fields,key_values AS key_values,rule_id AS rule_id,rule_version AS rule_version,uniqExact(event_id) AS count,anyLast(event_id) AS eventId, <#else> anyLast(key_fields) AS keyFields,anyLast(key_values) AS keyValues,anyLast(rule_id) AS ruleId,anyLast(rule_version) AS ruleVersion,event_id AS event_id,</#if> anyLast(event_type) AS eventType,anyLast(event_name) AS eventName,anyLast(match_ids) AS matchIds,anyLast(rule_type) AS ruleType,anyLast(is_builtin) AS isBuiltin,min(start_time) AS startTime,max(end_time) AS stat_time,max(duration_s) AS durationS,max(status) AS state FROM cn_event WHERE end_time >= ${startTime} AND end_time < ${endTime} <#if resource?default(\'\')?trim? length gt 0> AND ${resource} </#if> GROUP BY <#if isGroup == 1> key_fields,key_values,rule_id,rule_version <#else> event_id </#if> ORDER BY stat_time DESC LIMIT ${pageNo},${pageSize}\\\",\\\"option\\\":\\\"real_time\\\",\\\"format\\\":\\\"json\\\"}\"\r\nvar result  = freeMarkerUtil.processTemplateIntoString(\"eventList\",q,parameter);\r\nprintln(result)\r\n/**\r\n * 调用galaxy接口获取结果信息\r\n */\r\nvar res = jsonUtil.toBean(result,HashMap.class);\r\nvar galaxyRes = postGalaxyResult(res);\r\n\r\n/**\r\n * 处理galaxy返回的数据结果 将新结果返回前端界面\r\n */\r\nvar result = postHandle(galaxyRes);\r\nif(result.data.result.length > 0 ){\r\n    for(i,j in result.data.result){\r\n        var pojo = j;\r\n        pojo.status = pojo.state;\r\n        pojo.endTime = pojo.statTime;\r\n    }\r\n}\r\nreturn result;');
 INSERT INTO `magic_api_file` VALUES ('/api/v1/detection/event/事件总数.ms', '{\n  \"properties\" : { },\n  \"id\" : \"9dbc6d3b4e7d440ebe50c4ee50533f7c\",\n  \"script\" : null,\n  \"groupId\" : \"420b0a1c8135477db8d371a9bb30d2c9\",\n  \"name\" : \"事件总数\",\n  \"createTime\" : null,\n  \"updateTime\" : 1724148130413,\n  \"lock\" : null,\n  \"createBy\" : null,\n  \"updateBy\" : null,\n  \"path\" : \"/count\",\n  \"method\" : \"GET\",\n  \"parameters\" : [ {\n    \"name\" : \"startTime\",\n    \"value\" : null,\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"endTime\",\n    \"value\" : null,\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"resource\",\n    \"value\" : null,\n    \"description\" : null,\n    \"required\" : false,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"isGroup\",\n    \"value\" : null,\n    \"description\" : null,\n    \"required\" : false,\n    \"dataType\" : \"Integer\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  } ],\n  \"options\" : [ ],\n  \"requestBody\" : \"\",\n  \"headers\" : [ ],\n  \"paths\" : [ ],\n  \"responseBody\" : null,\n  \"description\" : null,\n  \"requestBodyDefinition\" : null,\n  \"responseBodyDefinition\" : null\n}\r\n================================\r\nimport net.geedge.common.utils.FreeMarkerUtil as freeMarkerUtil;\r\nimport net.geedge.common.utils.JSONUtil as jsonUtil;\r\nimport net.geedge.modules.entity.service.EntityExplorerService as EntityExplorerService;\r\nimport \'@/pre/timeHandle\' as preHandle;\r\nimport \'@/post/single\' as postHandle;\r\nimport \'@/public/postGalaxyResult\' as postGalaxyResult;\r\n\r\n\r\n/**\r\n * 入参整理 包括调用公共函数\r\n */\r\nvar parameter={\r\n    \"startTime\":startTime,\r\n    \"endTime\":endTime,\r\n    \"resource\":resource,\r\n    \"isGroup\":isGroup\r\n}\r\n\r\nif (parameter.isGroup==\"\" || is_null(parameter.isGroup)){\r\n    parameter.isGroup = 0;\r\n}\r\n\r\npreHandle(parameter);\r\nparameter.resource = EntityExplorerService.parseExpression(parameter.resource,\"securityEventMetadata\");\r\n/**\r\n * 接口sql相关内容整理 通过freemarker模板生成最后执行语句\r\n */\r\nvar q = \"{\\\"query\\\":\\\"SELECT uniqExact(<#if isGroup == 1> (key_fields,key_values,rule_id,rule_version)  <#else> (event_id) </#if> ) AS count FROM cn_event WHERE end_time >= ${startTime} AND end_time < ${endTime} <#if resource?default(\'\')?trim? length gt 0> AND ${resource} </#if>\\\",\\\"option\\\":\\\"real_time\\\",\\\"format\\\":\\\"json\\\"}\"\r\nvar result  = freeMarkerUtil.processTemplateIntoString(\"eventCount\",q,parameter);\r\n\r\n/**\r\n * 调用galaxy接口获取结果信息\r\n */\r\nvar res = jsonUtil.toBean(result,HashMap.class);\r\nvar galaxyRes = postGalaxyResult(res);\r\n\r\n/**\r\n * 处理galaxy返回的数据结果 将新结果返回前端界面\r\n */\r\nvar result = postHandle(galaxyRes);\r\n\r\nreturn result;');
 INSERT INTO `magic_api_file` VALUES ('/api/v1/detection/event/事件统计分布.ms', '{\n  \"properties\" : { },\n  \"id\" : \"5da8ef4c503b41e6bbb7b17a56a3ad95\",\n  \"script\" : null,\n  \"groupId\" : \"420b0a1c8135477db8d371a9bb30d2c9\",\n  \"name\" : \"事件统计分布\",\n  \"createTime\" : null,\n  \"updateTime\" : 1724396060964,\n  \"lock\" : null,\n  \"createBy\" : null,\n  \"updateBy\" : null,\n  \"path\" : \"/timedistribution\",\n  \"method\" : \"GET\",\n  \"parameters\" : [ {\n    \"name\" : \"startTime\",\n    \"value\" : \"1\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"endTime\",\n    \"value\" : \"999999999999999\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"resource\",\n    \"value\" : null,\n    \"description\" : null,\n    \"required\" : false,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  } ],\n  \"options\" : [ ],\n  \"requestBody\" : \"\",\n  \"headers\" : [ {\n    \"name\" : \"cn-Authorization\",\n    \"value\" : \"a0e623d7-47f8-475b-a0a5-5d77f76601c1\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  } ],\n  \"paths\" : [ ],\n  \"responseBody\" : \"{\\n    \\\"message\\\": \\\"Please log in to the system first\\\",\\n    \\\"code\\\": 518008,\\n    \\\"time\\\": 1723084913010\\n}\",\n  \"description\" : null,\n  \"requestBodyDefinition\" : null,\n  \"responseBodyDefinition\" : null\n}\r\n================================\r\nimport net.geedge.common.utils.FreeMarkerUtil as freeMarkerUtil;\r\nimport net.geedge.common.utils.JSONUtil as jsonUtil;\r\nimport net.geedge.modules.entity.service.EntityExplorerService as EntityExplorerService;\r\nimport \'@/pre/timeHandle\' as preHandle;\r\nimport \'@/post/table\' as postHandle;\r\nimport \'@/public/postGalaxyResult\' as postGalaxyResult;\r\n\r\n\r\n/**\r\n * 入参整理 包括调用公共函数\r\n */\r\nvar parameter={\r\n    \"startTime\":startTime,\r\n    \"endTime\":endTime,\r\n    \"resource\":resource\r\n}\r\npreHandle(parameter);\r\nparameter.resource = EntityExplorerService.parseExpression(parameter.resource,\"securityEventMetadata\");\r\n/**\r\n * 接口sql相关内容整理 通过freemarker模板生成最后执行语句\r\n */\r\nvar q = \"{\\\"query\\\":\\\"SELECT TIME_FLOOR_WITH_FILL(end_time,\'PT${step}S\',\'zero\') AS stat_time,uniqExact(event_id) AS count FROM cn_event WHERE end_time >= ${startTime} AND end_time < ${endTime} <#if resource?default(\'\')?trim? length gt 0> AND ${resource} </#if> GROUP BY stat_time ORDER BY stat_time DESC\\\",\\\"option\\\":\\\"real_time\\\",\\\"format\\\":\\\"json\\\"}\"\r\nvar result  = freeMarkerUtil.processTemplateIntoString(\"eventTimedistribution\",q,parameter);\r\n\r\n/**\r\n * 调用galaxy接口获取结果信息\r\n */\r\nvar res = jsonUtil.toBean(result,HashMap.class);\r\nvar galaxyRes = postGalaxyResult(res);\r\n\r\n/**\r\n * 处理galaxy返回的数据结果 将新结果返回前端界面\r\n */\r\nvar result = postHandle(galaxyRes);\r\nprintln(jsonUtil.toJsonStr(galaxyRes));\r\n\r\nreturn result;');
-INSERT INTO `magic_api_file` VALUES ('/api/v1/detection/event/事件详情.ms', '{\n  \"properties\" : { },\n  \"id\" : \"copy1723086686424d87948\",\n  \"script\" : null,\n  \"groupId\" : \"420b0a1c8135477db8d371a9bb30d2c9\",\n  \"name\" : \"事件详情\",\n  \"createTime\" : null,\n  \"updateTime\" : 1724382585515,\n  \"lock\" : null,\n  \"createBy\" : null,\n  \"updateBy\" : null,\n  \"path\" : \"/detail\",\n  \"method\" : \"GET\",\n  \"parameters\" : [ {\n    \"name\" : \"startTime\",\n    \"value\" : \"1722825798\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"endTime\",\n    \"value\" : \"1723084999\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"resource\",\n    \"value\" : \"status=0\",\n    \"description\" : null,\n    \"required\" : false,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"eventId\",\n    \"value\" : \"510557841419929600\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"Long\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"ruleType\",\n    \"value\" : \"2\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"Integer\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  } ],\n  \"options\" : [ ],\n  \"requestBody\" : \"\",\n  \"headers\" : [ {\n    \"name\" : \"cn-Authorization\",\n    \"value\" : \"a0e623d7-47f8-475b-a0a5-5d77f76601c1\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  } ],\n  \"paths\" : [ ],\n  \"responseBody\" : \"{\\n    \\\"code\\\": 999,\\n    \\\"time\\\": \\\"2024-08-16 10:06:11\\\",\\n    \\\"message\\\": \\\"404 null at Row:13~13,Col:32~37\\\\n\\\\nvar galaxyResult = httpRequest.post().getBody();\\\\r\\\\n                               ^^^^^^            \\\"\\n}\",\n  \"description\" : null,\n  \"requestBodyDefinition\" : null,\n  \"responseBodyDefinition\" : null\n}\r\n================================\r\nimport net.geedge.common.utils.ObjectUtils\r\nimport net.geedge.common.utils.FreeMarkerUtil as freeMarkerUtil;\r\nimport net.geedge.common.utils.JSONUtil as jsonUtil;\r\nimport net.geedge.modules.entity.service.EntityExplorerService as EntityExplorerService;\r\nimport \'@/pre/timeHandle\' as preHandle;\r\nimport \'@/post/table\' as postHandle;\r\nimport \'@/public/postGalaxyResult\' as postGalaxyResult;\r\n\r\n\r\n/**\r\n * 入参整理 包括调用公共函数\r\n */\r\nvar parameter={\r\n    \"startTime\":startTime,\r\n    \"endTime\":endTime,\r\n    \"resource\":resource,\r\n    \"eventId\":eventId,\r\n    \"ruleType\":ruleType\r\n}\r\npreHandle(parameter);\r\nparameter.resource = EntityExplorerService.parseExpression(parameter.resource,\"securityEventMetadata\");\r\n\r\nif (parameter.isGroup==\"\" || is_null(parameter.isGroup)){\r\n    parameter.isGroup = 0;\r\n}\r\n/**\r\n * 接口sql相关内容整理 通过freemarker模板生成最后执行语句\r\n */\r\nvar q = \"{\\\"query\\\":\\\"<#if ruleType==1> SELECT match_id AS match_id,rule_id AS rule_id,rule_version AS rule_version,rule_type AS rule_type,event_type AS event_type,event_name AS event_name,severity AS severity,match_num AS match_num,indicator_fields AS indicator_fields,indicator_values AS indicator_values,reset AS reset,client_ip AS client_ip,client_country_region AS client_country_region,client_admin_area AS client_admin_area,client_super_admin_area AS client_super_admin_area,client_latitude AS client_latitude,client_longitude AS client_longitude,server_ip AS server_ip,server_country_region AS server_country_region,server_admin_area AS server_admin_area,server_super_admin_area AS server_super_admin_area,server_latitude AS server_latitude,server_longitude AS server_longitude,indicator_values AS indicator_values,domain AS domain,app AS app,match_time AS match_time FROM match_indicator <#elseif ruleType==2> SELECT start_time AS start_time,threshold_num AS threshold_num,records_num AS records_num,severity AS severity  FROM match_threshold <#elseif ruleType==3> SELECT match_id AS match_id,rule_id AS rule_id,rule_version AS rule_version,rule_type AS rule_type,event_type AS event_type,event_name AS event_name,severity AS severity,event_info AS event_info,start_time AS start_time,end_time AS end_time FROM match_sequence <#else> SELECT match_id AS match_id,rule_id AS rule_id,rule_version AS rule_version,rule_type AS rule_type,event_type AS event_type,event_name AS event_name,severity AS severity,event_info AS event_info,start_time AS start_time,end_time AS end_time FROM match_unordered_sequence </#if> where match_id IN ( SELECT CAST(arrayJoin(splitByChar(\',\', match_ids)) AS UInt64) FROM cn_event WHERE end_time >= ${startTime} AND end_time < ${endTime} AND event_id = ${eventId} <#if resource?default(\'\')?trim? length gt 0> AND ${resource} </#if> )   ORDER BY <#if ruleType==1> match_time <#elseif ruleType==2> start_time <#else> start_time </#if> <#if ruleType!=2> DESC LIMIT 1 </#if>\\\",\\\"option\\\":\\\"real_time\\\",\\\"format\\\":\\\"json\\\"}\"\r\nvar result  = freeMarkerUtil.processTemplateIntoString(\"eventDetail\",q,parameter);\r\n/**\r\n * 调用galaxy接口获取结果信息\r\n */\r\nvar res = jsonUtil.toBean(result,HashMap.class);\r\nvar galaxyRes = postGalaxyResult(res);\r\n\r\n/**\r\n * 处理galaxy返回的数据结果 将新结果返回前端界面\r\n */\r\nvar result = postHandle(galaxyRes);\r\n\r\nreturn result;');
-INSERT INTO `magic_api_file` VALUES ('/api/v1/detection/event/事件详情分布.ms', '{\r\n  \"properties\" : { },\r\n  \"id\" : \"copy1723088472580d57062\",\r\n  \"script\" : null,\r\n  \"groupId\" : \"420b0a1c8135477db8d371a9bb30d2c9\",\r\n  \"name\" : \"事件详情分布\",\r\n  \"createTime\" : null,\r\n  \"updateTime\" : 1724404256213,\r\n  \"lock\" : null,\r\n  \"createBy\" : null,\r\n  \"updateBy\" : null,\r\n  \"path\" : \"/detail/timedistribution\",\r\n  \"method\" : \"GET\",\r\n  \"parameters\" : [ {\r\n    \"name\" : \"startTime\",\r\n    \"value\" : \"\",\r\n    \"description\" : null,\r\n    \"required\" : true,\r\n    \"dataType\" : \"String\",\r\n    \"type\" : null,\r\n    \"defaultValue\" : null,\r\n    \"validateType\" : null,\r\n    \"error\" : null,\r\n    \"expression\" : null,\r\n    \"children\" : null\r\n  }, {\r\n    \"name\" : \"endTime\",\r\n    \"value\" : \"\",\r\n    \"description\" : null,\r\n    \"required\" : true,\r\n    \"dataType\" : \"String\",\r\n    \"type\" : null,\r\n    \"defaultValue\" : null,\r\n    \"validateType\" : null,\r\n    \"error\" : null,\r\n    \"expression\" : null,\r\n    \"children\" : null\r\n  }, {\r\n    \"name\" : \"resource\",\r\n    \"value\" : null,\r\n    \"description\" : null,\r\n    \"required\" : false,\r\n    \"dataType\" : \"String\",\r\n    \"type\" : null,\r\n    \"defaultValue\" : null,\r\n    \"validateType\" : null,\r\n    \"error\" : null,\r\n    \"expression\" : null,\r\n    \"children\" : null\r\n  }, {\r\n    \"name\" : \"keyFields\",\r\n    \"value\" : \"\",\r\n    \"description\" : null,\r\n    \"required\" : true,\r\n    \"dataType\" : \"String\",\r\n    \"type\" : null,\r\n    \"defaultValue\" : null,\r\n    \"validateType\" : null,\r\n    \"error\" : null,\r\n    \"expression\" : null,\r\n    \"children\" : null\r\n  }, {\r\n    \"name\" : \"keyValues\",\r\n    \"value\" : \"\",\r\n    \"description\" : null,\r\n    \"required\" : true,\r\n    \"dataType\" : \"String\",\r\n    \"type\" : null,\r\n    \"defaultValue\" : null,\r\n    \"validateType\" : null,\r\n    \"error\" : null,\r\n    \"expression\" : null,\r\n    \"children\" : null\r\n  }, {\r\n    \"name\" : \"ruleId\",\r\n    \"value\" : \"\",\r\n    \"description\" : null,\r\n    \"required\" : true,\r\n    \"dataType\" : \"Long\",\r\n    \"type\" : null,\r\n    \"defaultValue\" : null,\r\n    \"validateType\" : null,\r\n    \"error\" : null,\r\n    \"expression\" : null,\r\n    \"children\" : null\r\n  }, {\r\n    \"name\" : \"ruleVersion\",\r\n    \"value\" : \"\",\r\n    \"description\" : null,\r\n    \"required\" : true,\r\n    \"dataType\" : \"String\",\r\n    \"type\" : null,\r\n    \"defaultValue\" : null,\r\n    \"validateType\" : null,\r\n    \"error\" : null,\r\n    \"expression\" : null,\r\n    \"children\" : null\r\n  } ],\r\n  \"options\" : [ ],\r\n  \"requestBody\" : \"\",\r\n  \"headers\" : [ ],\r\n  \"paths\" : [ ],\r\n  \"responseBody\" : \"{\\n    \\\"code\\\": 999,\\n    \\\"time\\\": \\\"2024-08-23 09:08:05\\\",\\n    \\\"message\\\": \\\"400 null at Row:13~13,Col:32~37\\\\n\\\\nvar galaxyResult = httpRequest.post().getBody();\\\\r\\\\n                               ^^^^^^            \\\"\\n}\",\r\n  \"description\" : null,\r\n  \"requestBodyDefinition\" : null,\r\n  \"responseBodyDefinition\" : null\r\n}\r\n================================\r\nimport net.geedge.common.utils.FreeMarkerUtil as freeMarkerUtil;\r\nimport net.geedge.common.utils.JSONUtil as jsonUtil;\r\nimport net.geedge.modules.entity.service.EntityExplorerService as EntityExplorerService;\r\nimport \'@/pre/timeHandle\' as preHandle;\r\nimport \'@/post/table\' as postHandle;\r\nimport \'@/public/postGalaxyResult\' as postGalaxyResult;\r\n\r\n\r\n/**\r\n * 入参整理 包括调用公共函数\r\n */\r\nvar parameter={\r\n    \"startTime\":startTime,\r\n    \"endTime\":endTime,\r\n    \"resource\":resource,\r\n    \"keyFields\":keyFields,\r\n    \"keyValues\":keyValues,\r\n    \"ruleId\":ruleId,\r\n    \"ruleVersion\":ruleVersion\r\n}\r\n\r\npreHandle(parameter);\r\nparameter.resource = EntityExplorerService.parseExpression(parameter.resource,\"securityEventMetadata\");\r\n/**\r\n * 接口sql相关内容整理 通过freemarker模板生成最后执行语句\r\n */\r\nvar q = \"{\\\"query\\\":\\\"SELECT event_id AS event_id,max(end_time) AS endTime,min(start_time) as start_time FROM cn_event WHERE end_time >= ${startTime} AND end_time< ${endTime} AND key_fields = ${keyFields} AND key_values = ${keyValues} AND rule_id = ${ruleId} AND rule_version = ${ruleVersion} <#if resource?default(\'\')?trim? length gt 0> AND ${resource} </#if>  GROUP BY event_id ORDER BY endTime DESC\\\",\\\"option\\\":\\\"real_time\\\",\\\"format\\\":\\\"json\\\"}\"\r\nvar result  = freeMarkerUtil.processTemplateIntoString(\"detailTimedistribution\",q,parameter);\r\n\r\n/**\r\n * 调用galaxy接口获取结果信息\r\n */\r\nvar res = jsonUtil.toBean(result,HashMap.class);\r\nvar galaxyRes = postGalaxyResult(res);\r\n\r\n/**\r\n * 处理galaxy返回的数据结果 将新结果返回前端界面\r\n */\r\nvar result = postHandle(galaxyRes);\r\n\r\nreturn result;');
+INSERT INTO `magic_api_file` VALUES ('/api/v1/detection/event/事件详情.ms', '{\n  \"properties\" : { },\n  \"id\" : \"copy1723086686424d87948\",\n  \"script\" : null,\n  \"groupId\" : \"420b0a1c8135477db8d371a9bb30d2c9\",\n  \"name\" : \"事件详情\",\n  \"createTime\" : null,\n  \"updateTime\" : 1725587182382,\n  \"lock\" : null,\n  \"createBy\" : null,\n  \"updateBy\" : null,\n  \"path\" : \"/detail\",\n  \"method\" : \"GET\",\n  \"parameters\" : [ {\n    \"name\" : \"startTime\",\n    \"value\" : \"1722825798\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"endTime\",\n    \"value\" : \"1723084999\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"resource\",\n    \"value\" : \"status=0\",\n    \"description\" : null,\n    \"required\" : false,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"eventId\",\n    \"value\" : \"510557841419929600\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"Long\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"ruleType\",\n    \"value\" : \"2\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"Integer\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  } ],\n  \"options\" : [ ],\n  \"requestBody\" : \"\",\n  \"headers\" : [ {\n    \"name\" : \"cn-Authorization\",\n    \"value\" : \"a0e623d7-47f8-475b-a0a5-5d77f76601c1\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  } ],\n  \"paths\" : [ ],\n  \"responseBody\" : \"{\\n    \\\"code\\\": 999,\\n    \\\"time\\\": \\\"2024-08-16 10:06:11\\\",\\n    \\\"message\\\": \\\"404 null at Row:13~13,Col:32~37\\\\n\\\\nvar galaxyResult = httpRequest.post().getBody();\\\\r\\\\n                               ^^^^^^            \\\"\\n}\",\n  \"description\" : null,\n  \"requestBodyDefinition\" : null,\n  \"responseBodyDefinition\" : null\n}\r\n================================\r\nimport net.geedge.common.utils.ObjectUtils\r\nimport net.geedge.common.utils.FreeMarkerUtil as freeMarkerUtil;\r\nimport net.geedge.common.utils.JSONUtil as jsonUtil;\r\nimport net.geedge.modules.entity.service.EntityExplorerService as EntityExplorerService;\r\nimport \'@/pre/timeHandle\' as preHandle;\r\nimport \'@/post/table\' as postHandle;\r\nimport \'@/public/postGalaxyResult\' as postGalaxyResult;\r\n\r\n\r\n/**\r\n * 入参整理 包括调用公共函数\r\n */\r\nvar parameter={\r\n    \"startTime\":startTime,\r\n    \"endTime\":endTime,\r\n    \"resource\":resource,\r\n    \"eventId\":eventId,\r\n    \"ruleType\":ruleType\r\n}\r\npreHandle(parameter);\r\nparameter.resource = EntityExplorerService.parseExpression(parameter.resource,\"securityEventMetadata\");\r\n\r\nif (parameter.isGroup==\"\" || is_null(parameter.isGroup)){\r\n    parameter.isGroup = 0;\r\n}\r\n/**\r\n * 接口sql相关内容整理 通过freemarker模板生成最后执行语句\r\n */\r\nvar q = \"{\\\"query\\\":\\\"<#if ruleType==1> SELECT match_id AS match_id,rule_id AS rule_id,rule_version AS rule_version,rule_type AS rule_type,event_type AS event_type,event_name AS event_name,severity AS severity,match_num AS match_num,indicator_fields AS indicator_fields,indicator_values AS indicator_values,reset AS reset,client_ip AS client_ip,client_country_region AS client_country_region,client_admin_area AS client_admin_area,client_super_admin_area AS client_super_admin_area,client_latitude AS client_latitude,client_longitude AS client_longitude,server_ip AS server_ip,server_country_region AS server_country_region,server_admin_area AS server_admin_area,server_super_admin_area AS server_super_admin_area,server_latitude AS server_latitude,server_longitude AS server_longitude,indicator_values AS indicator_values,domain AS domain,app AS app,match_time AS match_time FROM match_indicator <#elseif ruleType==2> SELECT start_time AS start_time,threshold_value AS threshold_value,metric_value AS metric_value,unit as unit , severity AS severity  FROM match_threshold <#elseif ruleType==3> SELECT match_id AS match_id,rule_id AS rule_id,rule_version AS rule_version,rule_type AS rule_type,event_type AS event_type,event_name AS event_name,severity AS severity,event_info AS event_info,start_time AS start_time,end_time AS end_time FROM match_sequence <#else> SELECT match_id AS match_id,rule_id AS rule_id,rule_version AS rule_version,rule_type AS rule_type,event_type AS event_type,event_name AS event_name,severity AS severity,event_info AS event_info,start_time AS start_time,end_time AS end_time FROM match_unordered_sequence </#if> where match_id IN ( SELECT CAST(arrayJoin(splitByChar(\',\', match_ids)) AS UInt64) FROM cn_event WHERE end_time >= ${startTime} AND end_time < ${endTime} AND event_id = ${eventId} <#if resource?default(\'\')?trim? length gt 0> AND ${resource} </#if> )   ORDER BY <#if ruleType==1> match_time <#elseif ruleType==2> start_time <#else> start_time </#if> <#if ruleType!=2> DESC LIMIT 1 </#if>\\\",\\\"option\\\":\\\"real_time\\\",\\\"format\\\":\\\"json\\\"}\"\r\nvar result  = freeMarkerUtil.processTemplateIntoString(\"eventDetail\",q,parameter);\r\n/**\r\n * 调用galaxy接口获取结果信息\r\n */\r\nvar res = jsonUtil.toBean(result,HashMap.class);\r\nvar galaxyRes = postGalaxyResult(res);\r\n\r\n/**\r\n * 处理galaxy返回的数据结果 将新结果返回前端界面\r\n */\r\nvar result = postHandle(galaxyRes);\r\n\r\nreturn result;');
+INSERT INTO `magic_api_file` VALUES ('/api/v1/detection/event/事件详情分布.ms', '{\n  \"properties\" : { },\n  \"id\" : \"copy1723088472580d57062\",\n  \"script\" : null,\n  \"groupId\" : \"420b0a1c8135477db8d371a9bb30d2c9\",\n  \"name\" : \"事件详情分布\",\n  \"createTime\" : null,\n  \"updateTime\" : 1724812569007,\n  \"lock\" : null,\n  \"createBy\" : null,\n  \"updateBy\" : null,\n  \"path\" : \"/detail/timedistribution\",\n  \"method\" : \"GET\",\n  \"parameters\" : [ {\n    \"name\" : \"startTime\",\n    \"value\" : \"\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"endTime\",\n    \"value\" : \"\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"resource\",\n    \"value\" : null,\n    \"description\" : null,\n    \"required\" : false,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"keyFields\",\n    \"value\" : \"\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"keyValues\",\n    \"value\" : \"\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"ruleId\",\n    \"value\" : \"\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"Long\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  }, {\n    \"name\" : \"ruleVersion\",\n    \"value\" : \"\",\n    \"description\" : null,\n    \"required\" : true,\n    \"dataType\" : \"String\",\n    \"type\" : null,\n    \"defaultValue\" : null,\n    \"validateType\" : null,\n    \"error\" : null,\n    \"expression\" : null,\n    \"children\" : null\n  } ],\n  \"options\" : [ ],\n  \"requestBody\" : \"\",\n  \"headers\" : [ ],\n  \"paths\" : [ ],\n  \"responseBody\" : \"{\\n    \\\"code\\\": 999,\\n    \\\"time\\\": \\\"2024-08-23 09:08:05\\\",\\n    \\\"message\\\": \\\"400 null at Row:13~13,Col:32~37\\\\n\\\\nvar galaxyResult = httpRequest.post().getBody();\\\\r\\\\n                               ^^^^^^            \\\"\\n}\",\n  \"description\" : null,\n  \"requestBodyDefinition\" : null,\n  \"responseBodyDefinition\" : null\n}\r\n================================\r\nimport net.geedge.common.utils.FreeMarkerUtil as freeMarkerUtil;\r\nimport net.geedge.common.utils.JSONUtil as jsonUtil;\r\nimport net.geedge.modules.entity.service.EntityExplorerService as EntityExplorerService;\r\nimport \'@/pre/timeHandle\' as preHandle;\r\nimport \'@/post/table\' as postHandle;\r\nimport \'@/public/postGalaxyResult\' as postGalaxyResult;\r\n\r\n\r\n/**\r\n * 入参整理 包括调用公共函数\r\n */\r\nvar parameter={\r\n    \"startTime\":startTime,\r\n    \"endTime\":endTime,\r\n    \"resource\":resource,\r\n    \"keyFields\":keyFields,\r\n    \"keyValues\":keyValues,\r\n    \"ruleId\":ruleId,\r\n    \"ruleVersion\":ruleVersion\r\n}\r\n\r\npreHandle(parameter);\r\nparameter.resource = EntityExplorerService.parseExpression(parameter.resource,\"securityEventMetadata\");\r\n/**\r\n * 接口sql相关内容整理 通过freemarker模板生成最后执行语句\r\n */\r\nvar q = \"{\\\"query\\\":\\\"SELECT event_id AS event_id,max(end_time) AS endTime,min(start_time) as start_time,max(status) AS event_status FROM cn_event WHERE end_time >= ${startTime} AND end_time< ${endTime} AND key_fields = ${keyFields} AND key_values = ${keyValues} AND rule_id = ${ruleId} AND rule_version = ${ruleVersion} <#if resource?default(\'\')?trim? length gt 0> AND ${resource} </#if>  GROUP BY event_id ORDER BY endTime DESC\\\",\\\"option\\\":\\\"real_time\\\",\\\"format\\\":\\\"json\\\"}\"\r\nvar result  = freeMarkerUtil.processTemplateIntoString(\"detailTimedistribution\",q,parameter);\r\n\r\n/**\r\n * 调用galaxy接口获取结果信息\r\n */\r\nvar res = jsonUtil.toBean(result,HashMap.class);\r\nvar galaxyRes = postGalaxyResult(res);\r\n\r\n/**\r\n * 处理galaxy返回的数据结果 将新结果返回前端界面\r\n */\r\nvar result = postHandle(galaxyRes);\r\n\r\nreturn result;');
 INSERT INTO `magic_api_file` VALUES ('/api/v1/detection/event/名称统计.ms', '{\n  \"properties\" : { },\n  \"id\" : \"4ae1759a4de04ec19744ba3f3a712c9e\",\n  \"script\" : null,\n  \"groupId\" : \"420b0a1c8135477db8d371a9bb30d2c9\",\n  \"name\" : \"名称统计\",\n  \"createTime\" : null,\n  \"updateTime\" : 1724147987625,\n  \"lock\" : null,\n  \"createBy\" : null,\n  \"updateBy\" : null,\n  \"path\" : \"/name/statistics\",\n  \"method\" : \"GET\",\n  \"parameters\" : [ ],\n  \"options\" : [ ],\n  \"requestBody\" : \"\",\n  \"headers\" : [ ],\n  \"paths\" : [ ],\n  \"responseBody\" : null,\n  \"description\" : null,\n  \"requestBodyDefinition\" : null,\n  \"responseBodyDefinition\" : null\n}\r\n================================\r\nimport net.geedge.common.utils.FreeMarkerUtil as freeMarkerUtil;\r\nimport net.geedge.common.utils.JSONUtil as jsonUtil;\r\nimport net.geedge.modules.entity.service.EntityExplorerService as EntityExplorerService;\r\nimport \'@/pre/timeHandle\' as preHandle;\r\nimport \'@/post/table\' as postHandle;\r\nimport \'@/public/postGalaxyResult\' as postGalaxyResult;\r\n\r\n\r\n/**\r\n * 入参整理 包括调用公共函数\r\n */\r\nvar parameter={\r\n    \"startTime\":startTime,\r\n    \"endTime\":endTime,\r\n    \"resource\":resource\r\n}\r\npreHandle(parameter);\r\nparameter.resource = EntityExplorerService.parseExpression(parameter.resource,\"securityEventMetadata\");\r\n\r\n/**\r\n * 接口sql相关内容整理 通过freemarker模板生成最后执行语句\r\n */\r\nvar q = \"{\\\"query\\\":\\\"SELECT event_name AS event_name,uniqExact(event_id) AS count FROM cn_event WHERE end_time >= ${startTime} AND end_time < ${endTime} <#if resource?default(\'\')?trim? length gt 0> AND ${resource} </#if> GROUP BY event_name ORDER BY count DESC\\\",\\\"option\\\":\\\"real_time\\\",\\\"format\\\":\\\"json\\\"}\"\r\nvar result  = freeMarkerUtil.processTemplateIntoString(\"nameStatistics\",q,parameter);\r\n\r\n/**\r\n * 调用galaxy接口获取结果信息\r\n */\r\nvar res = jsonUtil.toBean(result,HashMap.class);\r\nvar galaxyRes = postGalaxyResult(res);\r\n\r\n/**\r\n * 处理galaxy返回的数据结果 将新结果返回前端界面\r\n */\r\nvar result = postHandle(galaxyRes);\r\n\r\nreturn result;');
 INSERT INTO `magic_api_file` VALUES ('/api/v1/detection/event/状态统计.ms', '{\n  \"properties\" : { },\n  \"id\" : \"copy1723081117471d70817\",\n  \"script\" : null,\n  \"groupId\" : \"420b0a1c8135477db8d371a9bb30d2c9\",\n  \"name\" : \"状态统计\",\n  \"createTime\" : null,\n  \"updateTime\" : 1724148022868,\n  \"lock\" : null,\n  \"createBy\" : null,\n  \"updateBy\" : null,\n  \"path\" : \"/status/statistics\",\n  \"method\" : \"GET\",\n  \"parameters\" : [ ],\n  \"options\" : [ ],\n  \"requestBody\" : \"\",\n  \"headers\" : [ ],\n  \"paths\" : [ ],\n  \"responseBody\" : null,\n  \"description\" : null,\n  \"requestBodyDefinition\" : null,\n  \"responseBodyDefinition\" : null\n}\r\n================================\r\nimport net.geedge.common.utils.FreeMarkerUtil as freeMarkerUtil;\r\nimport net.geedge.common.utils.JSONUtil as jsonUtil;\r\nimport net.geedge.modules.entity.service.EntityExplorerService as EntityExplorerService;\r\nimport \'@/pre/timeHandle\' as preHandle;\r\nimport \'@/post/table\' as postHandle;\r\nimport \'@/public/postGalaxyResult\' as postGalaxyResult;\r\n\r\n\r\n/**\r\n * 入参整理 包括调用公共函数\r\n */\r\nvar parameter={\r\n    \"startTime\":startTime,\r\n    \"endTime\":endTime,\r\n    \"resource\":resource\r\n}\r\npreHandle(parameter);\r\nparameter.resource = EntityExplorerService.parseExpression(parameter.resource,\"securityEventMetadata\");\r\n\r\n/**\r\n * 接口sql相关内容整理 通过freemarker模板生成最后执行语句\r\n */\r\nvar q = \"{\\\"query\\\":\\\"SELECT status AS status,uniqExact(event_id) AS count FROM cn_event WHERE end_time >= ${startTime} AND end_time < ${endTime} <#if resource?default(\'\')?trim? length gt 0> AND ${resource} </#if> GROUP BY status ORDER BY count DESC\\\",\\\"option\\\":\\\"real_time\\\",\\\"format\\\":\\\"json\\\"}\"\r\nvar result  = freeMarkerUtil.processTemplateIntoString(\"statusStatistics\",q,parameter);\r\n\r\n/**\r\n * 调用galaxy接口获取结果信息\r\n */\r\nvar res = jsonUtil.toBean(result,HashMap.class);\r\nvar galaxyRes = postGalaxyResult(res);\r\n\r\n/**\r\n * 处理galaxy返回的数据结果 将新结果返回前端界面\r\n */\r\nvar result = postHandle(galaxyRes);\r\n\r\nreturn result;');
 INSERT INTO `magic_api_file` VALUES ('/api/v1/detection/event/类型统计.ms', '{\n  \"properties\" : { },\n  \"id\" : \"copy1723081223926d5281\",\n  \"script\" : null,\n  \"groupId\" : \"420b0a1c8135477db8d371a9bb30d2c9\",\n  \"name\" : \"类型统计\",\n  \"createTime\" : null,\n  \"updateTime\" : 1724147975098,\n  \"lock\" : null,\n  \"createBy\" : null,\n  \"updateBy\" : null,\n  \"path\" : \"/type/statistics\",\n  \"method\" : \"GET\",\n  \"parameters\" : [ ],\n  \"options\" : [ ],\n  \"requestBody\" : \"\",\n  \"headers\" : [ ],\n  \"paths\" : [ ],\n  \"responseBody\" : null,\n  \"description\" : null,\n  \"requestBodyDefinition\" : null,\n  \"responseBodyDefinition\" : null\n}\r\n================================\r\nimport net.geedge.common.utils.FreeMarkerUtil as freeMarkerUtil;\r\nimport net.geedge.common.utils.JSONUtil as jsonUtil;\r\nimport net.geedge.modules.entity.service.EntityExplorerService as EntityExplorerService;\r\nimport \'@/pre/timeHandle\' as preHandle;\r\nimport \'@/post/table\' as postHandle;\r\nimport \'@/public/postGalaxyResult\' as postGalaxyResult;\r\n\r\n\r\n/**\r\n * 入参整理 包括调用公共函数\r\n */\r\nvar parameter={\r\n    \"startTime\":startTime,\r\n    \"endTime\":endTime,\r\n    \"resource\":resource\r\n}\r\npreHandle(parameter);\r\nparameter.resource = EntityExplorerService.parseExpression(parameter.resource,\"securityEventMetadata\");\r\n\r\n/**\r\n * 接口sql相关内容整理 通过freemarker模板生成最后执行语句\r\n */\r\nvar q = \"{\\\"query\\\":\\\"SELECT event_type AS event_type,uniqExact(event_id) AS count FROM cn_event WHERE end_time >= ${startTime} AND end_time < ${endTime} <#if resource?default(\'\')?trim? length gt 0> AND ${resource} </#if> GROUP BY event_type ORDER BY count DESC\\\",\\\"option\\\":\\\"real_time\\\",\\\"format\\\":\\\"json\\\"}\"\r\nvar result  = freeMarkerUtil.processTemplateIntoString(\"typeStatistics\",q,parameter);\r\n\r\n/**\r\n * 调用galaxy接口获取结果信息\r\n */\r\nvar res = jsonUtil.toBean(result,HashMap.class);\r\nvar galaxyRes = postGalaxyResult(res);\r\n\r\n/**\r\n * 处理galaxy返回的数据结果 将新结果返回前端界面\r\n */\r\nvar result = postHandle(galaxyRes);\r\n\r\nreturn result;');