feature: security event add location info

author: gujinkai <[email protected]> 2024-03-29 14:08:32 +0800
committer: gujinkai <[email protected]> 2024-03-29 16:52:14 +0800
commit: e0e2e57c453440ddcd679182660c7ed972286e89 (patch)
tree: df520c3216da91fbce6f87de5116b2c376506b1c
parent: 57a1a9489280eedf72c2f2cb0b935ea99e2b469e (diff)
4 files changed, 60 insertions, 6 deletions
diff --git a/module-CN-indicator-match/src/main/java/com/zdjizhi/schedule/indicator/functions/MatchKeyedProcessFunction.java b/module-CN-indicator-match/src/main/java/com/zdjizhi/schedule/indicator/functions/MatchKeyedProcessFunction.java
index 5373f13..97fc4d9 100644
--- a/module-CN-indicator-match/src/main/java/com/zdjizhi/schedule/indicator/functions/MatchKeyedProcessFunction.java
+++ b/module-CN-indicator-match/src/main/java/com/zdjizhi/schedule/indicator/functions/MatchKeyedProcessFunction.java
@@ -166,6 +166,7 @@ public class MatchKeyedProcessFunction
 
         final SlideAggregate<CnRecordLog> first = logs.getFirst();
         final long firstTime = first.getFirstTime();
+        final CnRecordLog log = first.getValue();
 
         // match_duration
         if ((currentTime - firstTime) / 1000 / 60 < matchDuration.toMinutes()) {
@@ -202,8 +203,9 @@ public class MatchKeyedProcessFunction
             eventInfo.setName(ruleConfig.getLibraryName());
         }
 
-        event.setOffenderIp(group.getClientIp());
-        event.setVictimIp(group.getServerIp());
+        event.setOffenderIp(group.getServerIp());
+        event.setVictimIp(group.getClientIp());
+        addLocatonInfo(event, log);
 
         event.setStartTime((int) (firstTime / 1000L));
 
@@ -218,7 +220,6 @@ public class MatchKeyedProcessFunction
         event.setStatus(SecurityEvent.EventStatus.ON_GOING);
         event.setEndTime(endTime);
 
-        final CnRecordLog log = first.getValue();
         if (log.getIoc_type_list() != null && log.getIoc_type_list().size() > 0) {
             final String type = log.getIoc_type_list().get(0);
             eventInfo.setIocType(type);
@@ -278,6 +279,19 @@ public class MatchKeyedProcessFunction
     // ======================================================================================
     // ----------------------------------- private helper -----------------------------------
 
+    private void addLocatonInfo(final SecurityEvent event, final CnRecordLog log) {
+        event.setOffenderCountryRegion(log.getServer_country_region());
+        event.setOffenderSuperAdminArea(log.getServer_super_admin_area());
+        event.setOffenderAdminArea(log.getServer_admin_area());
+        event.setOffenderLongitude(log.getServer_longitude());
+        event.setOffenderLatitude(log.getServer_latitude());
+        event.setVictimCountryRegion(log.getClient_country_region());
+        event.setVictimSuperAdminArea(log.getClient_super_admin_area());
+        event.setVictimAdminArea(log.getClient_admin_area());
+        event.setVictimLongitude(log.getClient_longitude());
+        event.setVictimLatitude(log.getClient_latitude());
+    }
+
     private int sum(List<SlideAggregate<CnRecordLog>> slideValues) {
         return slideValues.stream().mapToInt(SlideAggregate::getTimes).sum();
     }
diff --git a/module-CN-indicator-match/src/main/java/com/zdjizhi/schedule/indicator/record/SecurityEvent.java b/module-CN-indicator-match/src/main/java/com/zdjizhi/schedule/indicator/record/SecurityEvent.java
index 51f6606..b6feb61 100644
--- a/module-CN-indicator-match/src/main/java/com/zdjizhi/schedule/indicator/record/SecurityEvent.java
+++ b/module-CN-indicator-match/src/main/java/com/zdjizhi/schedule/indicator/record/SecurityEvent.java
@@ -50,10 +50,51 @@ public class SecurityEvent {
     @JsonProperty("offender_ip")
     private String offenderIp;
 
+    @JSONField(name = "offender_country_region")
+    @JsonProperty("offender_country_region")
+    private String offenderCountryRegion;
+
+    @JSONField(name = "offender_super_admin_area")
+    @JsonProperty("offender_super_admin_area")
+    private String offenderSuperAdminArea;
+
+    @JSONField(name = "offender_admin_area")
+    @JsonProperty("offender_admin_area")
+    private String offenderAdminArea;
+
+    @JSONField(name = "offender_longitude")
+    @JsonProperty("offender_longitude")
+    private Double offenderLongitude;
+
+    @JSONField(name = "offender_latitude")
+    @JsonProperty("offender_latitude")
+    private Double offenderLatitude;
+
+
     @JSONField(name = "victim_ip")
     @JsonProperty("victim_ip")
     private String victimIp;
 
+    @JSONField(name = "victim_country_region")
+    @JsonProperty("victim_country_region")
+    private String victimCountryRegion;
+
+    @JSONField(name = "victim_super_admin_area")
+    @JsonProperty("victim_super_admin_area")
+    private String victimSuperAdminArea;
+
+    @JSONField(name = "victim_admin_area")
+    @JsonProperty("victim_admin_area")
+    private String victimAdminArea;
+
+    @JSONField(name = "victim_longitude")
+    @JsonProperty("victim_longitude")
+    private Double victimLongitude;
+
+    @JSONField(name = "victim_latitude")
+    @JsonProperty("victim_latitude")
+    private Double victimLatitude;
+
     private String domain;
 
     private String app;
diff --git a/platform-etl/src/main/java/com/zdjizhi/etl/utils/tag/CustomKnowledgeUtils.java b/platform-etl/src/main/java/com/zdjizhi/etl/utils/tag/CustomKnowledgeUtils.java
index d11ade2..fd6fd57 100644
--- a/platform-etl/src/main/java/com/zdjizhi/etl/utils/tag/CustomKnowledgeUtils.java
+++ b/platform-etl/src/main/java/com/zdjizhi/etl/utils/tag/CustomKnowledgeUtils.java
@@ -53,8 +53,7 @@ public class CustomKnowledgeUtils {
             String libraryType = libraryTypeMap.get(libraryId).name;
             if (libraryIdRuleIdMap.containsKey(libraryId)) {
                 for (Long ruleId : libraryIdRuleIdMap.get(libraryId)) {
-                    entity.getRule_id_list().add(ruleId);
-                    entity.getIoc_type_list().add(libraryType);
+                    entity.putRuleIdAndIocType(ruleId, libraryType);
                 }
             }
         });
diff --git a/platform-etl/src/main/java/com/zdjizhi/etl/utils/tag/IpKnowledge.java b/platform-etl/src/main/java/com/zdjizhi/etl/utils/tag/IpKnowledge.java
index 7268dc9..2ba123f 100644
--- a/platform-etl/src/main/java/com/zdjizhi/etl/utils/tag/IpKnowledge.java
+++ b/platform-etl/src/main/java/com/zdjizhi/etl/utils/tag/IpKnowledge.java
@@ -41,7 +41,7 @@ public class IpKnowledge extends AbstractKnowledge {
             Node clientIpNode = getIpNode(entity.getCommon_client_ip());
             entity.putClient_ip_tags(clientIpNode.getTags());
             //client ip not need detection
-            /*BaseTagUtils.setRuleIdAndIocType(entity, clientIpNode);*/
+            /*CustomKnowledgeUtils.setRuleIdAndIocType(entity, clientIpNode);*/
             Node serverIpNode = getIpNode(entity.getCommon_server_ip());
             entity.putServer_ip_tags(serverIpNode.getTags());
             CustomKnowledgeUtils.setRuleIdAndIocType(entity, serverIpNode);
author	gujinkai <[email protected]>	2024-03-29 14:08:32 +0800
committer	gujinkai <[email protected]>	2024-03-29 16:52:14 +0800
commit	e0e2e57c453440ddcd679182660c7ed972286e89 (patch)
tree	df520c3216da91fbce6f87de5116b2c376506b1c
parent	57a1a9489280eedf72c2f2cb0b935ea99e2b469e (diff)