[Fix][dataset] 适配DoS Threat Map 业务相关Datasets及Schema(TSG-22745)

author: wangwei <[email protected]> 2024-10-17 16:08:01 +0800
committer: wangwei <[email protected]> 2024-10-17 16:08:01 +0800
commit: 44cd4fa4da4a2952f03cf15bf2bef10e14834a8e (patch)
tree: ae5e877c1c43ed07dbfa65c453a1a23c534291cb
parent: 11b9bc6a9917359823a2176c539d5720d2bf5c60 (diff)
2 files changed, 33 insertions, 16 deletions
diff --git a/config/flyway/tsg/R__init_datasets.sql b/config/flyway/tsg/R__init_datasets.sql
index abf8d0fe..0707e2da 100644
--- a/config/flyway/tsg/R__init_datasets.sql
+++ b/config/flyway/tsg/R__init_datasets.sql
@@ -138,16 +138,16 @@ INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`,
 INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('voip-record-list', 'voip_record', 'qgw', 'sql', '{ "statement": "SELECT ${columns} FROM voip_record WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id in(${vsys_id}) AND ( ${filter}) ORDER BY recv_time DESC LIMIT ${limit}" }',null);
 INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('voip-record-count', 'voip_record', 'qgw', 'sql', '{ "statement": "SELECT count(1) as count FROM voip_record WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id in(${vsys_id}) AND ( ${filter})" }',null);
 INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('voip-record-timeline', 'voip_record', 'qgw', 'sql', '{ "statement": "SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(recv_time, CHART_GRANULARITY(''${start_time}'', ''${end_time}''), ''zero'')) AS stat_time, decoded_as as type, COUNT(1) as count FROM voip_record WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN(${vsys_id}) AND ( ${filter}) GROUP BY stat_time,decoded_as ORDER BY stat_time asc" }',null);
-INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-threat-map-top-source-countries', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT arrayJoin(splitByString('','',source_country_list)) AS source_country, count(*) AS count FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND notEmpty(source_country_list) AND vsys_id IN ( ${vsys_id} ) AND ( ${filter} ) GROUP BY arrayJoin(splitByString('','',source_country_list)) ORDER BY count DESC LIMIT ${limit}" }',null);
-INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-threat-map-top-destination-countries', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT destination_country, COUNT(*) AS count FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND ( ${filter} ) GROUP BY destination_country ORDER BY count DESC LIMIT ${limit}" }',null);
-INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-threat-map-top-victims', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT destination_ip, count(*) AS count FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND ( ${filter} ) GROUP BY destination_ip ORDER BY count DESC LIMIT ${limit}" }',null);
-INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-threat-map-attack-type', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT attack_type, count(*) AS count FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND ( ${filter} ) GROUP BY attack_type ORDER BY attack_type LIMIT ${limit}" }',null);
+INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-threat-map-top-source-countries', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT source_country AS source_country, count(*) AS count FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND notEmpty(source_country) AND vsys_id IN ( ${vsys_id} ) AND ( ${filter} ) GROUP BY source_country ORDER BY count DESC LIMIT ${limit}" }',null);
+INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-threat-map-top-destination-countries', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT destination_country, COUNT(*) AS count FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND notEmpty(destination_country) AND vsys_id IN (${vsys_id}) AND ( ${filter} ) GROUP BY destination_country ORDER BY count DESC LIMIT ${limit}" }',null);
+INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-threat-map-top-destination-ips', 'dos_event', 'qgw', 'sql', '{ "statement": " SELECT destination_ip, count(*) AS count FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND ( ${filter} ) GROUP BY destination_ip ORDER BY count DESC LIMIT ${limit}" }',null);
+INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-threat-map-top-protection-rules', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT rule_uuid, count(*) AS count FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND ( ${filter} ) GROUP BY rule_uuid ORDER BY count DESC LIMIT ${limit}" }',null);
 INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-threat-map-severity', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT severity, count(*) AS count FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND ( ${filter} ) GROUP BY severity ORDER BY severity LIMIT ${limit}" }',null);
-INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-threat-map-destination-ip-distribution', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT destination_ip, any(destination_country) AS destination_country, groupUniqArray(arrayJoin(splitByString('','', source_country_list))) AS source_coutries, MAX(bit_rate) AS max_bit_rate, MAX(packet_rate) AS max_packet_rate, MAX(session_rate) AS max_session_rate, FROM_UNIXTIME(MIN(start_time)) AS first_active_time, FROM_UNIXTIME(MAX(end_time)) AS last_active_time, MAX_DURATION(end_time, 600) AS max_duration, groupUniqArray(attack_type) AS attack_type, count(*) AS count FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND ( ${filter} ) GROUP BY destination_ip ORDER BY count DESC LIMIT ${limit}" }',null);
-INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-threat-map-attack-connection', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT FROM_UNIXTIME(recv_time) AS stat_time, destination_country, source_country_list, attack_type, severity, bit_rate, bytes, packet_rate, packets, session_rate, sessions FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND (${filter}) ORDER BY recv_time ASC LIMIT ${limit}" }',null);
+INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-threat-map-destination-ip-distribution', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT destination_ip, any(destination_country) AS destination_country, groupUniqArray(source_country) AS source_coutries, MAX(bit_rate) AS max_bit_rate, MAX(packet_rate) AS max_packet_rate, MAX(session_rate) AS max_session_rate, FROM_UNIXTIME(MIN(start_time)) AS first_active_time, FROM_UNIXTIME(MAX(end_time)) AS last_active_time, MAX_DURATION(end_time, 600) AS max_duration, count(*) AS count FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND ( ${filter} ) GROUP BY destination_ip ORDER BY count DESC LIMIT ${limit}" }',null);
+INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-threat-map-attack-connection', 'dos_event', 'qgw', 'sql', '{ "statement": " SELECT FROM_UNIXTIME(recv_time) AS stat_time, rule_uuid, destination_country, source_country, bit_rate, bytes, packet_rate, packets, session_rate, sessions FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND (${filter}) ORDER BY recv_time ASC LIMIT ${limit}" }',null);
 INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-threat-map-attack-volume-summary', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT RATE(bytes, CHART_GRANULARITY(''${start_time}'', ''${end_time}''), 1) * 8  as avg_bits_per_sec FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND (${filter})" }',null);
 INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-threat-map-attack-volume-trend', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(recv_time, CHART_GRANULARITY(''${start_time}'', ''${end_time}''), ''zero'')) AS stat_time, RATE(bytes, CHART_GRANULARITY(''${start_time}'', ''${end_time}''), 1) * 8 as avg_bits_per_sec FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND ( ${filter} ) GROUP BY stat_time ORDER BY stat_time ASC LIMIT ${limit}" }',null);
-INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-event-timeline', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(recv_time, CHART_GRANULARITY(''${start_time}'', ''${end_time}''), ''zero'')) AS stat_time, attack_type AS type, count(*) AS count FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND ( ${filter} ) GROUP BY stat_time, attack_type ORDER BY stat_time ASC LIMIT ${limit}" }',null);
+INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-event-timeline', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(recv_time, CHART_GRANULARITY(''${start_time}'', ''${end_time}''), ''zero'')) AS stat_time, count(*) AS count FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND ( ${filter} ) GROUP BY stat_time ORDER BY stat_time ASC LIMIT ${limit}" }',null);
 INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-event-count', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT count(1) as count FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND ( ${filter} )" }',null);
 INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('dos-event-list', 'dos_event', 'qgw', 'sql', '{ "statement": "SELECT ${columns} FROM dos_event WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id IN (${vsys_id}) AND ( ${filter} ) ORDER BY recv_time DESC LIMIT ${limit}" }',null);
 INSERT INTO `dataset` (`identifier_name`, `category`, `backend_engine`, `type`, `template`, `description`) VALUES ('datapath-telemetry-record-count', 'datapath_telemetry_record', 'qgw', 'sql', '{ "statement": "SELECT count(1) as count FROM datapath_telemetry_record WHERE recv_time >= UNIX_TIMESTAMP(''${start_time}'') AND recv_time < UNIX_TIMESTAMP(''${end_time}'') AND vsys_id in(${vsys_id}) AND ( ${filter})" }',null);
diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/dos_event.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/dos_event.json
index 775cb25a..1cc686e5 100644
--- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/dos_event.json
+++ b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/dos_event.json
@@ -28,8 +28,9 @@
     },
     "default_columns": [
       "log_id",
+      "rule_uuid",
       "attack_type",
-      "source_ip_list",
+      "source_ip",
       "destination_ip",
       "severity",
       "start_time",
@@ -144,7 +145,7 @@
     },
     {
       "name": "attack_type",
-      "label": "Attack Type",
+      "label": "Attack Type(Deprecated)",
       "doc": {
         "constraints": {
           "operator_functions": "=,!=,in,not in,notEmpty,empty"
@@ -182,7 +183,7 @@
     },
     {
       "name": "severity",
-      "label": "Severity",
+      "label": "Severity(Deprecated)",
       "doc": {
         "constraints": {
           "operator_functions": "=,!=,in,not in,notEmpty,empty"
@@ -216,7 +217,7 @@
     },
     {
       "name": "conditions",
-      "label": "Conditions",
+      "label": "Conditions(Deprecated)",
       "doc": {
         "visibility": "enabled",
         "ttl": null
@@ -246,8 +247,24 @@
       "type": "string"
     },
     {
+      "name": "source_ip",
+      "label": "Source IP",
+      "doc": {
+        "visibility": "enabled",
+        "ttl": null
+      },
+      "type": "string"
+    },{
+      "name": "source_country",
+      "label": "Source Country",
+      "doc": {
+        "visibility": "enabled",
+        "ttl": null
+      },
+      "type": "string"
+    },{
       "name": "source_ip_list",
-      "label": "Source IP List",
+      "label": "Source IP List(Deprecated)",
       "doc": {
         "visibility": "enabled",
         "ttl": null
@@ -256,7 +273,7 @@
     },
     {
       "name": "source_country_list",
-      "label": "Source Country List",
+      "label": "Source Country List(Deprecated)",
       "doc": {
         "visibility": "enabled",
         "ttl": null
@@ -282,7 +299,7 @@
         "visibility": "enabled",
         "ttl": null
       },
-      "type": "long"
+      "type": "double"
     },
     {
       "name": "packets",
@@ -303,7 +320,7 @@
         "visibility": "enabled",
         "ttl": null
       },
-      "type": "long"
+      "type": "double"
     },
     {
       "name": "bytes",
@@ -324,7 +341,7 @@
         "visibility": "enabled",
         "ttl": null
       },
-      "type": "long"
+      "type": "double"
     }
   ]
 }
 \ No newline at end of file
author	wangwei <[email protected]>	2024-10-17 16:08:01 +0800
committer	wangwei <[email protected]>	2024-10-17 16:08:01 +0800
commit	44cd4fa4da4a2952f03cf15bf2bef10e14834a8e (patch)
tree	ae5e877c1c43ed07dbfa65c453a1a23c534291cb
parent	11b9bc6a9917359823a2176c539d5720d2bf5c60 (diff)