修改：适配24.08版本知识库库表结构变化24.08

author: 尹姜谊 <[email protected]> 2024-11-08 14:42:50 +0800
committer: 尹姜谊 <[email protected]> 2024-11-08 14:42:50 +0800
commit: c057aff33d329f918bad57c8de5705f841a9495e (patch)
tree: 15c25b451afde91775fea215c7c2be0f4e6f806c /config24.01.yaml
parent: ee5a5dba40817632ed32d8d86313bb45def60100 (diff)
parent: c0d48d9b8b55926fcaf38c7a126c67ea01e03dbf (diff)
1 files changed, 25 insertions, 25 deletions
diff --git a/config24.01.yaml b/config24.01.yaml
index 9439093..6e64cdf 100644
--- a/config24.01.yaml
+++ b/config24.01.yaml
@@ -12,13 +12,14 @@ common:
     protected_ip_list: ['8.8.8.8', '8.8.4.4', '1.1.1.1', '255.255.255.255', '0.0.0.0', '127.*']
 
 monitor:
-    monitor_file_path: /opt/vpn-finder-plugins/prom/vpn_plugin_knowledgebase_monitor.prom
+    monitor_file_path: /Users/joy/Downloads/vpn_thwarting_monitor.prom
+#    monitor_file_path: /opt/vpn-finder-plugins/prom/vpn_plugin_knowledgebase_monitor.prom
     outdated_days: 100 # outdated after Inactive for days. outdated results will not be monitored as effective results
     timezone_hour_gap: 8
 
 
 clickhouse:
-    host: 10.160.12.147
+    host: 192.168.40.147
     port: 9001
     username: default
     password: galaxy2019
@@ -27,25 +28,24 @@ clickhouse:
     security_table_name: security_event
 
 mariadb:
-    host: 10.160.12.201
+    host: 192.168.44.53
     port: 3306
     user: root
-    pswd: galaxy2019
+    pswd: 111111
     db_name: cn_api
-    ip_table_name: cn_vpn_learning_ip
-    domain_table_name: cn_vpn_learning_domain
+    table_name: cn_intelligence_indicator
+
 
 knowledgebase:
-    host: 10.160.12.204:8090
+    host: 192.168.44.54:8090
     kb_username:
     api_pin:
-    api_path: /v1/knowledgeBase/items/batch
+    api_path: /v1/tag/items/batch
     api_token: a2857bc21b01421b85953fc2c65b4d4c
     api_retry_times: 3
     api_timeout: 9999
     db_name: cn_api
-    ip_library_name: vpn_learning_ip
-    domain_library_name: vpn_learning_domain
+    library_name: cn_intelligence_indicator
 
 
 ### PLUGIN CONFIGS
@@ -53,7 +53,7 @@ knowledgebase:
 hotspotvpn:
     plugin_name: hotspotvpn
     vpn_service_name: hotspotvpn
-    plugin_id: 1
+    plugin_id: fd3a275b-49e0-462e-8630-c0f4698da9a8
     object_type: ip
     confidence: confirmed
     sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (ssl_ja3_hash in ('f49621211538d12435b8498f195d0c31', '908e8001ed339d74cedd91a4eb7abfab')) UNION ALL SELECT server_ip  FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (ssl_sni IN ({$domain_list})) GROUP BY server_ip having length(groupUniqArray(server_domain)) >= 5
@@ -63,33 +63,33 @@ hotspotvpn:
 ipvanishvpn:
     plugin_name: ipvanishvpn
     vpn_service_name: ipvanishvpn
-    plugin_id: 2
+    plugin_id: c7ef715a-4ee0-4ac7-b30e-49f337fc8fb8
     confidence: confirmed
     domain:
         object_type: domain
         sql: SELECT dns_qname FROM {$db_name}.{$table_name} WHERE {$time_filter} AND dns_qname LIKE '%.vpn.ipvanish.com' group by dns_qname
     ip:
         object_type: ip
-        kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_domain_tablename} where vpn_service_name = 'ipvanishvpn' group by domain
+        kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_tablename} where source_name = 'ipvanishvpn' group by domain
 
 
 ivacyvpn:
     plugin_name: ivacyvpn
     vpn_service_name: ivacyvpn
-    plugin_id: 3
+    plugin_id: fdb15703-fb5c-4600-8f04-6128adb1940b
     confidence: confirmed
     domain:
         object_type: domain
         sql: SELECT dns_qname FROM {$db_name}.{$table_name} WHERE {$time_filter} AND ((dns_qname LIKE '%.pointtoserver.com') or (dns_qname LIKE '%.ptoserver.com') or (dns_qname LIKE '%.dns2use.com')) group by dns_qname
     ip:
         object_type: ip
-        kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_domain_tablename} where vpn_service_name = 'ivacyvpn' group by domain
+        kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_tablename} where source_name = 'ivacyvpn' group by domain
 
 
 protonvpn:
     plugin_name: protonvpn
     vpn_service_name: protonvpn
-    plugin_id: 4
+    plugin_id: 9315f6f7-c921-4bb2-a16f-3da86ad3baee
     object_type: ip
     confidence: confirmed
     sql: SELECT server_ip, groupUniqArray(server_port) as ports FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (server_port IN (443, 7770, 8443, 88, 5060, 51820, 500, 80, 1224, 4500, 4569, 5060, 1194)) GROUP BY server_ip HAVING length(ports) >= 10
@@ -99,14 +99,14 @@ protonvpn:
 cyberghostvpn:
     plugin_name: cyberghostvpn
     vpn_service_name: cyberghostvpn
-    plugin_id: 5
+    plugin_id: d3e486c4-4d4d-429e-9af8-d018f73dde99
     confidence: confirmed
     domain:
         object_type: domain
         sql: SELECT dns_qname FROM {$db_name}.{$table_name} WHERE {$time_filter} AND dns_qname LIKE '%.nodes.gen4.ninja' group by dns_qname
     ip:
         object_type: ip
-        kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_domain_tablename} where vpn_service_name = 'cyberghostvpn' group by domain
+        kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_tablename} where source_name = 'cyberghostvpn' group by domain
         monitor_on: False
         udp_monitor_app_name: Cyberghost-UDP
         sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} and app_transition like '%{$udp_monitor_app_name}%' group by server_ip
@@ -115,7 +115,7 @@ cyberghostvpn:
 windscribevpn:
     plugin_name: windscribevpn
     vpn_service_name: windscribevpn
-    plugin_id: 6
+    plugin_id: 9bd2b634-be41-453f-b6eb-89e25bbffcc3
     confidence: confirmed
     domain:
         object_type: domain
@@ -123,12 +123,12 @@ windscribevpn:
         domains: whiskergalaxy.com, totallyacdn.com
     ip:
         object_type: ip
-        kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_domain_tablename} where vpn_service_name = 'windscribevpn' group by domain
+        kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_tablename} where source_name = 'windscribevpn' group by domain
         sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} and (ssl_cert_subject like '%Windscribe%' or ssl_cert_issuer like '%Windscribe%') group by server_ip
 
 turbovpn:
     vpn_service_name: turbovpn
-    plugin_id: 7
+    plugin_id: 77fdc9b2-83b5-451f-a85d-98798810a7ec
     plugin_name: turbovpn
     object_type: ip
     confidence: confirmed
@@ -137,7 +137,7 @@ turbovpn:
 
 geckovpn:
     vpn_service_name: geckovpn
-    plugin_id: 8
+    plugin_id: ffbda1c9-dbbe-4160-8961-270d3aeb6a37
     plugin_name: geckovpn
     object_type: ip
     confidence: confirmed
@@ -146,7 +146,7 @@ geckovpn:
 
 vpnunlimited:
     vpn_service_name: vpnunlimited
-    plugin_id: 9
+    plugin_id: a0693f60-9028-4680-bbce-4200cfcbd291
     plugin_name: vpnunlimited
     object_type: ip
     confidence: confirmed
@@ -156,5 +156,5 @@ vpnunlimited:
 
 psiphon3vpn:
     vpn_service_name: psiphon3vpn
-    plugin_id: 10
-    plugin_name: psiphon3vpn
-\ No newline at end of file
+    plugin_id: 5d225aa8-ae80-4c89-a972-026bbb5d14e4
+    plugin_name: psiphon3vpn
author	尹姜谊 <[email protected]>	2024-11-08 14:42:50 +0800
committer	尹姜谊 <[email protected]>	2024-11-08 14:42:50 +0800
commit	c057aff33d329f918bad57c8de5705f841a9495e (patch)
tree	15c25b451afde91775fea215c7c2be0f4e6f806c /config24.01.yaml
parent	ee5a5dba40817632ed32d8d86313bb45def60100 (diff)
parent	c0d48d9b8b55926fcaf38c7a126c67ea01e03dbf (diff)