CN109800140A - Method, apparatus, equipment and the medium of service alarm event analysis of causes - Google Patents
Method, apparatus, equipment and the medium of service alarm event analysis of causes Download PDFInfo
- Publication number
- CN109800140A CN109800140A CN201811608769.6A CN201811608769A CN109800140A CN 109800140 A CN109800140 A CN 109800140A CN 201811608769 A CN201811608769 A CN 201811608769A CN 109800140 A CN109800140 A CN 109800140A
- Authority
- CN
- China
- Prior art keywords
- alarm event
- service alarm
- information
- operation log
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 26
- 238000000034 method Methods 0.000 title abstract description 16
- 238000004590 computer program Methods 0.000 claims description 8
- 230000006399 behavior Effects 0.000 description 4
- 235000013399 edible fruits Nutrition 0.000 description 4
- 230000005291 magnetic effect Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000012550 audit Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000005611 electricity Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000001902 propagating effect Effects 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
- 238000012549 training Methods 0.000 description 1
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The present invention provides a kind of analysis method of service alarm event cause, and method includes: to record Servers-all operation log using oracle listener;Obtain the information of server operation log and service alarm event;Calculating is associated with the information of service alarm event to server operation log, obtains association results;According to association results, the cause of service alarm event is obtained.In this way, the cause of the service alarm event as caused by maloperation or other factors, clearly defining responsibilities can be tracked accurately.The present invention also provides a kind of analytical equipment of service alarm event cause, a kind of electronic equipment and a kind of computer-readable mediums.
Description
Technical field
The present invention relates to network safety filed more particularly to a kind of method, apparatus of service alarm event analysis of causes, set
Standby and medium.
Background technique
With the continuous improvement of the level of informatization, the degree of dependence of information is consequently increased, how guarantee information system
One of the problem of safety is current extensive concern.For example, the failures such as operating system, hardware, application program or configuration error cause
System exception operation, service disruption, these abnormal behaviours can only be reacted in system and all kinds of logs, ununified day
Will audit means, can not find safety accident in time;Most of enterprise to the internet behavior of employee all without directly controlling, because
This employee it is inappropriate or abuse formula Internet resources behavior happen occasionally, as downloading, online chat and access illegal website
Behavior etc. can also cause service alarm.
In order to preferably cope with service alarm, more and more log audit products come into being, but mostly both for
Web log, server operation log, it is less for login service device operation log.Therefore, present invention is generally directed to Linux clothes
The audit of business device register log.
Summary of the invention
(1) technical problems to be solved
For presently, there are the technical issues of, the present invention propose a kind of service alarm event analysis of causes method, apparatus,
Equipment and medium are traced to the source for being tracked to service alarm accident caused by maloperation or interior ghost.
(2) technical solution
The present invention provides a kind of analysis method of service alarm event cause characterized by comprising uses monitoring journey
Sequence records Servers-all operation log;Obtain the information of server operation log and service alarm event;To server operation
Log is associated with calculating with the information of service alarm event, obtains association results;According to association results, service alarm event is obtained
Cause.
Optionally, it records in Servers-all operation log, server operation log includes user login information and operation
Information, user login information include user name, IP address information and the time logged in, and operation information includes user's concrete operations
Content.
Optionally, calculating is associated with the information of service alarm event to server operation log, obtains association results, wrapped
Include: according to service alarm event information, association user name, IP address information, time and the content of concrete operations obtain causing industry
Particular user name, IP address information, time and the content of operation of business alarm event.
Optionally, association results include user name corresponding with service alarm event, IP address information and time, according to pass
Connection is as a result, obtain the cause of service alarm event, comprising: obtains causing the particular user of service alarm event according to user name;
Obtain causing the specific address of service alarm event according to IP address information;Obtain causing the tool of service alarm event according to the time
The body time.
Optionally, the information of service alarm event is obtained, comprising: carried out to the information of all alarm events of acquisition
Filter eliminates the information for wherein missing alarm event or repeats alarm event information.
Optionally, being associated with calculating with the information of service alarm event to server operation log includes: using log point
Engine is analysed according to service alarm event information associated server operation log.
Optionally, after record Servers-all operation log further include: by server operation log storage to big data
Platform.
Another aspect of the present invention provides a kind of analytical equipment of service alarm event cause, which includes: logging modle,
For recording Servers-all operation log;Data obtaining module, for obtaining server operation log and service alarm event
Information;Computing module obtains association knot for being associated with calculating with the information of service alarm event to server operation log
Fruit;As a result module is obtained, for obtaining the cause of service alarm event according to association results.
Another aspect of the present invention also provides a kind of electronic equipment, comprising: processor;Memory, being stored with computer can
Program is executed, the program by the processor when being executed, so that the processor executes the service alarm event in the present invention
The method of analysis of causes.
Another aspect of the present invention also provides a kind of computer-readable medium, is stored thereon with computer program, the program quilt
The method of the service alarm event analysis of causes in the present invention is realized when processor executes.
(3) beneficial effect
The analysis method of a kind of service alarm event cause provided by the invention, by service alarm event information kimonos
Business device operation log is associated calculating, according to association calculating as a result, analyzing the cause of service alarm event.Utilize the party
Method, the specifically service alarm event that is directed to as caused by maloperation or interior ghost, which is tracked, traces to the source, and can correctly match
To the cause of accident, everyone has responsibility.
Detailed description of the invention
For a more complete understanding of the present invention and its advantage, referring now to being described below in conjunction with attached drawing, in which:
Fig. 1 diagrammatically illustrates the flow chart of the analysis method of service alarm event cause according to an embodiment of the present invention.
Fig. 2 diagrammatically illustrates the block diagram of the analytical equipment of service alarm event cause according to an embodiment of the present invention.
Fig. 3 diagrammatically illustrates the block diagram of electronic equipment according to an embodiment of the present invention.
Specific embodiment
Hereinafter, will be described with reference to the accompanying drawings the embodiment of the present invention.However, it should be understood that these descriptions are only exemplary
, and be not intended to limit the scope of the invention.In the following detailed description, to elaborate many specific thin convenient for explaining
Section is to provide the comprehensive understanding to the embodiment of the present invention.It may be evident, however, that one or more embodiments are not having these specific thin
It can also be carried out in the case where section.In addition, in the following description, descriptions of well-known structures and technologies are omitted, to avoid
Unnecessarily obscure idea of the invention.
The embodiment of the present invention proposes a kind of analysis method of industry industry alarm event cause.
Fig. 1 diagrammatically illustrates the flow chart of industry industry alarm event analysis of causes method according to an embodiment of the present invention.
As shown in Figure 1, this method comprises:
S1 records Servers-all operation log using oracle listener.
Because server operation log includes all login service device log-on messages and the letter of concrete operations on that server
Breath, therefore to analyze the cause of service alarm event, it is necessary to the Servers-all operation log of server is recorded.
The server of all background servers is recorded using backstage oracle listener particularly directed in the backstage of each login service device
Then operation log is stored to big data platform and carries out subsequent association calculating.
Server operation log includes user login information and operation information.Wherein, user login information includes that user steps on
User name, IP address information and time of login of record etc., operation information include user the service implement body carried out how
Operation, for example download, watch movie online, online chat, listening to music and access illegal website etc..
S2 obtains the information of server operation log and service alarm event.
After recording to server operation log, server operation log is obtained in case subsequent association calculates, together
Shi Guanlian calculates the information for also needing service alarm event.The information of service alarm event usually there are two types of: one is prisons
The performance alarm log for the server apparatus that software generates is controlled, another kind is the industry disposing operation system on the server and generating
Business alarm log.Acquisition mode are as follows: itself alarm event information is actively reported upwards one is server, it is another then be net
Network system actively obtains corresponding alarm event information by periodic training or close mode.In general in a communication network
Server itself can provide at least one mode, in order to which operator can be managed server, be if Motorola
Wireless device provides OMC-R (Operation Maintenance Center-Radio) way to manage, and each point is reported
The alarm data to come up accumulates, and forms corresponding file.Acquisition to alarm is mainly that key point is the real-time of alarm
Property, comprehensive and high efficiency.
Include some inessential warning information in the service alarm event information of acquisition, accidentally alerts and repeat to alert
Deng, therefore before being associated calculating, these useless warning information need to be filtered, to reduce the calculation amount that association calculates.
S3 is associated with calculating with the information of service alarm event to server operation log, obtains association results.
Association, which calculates, refers to that the sequence of the associate field according to another sequence or arrangement is ranked up, in the present embodiment
In, according to the time in user login information, the alarm time in user name and IP address information and service alarm event information
The time of generation, the specific address occurred in the server are associated calculating, obtain the result that association calculates.The result is such as
Be which user name pass through at what time access what IP address illegal website be generate alarm event.Wherein, business
In alarm event information, occur specific address ratio in the server if any: which IP address user is browsing by server
Illegal website when, the alarm event of generation, hacker is in the alarm event etc. attacking that webpage and generating.Specific association calculates
It is that association results are obtained according to alarm event information association server operation log using log analysis engine.
S4 obtains the cause of service alarm event according to association results.
It can be one by the association results that operation S3 is obtained and be ranked up table by the sequence of associate field.The table
In include to cause alarm event specifying information, for example cause the user name of the user of the alarm event, time and address.According to
Time obtains causing the specific time of the alarm event, and the specific use for causing the alarm event is quickly obtained in conjunction with user name
Family, thus can everyone has responsibility by service alarm;Obtain causing the specific address of alarm event according to IP address information, it is clear
User is the service alarm caused by browsing the illegal website of what IP address, and the later period can be by firewall to these websites
It is shielded, so that preventing the generation again of similar alarm event that can not continue to access these illegal websites, making network more
Safety.
In conclusion the present invention proposes a kind of analysis method of service alarm event cause, by the clothes for obtaining server
Business device operation log, and service alarm event information is obtained, it is associated with according to log analysis engine according to service alarm event information
The operation log of server obtains one and is ranked up table by the sequence of associate field, can be accurate according to this sequence
The cause that service alarm event occurs is tracked, so that the responsibility of the specific service alarm event and later period in time accuse similar business
Alert event makes corresponding counter-measure.
Fig. 2 diagrammatically illustrates the block diagram of the analytical equipment 200 of service alarm event cause according to an embodiment of the present invention.
As shown in Fig. 2, the analytical equipment 200 of service alarm event cause includes logging modle 210, data obtaining module
220, computing module 230 and result obtain module 240.
Logging modle 210, for recording Servers-all operation log.Specifically, according to backstage oracle listener, institute is recorded
There is the server operation log of background server, big data platform is arrived in storage.Server operation log includes user login information
And operation information.Wherein, user login information includes user name, IP address information and the time of login etc. that user logs in, behaviour
It include user in the specific operation content of the server as information.
Data obtaining module 220, for obtaining the information of server operation log and service alarm event.Wherein, it acquires
Service alarm event information in include some inessential warning information, accidentally alert and repeat alarm etc., therefore carrying out
Before association calculates, these useless warning information need to be filtered, to reduce the calculation amount that association calculates.
Computing module 230 is associated with calculating with the information of service alarm event to server operation log, obtains association knot
Fruit.Specifically, it is closed according to log analysis engine according to service alarm event information associated server server operation log
It is coupled fruit.
As a result module 240 is obtained, for obtaining the cause of service alarm event according to association results.Specifically, association knot
Fruit includes user name corresponding with service alarm event, IP address information and time, is obtained causing the service alarm according to the time
The specific time of event quickly obtains the particular user for causing the service alarm event in conjunction with user name, can thus incite somebody to action
Everyone has responsibility for service alarm;Obtain causing the specific address of alarm event according to IP address information, specifying user is to pass through browsing
The service alarm that the illegal website of what IP address is caused, later period can shield these websites by firewall, so that
It can not continue to access these illegal websites, prevent the generation again of similar alarm event, keep network safer.
It should be appreciated that logging modle 210, data obtaining module 220, computing module 230 and result obtain module 240 can be with
Merging is realized in a module or any one module therein can be split into multiple modules.Alternatively, these modules
In at least partly functions of one or more modules can be combined at least partly function of other modules, and in a mould
It is realized in block.According to an embodiment of the invention, logging modle 210, data obtaining module 220, computing module 230 and result obtain
At least one of module 240 can at least be implemented partly as hardware circuit, such as field programmable gate array (FPGA),
Programmable logic array (PLA), system on chip, the system on substrate, the system in encapsulation, specific integrated circuit (ASIC), or
It can be realized with carrying out the hardware such as any other rational method that is integrated or encapsulating or firmware to circuit, or with software, hard
The appropriately combined of part and firmware three kinds of implementations is realized.Alternatively, logging modle 210, data obtaining module 220, calculating
Module 230 and result, which obtain at least one of module 240, can at least be implemented partly as computer program module, when this
When program is run by computer, the function of corresponding module can be executed.
The present invention provides a kind of electronic equipment, as shown in figure 3, the electronic equipment 300 includes processor 310 and memory
320.The method that the electronic equipment 300 can execute the embodiment of the present invention according to figure 1.
Specifically, processor 310 for example may include general purpose microprocessor, instruction set processor and/or related chip group
And/or special microprocessor (for example, specific integrated circuit (ASIC)), etc..Processor 310 can also include using for caching
The onboard storage device on way.Processor 610 can be the different movements for executing the method flow according to the embodiment of the present disclosure
Single treatment unit either multiple processing units.
Memory 320, such as can be the arbitrary medium can include, store, transmitting, propagating or transmitting instruction.For example,
Readable storage medium storing program for executing can include but is not limited to electricity, magnetic, optical, electromagnetic, infrared or semiconductor system, device, device or propagate Jie
Matter.The specific example of readable storage medium storing program for executing includes: magnetic memory apparatus, such as tape or hard disk (HDD);Light storage device, such as CD
(CD-ROM);Memory, such as random access memory (RAM) or flash memory;And/or wire/wireless communication link.
Memory 320 may include computer program 321, which may include that code/computer can be held
Row instruction, executes processor 310 according to the method for the embodiment of the present disclosure or its any change
Shape.
Computer program 321 can be configured to have the computer program code for example including computer program module.Example
Such as, in the exemplary embodiment, the code in computer program 321 may include at least one program module, for example including module
321A, module 321B ....It should be noted that the division mode and number of module are not fixation, those skilled in the art can
To be combined according to the actual situation using suitable program module or program module, when these program modules are combined by processor 310
When execution, processor 310 is executed according to the method for the embodiment of the present disclosure or its any deformation.
The disclosure additionally provides a kind of computer-readable medium, which, which can be in above-described embodiment, retouches
Included in the equipment/device/system stated;It is also possible to individualism, and without in the supplying equipment/device/system.On
It states computer-readable medium and carries one or more program, when said one or multiple programs are performed, realize root
According to the method for the embodiment of the present disclosure.
In accordance with an embodiment of the present disclosure, computer-readable medium can be computer-readable signal media or computer can
Read storage medium either the two any combination.Computer readable storage medium for example can be --- but it is unlimited
In system, device or the device of --- electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor, or any above combination.It calculates
The more specific example of machine readable storage medium storing program for executing can include but is not limited to: have the electrical connection, portable of one or more conducting wires
Formula computer disk, hard disk, random access storage device (RAM), read-only memory (ROM), erasable programmable read only memory
(EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), light storage device, magnetic memory device or
The above-mentioned any appropriate combination of person.In the disclosure, computer readable storage medium can be it is any include or storage program
Tangible medium, which can be commanded execution system, device or device use or in connection.And in this public affairs
In opening, computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal,
In carry computer-readable program code.The data-signal of this propagation can take various forms, including but not limited to
Electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be computer-readable
Any computer-readable medium other than storage medium, the computer-readable medium can send, propagate or transmit for by
Instruction execution system, device or device use or program in connection.The journey for including on computer-readable medium
Sequence code can transmit with any suitable medium, including but not limited to: wireless, wired, optical cable, radiofrequency signal etc., or
Above-mentioned any appropriate combination.
Although the disclosure has shown and described referring to the certain exemplary embodiments of the disclosure, without departing substantially from appended
In the case where the spirit and scope of the present disclosure that claim and its equivalent limit, the disclosure can be carried out in form and details
A variety of changes.Therefore, the scope of the present disclosure should not necessarily be limited by above-described embodiment, but should not only by appended claims Lai
It is determined, is also defined by the equivalent of appended claims.
Claims (10)
1. a kind of analysis method of service alarm event cause characterized by comprising
Using oracle listener, Servers-all operation log is recorded;
Obtain the information of the server operation log and service alarm event;
Calculating is associated with the information of alarm event to the server operation log, obtains association results;
According to the association results, the cause of the service alarm event is obtained.
2. the analysis method of service alarm event cause according to claim 1, which is characterized in that described to record all clothes
It is engaged in device operation log, the server operation log includes user login information and operation information, the user login information
User name, IP address information and time including login, the operation information include the content of user's concrete operations.
3. the analysis method of service alarm event cause according to claim 2, which is characterized in that described to the service
Device operation log is associated with calculating with the information of service alarm event, obtains association results, comprising:
According to the service alarm event information, it is associated with the user name, IP address information, time and the content of concrete operations,
Obtain causing particular user name, IP address information, time and the content of operation of the service alarm event.
4. the analysis method of service alarm event cause according to claim 1, which is characterized in that the association results packet
Including user name corresponding with the service alarm event, IP address information and time according to the association results obtains the industry
The cause of business alarm event, comprising:
Obtain causing the particular user of the service alarm event according to the user name;
Obtain causing the specific address of the service alarm event according to the IP address information;
Obtain causing the specific time of the service alarm event according to the time.
5. the analysis method of service alarm event cause according to claim 1, which is characterized in that obtain the alert event of business
Information, comprising:
The information of all service alarm events of acquisition is filtered, accidentally alarm event is eliminated wherein or repeats alarm event
Information.
6. the analysis method of service alarm event cause according to claim 1, which is characterized in that grasped to the server
Make log to be associated with calculating with the information of service alarm event to include: using log analysis engine according to the service alarm event
Server operation log described in information association.
7. the analysis method of service alarm event cause according to claim 1, which is characterized in that described to record all clothes
It is engaged in after device operation log further include: by server operation log storage to big data platform.
8. a kind of analytical equipment of service alarm event cause, which is characterized in that described device includes:
Logging modle, for recording Servers-all operation log;
Data obtaining module, for obtaining the information of the server operation log and service alarm event;
Computing module is associated with for being associated with calculating with the information of service alarm event to the server operation log
As a result;
As a result module is obtained, for obtaining the cause of the service alarm event according to the association results.
9. a kind of electronic equipment, comprising:
Processor;
Memory is stored with computer executable program, and the program by the processor when being executed, so that the processor
Execute the analysis method of the service alarm event cause as described in any one of claim 1-7.
10. a kind of computer-readable medium, is stored thereon with computer program, which is characterized in that the program is executed by processor
The analysis method of service alarm event cause of the Shi Shixian as described in any one of claim 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811608769.6A CN109800140A (en) | 2018-12-27 | 2018-12-27 | Method, apparatus, equipment and the medium of service alarm event analysis of causes |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811608769.6A CN109800140A (en) | 2018-12-27 | 2018-12-27 | Method, apparatus, equipment and the medium of service alarm event analysis of causes |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109800140A true CN109800140A (en) | 2019-05-24 |
Family
ID=66557746
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811608769.6A Pending CN109800140A (en) | 2018-12-27 | 2018-12-27 | Method, apparatus, equipment and the medium of service alarm event analysis of causes |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109800140A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110688278A (en) * | 2019-09-23 | 2020-01-14 | 凡普数字技术有限公司 | Alarm notification method, device and storage medium |
CN111125042A (en) * | 2019-11-13 | 2020-05-08 | 中国建设银行股份有限公司 | Method and device for determining risk operation event |
CN111478889A (en) * | 2020-03-27 | 2020-07-31 | 新浪网技术(中国)有限公司 | Alarm method and device |
CN111930882A (en) * | 2020-06-30 | 2020-11-13 | 国网电力科学研究院有限公司 | Server abnormity tracing method, system and storage medium |
CN112769612A (en) * | 2020-12-30 | 2021-05-07 | 北京天融信网络安全技术有限公司 | Alarm event false alarm removing method and device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101667929A (en) * | 2009-10-13 | 2010-03-10 | 中兴通讯股份有限公司 | Maintenance system and method of business system |
US20100306599A1 (en) * | 2009-05-26 | 2010-12-02 | Vmware, Inc. | Method and System for Throttling Log Messages for Multiple Entities |
US20120072782A1 (en) * | 2010-09-21 | 2012-03-22 | Verizon Patent And Licensing, Inc. | Correlation of network alarm messages based on alarm time |
CN104376023A (en) * | 2013-08-16 | 2015-02-25 | 北京神州泰岳软件股份有限公司 | Auditing method and system based on logs |
CN104700024A (en) * | 2013-12-10 | 2015-06-10 | ***通信集团黑龙江有限公司 | Method and system for auditing operational order of Unix-type host user |
CN106254086A (en) * | 2015-06-04 | 2016-12-21 | 重庆达特科技有限公司 | Cloud daily record is managed concentratedly, analyzes, monitoring and alarm platform |
-
2018
- 2018-12-27 CN CN201811608769.6A patent/CN109800140A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100306599A1 (en) * | 2009-05-26 | 2010-12-02 | Vmware, Inc. | Method and System for Throttling Log Messages for Multiple Entities |
CN101667929A (en) * | 2009-10-13 | 2010-03-10 | 中兴通讯股份有限公司 | Maintenance system and method of business system |
US20120072782A1 (en) * | 2010-09-21 | 2012-03-22 | Verizon Patent And Licensing, Inc. | Correlation of network alarm messages based on alarm time |
CN104376023A (en) * | 2013-08-16 | 2015-02-25 | 北京神州泰岳软件股份有限公司 | Auditing method and system based on logs |
CN104700024A (en) * | 2013-12-10 | 2015-06-10 | ***通信集团黑龙江有限公司 | Method and system for auditing operational order of Unix-type host user |
CN106254086A (en) * | 2015-06-04 | 2016-12-21 | 重庆达特科技有限公司 | Cloud daily record is managed concentratedly, analyzes, monitoring and alarm platform |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110688278A (en) * | 2019-09-23 | 2020-01-14 | 凡普数字技术有限公司 | Alarm notification method, device and storage medium |
CN111125042A (en) * | 2019-11-13 | 2020-05-08 | 中国建设银行股份有限公司 | Method and device for determining risk operation event |
CN111478889A (en) * | 2020-03-27 | 2020-07-31 | 新浪网技术(中国)有限公司 | Alarm method and device |
CN111930882A (en) * | 2020-06-30 | 2020-11-13 | 国网电力科学研究院有限公司 | Server abnormity tracing method, system and storage medium |
CN111930882B (en) * | 2020-06-30 | 2024-04-02 | 国网电力科学研究院有限公司 | Server anomaly tracing method, system and storage medium |
CN112769612A (en) * | 2020-12-30 | 2021-05-07 | 北京天融信网络安全技术有限公司 | Alarm event false alarm removing method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109800140A (en) | Method, apparatus, equipment and the medium of service alarm event analysis of causes | |
CN110249314B (en) | System and method for cloud-based operating system event and data access monitoring | |
US11218510B2 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
Tien et al. | KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches | |
US9887886B2 (en) | Forensic software investigation | |
WO2016177437A1 (en) | Computer-implemented method for determining computer system security threats, security operations center system and computer program product | |
US10862921B2 (en) | Application-aware intrusion detection system | |
CN109787816A (en) | Traffic failure localization method, device, equipment and medium | |
US11363068B2 (en) | Method and system for providing a complete traceability of changes incurred in a security policy | |
US20230362200A1 (en) | Dynamic cybersecurity scoring and operational risk reduction assessment | |
CN113704767A (en) | Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system | |
US20210281609A1 (en) | Rating organization cybersecurity using probe-based network reconnaissance techniques | |
US20220210202A1 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
US10083070B2 (en) | Log file reduction according to problem-space network topology | |
CN110620690A (en) | Network attack event processing method and electronic equipment thereof | |
Sheeraz et al. | Effective security monitoring using efficient SIEM architecture | |
CN110365714A (en) | Host-based intrusion detection method, apparatus, equipment and computer storage medium | |
US8931087B1 (en) | Reconfigurable virtualized remote computer security system | |
Dorigo | Security information and event management | |
CN112882892B (en) | Data processing method and device, electronic equipment and storage medium | |
CN110650126A (en) | Method and device for preventing website traffic attack, intelligent terminal and storage medium | |
US11366712B1 (en) | Adaptive log analysis | |
Neise | Graph-based event correlation for network security defense | |
US20180032393A1 (en) | Self-healing server using analytics of log data | |
Lhotsky | Instant OSSEC host-based intrusion detection system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 100088 Building 3 332, 102, 28 Xinjiekouwai Street, Xicheng District, Beijing Applicant after: Qianxin Technology Group Co.,Ltd. Address before: 100088 Building 3 332, 102, 28 Xinjiekouwai Street, Xicheng District, Beijing Applicant before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |
|
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190524 |