CN113220285B - Security event response scenario generation method, system, device and storage medium - Google Patents
Security event response scenario generation method, system, device and storage medium Download PDFInfo
- Publication number
- CN113220285B CN113220285B CN202110434300.0A CN202110434300A CN113220285B CN 113220285 B CN113220285 B CN 113220285B CN 202110434300 A CN202110434300 A CN 202110434300A CN 113220285 B CN113220285 B CN 113220285B
- Authority
- CN
- China
- Prior art keywords
- security
- event response
- action
- actions
- class
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/34—Graphical or visual programming
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/31—Programming languages or programming paradigms
- G06F8/315—Object-oriented languages
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method, a system, a computer device and a storage medium for generating a security event response scenario. The method for generating the security event response scenario comprises the steps of determining a security function entity according to a security scene, identifying security actions supported by the security function entity, marking the security actions as reading classes or writing classes, using the security actions as generating nodes to generate the security event response scenario and the like. The invention introduces a classification mechanism and technical realization of read-write analysis, so that the generated security event response script security actions are marked as writing type or reading type, the usability of security script arrangement is improved by classifying the security action, misoperation in the security script editing personnel arrangement process is reduced, actions and permission adaptation are allowed, and based on the classification mechanism and the technology, optimization technologies such as permission setting, security action execution approval, newly inserted security action risk detection and the like can be further realized. The invention is widely applied to the technical field of network security.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method, a system, a computer device and a storage medium for generating a security event response scenario.
Background
The security event response scenario may be represented as a set of data representing in what order (flow), what security devices (apps) are invoked, what actions are performed, and by executing the security event response scenario, a network security event response may be implemented. Mainstream SOAR (security orchestration, automation and response) products all provide graphic-based visual orchestration capability, allowing security personnel to orchestrate individual atomized actions (actions) in the emergency response process according to certain logic, forming a security response script (playbook), so as to develop a rapid emergency response when a security event occurs. The existing script editing technology only completes the editing of the action sequence, and lacks a management and control mechanism and a risk identification mechanism for actions.
Disclosure of Invention
In view of at least one of the foregoing technical problems, an object of the present invention is to provide a method, a system, a computer device, and a storage medium for generating a security event response scenario.
In one aspect, an embodiment of the present invention includes a method for generating a security event response scenario, including the steps of:
determining a safety scene;
determining a security function entity to be used according to the security scene;
identifying a security action supported by the security function entity;
marking the security action as a read class or a write class according to the content of the security action;
and taking the security action as a generation node to generate the security event response scenario.
Further, the security actions supported by the security function entity include a security action that the security function entity has performed and a security action that the security function entity is to perform.
Further, the step of marking the security action as a read class or a write class according to the content of the security action specifically includes:
when the security action is used for executing the operation of acquiring information, marking the security action as a reading type;
when the security action is used to perform an operation to send information, the security action is marked as a write class.
Further, the security event response scenario generation method further comprises the following steps:
performing visual processing on the security event response script; the visualization process is used for distinguishing the security actions belonging to the reading class from the security actions belonging to the writing class in the security event response scenario by generating visual effects.
Further, the security event response scenario generation method further comprises the following steps:
performing authority setting on the security event response scenario; the permission setting is used for giving different access permissions and/or modification permissions to the security actions belonging to the read class and the security actions belonging to the write class in the security event response scenario.
Further, the security event response scenario generation method further comprises the following steps:
approval processing is carried out on part or all of the security actions in the security event response script; the security actions that are subject to the approval process will be performed by the security event response scenario, and the security actions that are not subject to the approval process will not be performed by the security event response scenario.
Further, the security event response scenario generation method further comprises the following steps:
detecting an insertion action of the security event response script; the inserting action is used for inserting a new security action into a specific position in the security event response scenario;
identifying the new security action as a read class or a write class;
and determining the risk of the new security action according to the category relation between the security action before and/or after the specific position in the security event response script and the new security action.
In another aspect, an embodiment of the present invention further includes a system for generating a security event response scenario, including:
a first module for determining a security scenario;
the second module is used for determining a security function entity to be used according to the security scene;
a third module for identifying security actions supported by the security function entity;
a fourth module, configured to mark the security action as a read class or a write class according to the content of the security action;
and a fifth module, configured to generate the security event response scenario by using the security action as a generating node.
In another aspect, an embodiment of the present invention further includes a computer apparatus including a memory for storing at least one program and a processor for loading the at least one program to perform a security event response scenario generation method.
In another aspect, embodiments of the present invention also include a storage medium having stored therein processor-executable instructions that when executed by a processor are for performing a security event response scenario generation method.
The beneficial effects of the invention are as follows: according to the method for generating the security event response scenario, a classification mechanism and technical implementation of read-write analysis are introduced on the basis of the prior art, so that security actions in the generated security event response scenario are marked as writing type or reading type, usability of security scenario arrangement is improved, misoperation in the security scenario editing personnel arrangement process is reduced, and security risk of an automatic scenario is reduced; by adopting a read-write separation technical mechanism, the security arrangement system is allowed to perform action and permission adaptation aiming at different personnel and scenes, and based on the mechanism, optimization technologies such as access permission and/or modification permission setting, security action execution approval, newly inserted security action risk detection and the like can be further realized.
Drawings
FIG. 1 is a flow chart of a method of generating a security event response scenario in an embodiment;
fig. 2 is a schematic diagram of a security event response scenario generation method in an embodiment.
Detailed Description
In this embodiment, the flow of the security event response scenario generation method is shown in fig. 1, and includes the following steps:
s1, determining a safety scene;
s2, determining a safety function entity to be used according to a safety scene;
s3, identifying the safety actions supported by the safety function entity;
s4, marking the security action as a reading type or a writing type according to the content of the security action;
s5, taking the security action as a generation node to generate a security event response scenario.
The principle of steps S1-S5 is shown in fig. 2. In step S1, a security scene is determined according to the actual use requirement, for example, the security scene is determined to be a network security forbidden scene. According to the requirements of the network security seal scene, a network security engineer can propose the following security policies:
(1) Given an incoming IP address
(2) Sealing off IP addresses through a Hua-Chen firewall API interface
(3) Inquiring about firewall API interface to confirm that IP has been blocked
(4) According to the forbidden query result, sending a message notification to the WeChat
(5) Since IP blocking is a high-risk action, network security engineers wish to add an approval before the blocking action.
The above-mentioned security policies (1) - (5) are parsed, which involve an input (i.e. IP address), two security function entities (i.e. firewall and WeChat), and a decision rule, so that step S2 is performed, and it is determined that the security function entity to be used includes firewall and WeChat.
The security actions in this embodiment may refer to actions performed when the security function entity performs its own function, for example, security actions supported by the security function entity, such as a firewall, include: inquiring whether an IP is blocked or not, issuing a command to block an IP address, and inquiring the running state of a firewall; the security actions supported by the security function entity of WeChat include: a message is sent to a single user via a micro-letter and a message is sent to a group via a micro-letter. The security actions in this embodiment may also refer to system or process actions optimized with a security response, such as a network device, an IT system, or a SaaS service, for providing an operation condition for a security function entity, for example: starting antivirus software, updating a client virus library, querying a switch MAC address table, restarting a switch, closing a switch port, querying user mailbox information in Windows AD, freezing an employee account, calling SaaS service to query the attribution of a certain IP address, and the like.
Further, the security action may be an action name or a set of actions, for example, the security action may refer to an action of restarting a server or a set of actions of creating an employee account, specifically including a series of sub-actions of creating a Windows AD account, a company Exchange mailbox, updating department information of the employee, and the like.
In step S3, the security actions supported by the security function entity may be identified by means of a query or the like. In this embodiment, the security actions may be those that the security function entity has performed and those that the security function entity will perform.
Then, the network security engineer carries out carding on the security actions supported by the security function entity, carries out reading and writing type classification and identification, and the identification standard is as follows: if a security action is primarily used to perform the operation of obtaining information, then the security action is marked as a read class; if a security action is primarily used to perform the operation of sending information, then the security action is marked as a write class. Under this standard, security actions for queries or notifications may also be marked as read classes or write classes.
Table 1 is an example table of classification results.
TABLE 1
When the security action is marked as a read class or a write class in step S4, the security action may be marked simultaneously or separately in a data plane or a visual pattern plane. For example, when the security event response scenario is composed using a programming language such as Java, python, etc., the capabilities included in the security action may be described item by item, including: action name, action parameters, action category, etc., it is clear whether the security action belongs to the read class or the write class. Specifically, the security actions are marked by JSON files, XML files, or text-based identification bits.
When the method of the visual graph layer is used for marking, visual processing can be performed on the security event response scenario to generate visual effects such as highlighting or background color blocks, for example, each security action in the security event response scenario is displayed through graphs such as a block or a button, the security actions belonging to the writing type can be highlighted, the security actions belonging to the reading type are not highlighted, and the like, so that a network security engineer can conveniently and rapidly identify which security actions belong to the reading type and which security actions belong to the writing type.
After the classification of the security actions supported by the security function entity is completed, a security event response scenario is generated with the security actions as nodes.
In this embodiment, by classifying the writing type or the reading type of the security actions supported by the security function entity, the characteristic that the security actions of the writing type and the reading type have different operation risks is utilized, and the operation risk corresponding to the security actions can be marked in the security event response scenario, so that the network security engineer can make optimization according to the operation risk in the process of using the security event response scenario.
In this embodiment, in the process of using the security event response scenario, the optimization that the network security engineer can make according to the classification of the security action includes:
s6, authority setting is carried out on the security event response script; the permission setting is used for giving different access permissions and/or modification permissions to security actions belonging to the read class and security actions belonging to the write class in the security event response scenario.
When step S6 is performed, different access rights and/or modification rights may be opened to different persons. For example, access rights and/or modification rights for writing class security actions are opened to advanced scenario composers, access rights and/or modification rights for reading class security actions are opened to normal scenario composers, access rights and/or modification rights for writing class security actions are opened to event disposers, and access rights and/or modification rights for reading class security actions are opened to normal observers.
In this embodiment, in the process of using the security event response scenario, the optimization that the network security engineer can make according to the classification of the security action further includes:
s7, carrying out approval processing on part or all of the security actions in the security event response script; the security actions after approval are to be executed by the security event response scenario, and the security actions without approval are not to be executed by the security event response scenario.
When executing step S7, since the writing type security action has a higher operation risk than the reading type security action, the writing type security action such as the IP blocking can be set to be required to be approved, only the security action such as the IP blocking subjected to the approval process can be executed by the security event response scenario, and the security action not subjected to the approval process can not be executed by the security event response scenario. The majority of read security actions can be defaulted to be approved, so that the read security actions can be executed by the security event response script without being approved manually or automatically.
In this embodiment, in the process of using the security event response scenario, the optimization that the network security engineer can make according to the classification of the security action further includes:
s8, detecting the insertion action of the response script to the security event; the insertion action is used for inserting a new security action into a specific position in the security event response scenario;
s9, identifying the new security action as a read class or a write class;
s10, determining the risk of the new security action according to the category relation between the security actions before and/or after the specific position in the security event response script and the new security action.
In this embodiment, the network security engineer may also be provided with the functionality to insert new security actions at specific locations of the security event response script. When the network security engineer inserts a new security action into a specific position of the security event response script, step S9 is executed, and according to the same principle as step S4, it is identified whether the new security action is identified as belonging to a read class or a write class, then it is determined whether one or more security actions before and/or after the specific position in the security event response script respectively belong to the read class or the write class, and the risk of the new security action is determined according to the category relation between the security action before and/or after the specific position in the security event response script and the new security action. For example, if a security event occurs in which a plurality of consecutive write-in class security actions occur in the vicinity of a specific location of a scenario after a new security action is inserted, the possibility of occurrence of a failure due to the insertion of the new security action, such as "server restart", "service interruption", "network interruption", "database temporary unavailability", etc., is further determined based on the information such as the number of write-in class security actions and read-in class security actions, the number of consecutive occurrences, etc., thereby obtaining the risk of the new security action. The danger degree reminding method can enable the staff to notice whether the newly added safety action is proper or not, and avoid faults caused by the newly added safety action.
According to the method for generating the safety event response scenario, a classification mechanism and technical implementation of read-write analysis are introduced on the basis of the prior art, so that safety actions in the generated safety event response scenario are marked as writing-in types or reading-out types, usability of safety scenario arrangement is improved through classifying and marking the safety actions, misoperation of safety scenario editing personnel in the arrangement process is reduced, and safety risk of an automatic scenario is reduced; by adopting a read-write separation technical mechanism, the security arrangement system is allowed to perform action and permission adaptation aiming at different personnel and scenes, and optimization technologies such as access permission and/or modification permission setting, security action execution approval, newly inserted security action risk detection and the like are further realized.
The method for generating the security event response scenario in the embodiment can be used for emergency response of network security events and can also be used for designing and arranging various system interaction processes in the fields of operation and maintenance, wind control and industrial automation.
In this embodiment, the security event response scenario generation method may be performed using a security event response scenario generation system. The security event response scenario generation system includes:
a first module for determining a security scenario;
the second module is used for determining a safety function entity to be used according to the safety scene;
a third module for identifying security actions supported by the security function entity;
a fourth module, configured to mark the security action as a read class or a write class according to the content of the security action;
and a fifth module, configured to generate a security event response scenario by using the security action as a generation node.
In this embodiment, the first module, the second module, the third module, the fourth module, and the fifth module may be hardware modules, software modules, or a combination of hardware and software with corresponding functions. The running safety event response scenario generation system can execute the safety event response scenario generation method, so that the same technical effects as those of the safety event response scenario generation method embodiment are achieved.
In this embodiment, a computer apparatus includes a memory for storing at least one program and a processor for loading the at least one program to execute the security event response scenario generation method in this embodiment.
In this embodiment, a storage medium has stored therein processor-executable instructions that, when executed by a processor, are used to perform the security event response scenario generation method in this embodiment, achieving the same technical effects as described in this embodiment.
It should be noted that, unless otherwise specified, when a feature is referred to as being "fixed" or "connected" to another feature, it may be directly or indirectly fixed or connected to the other feature. Further, the descriptions of the upper, lower, left, right, etc. used in this disclosure are merely with respect to the mutual positional relationship of the various components of this disclosure in the drawings. As used in this disclosure, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. In addition, unless defined otherwise, all technical and scientific terms used in this example have the same meaning as commonly understood by one of ordinary skill in the art. The terminology used in the description of the embodiments is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The term "and/or" as used in this embodiment includes any combination of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in this disclosure to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element of the same type from another. For example, a first element could also be termed a second element, and, similarly, a second element could also be termed a first element, without departing from the scope of the present disclosure. The use of any and all examples, or exemplary language (e.g., "such as") provided herein, is intended merely to better illuminate embodiments of the invention and does not pose a limitation on the scope of the invention unless otherwise claimed.
It should be appreciated that embodiments of the invention may be implemented or realized by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The methods may be implemented in a computer program using standard programming techniques, including a non-transitory computer readable storage medium configured with a computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner, in accordance with the methods and drawings described in the specific embodiments. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose.
Furthermore, the operations of the processes described in the present embodiments may be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes (or variations and/or combinations thereof) described in this embodiment may be performed under control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications), by hardware, or combinations thereof, that collectively execute on one or more processors. The computer program includes a plurality of instructions executable by one or more processors.
Further, the method may be implemented in any type of computing platform operatively connected to a suitable computing platform, including, but not limited to, a personal computer, mini-computer, mainframe, workstation, network or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and so forth. Aspects of the invention may be implemented in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optical read and/or write storage medium, RAM, ROM, etc., such that it is readable by a programmable computer, which when read by a computer, is operable to configure and operate the computer to perform the processes described herein. Further, the machine readable code, or portions thereof, may be transmitted over a wired or wireless network. When such media includes instructions or programs that, in conjunction with a microprocessor or other data processor, implement the steps described above, the invention described in this embodiment includes these and other different types of non-transitory computer-readable storage media. The invention also includes the computer itself when programmed according to the methods and techniques of the present invention.
The computer program can be applied to the input data to perform the functions described in this embodiment, thereby converting the input data to generate output data that is stored to the non-volatile memory. The output information may also be applied to one or more output devices such as a display. In a preferred embodiment of the invention, the converted data represents physical and tangible target terminals, including specific visual depictions of physical and tangible target terminals generated on a display.
The present invention is not limited to the above embodiments, but can be modified, equivalent, improved, etc. by the same means to achieve the technical effects of the present invention, which are included in the spirit and principle of the present invention. Various modifications and variations are possible in the technical solution and/or in the embodiments within the scope of the invention.
Claims (9)
1. A method for generating a security event response scenario, comprising the steps of:
determining a safety scene;
determining a security function entity to be used according to the security scene;
identifying a security action supported by the security function entity;
marking the security action as a read class or a write class according to the content of the security action;
taking the security action as a generation node to generate the security event response scenario;
when the security actions are marked as read classes or write classes, marking is carried out simultaneously or respectively by adopting a data layer or a visual graph layer;
when marking is carried out in a visual graph layer, carrying out visual processing on the security event response script;
the step of marking the security action as a read class or a write class according to the content of the security action specifically includes:
when the security action is used for executing the operation of acquiring information, marking the security action as a reading type;
when the security action is used to perform an operation to send information, the security action is marked as a write class.
2. The security event response scenario generation method of claim 1, wherein the security actions supported by the security function entity include security actions that the security function entity has performed and security actions that the security function entity is to perform.
3. The security event response scenario generation method according to claim 1, further comprising the steps of:
performing visual processing on the security event response script; the visualization process is used for distinguishing the security actions belonging to the reading class from the security actions belonging to the writing class in the security event response scenario by generating visual effects.
4. The security event response scenario generation method according to claim 1, further comprising the steps of:
performing authority setting on the security event response scenario; the permission setting is used for giving different access permissions and/or modification permissions to the security actions belonging to the read class and the security actions belonging to the write class in the security event response scenario.
5. The security event response scenario generation method according to claim 1, further comprising the steps of:
approval processing is carried out on part or all of the security actions in the security event response script; the security actions that are subject to the approval process will be performed by the security event response scenario, and the security actions that are not subject to the approval process will not be performed by the security event response scenario.
6. The security event response scenario generation method according to claim 1, further comprising the steps of:
detecting an insertion action of the security event response script; the inserting action is used for inserting a new security action into a specific position in the security event response scenario;
identifying the new security action as a read class or a write class;
and determining the risk of the new security action according to the category relation between the security action before and/or after the specific position in the security event response script and the new security action.
7. A security event response scenario generation system, comprising:
a first module for determining a security scenario;
the second module is used for determining a security function entity to be used according to the security scene;
a third module for identifying security actions supported by the security function entity;
a fourth module, configured to mark the security action as a read class or a write class according to the content of the security action;
a fifth module, configured to generate the security event response scenario by using the security action as a generating node;
when the security actions are marked as read classes or write classes, marking is carried out simultaneously or respectively by adopting a data layer or a visual graph layer;
when marking is carried out in a visual graph layer, carrying out visual processing on the security event response script;
the step of marking the security action as a read class or a write class according to the content of the security action specifically includes:
when the security action is used for executing the operation of acquiring information, marking the security action as a reading type;
when the security action is used to perform an operation to send information, the security action is marked as a write class.
8. A computer device comprising a memory for storing at least one program and a processor for loading the at least one program to perform the method of any of claims 1-6.
9. A storage medium having stored therein processor executable instructions which, when executed by a processor, are for performing the method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110434300.0A CN113220285B (en) | 2021-04-22 | 2021-04-22 | Security event response scenario generation method, system, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110434300.0A CN113220285B (en) | 2021-04-22 | 2021-04-22 | Security event response scenario generation method, system, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113220285A CN113220285A (en) | 2021-08-06 |
| CN113220285B true CN113220285B (en) | 2023-08-22 |
Family
ID=77088441
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110434300.0A Active CN113220285B (en) | 2021-04-22 | 2021-04-22 | Security event response scenario generation method, system, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113220285B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116471122B (en) * | 2023-06-12 | 2023-08-29 | 南京众智维信息科技有限公司 | Network security script arrangement method based on Q learning |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102681882A (en) * | 2011-03-15 | 2012-09-19 | 新奥特(北京)视频技术有限公司 | Method for controlling broadcasting task execution by using script plug-in |
| CN109800421A (en) * | 2018-12-19 | 2019-05-24 | 武汉西山艺创文化有限公司 | A kind of game scenario generation method and its device, equipment, storage medium |
| CN111506306A (en) * | 2019-01-31 | 2020-08-07 | 北京神州泰岳软件股份有限公司 | Method and device for compiling Ansible script and electronic equipment |
| CN111831275A (en) * | 2020-07-14 | 2020-10-27 | 绿盟科技集团股份有限公司 | Method, server, medium and computer equipment for arranging micro-scene script |
| CN111835768A (en) * | 2020-07-14 | 2020-10-27 | 绿盟科技集团股份有限公司 | Method, device, medium and computer equipment for processing security event |
| CN111931463A (en) * | 2019-04-26 | 2020-11-13 | 广州声活圈信息科技有限公司 | Multi-terminal script compiling and automatic importing generation method |
| CN112114833A (en) * | 2020-09-21 | 2020-12-22 | 中国建设银行股份有限公司 | Device and method for determining middleware installation and deployment |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9535924B2 (en) * | 2013-07-30 | 2017-01-03 | Box, Inc. | Scalability improvement in a system which incrementally updates clients with events that occurred in a cloud-based collaboration platform |
| US9519533B2 (en) * | 2015-01-28 | 2016-12-13 | Qualcomm Incorporated | Data flow tracking via memory monitoring |
| US20170300748A1 (en) * | 2015-04-02 | 2017-10-19 | Scripthop Llc | Screenplay content analysis engine and method |
| US11558407B2 (en) * | 2016-02-05 | 2023-01-17 | Defensestorm, Inc. | Enterprise policy tracking with security incident integration |
| US11012466B2 (en) * | 2016-07-13 | 2021-05-18 | Indrasoft, Inc. | Computerized system and method for providing cybersecurity detection and response functionality |
-
2021
- 2021-04-22 CN CN202110434300.0A patent/CN113220285B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102681882A (en) * | 2011-03-15 | 2012-09-19 | 新奥特(北京)视频技术有限公司 | Method for controlling broadcasting task execution by using script plug-in |
| CN109800421A (en) * | 2018-12-19 | 2019-05-24 | 武汉西山艺创文化有限公司 | A kind of game scenario generation method and its device, equipment, storage medium |
| CN111506306A (en) * | 2019-01-31 | 2020-08-07 | 北京神州泰岳软件股份有限公司 | Method and device for compiling Ansible script and electronic equipment |
| CN111931463A (en) * | 2019-04-26 | 2020-11-13 | 广州声活圈信息科技有限公司 | Multi-terminal script compiling and automatic importing generation method |
| CN111831275A (en) * | 2020-07-14 | 2020-10-27 | 绿盟科技集团股份有限公司 | Method, server, medium and computer equipment for arranging micro-scene script |
| CN111835768A (en) * | 2020-07-14 | 2020-10-27 | 绿盟科技集团股份有限公司 | Method, device, medium and computer equipment for processing security event |
| CN112114833A (en) * | 2020-09-21 | 2020-12-22 | 中国建设银行股份有限公司 | Device and method for determining middleware installation and deployment |
Non-Patent Citations (1)
| Title |
|---|
| 安全运营赋能关键信息基础设施安全防护实践;杨帆帆;《警察技术》;1-4 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113220285A (en) | 2021-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11797322B2 (en) | Cloud native virtual machine runtime protection | |
| EP3080741B1 (en) | Systems and methods for cloud security monitoring and threat intelligence | |
| US10735272B1 (en) | Graphical user interface for security intelligence automation platform using flows | |
| US8266351B2 (en) | System and method for secure complex event processing in heterogeneous environments | |
| CN106790001A (en) | Multisystem role-security management method and system based on unified interface | |
| CN106548326B (en) | Method and system for linking handling scene and workflow engine of handling scene | |
| CN109088773B (en) | Fault self-healing method and device, server and storage medium | |
| US11868489B2 (en) | Method and system for enhancing data privacy of an industrial system or electric power system | |
| CN113516337A (en) | Method and device for monitoring data security operation | |
| CN102868699A (en) | Method and tool for vulnerability detection of server providing data interaction services | |
| CN113220285B (en) | Security event response scenario generation method, system, device and storage medium | |
| CN116015819A (en) | SOAR-based attack behavior response method, device and processing equipment | |
| CN115437933A (en) | Automatic testing method and device, computer equipment and storage medium | |
| CN113407973B (en) | Software function authority management method, system, server and storage medium | |
| CN114584391B (en) | Method, device, equipment and storage medium for generating abnormal flow processing strategy | |
| WO2020250320A1 (en) | Operation log acquisition device, operation log acquisition method, and operation log acquisition program | |
| WO2023108254A1 (en) | Methods and systems for fingerprinting malicious behavior | |
| CN112735103A (en) | Alarm correlation identification method, device and equipment | |
| CN112699369A (en) | Method and device for detecting abnormal login through stack backtracking | |
| US20240127690A1 (en) | Communications bridge with unified building alarm processing | |
| CN117745046A (en) | Transaction management system, method, electronic device and storage medium | |
| US20230186073A1 (en) | Methods and systems for training a neural network based on impure data | |
| CN111027043B (en) | Unlocking method and device of application program and storage medium | |
| NL2020552B1 (en) | Attribute-based policies for integrity monitoring and network intrusion detection | |
| CN113742295A (en) | Business data management method and device and document label management method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |