CN114153641A - Audit log dynamic realization method and device based on interceptor technology - Google Patents
Audit log dynamic realization method and device based on interceptor technology Download PDFInfo
- Publication number
- CN114153641A CN114153641A CN202111432299.4A CN202111432299A CN114153641A CN 114153641 A CN114153641 A CN 114153641A CN 202111432299 A CN202111432299 A CN 202111432299A CN 114153641 A CN114153641 A CN 114153641A
- Authority
- CN
- China
- Prior art keywords
- data
- target
- instruction
- target instruction
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012550 audit Methods 0.000 title claims abstract description 75
- 238000000034 method Methods 0.000 title claims abstract description 75
- 238000005516 engineering process Methods 0.000 title claims abstract description 56
- 238000012545 processing Methods 0.000 claims abstract description 96
- 230000000977 initiatory effect Effects 0.000 claims description 40
- 238000004458 analytical method Methods 0.000 claims description 33
- 230000008859 change Effects 0.000 claims description 25
- 238000012544 monitoring process Methods 0.000 claims description 16
- 238000010606 normalization Methods 0.000 claims description 14
- 238000001514 detection method Methods 0.000 claims description 10
- 230000006399 behavior Effects 0.000 claims description 9
- 238000001914 filtration Methods 0.000 claims description 7
- 230000006870 function Effects 0.000 claims description 7
- 238000013500 data storage Methods 0.000 claims description 6
- 238000007726 management method Methods 0.000 abstract description 12
- 230000009286 beneficial effect Effects 0.000 abstract description 11
- 230000008569 process Effects 0.000 description 16
- 238000010586 diagram Methods 0.000 description 5
- 238000004590 computer program Methods 0.000 description 3
- 238000012217 deletion Methods 0.000 description 3
- 230000037430 deletion Effects 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 238000011897 real-time detection Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0766—Error or fault reporting or storing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3065—Monitoring arrangements determined by the means or processing involved in reporting the monitored data
- G06F11/3072—Monitoring arrangements determined by the means or processing involved in reporting the monitored data where the reporting involves data filtering, e.g. pattern matching, time or event triggered, adaptive or policy-based reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Computer Hardware Design (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a method and a device for dynamically realizing an audit log based on an interceptor technology, wherein the method comprises the following steps: detecting whether a target instruction corresponding to a request operation initiated by a user is received or not, and generating a section corresponding to the target instruction when the target instruction is detected to be received, wherein the section is used for recording an operation log when the target instruction enters a target data layer, and the operation log is a log correspondingly generated when the target instruction is executed; intercepting the target instruction according to the section to obtain target information corresponding to the target instruction, and performing standardized processing on a data set to obtain target data meeting storage requirements, wherein the data set comprises the target information. Therefore, the method and the device can intercept the target instruction corresponding to the request operation initiated by the user in a mode of establishing the tangent plane, and perform standardized processing on the data set comprising the target information, thereby being beneficial to improving the management efficiency aiming at the data set.
Description
Technical Field
The invention relates to the technical field of computers, internet and data processing, in particular to a method and a device for dynamically realizing an audit log based on an interceptor technology.
Background
In a complete information system, the log system is a very important functional component, and can record all the behaviors generated by the system and express the behaviors according to a specific specification. In practical application, the information recorded by the log system can be used for debugging the system or adjusting the behavior of the system according to the information recorded by the log system. At present, a log system is mainly applied to the field of system security, and specific application scenarios include: logging errors, logging access anomalies, system performance information detection, fault detection, intrusion detection, and the like.
However, in practical applications, because the form of storing the logs in the log system does not have a uniform data format, the logs are often free-form texts, and the size of the storage space occupied by each log is different, a great deal of effort is required to arrange the data corresponding to the logs or search the key information in the logs, and the amount of data to be processed is also very large.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a method and an apparatus for dynamically implementing an audit log based on an interceptor technology, which can perform a standardized processing on data corresponding to intercepted user operations and data corresponding to collected system logs, and is beneficial to improving management efficiency for data stored in the system logs.
In order to solve the technical problem, a first aspect of the present invention discloses a method for dynamically implementing an audit log based on an interceptor technology, where the method includes:
detecting whether a target instruction corresponding to a request operation initiated by a user is received;
when the target instruction is detected to be received, generating a tangent plane corresponding to the target instruction, wherein the tangent plane is used for recording an operation log when the target instruction enters a target data layer, and the operation log is a log correspondingly generated when the target instruction is executed;
intercepting the target instruction according to the section to obtain target information corresponding to the target instruction;
and carrying out normalization processing on the data set to obtain target data meeting the storage requirement, wherein the data set comprises the target information.
As an optional implementation manner, in the first aspect of the present invention, the intercepting the target instruction according to the tangent plane to obtain target information corresponding to the target instruction includes:
when the target instruction enters a first data layer, acquiring first information corresponding to the target instruction according to the tangent plane, wherein the first information comprises an IP address corresponding to the request operation and a user identifier corresponding to the request operation, and the user identifier comprises at least one of a user Id and a user name;
after the target instruction enters a second data layer, a data listener is created according to a preset plug-in and a preset class;
monitoring to obtain changed data through the data monitor, wherein the changed data is correspondingly changed after the target instruction is executed;
and determining the first information and the change data as target information corresponding to the target instruction.
As an optional implementation manner, in the first aspect of the present invention, the data set further includes the operation log and second information stored in an information system, where the second information includes at least one of a system security event, a user access record, a system operation log, and system operation state information;
the step of performing normalization processing on the data set to obtain target data meeting storage requirements includes:
collecting the operation log, the first information, the change data and the second information;
and executing preset data processing operation on the collected operation log, the first information, the change data and the second information to obtain target data which is uniform in data format and stored in a log form, wherein the preset data processing operation comprises at least one of data standardization processing, filtering processing, merging processing and alarm analysis processing.
As an optional implementation manner, in the first aspect of the present invention, after the performing the normalization process on the data set to obtain the target data meeting the storage requirement, the method further includes:
detecting whether a backtracking initiating instruction is received or not, wherein the backtracking initiating instruction is used for initiating an instruction of backtracking historical system operation;
when the backtracking initiating instruction is detected to be received, analyzing a backtracking type corresponding to the backtracking initiating instruction to obtain an analysis result, wherein the backtracking type comprises at least one of a backtracking type aiming at data, a backtracking type aiming at behavior and a backtracking type aiming at an operator;
and calling an audit log according to the analysis result to execute backtracking operation matched with the analysis result, wherein the audit log stores historical data corresponding to the historical system operation, and the historical data comprises the target data.
As an optional implementation manner, in the first aspect of the present invention, the creating a data listener according to a preset plug-in and a preset class includes:
acquiring an instruction identifier included in the intercepted target instruction;
creating a data parser corresponding to the instruction identifier according to the instruction identifier, wherein the data parser is used for parsing the request parameters included in the target instruction;
and calling a preset class according to the instruction identifier, and creating to obtain a data listener, wherein the data listener is used for monitoring the request parameter.
As an optional implementation manner, in the first aspect of the present invention, after the acquiring, according to the tangent plane, the first information corresponding to the target instruction, the method further includes:
calling a data storage service to record the operation log corresponding to the target instruction;
setting the operation Id included by the target instruction into a data space corresponding to the request operation;
and after the changed data is monitored and obtained through the data monitor, the method further comprises the following steps:
clearing the operation Id.
As an optional implementation manner, in the first aspect of the present invention, after the intercepting the target instruction according to the tangent plane and obtaining target information corresponding to the target instruction, the method further includes:
judging whether the request operation needs to span a plurality of services, and executing the normalized processing on the data set to obtain the operation of the target data meeting the storage requirement when judging that the request operation does not need to span a plurality of services;
when the fact that a plurality of services need to be spanned is judged, transmitting the instruction parameters corresponding to the target instruction from the current operation platform to the target platform through a preset protocol;
wherein, the transmitting the operation data corresponding to the target instruction from the current operation platform to the target platform through a preset protocol includes:
determining a service platform corresponding to each service;
performing classification processing on the instruction parameter corresponding to each target instruction according to the function corresponding to the instruction parameter to obtain the instruction parameter corresponding to each service platform;
and transmitting the instruction parameters corresponding to each service platform from the current operation platform to the service platform corresponding to the instruction parameters through a preset protocol.
The second aspect of the invention discloses an audit log dynamic realization device based on interceptor technology, which comprises:
the detection module is used for detecting whether a target instruction corresponding to a request operation initiated by a user is received;
the generating module is used for generating a tangent plane corresponding to the target instruction when the detecting module detects that the target instruction is received, wherein the tangent plane is used for recording an operation log when the target instruction enters a target data layer, and the operation log is a log correspondingly generated when the target instruction is executed;
the intercepting module is used for intercepting the target instruction according to the section generated by the generating module to obtain target information corresponding to the target instruction;
and the processing module is used for executing standardized processing on the data set to obtain target data meeting the storage requirement, and the data set comprises the target information.
As an optional implementation manner, in the second aspect of the present invention, the intercepting module includes:
the obtaining sub-module is used for obtaining first information corresponding to the target instruction according to the section when the target instruction enters a first data layer, wherein the first information comprises an IP address corresponding to the request operation and a user identifier corresponding to the request operation, and the user identifier comprises at least one of a user Id and a user name;
the creating submodule is used for creating a data listener according to a preset plug-in and a preset class after the target instruction enters a second data layer;
the monitoring submodule is used for monitoring and obtaining changed data through the data monitor, and the changed data are correspondingly changed after the target instruction is executed;
and the determining submodule is used for determining the first information and the change data as target information corresponding to the target instruction.
As an optional implementation manner, in the second aspect of the present invention, the data set further includes the operation log and second information stored in an information system, where the second information includes at least one of a system security event, a user access record, a system operation log, and system operation state information;
the method for the processing module to perform normalization processing on the data set to obtain the target data meeting the storage requirement specifically includes:
collecting the operation log, the first information, the change data and the second information;
and executing preset data processing operation on the collected operation log, the first information, the change data and the second information to obtain target data which is uniform in data format and stored in a log form, wherein the preset data processing operation comprises at least one of data standardization processing, filtering processing, merging processing and alarm analysis processing.
As an optional implementation manner, in the second aspect of the present invention, the detection module is further configured to detect whether a backtracking initiating instruction is received after the processing module performs a normalization process on the data set to obtain target data meeting a storage requirement, where the backtracking initiating instruction is used to initiate an instruction of backtracking history system operation;
and the apparatus further comprises:
the analysis module is used for analyzing a backtracking type corresponding to the backtracking initiating instruction to obtain an analysis result when the detection module detects that the backtracking initiating instruction is received, wherein the backtracking type comprises at least one of a backtracking type aiming at data, a backtracking type aiming at behavior and a backtracking type aiming at an operator;
and the backtracking module is used for calling an audit log according to the analysis result obtained by the analysis module to execute backtracking operation matched with the analysis result, the audit log stores historical data corresponding to the historical system operation, and the historical data comprises the target data.
As an optional implementation manner, in the second aspect of the present invention, a manner in which the creating sub-module creates the data listener according to the preset plug-in and the preset class specifically includes:
acquiring an instruction identifier included in the intercepted target instruction;
creating a data parser corresponding to the instruction identifier according to the instruction identifier, wherein the data parser is used for parsing the request parameters included in the target instruction;
and calling a preset class according to the instruction identifier, and creating to obtain a data listener, wherein the data listener is used for monitoring the request parameter.
As an optional implementation manner, in the second aspect of the present invention, the intercepting module further includes:
the processing submodule is used for calling a data storage service to record the operation log corresponding to the target instruction after the acquisition submodule acquires the first information corresponding to the target instruction according to the section;
the processing submodule is further used for setting the operation Id included in the target instruction into a data space corresponding to the request operation;
and the processing submodule is also used for clearing the operation Id after the monitoring submodule monitors the changed data through the data monitor.
As an alternative embodiment, in the second aspect of the present invention, the apparatus further comprises:
the judging module is used for judging whether the request operation needs to span a plurality of services after the intercepting module intercepts the target instruction according to the section and obtains target information corresponding to the target instruction, and when the judging module judges that the plurality of services do not need to be spanned, the processing module is triggered to execute the normalized processing on the data set to obtain the operation of target data meeting the storage requirement;
the processing module is further configured to transmit the instruction parameter corresponding to the target instruction from the current operating platform to the target platform through a preset protocol when the judging module judges that the plurality of services need to be spanned;
the method for transmitting the operation data corresponding to the target instruction from the current operation platform to the target platform by the processing module through the preset protocol specifically includes:
determining a service platform corresponding to each service;
performing classification processing on the instruction parameter corresponding to each target instruction according to the function corresponding to the instruction parameter to obtain the instruction parameter corresponding to each service platform;
and transmitting the instruction parameters corresponding to each service platform from the current operation platform to the service platform corresponding to the instruction parameters through a preset protocol.
The third aspect of the invention discloses another audit log dynamic realization device based on the interceptor technology, which comprises:
a memory storing executable program code;
a processor coupled with the memory;
the processor calls the executable program code stored in the memory to execute the method for dynamically realizing the audit log based on the interceptor technology disclosed by the first aspect of the invention.
The fourth aspect of the present invention discloses a computer storage medium, wherein the computer storage medium stores computer instructions, and when the computer instructions are called, the computer instructions are used for executing the method for dynamically implementing the audit log based on the interceptor technology disclosed in the first aspect of the present invention.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
in the embodiment of the invention, whether a target instruction corresponding to a request operation initiated by a user is received or not can be detected, and when the target instruction is detected to be received, a section corresponding to the target instruction is generated, wherein the section is used for recording an operation log when the target instruction enters a target data layer, and the operation log is a log correspondingly generated when the target instruction is executed; intercepting the target instruction according to the section to obtain target information corresponding to the target instruction, and performing standardized processing on a data set to obtain target data meeting storage requirements, wherein the data set comprises the target information. Therefore, the method and the device can intercept the target instruction corresponding to the request operation initiated by the user by establishing the tangent plane, and are beneficial to improving the acquisition speed of the request operation initiated by the user; and the data set comprising the target information can be subjected to normalized processing, so that the management efficiency of the data set can be improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic flowchart of a method for dynamically implementing an audit log based on interceptor technology according to an embodiment of the present invention;
FIG. 2 is a schematic flowchart of a method for dynamically implementing an audit log based on an interceptor technology according to an embodiment of the present invention;
FIG. 3 is a schematic structural diagram of an apparatus for dynamically implementing an audit log based on an interceptor technology according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of another apparatus for dynamically implementing an audit log based on interceptor technology, according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of another apparatus for dynamically implementing an audit log based on an interceptor technology, which is disclosed in an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," and the like in the description and claims of the present invention and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, apparatus, article, or article that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or article.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the invention. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
The invention discloses a method and a device for dynamically realizing an audit log based on an interceptor technology, which can intercept a target instruction corresponding to a request operation initiated by a user by establishing a tangent plane, and are beneficial to improving the acquisition speed of the request operation initiated by the user; the data sets including the target information can also be normalized, which is advantageous for improving the management efficiency of the data sets, and will be described in detail below.
Example one
Referring to fig. 1, fig. 1 is a schematic flowchart of a method for dynamically implementing an audit log based on an interceptor technology according to an embodiment of the present invention. The method for dynamically implementing the audit log based on the interceptor technology described in fig. 1 may be applied to storage and management of the system log, and may also be applied to audit of the system log, which is not limited in the embodiment of the present invention. As shown in FIG. 1, the method for dynamically implementing the audit log based on the interceptor technology may include the following operations:
101. and detecting whether a target instruction corresponding to a request operation initiated by a user is received.
In this embodiment of the present invention, the detection mode may be a real-time detection mode, or may be a detection mode that detects once every preset time interval (e.g., 5 minutes or 30 minutes), and the embodiment of the present invention is not limited.
In this embodiment of the present invention, the request operation at least includes any one of an addition operation (for example, adding a file), a deletion operation, and an update operation (for example, replacing and updating a file) for the system file, which is not limited in this embodiment of the present invention.
102. And when the target instruction is detected to be received, generating a tangent plane corresponding to the target instruction.
In the embodiment of the present invention, the tangent plane is used for recording an operation log when the target instruction enters the target data layer, where the operation log is a log generated correspondingly when the target instruction is executed.
It should be noted that the tangent plane may be obtained by a specific technique Aspect in a Spring technical framework on a Java platform, or by improvement on the Aspect technique, and the embodiment of the present invention is not limited.
103. And intercepting the target instruction according to the section to obtain target information corresponding to the target instruction.
In the embodiment of the present invention, the manner of intercepting the target instruction according to the section to obtain the target information corresponding to the target instruction may specifically include the following steps:
when a target instruction enters a first data layer, acquiring first information corresponding to the target instruction according to a tangent plane, wherein the first information comprises an IP address corresponding to a request operation and a user identifier corresponding to the request operation, and the user identifier comprises at least one of a user Id and a user name;
after the target instruction enters the second data layer, a data listener is created according to a preset plug-in and a preset class;
monitoring to obtain changed data through a data monitor, wherein the changed data are correspondingly changed data after a target instruction is executed;
and determining the first information and the change data as target information corresponding to the target instruction.
In the embodiment of the invention, the first data layer may include a Web layer or a Facade layer, and the second data layer may include a data access layer; the first information may further include an operation menu (operation interface information) and an operation detail value.
In the embodiment of the present invention, further, creating a data listener according to a preset plug-in and a preset class specifically includes the following steps:
acquiring an instruction identifier included in an intercepted target instruction;
a data analyzer corresponding to the instruction identifier is established according to the instruction identifier, and the data analyzer is used for analyzing the request parameters included by the target instruction;
and calling a preset class according to the instruction identifier, and creating to obtain a data listener, wherein the data listener is used for monitoring request parameters.
In the embodiment of the present invention, after the target instruction enters the second data layer, the following is further illustrated: calling an interrupt of the plug-in by a preset Mybatis interceptor plug-in, acquiring a Command name corresponding to the target instruction, creating a corresponding data parser by a ParseFactory factory according to the Command name, calling a ParseBeform method of the parser to parse the request parameter, using a TraceEventFactory factory to create a data monitor by the Command name, calling a proceded method (service method callback), and monitoring by the data monitor to obtain changed data.
Therefore, in the embodiment of the invention, the first information is intercepted in a targeted manner by establishing a two-layer interception mode, so that the IP and the user information corresponding to the request operation can be determined quickly according to the first information, and the information retrieval efficiency is improved; and the data change influenced by each operation request of the user can be recorded in real time, so that the timeliness and the accuracy of the obtained data change are improved.
104. And carrying out standardization processing on the data set to obtain target data meeting the storage requirement.
In the embodiment of the present invention, the data set includes target information, and further, the data set may further include the above operation log and second information stored in the information system, where the second information may include at least one of a system security event, a user access record, a system operation log, and system operation state information;
in the embodiment of the present invention, the manner of performing normalization processing on the data set to obtain the target data meeting the storage requirement may specifically include the following steps:
collecting an operation log, first information, change data and second information;
executing preset data processing operation on the collected operation log, the first information, the change data and the second information to obtain target data which is uniform in data format and stored in a log form, wherein the preset data processing operation comprises at least one of data standardization processing, filtering processing, merging processing and alarm analysis processing.
In the embodiment of the present invention, it should be noted that the data normalization process includes a data format conversion process, a data capacity process, and a data storage format conversion process performed on data in a data set; the filtering process is used for filtering the data including the target identifier after determining the data (such as messy code identifiers and error file identifiers) including the target identifier in the data set; the merging process is used for executing merging process on data sets including the same data identifiers (such as the same file names and the same file contents); and after the alarm analysis processing is used for analyzing the data included in the data set, alarm operation is executed on the data including the alarm identification in the analysis result.
Therefore, the embodiment of the invention can intelligently acquire and process the data set comprising the operation log, the first information, the change data and the second information, and is beneficial to improving the processing efficiency of the data set; the target data which is uniform in data format and stored in a log form can be obtained after the data set is processed, and therefore management efficiency aiming at the target data is improved, and query efficiency when specific data is queried according to the target data is improved.
Therefore, by implementing the method for dynamically realizing the audit log based on the interceptor technology described in fig. 1, the first information can be intercepted in a targeted manner by establishing a two-layer interception mode, which is beneficial to rapidly determining the IP and the user information corresponding to the request operation according to the first information in the follow-up process, and improves the efficiency of information retrieval; the data change influenced by each operation request of the user can be recorded in real time, and the timeliness and the accuracy of the obtained data change are improved; in addition, target data which is uniform in data format and stored in a log form can be obtained by processing the data set, so that the management efficiency of the target data is improved, and the query efficiency when specific data is queried according to the target data is improved.
In an optional embodiment, after the target instruction is intercepted according to the cut surface and the target information corresponding to the target instruction is obtained, the method for dynamically implementing the audit log based on the interceptor technology may further include the following steps:
judging whether the intercepted target instruction comprises a secret identifier, wherein the secret identifier is used for clearing an operation log corresponding to the request operation after the request operation is executed;
when the intercepted target instruction is judged to comprise the secret identification, clearing an operation log corresponding to the request operation according to the secret identification after the request operation is executed; or,
according to the secret identifier, canceling a related operation of an operation log corresponding to the request operation, where the related operation includes at least one of an acquisition operation, a record storage operation, and a classification processing operation, and the embodiment of the present invention is not limited.
It should be noted that the request operation corresponding to the secret identifier is a request operation for a redundant file, where the redundant file is a file determined to be scrambled or damaged and unusable, that is, the request operation including the secret identifier is an operation without recording an operation log by default.
Therefore, in this optional embodiment, file processing operations (such as operation log records) performed on the target file including the covert identifier can be cancelled, the data processing amount is reduced, and the processing efficiency when performing normalization processing on the data set subsequently is improved to a certain extent.
Example two
Referring to fig. 2, fig. 2 is a schematic flowchart illustrating another method for dynamically implementing an audit log based on an interceptor technology according to an embodiment of the present invention. The method for dynamically implementing the audit log based on the interceptor technology described in fig. 2 may be applied to storage and management of the system log, and may also be applied to audit of the system log, which is not limited in the embodiment of the present invention. As shown in fig. 2, the method for dynamically implementing the audit log based on the interceptor technology may include the following operations:
201. and detecting whether a target instruction corresponding to a request operation initiated by a user is received.
202. And when the target instruction is detected to be received, generating a tangent plane corresponding to the target instruction.
203. And intercepting the target instruction according to the section to obtain target information corresponding to the target instruction.
204. And carrying out standardization processing on the data set to obtain target data meeting the storage requirement.
In the embodiment of the present invention, please refer to other specific descriptions of step 101 to step 104 in the first embodiment for other descriptions of step 201 to step 204, which is not described again in the embodiment of the present invention.
205. And detecting whether a backtracking initiating instruction is received.
In the embodiment of the invention, after the data set is subjected to normalized processing to obtain target data meeting the storage requirement, the operation of detecting whether a backtracking initiating instruction is received is executed, wherein the backtracking initiating instruction is used for initiating an instruction of backtracking historical system operation.
206. And when the backtracking initiating instruction is detected to be received, analyzing a backtracking type corresponding to the backtracking initiating instruction to obtain an analysis result.
In the embodiment of the present invention, the backtracking type includes at least one of a backtracking type for data, a backtracking type for behavior, and a backtracking type for an operator; it should be noted that, for the type of backtracking of data, for example, what the historical value of a certain data is queried or has undergone several modifications; a backtracking type for a behavior, such as data changes caused by what operation was triggered by the backtracking; the backtracking type for the operator, such as backtracking the operator who modifies this data, modifying time, or client IP, etc.
207. And calling the audit log according to the analysis result to execute backtracking operation matched with the analysis result.
In the embodiment of the invention, the audit log stores historical data corresponding to historical system operation, and the historical data comprises target data.
Therefore, by implementing the method for dynamically realizing the audit log based on the interceptor technology described in fig. 2, the first information can be intercepted in a targeted manner by establishing a two-layer interception mode, which is beneficial to rapidly determining the IP and the user information corresponding to the request operation according to the first information in the follow-up process, and improves the efficiency of information retrieval; the data change influenced by each operation request of the user can be recorded in real time, and the timeliness and the accuracy of the obtained data change are improved; in addition, target data which is uniform in data format and stored in a log form can be obtained by processing the data set, so that the management efficiency of the target data is improved, and the query efficiency when specific data is queried according to the target data is improved; and after a backtracking initiating instruction is detected, backtracking operation corresponding to the backtracking initiating instruction is executed through the audit log, so that the backtracking efficiency is improved.
In an optional embodiment, after obtaining the first information corresponding to the target instruction according to the section, the method for dynamically implementing the audit log based on the interceptor technology may further include the following steps:
calling a data storage service to record an operation log corresponding to the target instruction;
setting an operation Id included by the target instruction into a data space corresponding to the request operation;
and after the changed data is monitored and obtained through the data monitor, the method further comprises the following steps:
the operation Id is cleared.
Therefore, in the optional embodiment, the operation log corresponding to the current target instruction can be intelligently recorded, and the situation that the operation log which is not stored in time or recorded cannot be found due to mistaken deletion due to overlong time and the like is reduced.
In another optional embodiment, after the target instruction is intercepted according to the tangent plane and the target information corresponding to the target instruction is obtained, the method for dynamically implementing the audit log based on the interceptor technology may further include the following steps:
judging whether the request operation needs to span a plurality of services, and executing standardized processing on the data set to obtain the operation of target data meeting the storage requirement when judging that the request operation does not need to span a plurality of services;
when the fact that a plurality of services need to be spanned is judged, transmitting instruction parameters corresponding to the target instructions from the current operation platform to the target platform through a preset protocol;
the method for transmitting the operation data corresponding to the target instruction from the current operation platform to the target platform through the preset protocol includes:
determining a service platform corresponding to each service;
performing classification processing on the instruction parameters corresponding to each target instruction according to the functions corresponding to the instruction parameters to obtain the instruction parameters corresponding to each service platform;
and transmitting the instruction parameters corresponding to each service platform from the current operation platform to the service platform corresponding to the instruction parameters through a preset protocol.
Therefore, in the optional embodiment, when the request operation requires the cross-service operation, the classification processing can be executed according to the function corresponding to the instruction parameter, and the instruction parameter corresponding to each service platform is transmitted to the service platform corresponding to the instruction parameter from the current operation platform, so that the accuracy of the instruction parameter received by each service platform is improved, and the processing efficiency of each service platform for the received instruction parameter is improved.
In yet another optional embodiment, when it is detected that the trace-back initiating instruction is received, analyzing a trace-back type corresponding to the trace-back initiating instruction, after obtaining an analysis result, and before calling the audit log according to the analysis result to perform a trace-back operation matched with the analysis result, the method for dynamically implementing the audit log based on the interceptor technology may further include the following steps:
judging whether the analysis result comprises a grade authority corresponding to the backtracking initiating instruction, and if so, calling an audit log according to the analysis result to execute backtracking operation matched with the analysis result;
if not, acquiring relevant information of the current backtracking initiating instruction, wherein the relevant information comprises an initiating IP address corresponding to the backtracking initiating instruction;
and locking the account associated with the initiating IP address according to the initiating IP address, and recording the related operation executed by the initiating IP address.
Therefore, before the backtracking initiating instruction is executed, whether the IP address/user initiating the backtracking initiating instruction has enough authority level can be checked to execute the backtracking operation, so that the confidential files stored in the audit log are prevented from being read by the user not having enough authority level, and the security of the files stored in the audit log is improved.
EXAMPLE III
Referring to fig. 3, fig. 3 is a schematic structural diagram of an apparatus for dynamically implementing an audit log based on an interceptor technology according to an embodiment of the present invention. The audit log dynamic implementation apparatus based on the interceptor technology described in fig. 3 may be applied to storage and management of a system log, and may also be applied to audit of the system log, which is not limited in the embodiment of the present invention. As shown in fig. 3, the apparatus for dynamically implementing an audit log based on an interceptor technology may include a detecting module 301, a generating module 302, an intercepting module 303, and a processing module 304, wherein:
the detecting module 301 is configured to detect whether a target instruction corresponding to a request operation initiated by a user is received.
A generating module 302, configured to generate a tangent plane corresponding to the target instruction when the detecting module 301 detects that the target instruction is received, where the tangent plane is used to record an operation log when the target instruction enters the target data layer, and the operation log is a log correspondingly generated when the target instruction is executed.
The intercepting module 303 is configured to intercept the target instruction detected by the detecting module 301 according to the tangent plane generated by the generating module 302, so as to obtain target information corresponding to the target instruction.
And the processing module 304 is configured to perform normalization processing on the data set to obtain target data meeting the storage requirement, where the data set includes the target information obtained by the intercepting module 303.
It can be seen that, by implementing the device for dynamically implementing the audit log based on the interceptor technology described in fig. 3, the target instruction corresponding to the request operation initiated by the user can be intercepted in a way of establishing a tangent plane, which is beneficial to improving the speed of acquiring the request operation initiated by the user; the target data meeting the storage requirement can be obtained by processing the data set, so that the management efficiency of the target data is improved, and the query efficiency of subsequently querying the specific data according to the target data is improved.
In an alternative embodiment, as shown in fig. 4, the intercepting module 303 may include an obtaining sub-module 3031, a creating sub-module 3032, a monitoring sub-module 3033, and a determining sub-module 3034, where:
the obtaining submodule 3031 obtains, when the target instruction enters the first data layer, first information corresponding to the target instruction according to the tangent plane, where the first information includes an IP address corresponding to the request operation and a user identifier corresponding to the request operation, and the user identifier includes at least one of a user Id and a user name.
And the creating submodule 3032 is configured to create a data listener according to a preset plug-in and a preset class after the obtaining submodule 3031 obtains the first information and the target instruction enters the second data layer.
And the monitoring submodule 3033 is configured to monitor the data monitor created by the creating submodule 3032 to obtain the changed data, where the changed data is data that changes correspondingly after the target instruction is executed.
The determining submodule 3034 is configured to determine the first information obtained by the obtaining submodule 3031 and the change data obtained by the monitoring submodule 3033 as target information corresponding to the target instruction.
Therefore, the device for dynamically realizing the audit log based on the interceptor technology, which is described in the embodiment of fig. 4, can be used for intercepting the first information in a targeted manner by establishing a two-layer interception mode, so that the subsequent rapid determination of the IP and the user information corresponding to the request operation according to the first information is facilitated, and the efficiency of information retrieval is improved; and the data change influenced by each request operation of the user can be recorded through the monitor, so that the timeliness and the accuracy of the obtained data change are improved.
In another alternative embodiment, the data set may further include an operation log and second information stored in the information system, the second information including at least one of system security events, user access records, system operation logs, and system operation state information;
the way for the processing module 304 to perform the normalization processing on the data set to obtain the target data meeting the storage requirement specifically includes:
collecting an operation log, first information, change data and second information;
executing preset data processing operation on the collected operation log, the first information, the change data and the second information to obtain target data which is uniform in data format and stored in a log form, wherein the preset data processing operation comprises at least one of data standardization processing, filtering processing, merging processing and alarm analysis processing.
Therefore, the audit log dynamic implementation device based on the interceptor technology, which is described in fig. 4, can intelligently acquire and process the data set including the operation log, the first information, the change data and the second information, which is beneficial to improving the processing efficiency of the data set; the target data which is uniform in data format and stored in a log form can be obtained after the data set is processed, and therefore management efficiency aiming at the target data is improved, and query efficiency when specific data is queried according to the target data is improved.
In yet another alternative embodiment, as shown in fig. 4, the detecting module 301 is further configured to detect whether a backtracking initiating instruction is received after the processing module 304 performs a normalization process on the data set to obtain target data meeting the storage requirement, where the backtracking initiating instruction is used to initiate an instruction for backtracking the historical system operation;
and the audit log dynamic implementation device based on the interceptor technology may further include an analysis module 305 and a backtracking module 306, where:
the analysis module 305 is configured to, when the detection module 301 detects that the backtracking initiation instruction is received, analyze a backtracking type corresponding to the backtracking initiation instruction to obtain an analysis result, where the backtracking type includes at least one of a backtracking type for data, a backtracking type for behavior, and a backtracking type for an operator.
A backtracking module 306, configured to invoke an audit log according to the analysis result obtained by the analysis module 305 to perform a backtracking operation matching the analysis result, where the audit log stores history data corresponding to the history system operation, and the history data includes target data.
It can be seen that, by implementing the device for dynamically implementing the audit log based on the interceptor technology described in fig. 4, after the backtracking initiating instruction is detected, the backtracking operation corresponding to the backtracking initiating instruction can be executed through the audit log, which is beneficial to improving the backtracking efficiency.
In another alternative embodiment, the manner in which the creating sub-module 3032 creates the data listener according to the preset plug-in and the preset class specifically includes the following steps:
acquiring an instruction identifier included in an intercepted target instruction;
a data analyzer corresponding to the instruction identifier is established according to the instruction identifier, and the data analyzer is used for analyzing the request parameters included by the target instruction;
and calling a preset class according to the instruction identifier, and creating to obtain a data listener, wherein the data listener is used for monitoring request parameters.
Therefore, in the optional embodiment, a data parser corresponding to the instruction identifier is created and obtained through the instruction identifier included in the intercepted target instruction, and a data listener for subsequently listening to changed data (request parameters) is further obtained, so that timeliness and accuracy of subsequently obtained data changes are improved.
In yet another alternative embodiment, as shown in fig. 4, the intercepting module 303 may further include a processing sub-module 3035, wherein:
the processing submodule 3035 is configured to call the data storage service to record an operation log corresponding to the target instruction after the obtaining submodule 3031 obtains the first information corresponding to the target instruction according to the tangent plane.
The processing submodule 3035 is further configured to set the operation Id included in the target instruction into the data space corresponding to the requested operation.
And the processing submodule 3035 is further configured to clear the operation Id after the monitoring submodule 3033 obtains the changed data through the data monitor.
Therefore, the audit log dynamic implementation device based on the interceptor technology described in fig. 4 can intelligently record the operation log corresponding to the current target instruction, and reduce the situation that the operation log which is not stored in time or recorded cannot be found due to mistaken deletion due to overlong time and the like.
In another optional embodiment, as shown in fig. 4, the apparatus for dynamically implementing an audit log based on interceptor technology may further include a determining module 307, where:
the determining module 307 is configured to determine whether the request operation needs to span multiple services after the intercepting module 303 intercepts the target instruction according to the tangent plane and obtains the target information corresponding to the target instruction, and when it is determined that the request operation does not need to span multiple services, trigger the processing module 304 to perform normalized processing on the data set, so as to obtain an operation of the target data meeting the storage requirement.
The processing module 304 is further configured to transmit the instruction parameter corresponding to the target instruction from the current operating platform to the target platform through a preset protocol when the determining module 307 determines that multiple services need to be spanned.
The manner in which the processing module 304 transmits the operation data corresponding to the target instruction from the current operation platform to the target platform through the preset protocol specifically includes:
determining a service platform corresponding to each service;
performing classification processing on the instruction parameters corresponding to each target instruction according to the functions corresponding to the instruction parameters to obtain the instruction parameters corresponding to each service platform;
and transmitting the instruction parameters corresponding to each service platform from the current operation platform to the service platform corresponding to the instruction parameters through a preset protocol.
It can be seen that, when the interceptor-technology-based audit log dynamic implementation apparatus described in fig. 4 is implemented, when a request operation requires a cross-service operation, the apparatus can perform classification processing according to a function corresponding to an instruction parameter, and transmit the instruction parameter corresponding to each service platform from a current operation platform to the service platform corresponding to the instruction parameter, so as to improve the accuracy of the instruction parameter received by each service platform, and facilitate improvement of the processing efficiency of each service platform for the received instruction parameter.
Example four
Referring to fig. 5, fig. 5 is a schematic structural diagram of another apparatus for dynamically implementing an audit log based on an interceptor technology according to an embodiment of the present invention. As shown in fig. 5, the apparatus for dynamically implementing an audit log based on interceptor technology may include:
a memory 401 storing executable program code;
a processor 402 coupled with the memory 401;
the processor 402 calls the executable program code stored in the memory 401 to execute the steps in the method for dynamically implementing the audit log based on the interceptor technology described in the first embodiment of the present invention or the second embodiment of the present invention.
EXAMPLE five
The embodiment of the invention discloses a computer storage medium, which stores computer instructions, and the computer instructions are used for executing the steps of the method for dynamically realizing the audit logs based on the interceptor technology, which is described in the first embodiment or the second embodiment of the invention, when being called.
EXAMPLE six
The embodiment of the invention discloses a computer program product, which comprises a non-transitory computer storage medium for storing a computer program, wherein the computer program is operable to make a computer execute the steps of the method for dynamically realizing the audit log based on the interceptor technology described in the first embodiment or the second embodiment.
The above-described embodiments of the apparatus are merely illustrative, and the modules described as separate components may or may not be physically separate, and the components shown as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above detailed description of the embodiments, those skilled in the art will clearly understand that the embodiments may be implemented by software plus a necessary general hardware platform, and may also be implemented by hardware. Based on such understanding, the above technical solutions may be embodied in the form of a software product, which may be stored in a computer storage medium, wherein the storage medium includes a Read-Only Memory (ROM), a Random Access Memory (RAM), a Programmable Read-Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), a One-time Programmable Read-Only Memory (OTPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a Compact Disc-Read-Only Memory (CD-ROM) or other magnetic disk, a magnetic tape Memory, a magnetic tape, a magnetic disk, a, Or any other medium which can be used to carry or store data and which can be read by a computer.
Finally, it should be noted that: the method and the device for dynamically implementing the audit log based on the interceptor technology disclosed in the embodiment of the present invention are only the preferred embodiment of the present invention, and are only used for illustrating the technical solution of the present invention, not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art; the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A dynamic realization method of an audit log based on an interceptor technology is characterized by comprising the following steps:
detecting whether a target instruction corresponding to a request operation initiated by a user is received;
when the target instruction is detected to be received, generating a tangent plane corresponding to the target instruction, wherein the tangent plane is used for recording an operation log when the target instruction enters a target data layer, and the operation log is a log correspondingly generated when the target instruction is executed;
intercepting the target instruction according to the section to obtain target information corresponding to the target instruction;
and carrying out normalization processing on the data set to obtain target data meeting the storage requirement, wherein the data set comprises the target information.
2. The method for dynamically implementing the audit log based on the interceptor technology according to claim 1, wherein the intercepting the target instruction according to the section to obtain the target information corresponding to the target instruction comprises:
when the target instruction enters a first data layer, acquiring first information corresponding to the target instruction according to the tangent plane, wherein the first information comprises an IP address corresponding to the request operation and a user identifier corresponding to the request operation, and the user identifier comprises at least one of a user Id and a user name;
after the target instruction enters a second data layer, a data listener is created according to a preset plug-in and a preset class;
monitoring to obtain changed data through the data monitor, wherein the changed data is correspondingly changed after the target instruction is executed;
and determining the first information and the change data as target information corresponding to the target instruction.
3. The method for dynamically implementing the audit log based on the interceptor technology of claim 2, wherein the data set further comprises the operation log and second information stored in an information system, the second information comprising at least one of a system security event, a user access record, a system operation log and a system operation state information;
the step of performing normalization processing on the data set to obtain target data meeting storage requirements includes:
collecting the operation log, the first information, the change data and the second information;
and executing preset data processing operation on the collected operation log, the first information, the change data and the second information to obtain target data which is uniform in data format and stored in a log form, wherein the preset data processing operation comprises at least one of data standardization processing, filtering processing, merging processing and alarm analysis processing.
4. The method for dynamically implementing the audit log based on the interceptor technology as claimed in claim 3, wherein after the normalization processing is performed on the data set to obtain the target data meeting the storage requirement, the method further comprises:
detecting whether a backtracking initiating instruction is received or not, wherein the backtracking initiating instruction is used for initiating an instruction of backtracking historical system operation;
when the backtracking initiating instruction is detected to be received, analyzing a backtracking type corresponding to the backtracking initiating instruction to obtain an analysis result, wherein the backtracking type comprises at least one of a backtracking type aiming at data, a backtracking type aiming at behavior and a backtracking type aiming at an operator;
and calling an audit log according to the analysis result to execute backtracking operation matched with the analysis result, wherein the audit log stores historical data corresponding to the historical system operation, and the historical data comprises the target data.
5. The method for dynamically implementing the audit log based on the interceptor technology according to claim 2, wherein the creating the data listener according to the preset plug-in and the preset class comprises:
acquiring an instruction identifier included in the intercepted target instruction;
creating a data parser corresponding to the instruction identifier according to the instruction identifier, wherein the data parser is used for parsing the request parameters included in the target instruction;
and calling a preset class according to the instruction identifier, and creating to obtain a data listener, wherein the data listener is used for monitoring the request parameter.
6. The method for dynamically implementing the audit log based on the interceptor technology as claimed in claim 5, wherein after the obtaining the first information corresponding to the target instruction according to the section, the method further comprises:
calling a data storage service to record the operation log corresponding to the target instruction;
setting the operation Id included by the target instruction into a data space corresponding to the request operation;
and after the changed data is monitored and obtained through the data monitor, the method further comprises the following steps:
clearing the operation Id.
7. The method for dynamically implementing the audit log based on the interceptor technology according to any one of claims 1-6, wherein after intercepting the target instruction according to the section and obtaining the target information corresponding to the target instruction, the method further comprises:
judging whether the request operation needs to span a plurality of services, and executing the normalized processing on the data set to obtain the operation of the target data meeting the storage requirement when judging that the request operation does not need to span a plurality of services;
when the fact that a plurality of services need to be spanned is judged, transmitting the instruction parameters corresponding to the target instruction from the current operation platform to the target platform through a preset protocol;
wherein, the transmitting the operation data corresponding to the target instruction from the current operation platform to the target platform through a preset protocol includes:
determining a service platform corresponding to each service;
performing classification processing on the instruction parameter corresponding to each target instruction according to the function corresponding to the instruction parameter to obtain the instruction parameter corresponding to each service platform;
and transmitting the instruction parameters corresponding to each service platform from the current operation platform to the service platform corresponding to the instruction parameters through a preset protocol.
8. An apparatus for dynamically implementing audit logs based on interceptor technology, the apparatus comprising:
the detection module is used for detecting whether a target instruction corresponding to a request operation initiated by a user is received;
the generating module is used for generating a tangent plane corresponding to the target instruction when the detecting module detects that the target instruction is received, wherein the tangent plane is used for recording an operation log when the target instruction enters a target data layer, and the operation log is a log correspondingly generated when the target instruction is executed;
the intercepting module is used for intercepting the target instruction according to the section generated by the generating module to obtain target information corresponding to the target instruction;
and the processing module is used for executing standardized processing on the data set to obtain target data meeting the storage requirement, and the data set comprises the target information.
9. An apparatus for dynamically implementing audit logs based on interceptor technology, the apparatus comprising:
a memory storing executable program code;
a processor coupled with the memory;
the processor calls the executable program code stored in the memory to execute the method for dynamically realizing the audit log based on the interceptor technology according to any one of claims 1-7.
10. A computer storage medium storing computer instructions for performing the method of any one of claims 1 to 7 when invoked for dynamically implementing an interceptor technology-based audit log.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111432299.4A CN114153641A (en) | 2021-11-29 | 2021-11-29 | Audit log dynamic realization method and device based on interceptor technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111432299.4A CN114153641A (en) | 2021-11-29 | 2021-11-29 | Audit log dynamic realization method and device based on interceptor technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114153641A true CN114153641A (en) | 2022-03-08 |
Family
ID=80454937
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111432299.4A Pending CN114153641A (en) | 2021-11-29 | 2021-11-29 | Audit log dynamic realization method and device based on interceptor technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114153641A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115080278A (en) * | 2022-07-24 | 2022-09-20 | 北京结慧科技有限公司 | Method and system for obtaining information of current login user based on method parameters |
-
2021
- 2021-11-29 CN CN202111432299.4A patent/CN114153641A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115080278A (en) * | 2022-07-24 | 2022-09-20 | 北京结慧科技有限公司 | Method and system for obtaining information of current login user based on method parameters |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101883400B1 (en) | detecting methods and systems of security vulnerability using agentless | |
| CN111866016B (en) | Log analysis method and system | |
| CN112073437B (en) | Multi-dimensional security threat event analysis method, device, equipment and storage medium | |
| KR20190010956A (en) | intelligence type security log analysis method | |
| CN111885210A (en) | Cloud computing network monitoring system based on end user environment | |
| CN110941632A (en) | Database auditing method, device and equipment | |
| CN101127645A (en) | An integrity check method for remote network service | |
| CN113886814A (en) | Attack detection method and related device | |
| US11334665B2 (en) | Systems and methods for automated detection and analysis of security threats | |
| CN114153641A (en) | Audit log dynamic realization method and device based on interceptor technology | |
| CN113595981B (en) | Method and device for detecting threat of uploading file and computer readable storage medium | |
| CN108040036A (en) | A kind of industry cloud Webshell safety protecting methods | |
| CN114138483A (en) | Virtualized resource management method, device, server, system and medium | |
| CN116708033B (en) | Terminal security detection method and device, electronic equipment and storage medium | |
| CN112699369A (en) | Method and device for detecting abnormal login through stack backtracking | |
| CN111274461A (en) | Data auditing method, data auditing device and storage medium | |
| CN113778709B (en) | Interface calling method, device, server and storage medium | |
| CN114785621A (en) | Vulnerability detection method and device, electronic equipment and computer readable storage medium | |
| CN111475783B (en) | Data detection method, system and equipment | |
| CN114925366A (en) | Method, system, terminal and storage medium for virus detection and blocking | |
| CN113032785A (en) | Document detection method, device, equipment and storage medium | |
| CN114036505A (en) | Safety operation and maintenance analysis server, safety operation and maintenance analysis method and computer equipment | |
| CN109327433B (en) | Threat perception method and system based on operation scene analysis | |
| KR102001814B1 (en) | A method and apparatus for detecting malicious scripts based on mobile device | |
| CN111259389A (en) | Operating system protection method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |