CN107426191A - A kind of leak early warning and emergency response automatic warning system - Google Patents
A kind of leak early warning and emergency response automatic warning system Download PDFInfo
- Publication number
- CN107426191A CN107426191A CN201710514837.1A CN201710514837A CN107426191A CN 107426191 A CN107426191 A CN 107426191A CN 201710514837 A CN201710514837 A CN 201710514837A CN 107426191 A CN107426191 A CN 107426191A
- Authority
- CN
- China
- Prior art keywords
- leak
- engine
- information
- assets
- emergency response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Alarm Systems (AREA)
Abstract
The present invention relates to a kind of leak early warning and emergency response automatic warning system, including asset identification engine, assets information processing engine, leak information gathering engine, leak analysis engine, Hole Detection engine, alarm engine.The quick emergency response automatic warning system of leak early warning of the present invention, the emergency response of enterprise-like corporation can be tackled, realize that obtain leak early warning from the very first time identifies coverage to the emergency response complete procedure of auto-alarming to intelligent verification, the energy time of information security personnel is saved, improves the efficiency of leak alarm emergency response.
Description
Technical field
The present invention relates to a kind of automatic warning system, more particularly to a kind of leak early warning and emergency response auto-alarming system
System.
Background technology
Current vulnerability scanning equipment is all based on following two great traditions scanning technique:
First, the scanning technique for asset identification engine
1.ping/ICMP scanning techniques, the purpose of ping scannings, exactly confirm the IP address of destination host, that is, scan
Whether IP address is assigned with main frame.Ping scannings are based on ICMP agreements, therefore one kind of discovery purpose network or main frame
Scanning based on ICMP agreements is referred to as ping scannings.Its main thought, an ICMP bag is exactly constructed, is sent to destination host,
Judged from the response of destination host generation.
2. Port Scanning Technology, it is divided into TCP port scanning and udp port scanning.
(1) UDP Scan technology, udp protocol are data pack protocols, common in order to find the udp port serviced
Scan mode is to construct a content to be sent to destination interface for empty UDP message bag.If there is service to wait on destination interface,
Then destination interface returns to the message of mistake;If destination interface is closed, it is unreachable that destination host returns to ICMP ports
Message.
(2) TCP connects scanning technique entirely, is established by using the windows socket connect () provided function
It is connected with the port of destination host, completes the process of a three-way handshake, is sent and visit to the TCP/IP serve ports of destination host
Packet is surveyed, and records the response of destination host, it is possible to the judgement to the opening status of port is realized, and can be abundant
Solve service or the relevant information that port provides.
3. probing remote operating system
Main frame or equipment comprising network resource administration and the detection for providing data, the computer program serviced, are obtained
Result is the IS information of scanned destination host and provides the information of the computer program of service, acquiring way includes:
(1) binary message detects, but it has revealed the specifying information of oneself.
(2) http response analyses, after connection is established with HTTP, the response of Analysis server draws operation system information.
(3) stack fingerprint analysis, all main frames all can be by TCP/IP or similar protocol stacks come interconnection, to erroneous packets
Response, default value etc. can as distinguish OS foundation.
2nd, the technology for leak information gathering engine
Technology mainly " distributed network reptile " skill that engine is collected based on leak situation of all big enterprises' main flow at present
Art.
It is broadly divided into following 7 functions:
(1) page obtains, and is searched for since start page, sends page request packet, downloads the URL pages;
(2) page analysis, the page downloaded is analyzed, extracts the URL in the page;
(3) link filter, the link extracted in page analysis is operated, duplicate removal, rejects wrong URL;
(4) queue is connected, safeguards URL queues;
(5) URL webpage got is downloaded, solves the encoded question of webpage, download site according to actual conditions
In text message, such as html page, ASP/PHP/JSP etc.;
(6) webpage is decomposed, certain structured message is extracted from webpage;
(7) webpage is stored, the info web climbed out of is stored.
The major measure of most of enterprise-like corporation's reply leak early warning has at present, uses the vulnerability scanning system of mainstream vendor
It is timed the vulnerability scanning in cycle or artificial passive acquisition leak warning information.
But existing main flow vulnerability scanning equipment product can not obtain newest leak renewal bag in time, if equipment portion
The Intranet affixed one's name in company isolates outer net, and leak renewal bag can only manually update, it more difficult to realize the acquisition of the very first time more
Newly, cause that leak early warning can not be realized the very first time responds and misses the best opportunity of repairing leak.
Vulnerability scanning system can not customize the leak specified when scanning every time and be scanned, and scanning every time will run loading
Rule, cause report in many distracters such as passing scanned leak be present, become information and pile up, to safe O&M people
It is the work that item takes time and effort for member.
During artificial acquisition leak early warning, the usual leak bulletin in channel source for obtaining information only reports impacted system version
Sheet and scope, specific to firm-wide, which assets is affected, it is desired nonetheless to which system is carried out safe operation maintenance personnel one by one
Investigation, when Corporation system is complicated huge, the consuming energy of this work change, automation and intelligentification can not be realized.
The content of the invention
The purpose of the present invention is to propose to a kind of leak early warning and emergency response automatic warning system, is asked with solving above-mentioned technology
Topic, after deployment, the system can be realized automatically from the emergent sound for obtaining leak early warning to checking identification coverage to alarm
Complete procedure is answered, leak warning information and the impacted situation of intellectual analysis assets are obtained automatically so as to guarantee the very first time, it is accurate
It is true to inform the specific affected systems address of keeper and information and remedy scheme.
To achieve the above object, the invention provides a kind of leak early warning and emergency response automatic warning system, including money
Production identification engine, the asset identification engine are detected to itself assets scope according to preset rules timing periodic operation, built
Vertical connection, identification obtains assets raw information, and assets raw information is deposited into database;
Assets information handles engine, and the engine-operated assets raw information by database of the assets information processing is carried out
Processing, tables of data is generated, and be stored in database;
Leak information gathering engine, the leak information gathering engine obtain newest leak notice of warning, and obtain by
The system and method for repairing and mending of influence;
Leak analysis engine, the leak analysis engine are carried out to the information extracted from the leak information gathering engine
Information content segmentation, it is determined that after leak scope, search the assets information being related to and assets leak is analyzed;
Hole Detection engine, the Hole Detection engine typing are updated to plug-in unit, wait the leak analysis engine to insert
Part modularization is called, and system address to be detected is added into queue, calls corresponding card module perform detection, and result is carried out
Return;
Engine is alerted, when leak analysis engine show that the service currently opened belongs to abnormal, the alarm engine passes through
The mailbox reserved in system principal's list is read to send a warning message.
Preferably, the preset rules of the asset identification engine comprise at least:Assets detection timing cycle, TCP connections are super
When the time, CMS recognition rules, code language recognition rule, assembly container recognition rule, port investigative range, service type know
Not rule and assets investigative range.
Preferably, the assets raw information comprise at least port, IP address, component version, assembly container,
Hostname, script, CMS, service type and service release.
Preferably, in the tables of data comprise at least IP address, port, operation service type, service release number and
Manager's mailbox.
Preferably, the leak information gathering engine multithreading circulation performs, and handles in engine and takes from the assets information
Go out service name as parameter, obtain the content of newest leak notice of warning;At least wrap in the newest leak notice of warning source
Include leak warning information, the newest leak of credible vulnerability database and the SRC emergency response centers of access of third company.
Preferably, the leak analysis engine carries out leak analysis as follows:
(1) by the assets service release number of assets information processing engine storage and the leak information from database
Version impacted in the newest leak notice of warning content obtained in engine is collected to be compared;
(2) if assets service release meets leak scope, first inquire about database in the vulnerability information table recorded;
(3) alerted, no longer alerted if there is flag bit, expression;If there is no flag bit, then call described in
Alarm engine is alerted, and vulnerability information IP is added into database, while the vulnerability information is added in database
Flag bit.
Preferably, the leak analysis engine carries out leak analysis as follows:
(1) by the assets service release number of assets information processing engine storage and the leak information from database
Version impacted in the newest leak notice of warning content obtained in engine is collected to be compared;
(2) if assets service release does not meet leak scope, database leak flag bit is first inquired about, if not provided, directly
Connect and call the alarm engine hair mail to inform manager.
Preferably, when showing that the service currently opened meets impacted scope from leak analysis engine, alarm is called to draw
The mailbox reserved in reading manager's list is held up to send a warning message;For non-serving version problem, without version information and special
Situation, when Hole Detection engine, which is drawn, is influenceed result by leak, alarm engine reads the mailbox hair reserved in manager's list
Send warning information.
Preferably, the leak early warning and emergency response automatic warning system also include being used for real-time monitoring system work and
Obtain the heart beat detection module of non-load balanced case.
Preferably, the leak early warning and emergency response automatic warning system also include being used for the showing task list of the task
Queue option mod, for manage plug-in unit and foreground addition plug-in unit write module, the statistics option for statistical system information
Module.
Based on above-mentioned technical proposal, it is an advantage of the invention that:
The present invention proposes a kind of quick emergency response automatic warning system of leak early warning, can tackle the emergent of enterprise-like corporation
Response, realize that the emergency response that leak early warning to intelligent verification identification coverage to auto-alarming are obtained from the very first time is complete
Process, the energy time of information security personnel is saved, improve the efficiency of leak alarm emergency response.
The present invention can be automatically performed complete from the emergency response for obtaining leak early warning to checking identification coverage to alarm
Journey is had suffered, ensure that the very first time gets leak pre-alert notification, shorten the emergency response reaction time, repaired so as to avoid missing
The best opportunity of leak;Specific newest leak is targetedly alerted simultaneously, safe operation maintenance personnel is saved and traditional leak is swept
Retouch energy and the time for piling up that information is screened caused by product, realize whether automatic checking assets have leak, and directly
The specific system address of alarm management person, information with repair suggest, drastically increase safe O&M efficiency.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, forms the part of the application, this hair
Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is leak early warning and emergency response automatic warning system logical construction schematic diagram;
Fig. 2 is asset identification engine schematic diagram;
Fig. 3 is that assets information handles engine schematic diagram;
Fig. 4 is leak information gathering engine schematic diagram;
Fig. 5 is leak analysis engine schematic diagram;
Fig. 6 is Hole Detection engine schematic diagram;
Fig. 7 is alarm engine schematic diagram;
Fig. 8 is alarm engine warning information schematic diagram;
Fig. 9 is that plug-in unit writes writing and addition schematic diagram for plug-in unit in module;
Figure 10 is asset identification rule configuration schematic diagram.
Embodiment
Below by drawings and examples, technical scheme is described in further detail.
The invention provides a kind of leak early warning and emergency response automatic warning system, as shown in Fig. 1~Fig. 7, wherein showing
A kind of preferred embodiment of the present invention is gone out.The leak early warning and emergency response automatic warning system draw including asset identification
Hold up, the asset identification engine detects according to preset rules timing periodic operation to itself assets scope, establishes connection, knows
Not Huo Qu assets raw information, and assets raw information is deposited into database;
Assets information handles engine, and the engine-operated assets raw information by database of the assets information processing is carried out
Processing, tables of data is generated, and be stored in database;
Leak information gathering engine, the leak information gathering engine obtain newest leak notice of warning, and obtain by
The system and method for repairing and mending of influence;
Leak analysis engine, the leak analysis engine are carried out to the information extracted from the leak information gathering engine
Information content segmentation, it is determined that after leak scope, search the assets information being related to and assets leak is analyzed;
Hole Detection engine, the Hole Detection engine typing are updated to plug-in unit, wait the leak analysis engine to insert
Part modularization is called, and system address to be detected is added into queue, calls corresponding card module perform detection, and result is carried out
Return;
Engine is alerted, when leak analysis engine show that the service currently opened belongs to abnormal, the alarm engine passes through
The mailbox reserved in system principal's list is read to send a warning message.
Preferably, the preset rules of the asset identification engine comprise at least:Assets detection timing cycle, TCP connections are super
When the time, CMS recognition rules, code language recognition rule, assembly container recognition rule, port investigative range, service type know
Not rule and assets investigative range.
As shown in figure 1, the working-flow of the leak early warning and emergency response automatic warning system is as follows:
(1) information security personnel increase asset identification rule, including number of threads limitation, CMS (Content Management System) are known
Not rule, code language recognition rule, assembly container recognition rule, service type recognition rule, assets investigative range and port
Investigative range, it is specific as shown in Figure 10, and a thread dispatching asset identification engine is according to regular timing periodic operation to itself
Assets scope is detected, and establishes connection, identification obtains assets raw information, and assets are deposited into database.
(2) after the engine-operated end of asset identification, assets information handles the engine-operated original letter of assets by database
Breath is handled, and generation one includes the table of system ip address, port, the service of operation, version number and manager's mailbox, and deposits
Enter database to use for leak information gathering engine.
(3) thread dispatching leak information gathering engine, the circulation of leak information gathering engine multithreading performs, from assets information
Take out service name in processing engine, as parameter, obtain newest leak information, source be third-party leak warning information,
The newest leak of credible vulnerability database accesses SRC emergency response centers of oneself company etc., obtains the content of leak bulletin, puts into Lou
Hole analysis engine is analyzed.
(4) vulnerability information that leak information gathering engine is collected into is put into leak analysis engine and analyzed:
If 1) leak is impacted service and version information type, the leak recorded the letter first inquired about in database
Table is ceased, if there is flag bit, representative had been alerted, and no longer alerted;If without flag bit, alarm engine is called to be accused
It is alert, and this vulnerability information IP addresses are added to storehouse, add flag bit.
2) if the situation of the leak of non-serving version, database leak flag bit is first inquired about, if not provided, directly adjusting
Security department is informed with alarm engine hair mail, convenient and safe personnel write corresponding plug-in unit and are incorporated to database, call leak inspection
Engine is surveyed, and vulnerability information flag bit is added into database.
(5) Proof of Concept or Exploit the typing renewal that Hole Detection engine is write to information security personnel
Into plug-in unit, leak analysis engine calling is waited, card module is called, system address to be detected is added to queue, adjusted
With corresponding card module perform detection, result is returned.If there is leak, then alarm engine alarm is called.
Specifically, as shown in Fig. 2 the asset identification engine, performs assets scanning according to the rule of setting, obtain assets
Banner information, and be stored in database, identification content includes service type, assembly container, script and the CMS opened
(Content Management System).Preferably, the preset rules of the asset identification engine comprise at least:Assets detection timing cycle,
TCP connections time-out time, CMS recognition rules, code language recognition rule, assembly container recognition rule, port investigative range, clothes
Service type recognition rule and assets investigative range.
Asset identification engine workflow:According to rule, the asset addresses scope set is scanned, obtains assets
Raw information.Preferably, the assets raw information comprise at least port, IP address, component version, assembly container,
Hostname, script, CMS, service type and service release.
The assets information handles the engine-operated assets raw information by database and handled, and generates tables of data,
And it is stored in database.Specifically, as shown in figure 3, assets information processing engine is responsible for processing depositing from the generation of asset identification engine
Original asset information table in database, system ip address, port, the service of operation, version are included by handling generation one
This number and the table of manager's mailbox, and be stored in database and used for leak information gathering engine.Alerted by creating one
Leak table, flag is set, first checks this table every time, to ensure to alert just for newest leak, avoids repeated announcement
It is alert, improve system execution efficiency.
Leak information gathering engine is responsible for obtaining newest leak notice of warning, and obtains impacted system and repairing
Method.When there is new leak to be exploited disclosure, the leak early warning of trusted third party (such as Exploit-DB, Seebug) can be passed through
Bulletin, or the vulnerability database information of trusted third party's vulnerability database (the general leaks of such as CVE are with disclosing), or the SRC emergency responses of itself
The leak at center submits acquisition of information, the issuing time that referred in the leak early warning content that engine can be issued more than, leak
The information such as title, leak version number, the system service influenceed by leak and service release scope, restorative procedure is identified,
Extraction, analysis and storage.Because the bottleneck of web crawlers operation is waiting for server after program and server interactive information
Response, therefore the present invention uses multithreading reptile network, multithreading will can reduce the average latency, improve the effect of program
Rate.
Preferably, as shown in figure 4, leak information gathering engine multithreading circulation performs, at the assets information
Manage and service name is taken out in engine as parameter, obtain the content of newest leak notice of warning;The newest leak notice of warning
Source comprises at least leak warning information, the newest leak of credible vulnerability database and the SRC emergency responses of access of third company
Center.
The circulation of leak information gathering engine multithreading performs, and is handled from assets information in engine and takes out service name, as
Parameter, obtains newest leak information, and source is leak warning information, the newest leak of credible vulnerability database or the access of third company
SRC emergency response centers of oneself company etc., the content announced by obtaining leak, put leak analysis engine into and are analyzed.
The leak analysis engine is responsible for the information that analysis obtains from leak information gathering engine.It is as shown in figure 5, described
Leak analysis engine carries out information content segmentation to the information extracted from the leak information gathering engine, it is determined that leak model
After enclosing, search the assets information being related to and assets leak is analyzed.
Preferably, the leak analysis engine carries out leak analysis as follows:
(1) by the assets service release number of assets information processing engine storage and the leak information from database
Version impacted in the newest leak notice of warning content obtained in engine is collected to be compared;
(2) if assets service release meets leak scope, first inquire about database in the vulnerability information table recorded;
(3) alerted, no longer alerted if there is flag bit, expression;If there is no flag bit, then call described in
Alarm engine is alerted, and vulnerability information IP is added into database, while the vulnerability information is added in database
Flag bit.
In the case of assets service release does not meet leak scope, the leak analysis engine is carried out as follows
Leak analysis:
(1) by the assets service release number of assets information processing engine storage and the leak information from database
Version impacted in the newest leak notice of warning content obtained in engine is collected to be compared;
(2) if assets service release does not meet leak scope, database leak flag bit is first inquired about, if not provided, directly
Connect and call the alarm engine hair mail to inform manager, writing corresponding plug-in unit with convenient and safe personnel is incorporated to database, adjusts
Verified with Hole Detection engine, and vulnerability information flag bit is added into database.
When showing that the service currently opened meets impacted scope from leak analysis engine, alarm engine is called to read pipe
The mailbox reserved in reason person's list sends a warning message;For non-serving version problem, without version information and special circumstances, work as leakage
Hole detecting and alarm show when being influenceed result by leak that alarm engine reads the mailbox reserved in manager's list and sends alarm letter
Breath.
As shown in fig. 6, the Hole Detection engine typing is updated to plug-in unit, the leak analysis engine is waited by plug-in unit mould
Blockization is called, and system address to be detected is added into queue, corresponding card module perform detection is called, result is returned
Return.Specifically, Proof of Concept or the Exploit typings that Hole Detection engine is write to information security personnel are updated to
Plug-in unit, leak analysis engine calling is waited, card module is called, system address to be detected is added to queue, called
Corresponding card module perform detection, is returned to result.If the result shows leak be present, alarm engine is called to enter
Row alarm.
As shown in Figure 7 when leak analysis engine show that the service currently opened belongs to abnormal, the alarm engine passes through
The mailbox reserved in system principal's list is read to send a warning message.Specifically, currently open when being drawn from leak analysis engine
When the service opened meets impacted scope, call alarm engine to read the mailbox reserved in system principal's list and send alarm letter
Cease to related director;Drawn leak for non-serving version problem or without version information and special circumstances, Hole Detection engine
When hole influences result, send mail and alert related director.
For example, when checking springs a leak, it can customize and send warning information as shown in Figure 8, remind manager to repair in time
Leak.
The present invention proposes a kind of quick emergency response automatic warning system of leak early warning, can tackle the emergent of enterprise-like corporation
Response, realize that the emergency response that leak early warning to intelligent verification identification coverage to auto-alarming are obtained from the very first time is complete
Process, the energy time of information security personnel is saved, improve the efficiency of leak alarm emergency response.
The present invention can be automatically performed complete from the emergency response for obtaining leak early warning to checking identification coverage to alarm
Journey is had suffered, ensure that the very first time gets leak pre-alert notification, shorten the emergency response reaction time, repaired so as to avoid missing
The best opportunity of leak;Specific newest leak is targetedly alerted simultaneously, safe operation maintenance personnel is saved and traditional leak is swept
Retouch energy and the time for piling up that information is screened caused by product, realize whether automatic checking assets have leak, and directly
The specific system address of alarm management person, information with repair suggest, drastically increase safe O&M efficiency.
Preferably, the leak early warning and emergency response automatic warning system also include being used for real-time monitoring system work and
The heart beat detection module of non-load balanced case is obtained, sets heart beat detection module to realize and six engines of system is visited in real time
Survey whether normal work and obtain non-load balanced case.
In order to facilitate observation result, various easy to operation and display module can be set.Preferably, the leak early warning
And emergency response automatic warning system also include be used for show task list task queue option mod, for manage plug-in unit and
The plug-in unit of foreground addition writes module, the statistics option mod for statistical system information.
Wherein, the task list to be detected of Hole Detection engine generation, task queue option mod show Lists task
In web interface, it is convenient observe assets information all carried out those plug-in units detection and intuitively result show, while can also
Validation task and repetition measurement are added manually on foreground.
Wherein, plug-in unit writes module and is used for managing plug-in unit and foreground addition.Plug-in unit is by writing indications or script
PoC embody, PoC full name are Proof of Concept, the popular confirmatory test for client's concrete application in safety limit,
It is directed to the validation test of leak.PoC is write according to set form, and database is stored in after upload and is shown in plug-in unit list
Under, program is as shown in Figure 9.
Wherein, option mod is counted for the statistics to whole system information, and is intuitively showed by patterned mode
Out, the statistics of the service type of unlatching is included, the statistics for the vulnerability classification that vulnerability scanning engine is found, task, plug-in unit are total,
The information such as load balancing.
The present invention proposes a kind of leak early warning and emergency response automatic warning system, can tackle the emergent sound of enterprise-like corporation
Should, realize from the very first time and obtain leak early warning to the complete mistake of emergency response of intelligent verification identification coverage to auto-alarming
Journey, the energy time of information security personnel is saved, improve the efficiency of leak alarm emergency response.
Finally it should be noted that:The above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof;To the greatest extent
The present invention is described in detail with reference to preferred embodiments for pipe, those of ordinary skills in the art should understand that:Still
The embodiment of the present invention can be modified or equivalent substitution is carried out to some technical characteristics;Without departing from this hair
The spirit of bright technical scheme, it all should cover among the claimed technical scheme scope of the present invention.
Claims (10)
1. a kind of leak early warning and emergency response automatic warning system, it is characterised in that:Including asset identification engine, the assets
Identification engine detects according to preset rules timing periodic operation to itself assets scope, establishes connection, and identification obtains assets
Raw information, and assets raw information is deposited into database;
Assets information handles engine, and the assets information is handled at the engine-operated assets raw information by database
Reason, tables of data is generated, and be stored in database;
Leak information gathering engine, the leak information gathering engine obtains newest leak notice of warning, and obtains impacted
System and method for repairing and mending;
Leak analysis engine, the leak analysis engine carry out information to the information extracted from the leak information gathering engine
Content segmentation, it is determined that after leak scope, search the assets information being related to and assets leak is analyzed;
Hole Detection engine, the Hole Detection engine typing are updated to plug-in unit, wait the leak analysis engine by plug-in unit mould
Blockization is called, and system address to be detected is added into queue, corresponding card module perform detection is called, result is returned
Return;
Engine is alerted, when leak analysis engine show that the service currently opened belongs to abnormal, the alarm engine passes through reading
The mailbox reserved in system principal's list sends a warning message.
2. leak early warning according to claim 1 and emergency response automatic warning system, it is characterised in that:The assets are known
The preset rules of other engine comprise at least:Assets detection timing cycle, TCP connections time-out time, CMS recognition rules, code language
Say recognition rule, assembly container recognition rule, port investigative range, service type recognition rule and assets investigative range.
3. leak early warning according to claim 1 and emergency response automatic warning system, it is characterised in that:The assets are former
Beginning information comprise at least port, IP address, component version, assembly container, hostname, script, CMS, service type with
And service release.
4. leak early warning according to claim 1 and emergency response automatic warning system, it is characterised in that:The tables of data
In comprise at least IP address, port, operation service type, service release number and manager's mailbox.
5. leak early warning according to claim 1 and emergency response automatic warning system, it is characterised in that:The leak feelings
Report is collected the circulation of engine multithreading and performed, and is handled from the assets information and service name is taken out in engine as parameter, obtained most
The content of new leak notice of warning;The leak early warning that the newest leak notice of warning source comprises at least third company is believed
Breath, the newest leak of credible vulnerability database and the SRC emergency response centers of access.
6. leak early warning according to claim 1 and emergency response automatic warning system, it is characterised in that:The leak point
Analysis engine carries out leak analysis as follows:
(1) by the assets service release number of assets information processing engine storage and the leak information gathering from database
Impacted version is compared in the newest leak notice of warning content obtained in engine;
(2) if assets service release meets leak scope, first inquire about database in the vulnerability information table recorded;
(3) alerted, no longer alerted if there is flag bit, expression;If there is no flag bit, then the alarm is called
Engine is alerted, and vulnerability information IP is added into database, while the mark of the vulnerability information is added in database
Position.
7. leak early warning according to claim 1 and emergency response automatic warning system, it is characterised in that:The leak point
Analysis engine carries out leak analysis as follows:
(1) by the assets service release number of assets information processing engine storage and the leak information gathering from database
Impacted version is compared in the newest leak notice of warning content obtained in engine;
(2) if assets service release does not meet leak scope, database leak flag bit is first inquired about, if not provided, directly adjusting
Manager is informed with the alarm engine hair mail.
8. leak early warning according to claim 1 and emergency response automatic warning system, it is characterised in that:Divide when from leak
When analysis engine show that the service currently opened meets impacted scope, alarm engine is called to read the postal reserved in manager's list
Case sends a warning message;For non-serving version problem, without version information and special circumstances, when Hole Detection engine is drawn leak
When hole influences result, alarm engine reads the mailbox reserved in manager's list and sent a warning message.
9. leak early warning according to claim 1 and emergency response automatic warning system, it is characterised in that:The leak is pre-
Alert and emergency response automatic warning system also includes being used for the heartbeat inspection that real-time monitoring system worked and obtained non-load balanced case
Survey module.
10. leak early warning according to claim 1 and emergency response automatic warning system, it is characterised in that:The leak
It is task queue option mod that early warning and emergency response automatic warning system also include being used for showing task list, slotting for managing
Part and the plug-in unit of foreground addition write module, the statistics option mod for statistical system information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710514837.1A CN107426191A (en) | 2017-06-29 | 2017-06-29 | A kind of leak early warning and emergency response automatic warning system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710514837.1A CN107426191A (en) | 2017-06-29 | 2017-06-29 | A kind of leak early warning and emergency response automatic warning system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107426191A true CN107426191A (en) | 2017-12-01 |
Family
ID=60426807
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710514837.1A Pending CN107426191A (en) | 2017-06-29 | 2017-06-29 | A kind of leak early warning and emergency response automatic warning system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107426191A (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109361692A (en) * | 2018-11-20 | 2019-02-19 | 远江盛邦(北京)网络安全科技股份有限公司 | Web means of defence based on identification Asset Type and self-discovery loophole |
CN109409093A (en) * | 2018-10-19 | 2019-03-01 | 杭州安恒信息技术股份有限公司 | A kind of system vulnerability scan schedule method |
CN109871683A (en) * | 2019-01-24 | 2019-06-11 | 深圳昂楷科技有限公司 | A kind of database protection system and method |
CN109951359A (en) * | 2019-03-21 | 2019-06-28 | 北京国舜科技股份有限公司 | The asynchronous scan method of distributed network assets and equipment |
CN110110527A (en) * | 2019-05-10 | 2019-08-09 | 重庆八戒电子商务有限公司 | A kind of discovery method of loophole component, discovery device, computer installation and storage medium |
CN110109696A (en) * | 2019-05-10 | 2019-08-09 | 重庆天蓬网络有限公司 | A kind of method of data collection |
CN111711613A (en) * | 2020-05-26 | 2020-09-25 | 微梦创科网络科技(中国)有限公司 | Network security vulnerability scanning method and system |
CN111914259A (en) * | 2019-05-09 | 2020-11-10 | 阿里巴巴集团控股有限公司 | Data processing method and computing device |
CN112016091A (en) * | 2020-07-17 | 2020-12-01 | 安徽三实信息技术服务有限公司 | Vulnerability early warning information generation method based on component identification |
CN112351035A (en) * | 2020-11-06 | 2021-02-09 | 杭州安恒信息技术股份有限公司 | Industrial control security situation sensing method, device and medium |
CN112995143A (en) * | 2021-02-04 | 2021-06-18 | 海尔数字科技(青岛)有限公司 | Safety reporting method, device, equipment and medium based on mail system |
CN113946826A (en) * | 2021-09-10 | 2022-01-18 | 国网山东省电力公司信息通信公司 | Method, system, equipment and medium for analyzing and monitoring vulnerability fingerprint silence |
CN115964256A (en) * | 2023-03-16 | 2023-04-14 | 北京锐服信科技有限公司 | Alarm method and system in asset management scene |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101610174A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | A kind of log correlation analysis system and method |
CN102082659A (en) * | 2009-12-01 | 2011-06-01 | 厦门市美亚柏科信息股份有限公司 | Vulnerability scanning system oriented to safety assessment and processing method thereof |
US20120185945A1 (en) * | 2004-03-31 | 2012-07-19 | Mcafee, Inc. | System and method of managing network security risks |
CN104091116A (en) * | 2014-06-30 | 2014-10-08 | 珠海市君天电子科技有限公司 | Method, device and terminal for monitoring website vulnerability information |
US8918883B1 (en) * | 2005-06-15 | 2014-12-23 | Tripwire, Inc. | Prioritizing network security vulnerabilities using accessibility |
CN106230800A (en) * | 2016-07-25 | 2016-12-14 | 恒安嘉新(北京)科技有限公司 | A kind of to assets active probe with the method for leak early warning |
-
2017
- 2017-06-29 CN CN201710514837.1A patent/CN107426191A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120185945A1 (en) * | 2004-03-31 | 2012-07-19 | Mcafee, Inc. | System and method of managing network security risks |
US8918883B1 (en) * | 2005-06-15 | 2014-12-23 | Tripwire, Inc. | Prioritizing network security vulnerabilities using accessibility |
CN101610174A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | A kind of log correlation analysis system and method |
CN102082659A (en) * | 2009-12-01 | 2011-06-01 | 厦门市美亚柏科信息股份有限公司 | Vulnerability scanning system oriented to safety assessment and processing method thereof |
CN104091116A (en) * | 2014-06-30 | 2014-10-08 | 珠海市君天电子科技有限公司 | Method, device and terminal for monitoring website vulnerability information |
CN106230800A (en) * | 2016-07-25 | 2016-12-14 | 恒安嘉新(北京)科技有限公司 | A kind of to assets active probe with the method for leak early warning |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109409093A (en) * | 2018-10-19 | 2019-03-01 | 杭州安恒信息技术股份有限公司 | A kind of system vulnerability scan schedule method |
CN109361692B (en) * | 2018-11-20 | 2020-12-04 | 远江盛邦(北京)网络安全科技股份有限公司 | Web protection method based on asset type identification and self-discovery vulnerability |
CN109361692A (en) * | 2018-11-20 | 2019-02-19 | 远江盛邦(北京)网络安全科技股份有限公司 | Web means of defence based on identification Asset Type and self-discovery loophole |
CN109871683A (en) * | 2019-01-24 | 2019-06-11 | 深圳昂楷科技有限公司 | A kind of database protection system and method |
CN109871683B (en) * | 2019-01-24 | 2021-04-27 | 深圳昂楷科技有限公司 | Database protection system and method |
CN109951359A (en) * | 2019-03-21 | 2019-06-28 | 北京国舜科技股份有限公司 | The asynchronous scan method of distributed network assets and equipment |
CN109951359B (en) * | 2019-03-21 | 2021-02-02 | 北京国舜科技股份有限公司 | Asynchronous scanning method and device for distributed network assets |
CN111914259A (en) * | 2019-05-09 | 2020-11-10 | 阿里巴巴集团控股有限公司 | Data processing method and computing device |
CN110110527A (en) * | 2019-05-10 | 2019-08-09 | 重庆八戒电子商务有限公司 | A kind of discovery method of loophole component, discovery device, computer installation and storage medium |
CN110109696A (en) * | 2019-05-10 | 2019-08-09 | 重庆天蓬网络有限公司 | A kind of method of data collection |
CN111711613A (en) * | 2020-05-26 | 2020-09-25 | 微梦创科网络科技(中国)有限公司 | Network security vulnerability scanning method and system |
CN112016091A (en) * | 2020-07-17 | 2020-12-01 | 安徽三实信息技术服务有限公司 | Vulnerability early warning information generation method based on component identification |
CN112351035A (en) * | 2020-11-06 | 2021-02-09 | 杭州安恒信息技术股份有限公司 | Industrial control security situation sensing method, device and medium |
CN112351035B (en) * | 2020-11-06 | 2022-07-15 | 杭州安恒信息技术股份有限公司 | Industrial control security situation sensing method, device and medium |
CN112995143A (en) * | 2021-02-04 | 2021-06-18 | 海尔数字科技(青岛)有限公司 | Safety reporting method, device, equipment and medium based on mail system |
CN112995143B (en) * | 2021-02-04 | 2022-06-03 | 海尔数字科技(青岛)有限公司 | Safety reporting method, device, equipment and medium based on mail system |
CN113946826A (en) * | 2021-09-10 | 2022-01-18 | 国网山东省电力公司信息通信公司 | Method, system, equipment and medium for analyzing and monitoring vulnerability fingerprint silence |
CN115964256A (en) * | 2023-03-16 | 2023-04-14 | 北京锐服信科技有限公司 | Alarm method and system in asset management scene |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107426191A (en) | A kind of leak early warning and emergency response automatic warning system | |
CN106411578B (en) | A kind of web publishing system and method being adapted to power industry | |
CN110324310A (en) | Networked asset fingerprint identification method, system and equipment | |
CN104767757B (en) | Various dimensions safety monitoring method and system based on WEB service | |
CN109525427A (en) | Distributed assets information detection method and system | |
CN106371986A (en) | Log treatment operation and maintenance monitoring system | |
CN108011893A (en) | A kind of asset management system based on networked asset information gathering | |
CN102123044B (en) | Detection device and method of network topology consistency based on topology discovery technology | |
CN109327461A (en) | Distributed asset identification and change cognitive method and system | |
CN108183895A (en) | A kind of networked asset information acquisition system | |
CN106888106A (en) | The extensive detecting system of IT assets in intelligent grid | |
CN103026345A (en) | Dynamic multidimensional schemas for event monitoring priority | |
CN102932195B (en) | A kind of business diagnosis method for supervising of protocal analysis Network Based and system | |
CN106027528B (en) | A kind of method and device of the horizontal permission automatic identification of WEB | |
CN104811437B (en) | A kind of system and method that security strategy is generated in industrial control network | |
CN108769289A (en) | A kind of network address resources Visualized management system | |
CN110503406A (en) | Face electric distribution box inspection method for managing and monitoring and system | |
CN105871643A (en) | Network operation simulating method based on routing protocol | |
CN109639631A (en) | A kind of network security cruising inspection system and method for inspecting | |
CN114679292B (en) | Honeypot identification method, device, equipment and medium based on network space mapping | |
CN107395379A (en) | A kind of cluster cruising inspection system and method | |
CN109460307A (en) | Micro services a little, which are buried, based on log calls tracking and its system | |
CN106130897A (en) | Performance optimization method based on Router Simulation | |
CN108897686A (en) | It is complete to record separately automated testing method and device | |
CN107040546A (en) | A kind of Domain Hijacking detection and linkage method of disposal and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171201 |
|
RJ01 | Rejection of invention patent application after publication |