CN108388631A - A kind of method, agent apparatus and system threatening intelligence sharing - Google Patents
A kind of method, agent apparatus and system threatening intelligence sharing Download PDFInfo
- Publication number
- CN108388631A CN108388631A CN201810150285.5A CN201810150285A CN108388631A CN 108388631 A CN108388631 A CN 108388631A CN 201810150285 A CN201810150285 A CN 201810150285A CN 108388631 A CN108388631 A CN 108388631A
- Authority
- CN
- China
- Prior art keywords
- information
- unknown data
- intranet
- agent apparatus
- query result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
- G06F16/9535—Search customisation based on user profiles and personalisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the present invention provides a kind of method, agent apparatus and system threatening intelligence sharing.The method includes:The unknown data table in Intranet is polled according to predetermined period, obtains the unknown data in unknown data table;Inquiry request is sent to information Cloud Server according to unknown data, and receive the return of information Cloud Server includes the query result for threatening information;Query result is pushed to the threat information platform of Intranet, so that threaten information platform to store the query result threatens the shared of information to realize.The agent apparatus is for executing the above method.The embodiment of the present invention carries out periodic polling by agent apparatus to the unknown data table in Intranet, according to the unknown data in unknown data table inquiry request is sent to information Cloud Server, and query result is back to the threat information platform of Intranet, the case where gateway limits network environment is crossed in interior Netcom, it realizes and threatens the shared of information, improve the safety of intranet environment.
Description
Technical field
The present embodiments relate to technical field of network security more particularly to a kind of method threatening intelligence sharing, agencies
Apparatus and system.
Background technology
In today that science and technology is grown rapidly, ensure that the safety of network has become the premise of Internet technology development, it is many
Can all be studied by the Internet media distribution technology with security study personnel, security firm article, safety message etc. to colleague,
Scientific research personnel's analytical technology details.
We can often see from CERT, security service manufacturer, anti-virus manufacturer, government organs and security organization there
Safe early warning notice, loophole notice, threat notice etc., these belong to typical security threat information.Realizing the present invention
During embodiment, inventor has found, under many network security scenes, due to being limited by inner-mesh network environment, leads to
Often only open single agreement or particular port, i.e., increase unidirectional gateway between Intranet and outer net, unidirectional gateway can only by outer net to
Intranet initiates propelling data, cannot initiate to inquire from Intranet to outer net.Therefore, under the situation threat information of outer net be cannot be into
Enter to arrive Intranet, causes the safety of Intranet very low since Intranet can not obtain more rich threat information.
Therefore, in the case where Intranet network environment is restricted, how the threat information of outer net pushed into Intranet, from
And the safety for improving intranet environment is project nowadays urgently to be resolved hurrily.
Invention content
In view of the problems of the existing technology, the embodiment of the present invention provide it is a kind of threaten intelligence sharing method, agency dress
It sets and system.
In a first aspect, the embodiment of the present invention provides a kind of method threatening intelligence sharing, including:
The unknown data table in Intranet is polled according to predetermined period, when Intranet initiates information inquiry request, more
Newly and obtain the unknown data in the unknown data table;
Inquiry request is sent to information Cloud Server according to the unknown data, and receives the information Cloud Server and returns
Query result, the query result includes the corresponding threat information of the unknown data;
The query result is pushed to the threat information platform of Intranet, so that the threat information platform is by the inquiry
As a result it is stored, the shared of information is threatened to realize.
On the other hand, the embodiment of the present invention provides a kind of agent apparatus threatening intelligence sharing, including:
Poller module, for being polled to the unknown data table in Intranet according to predetermined period, when Intranet initiates information
When inquiry request, updates and obtain the unknown data in the unknown data table;
First sending module for sending inquiry request to information Cloud Server according to the unknown data, and receives institute
The query result of information Cloud Server return is stated, the query result includes the corresponding threat information of the unknown data;
Pushing module, the threat information platform for the query result to be pushed to Intranet, so that the threat information
Platform stores the query result, and the shared of information is threatened to realize.
The third aspect, the embodiment of the present invention provide a kind of system, including:Threaten information platform, information Cloud Server and the
Agent apparatus described in two aspects.
The third aspect, the embodiment of the present invention provide a kind of electronic equipment, including:Processor, memory and bus, wherein
The processor and the memory complete mutual communication by the bus;
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to refer to
Enable the method and step for being able to carry out first aspect.
Fourth aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, including:
The non-transient computer readable storage medium stores computer instruction, and the computer instruction makes the computer
Execute the method and step of first aspect.
A kind of method, agent apparatus and system threatening intelligence sharing provided in an embodiment of the present invention, passes through agent apparatus
Periodic polling is carried out to the unknown data table in Intranet, is sent to information Cloud Server according to the unknown data in unknown data table
Inquiry request, and query result is back to the threat information platform of Intranet, internal Netcom crosses what gateway limited network environment
Situation realizes and threatens the shared of information, improves the safety of intranet environment.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair
Some bright embodiments for those of ordinary skill in the art without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of threat intelligence sharing method flow schematic diagram provided in an embodiment of the present invention;
Fig. 2 is a kind of threat intelligence sharing agent apparatus structural schematic diagram provided in an embodiment of the present invention;
Fig. 3 is threat intelligence sharing system structure diagram provided in an embodiment of the present invention;
Fig. 4 is electronic equipment entity structure schematic diagram provided in an embodiment of the present invention.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
The every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Fig. 1 is a kind of threat intelligence sharing method flow schematic diagram provided in an embodiment of the present invention, as described in Figure 1, described
Method, including:
Step 101:The unknown data table in Intranet is polled according to predetermined period, information inquiry is initiated when Intranet and asks
When asking, updates and obtain the unknown data in the unknown data table;
Specifically, the big data analysis platform in Intranet preferentially links with information platform is threatened, Intranet user is submitted
Data are analyzed, and black, white, grey data are generated, wherein the data that user submits can be IP address, MD5 codes etc., by big
Data Analysis Platform and threaten information platform if it is determined that primary data be black data, then illustrate that the data are threat datas, such as
Fruit data are white data, then illustrate that the data are safe, if it is grey data, then illustrate that the data are not detected, and are belonged to
In unknown data, all unknown data got are stored in unknown data table, agent apparatus is according to predetermined period pair
Unknown data table in Intranet is polled, and when Intranet initiates information inquiry request, needs to update in unknown data table not
Primary data, and the unknown data in unknown data table is obtained by poll.It should be noted that agent apparatus can pass through SQL
Sentence is polled unknown data table, and predetermined period can be 1 second, can also be adjusted according to actual demand, the present invention
Embodiment is not specifically limited this.Unknown data in unknown data table can be multiple there are one that can also have.
Step 102:Inquiry request is sent to information Cloud Server according to the unknown data, and receives the information cloud clothes
The query result that business device returns, the query result includes the corresponding threat information of the unknown data;
Specifically, agent apparatus after getting unknown data, is looked into unknown data to the transmission of information Cloud Server
The corresponding query result of unknown data is back to by the inquiry request of inquiry, information Cloud Server after receiving the inquiry request
Agent apparatus, agent apparatus receive the query result that information Cloud Server returns, it is to be understood that query result includes not
The corresponding threat information of primary data can be IOC information and safety notice, can also include other information, and the present invention is implemented
Example is not specifically limited this.
Step 103:The query result is pushed to the threat information platform of Intranet, so that the threat information platform will
The query result is stored, and the shared of information is threatened to realize.
Specifically, agent apparatus after the corresponding query result of unknown data for receiving the return of information Cloud Server, is incited somebody to action
The query result pushes to the threat information platform of content, due in agent apparatus there are agency service, can with it is interior
Net is communicated.After threatening information platform to receive the query result of unknown data, it is stored, it will be outer to realize
The threat information of net pushes to Intranet by agent apparatus, and the shared of information is threatened to realize.It should be noted that threatening information
Platform according to different types of IOC information be decrypted decompression read, and insert result into threaten information platform KV engines into
The utilization to threatening information is completed in row parsing.
The embodiment of the present invention carries out periodic polling by agent apparatus to the unknown data table in Intranet, according to unknown data
Unknown data in table sends inquiry request to information Cloud Server, and the threat information that query result is back to Intranet is put down
The case where gateway limits network environment is crossed by platform, internal Netcom, realizes and threatens the shared of information, improves the peace of intranet environment
Quan Xing.
On the basis of the above embodiments, the method further includes:
Receive the intelligence document that periodically sends of information Cloud Server, and by the intelligence document in the form of binary stream into
Row storage.
Specifically, agent apparatus can receive the intelligence document that information Cloud Server is periodically sent, the information is being received
After file, the operations such as any decompression decryption is not done to intelligence document, directly intelligence document is stored, SQL languages can be passed through
Intelligence document is inserted into database by sentence, it should be noted that is utilized storage of the database to information, is passed through binary stream
Form stores intelligence document, is possibly stored to content fields, when data access method is with ADO, can utilize
AppendChunk and GetChunk carry out access control field.It should be noted that intelligence document includes IOC information and safety notice etc.,
After receiving intelligence document, it can be periodically sent to the threat information platform of Intranet, to be stored in more new threat information platform
Intelligence document.
The embodiment of the present invention receives the intelligence document that information Cloud Server is periodically sent by agent apparatus, and information is literary
Part is stored in the form of binary stream, realizes the update of the intelligence document stored in agent apparatus.
On the basis of the above embodiments, the method further includes:
The information inquiry request that periodically sends of threat information platform is received, according to the information inquiry request by data
The intelligence document in library is sent to the threat information platform so that the threat information platform to the intelligence document into
Row is parsed and is stored.
Specifically, threaten information platform that can send information inquiry request to agent apparatus according to the preset period,
Agent apparatus is after receiving and threatening the information inquiry request that periodically sends of information platform, according to information inquiry request from database
It is middle to obtain corresponding intelligence document, and intelligence document is sent to and threatens information platform, it is to be understood that information inquiry request
Can be all intelligence documents stored in inquiry proxy device, can also be inquiry from last time inquire current time this
Intelligence document in period.It threatens information platform after receiving intelligence document, it is parsed and is stored in database
In, in parsing, decompression can be decrypted according to different types of IOC information and read.It should be noted that information cloud service
Device can periodically generate up-to-date information and be pushed every hour or daily, solve intelligence update timeliness sex chromosome mosaicism.
The embodiment of the present invention receives the information inquiry request for threatening information platform periodically to send by agent apparatus, according to feelings
Corresponding intelligence document is sent to and threatens information platform by report inquiry request, realizes in being sent to the intelligence document of outer net
Net, to threatening the intelligence document in information platform to timely update, to improve the safety of Intranet.
On the basis of the above embodiments, the method further includes:
If judging to know, as preset orientation information, the intelligence document is sent to for the intelligence document that receives
The threat information platform.
Specifically, each industry can have the threat information for oneself comparing concern, therefore, according to the demand of industry, in advance
Some orientation information are set, after agent apparatus receives the intelligence document that information Cloud Server periodically pushes, if finding information
File includes pre-set orientation information, then is immediately sent to the intelligence document for belonging to orientation information and information is threatened to put down
Platform, so as to threaten information platform can be in time to threatening information to handle.
The embodiment of the present invention carries out periodic polling by agent apparatus to the unknown data table in Intranet, according to unknown data
Unknown data in table sends inquiry request to information Cloud Server, and the threat information that query result is back to Intranet is put down
The case where gateway limits network environment is crossed by platform, internal Netcom, realizes and threatens the shared of information, improves the peace of intranet environment
Quan Xing.
Fig. 2 is a kind of threat intelligence sharing agent apparatus structural schematic diagram provided in an embodiment of the present invention, as described in Figure 2,
Described device, including:Poller module 201, the first sending module 202 and pushing module 203, wherein:
Poller module 201 is for being polled the unknown data table in Intranet according to predetermined period, when Intranet initiates feelings
When reporting inquiry request, updates and obtain the unknown data in the unknown data table;First sending module 202 is used for according to
Unknown data sends inquiry request to information Cloud Server, and receives the query result that the information Cloud Server returns, described
Query result includes the corresponding threat information of the unknown data;Pushing module 203 is used to push to the query result interior
The threat information platform of net threatens information so that the threat information platform stores the query result to realize
It is shared.
Specifically, poller module 201 is polled the unknown data table in Intranet according to predetermined period, should illustrate
It is that agent apparatus can be polled unknown data table by SQL statement, when Intranet initiates information inquiry request, needs
Unknown data in more new location data table, and the unknown data in unknown data table is obtained by poll.Predetermined period can be with
It is 1 second, can also be adjusted according to actual demand, the embodiment of the present invention is not specifically limited this.In unknown data table
Unknown data can be multiple there are one that can also have.After getting unknown data, the first sending module 202 is to information cloud service
Device sends the inquiry request inquired unknown data, and information Cloud Server is after receiving the inquiry request, by unknown number
It is back to the first sending module 202 according to corresponding query result, the first sending module 202 can receive the return of information Cloud Server
Query result.It is understood that query result includes IOC information and safety notice, can also include other information,
The embodiment of the present invention is not specifically limited this.In the corresponding query result of unknown data for receiving the return of information Cloud Server
Afterwards, which is pushed to the threat information platform of content by pushing module 203, due to there are agency's clothes in agent apparatus
Business, therefore it can be communicated with Intranet.After threatening information platform to receive the query result of unknown data, it is carried out
The threat information of outer net is pushed to Intranet by storage to realize by agent apparatus, and the shared of information is threatened to realize.
The embodiment of agent apparatus provided by the invention specifically can be used for executing the processing stream of above-mentioned each method embodiment
Journey, details are not described herein for function, is referred to the detailed description of above method embodiment.
The embodiment of the present invention carries out periodic polling by agent apparatus to the unknown data table in Intranet, according to unknown data
Unknown data in table sends inquiry request to information Cloud Server, and the threat information that query result is back to Intranet is put down
The case where gateway limits network environment is crossed by platform, internal Netcom, realizes and threatens the shared of information, improves the peace of intranet environment
Quan Xing.
On the basis of the above embodiments, the agent apparatus further includes:
First receiving module, the intelligence document periodically sent for receiving information Cloud Server, and by the intelligence document
It is stored in the form of binary stream.
Specifically, the first receiving module can receive the intelligence document that information Cloud Server is periodically sent, this is being received
After intelligence document, the operations such as any decompression decryption is not done to intelligence document, directly intelligence document is stored, can be passed through
Intelligence document is inserted into database by SQL statement, it should be noted that utilize storage of the database to information, by two into
The form of system stream stores intelligence document.
The embodiment of the present invention receives the intelligence document that information Cloud Server is periodically sent by agent apparatus, and information is literary
Part is stored in the form of binary stream, realizes the update of the intelligence document stored in agent apparatus.
On the basis of the above embodiments, the agent apparatus further includes:
Second receiving module, the information inquiry request periodically sent for receiving the threat information platform, according to described
The intelligence document in database is sent to the threat information platform by information inquiry request, so that the threat information is flat
Platform is parsed and is stored to the intelligence document.
Specifically, threaten information platform that can send information inquiry request to agent apparatus according to the preset period,
Second receiving module is after receiving and threatening the information inquiry request that periodically sends of information platform, according to information inquiry request from number
According to obtaining corresponding intelligence document in library, and intelligence document is sent to and threatens information platform, it is to be understood that information is inquired
Request can be all intelligence documents stored in inquiry proxy device, can also be that inquiry inquired current time from last time
Intelligence document in this period.It threatens information platform after receiving intelligence document, it is parsed and is stored, is being solved
When analysis, decompression can be decrypted according to different types of IOC information and read.It should be noted that information Cloud Server can be with
Timing generates up-to-date information and is pushed every hour or daily, solves intelligence update timeliness sex chromosome mosaicism.
The embodiment of the present invention receives the information inquiry request for threatening information platform periodically to send by agent apparatus, according to feelings
Corresponding intelligence document is sent to and threatens information platform by report inquiry request, realizes in being sent to the intelligence document of outer net
Net, to threatening the intelligence document in information platform to timely update, to improve the safety of Intranet.
On the basis of the above embodiments, the agent apparatus further includes:
If second sending module is incited somebody to action for judging to know the intelligence document received as preset orientation information
The intelligence document is sent to the threat information platform.
Specifically, each industry can have the threat information for oneself comparing concern, therefore, according to the demand of industry, in advance
Some orientation information are set, after the second sending module receives the intelligence document that information Cloud Server periodically pushes, if finding
Intelligence document includes pre-set orientation information, then the intelligence document for belonging to orientation information is sent to threat information immediately
Platform, so as to threaten information platform can be in time to threatening information to handle.
The embodiment of the present invention carries out periodic polling by agent apparatus to the unknown data table in Intranet, according to unknown data
Unknown data in table sends inquiry request to information Cloud Server, and the threat information that query result is back to Intranet is put down
The case where gateway limits network environment is crossed by platform, internal Netcom, realizes and threatens the shared of information, improves the peace of intranet environment
Quan Xing.
Fig. 3 is threat intelligence sharing system structure diagram provided in an embodiment of the present invention, as described in Figure 3, the system packet
It includes:Big data platform 301 threatens information platform 302, agent apparatus 303 and information Cloud Server 304, wherein big data platform
301 belong to information Intranet with threat information platform 302, and information Cloud Server 304 belongs to internet, and agent apparatus 303 is between letter
It ceases between Intranet and information outer net, for the communication between information Intranet and information outer net.Agent apparatus has agency service, main
Dynamic connection Intranet serve port is polled acquisition unknown data to the unknown data table of Intranet, and to information Cloud Server 304
Inquiry request is sent, query result is returned to agent apparatus 303 by information Cloud Server 304, and agent apparatus 303 again ties inquiry
Fruit, which is sent to, threatens information platform 302.Information Cloud Server 304 periodically can also push intelligence document to agent apparatus 303.It can
With understanding, agent apparatus 303 is used to execute the process flows of the various embodiments described above, and details are not described herein for function, can be with
With reference to the detailed description of above method embodiment.
The embodiment of the present invention carries out periodic polling by agent apparatus to the unknown data table in Intranet, according to unknown data
Unknown data in table sends inquiry request to information Cloud Server, and the threat information that query result is back to Intranet is put down
The case where gateway limits network environment is crossed by platform, internal Netcom, realizes and threatens the shared of information, improves the peace of intranet environment
Quan Xing.
Fig. 4 is electronic equipment entity structure schematic diagram provided in an embodiment of the present invention, as described in Figure 4, the electronic equipment,
Including:Processor (processor) 401, memory (memory) 402 and bus 403;Wherein,
The processor 401 and memory 402 complete mutual communication by the bus 403;
The processor 401 is used to call the program instruction in the memory 402, to execute above-mentioned each method embodiment
The method provided, such as including:The unknown data table in Intranet is polled according to predetermined period, when Intranet initiates information
When inquiry request, updates and obtain the unknown data in the unknown data table;According to the unknown data to information cloud service
Device sends inquiry request, and receives the query result that the information Cloud Server returns, and the query result includes described unknown
The corresponding threat information of data;The query result is pushed to the threat information platform of Intranet, so that the threat information is flat
Platform stores the query result, and the shared of information is threatened to realize.
The present embodiment discloses a kind of computer program product, and the computer program product includes being stored in non-transient calculating
Computer program on machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is calculated
When machine executes, computer is able to carry out the method that above-mentioned each method embodiment is provided, such as including:It is internal according to predetermined period
Unknown data table in net is polled, and when Intranet initiates information inquiry request, is updated and is obtained in the unknown data table
Unknown data;Inquiry request is sent to information Cloud Server according to the unknown data, and receives the information Cloud Server
The query result of return, the query result include the corresponding threat information of the unknown data;The query result is pushed
To the threat information platform of Intranet, so that the threat information platform stores the query result, to realize threat feelings
Report is shared.
The present embodiment provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage medium
Computer instruction is stored, the computer instruction makes the computer execute the method that above-mentioned each method embodiment is provided, example
Such as include:The unknown data table in Intranet is polled according to predetermined period, when Intranet initiates information inquiry request, update
And obtain the unknown data in the unknown data table;Inquiry request is sent to information Cloud Server according to the unknown data,
And the query result that the information Cloud Server returns is received, the query result includes the corresponding threat feelings of the unknown data
Report;The query result is pushed to the threat information platform of Intranet, so that the threat information platform is by the query result
It is stored, the shared of information is threatened to realize.
One of ordinary skill in the art will appreciate that:Realize that all or part of step of above method embodiment can pass through
The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer read/write memory medium, the program
When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes:ROM, RAM, magnetic disc or light
The various media that can store program code such as disk.
The embodiments such as agent apparatus described above are only schematical, illustrate as separating component wherein described
Unit may or may not be physically separated, and the component shown as unit may or may not be object
Manage unit, you can be located at a place, or may be distributed over multiple network units.It can select according to the actual needs
Some or all of module therein is selected to achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying wound
In the case of the labour for the property made, you can to understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It is realized by the mode of software plus required general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be expressed in the form of software products in other words, should
Computer software product can store in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
Method described in certain parts of example or embodiment.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, it will be understood by those of ordinary skill in the art that:It still may be used
With technical scheme described in the above embodiments is modified or equivalent replacement of some of the technical features;
And these modifications or replacements, various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (11)
1. a kind of method threatening intelligence sharing, which is characterized in that including:
The unknown data table in Intranet is polled according to predetermined period, when Intranet initiates information inquiry request, update is simultaneously
Obtain the unknown data in the unknown data table;
Inquiry request is sent to information Cloud Server according to the unknown data, and receives looking into for the information Cloud Server return
It askes as a result, the query result includes the corresponding threat information of the unknown data;
The query result is pushed to the threat information platform of Intranet, so that the threat information platform is by the query result
It is stored, the shared of information is threatened to realize.
2. according to the method described in claim 1, it is characterized in that, the method, further includes:
The intelligence document that information Cloud Server is periodically sent is received, and the intelligence document is deposited in the form of binary stream
Storage.
3. according to the method described in claim 2, it is characterized in that, the method, further includes:
The information inquiry request that the threat information platform is periodically sent is received, it will be in database according to the information inquiry request
The intelligence document be sent to the threat information platform so that the threat information platform solves the intelligence document
It analyses and stores.
4. according to the method described in claim 2, it is characterized in that, the method, further includes:
If judging to know, the intelligence document that receives as preset orientation information, the intelligence document is sent to described
Threaten information platform.
5. a kind of agent apparatus threatening intelligence sharing, which is characterized in that including:
Poller module, for being polled to the unknown data table in Intranet according to predetermined period, when Intranet initiates information inquiry
When request, updates and obtain the unknown data in the unknown data table;
First sending module for sending inquiry request to information Cloud Server according to the unknown data, and receives the feelings
The query result for reporting Cloud Server to return, the query result includes the corresponding threat information of the unknown data;
Pushing module, the threat information platform for the query result to be pushed to Intranet, so that the threat information platform
The query result is stored, the shared of information is threatened to realize.
6. agent apparatus according to claim 5, which is characterized in that the agent apparatus further includes:
First receiving module, the intelligence document periodically sent for receiving information Cloud Server, and by the intelligence document with two
The form of system stream is stored.
7. agent apparatus according to claim 6, which is characterized in that the agent apparatus further includes:
Second receiving module, the information inquiry request periodically sent for receiving the threat information platform, according to the information
The intelligence document in database is sent to the threat information platform by inquiry request, so that the threat information platform pair
The intelligence document is parsed and is stored.
8. agent apparatus according to claim 6, which is characterized in that the agent apparatus further includes:
Second sending module, if for judging to know the intelligence document received as preset orientation information, it will be described
Intelligence document is sent to the threat information platform.
9. a kind of system, which is characterized in that including:Threaten any one of information platform, information Cloud Server and claim 5-8 institutes
The agent apparatus stated.
10. a kind of electronic equipment, which is characterized in that including:Processor, memory and bus, wherein
The processor and the memory complete mutual communication by the bus;
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to instruct energy
Enough execute method according to any one of claims 1-4.
11. a kind of non-transient computer readable storage medium, which is characterized in that the non-transient computer readable storage medium is deposited
Computer instruction is stored up, the computer instruction makes the computer execute method according to any one of claims 1-4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810150285.5A CN108388631B (en) | 2018-02-13 | 2018-02-13 | Method, agent device and system for sharing threat information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810150285.5A CN108388631B (en) | 2018-02-13 | 2018-02-13 | Method, agent device and system for sharing threat information |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108388631A true CN108388631A (en) | 2018-08-10 |
CN108388631B CN108388631B (en) | 2021-05-25 |
Family
ID=63069690
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810150285.5A Active CN108388631B (en) | 2018-02-13 | 2018-02-13 | Method, agent device and system for sharing threat information |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108388631B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110213055A (en) * | 2019-05-07 | 2019-09-06 | 北京奇安信科技有限公司 | Intelligence update method, apparatus, computer equipment and computer readable storage medium |
CN111092886A (en) * | 2019-12-17 | 2020-05-01 | 深信服科技股份有限公司 | Terminal defense method, system, equipment and computer readable storage medium |
CN113709176A (en) * | 2021-09-06 | 2021-11-26 | 北京华清信安科技有限公司 | Threat detection and response method and system based on secure cloud platform |
CN114531253A (en) * | 2020-10-30 | 2022-05-24 | 深信服科技股份有限公司 | Threat information generation method, equipment, system and storage medium |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101145150A (en) * | 2006-09-15 | 2008-03-19 | 中国银联股份有限公司 | Batch file processing method and system |
CN102346828A (en) * | 2011-09-20 | 2012-02-08 | 海南意源高科技有限公司 | Malicious program judging method based on cloud security |
CN102609645A (en) * | 2012-01-19 | 2012-07-25 | 北京工业大学 | Website data tampering preventing method based on network isolation structure |
CN204376941U (en) * | 2014-12-11 | 2015-06-03 | 中国石油天然气股份有限公司 | Outer net middleware, Intranet middleware and middleware system |
US20150172321A1 (en) * | 2013-12-13 | 2015-06-18 | Palerra, Inc. | Systems and Methods for Cloud Security Monitoring and Threat Intelligence |
US20160072836A1 (en) * | 2014-09-05 | 2016-03-10 | Resilient Systems, Inc. | System for Tracking Data Security Threats and Method for Same |
CN106055981A (en) * | 2016-06-03 | 2016-10-26 | 北京奇虎科技有限公司 | Method and device for generating threat intelligence |
CN106878262A (en) * | 2016-12-19 | 2017-06-20 | 新华三技术有限公司 | Message detecting method and device, the method and device for setting up high in the clouds threat information bank |
-
2018
- 2018-02-13 CN CN201810150285.5A patent/CN108388631B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101145150A (en) * | 2006-09-15 | 2008-03-19 | 中国银联股份有限公司 | Batch file processing method and system |
CN102346828A (en) * | 2011-09-20 | 2012-02-08 | 海南意源高科技有限公司 | Malicious program judging method based on cloud security |
CN102609645A (en) * | 2012-01-19 | 2012-07-25 | 北京工业大学 | Website data tampering preventing method based on network isolation structure |
US20150172321A1 (en) * | 2013-12-13 | 2015-06-18 | Palerra, Inc. | Systems and Methods for Cloud Security Monitoring and Threat Intelligence |
US20160072836A1 (en) * | 2014-09-05 | 2016-03-10 | Resilient Systems, Inc. | System for Tracking Data Security Threats and Method for Same |
CN204376941U (en) * | 2014-12-11 | 2015-06-03 | 中国石油天然气股份有限公司 | Outer net middleware, Intranet middleware and middleware system |
CN106055981A (en) * | 2016-06-03 | 2016-10-26 | 北京奇虎科技有限公司 | Method and device for generating threat intelligence |
CN106878262A (en) * | 2016-12-19 | 2017-06-20 | 新华三技术有限公司 | Message detecting method and device, the method and device for setting up high in the clouds threat information bank |
Non-Patent Citations (1)
Title |
---|
李静等: "互联网未知威胁监测及应用技术研究", 《网络安全技术与应用 》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110213055A (en) * | 2019-05-07 | 2019-09-06 | 北京奇安信科技有限公司 | Intelligence update method, apparatus, computer equipment and computer readable storage medium |
CN110213055B (en) * | 2019-05-07 | 2021-11-23 | 奇安信科技集团股份有限公司 | Information updating method and device, computer equipment and computer readable storage medium |
CN111092886A (en) * | 2019-12-17 | 2020-05-01 | 深信服科技股份有限公司 | Terminal defense method, system, equipment and computer readable storage medium |
CN114531253A (en) * | 2020-10-30 | 2022-05-24 | 深信服科技股份有限公司 | Threat information generation method, equipment, system and storage medium |
CN113709176A (en) * | 2021-09-06 | 2021-11-26 | 北京华清信安科技有限公司 | Threat detection and response method and system based on secure cloud platform |
Also Published As
Publication number | Publication date |
---|---|
CN108388631B (en) | 2021-05-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11615101B2 (en) | Anomaly detection in data ingested to a data intake and query system | |
US11620157B2 (en) | Data ingestion pipeline anomaly detection | |
US20220269727A1 (en) | Processing data using containerized state-free indexing nodes in a containerized scalable environment | |
US11269939B1 (en) | Iterative message-based data processing including streaming analytics | |
US11250056B1 (en) | Updating a location marker of an ingestion buffer based on storing buckets in a shared storage system | |
US11310284B2 (en) | Validation of cloud security policies | |
US11086869B1 (en) | Data intake and query system gateway | |
US20220035775A1 (en) | Data field extraction model training for a data intake and query system | |
US11704490B2 (en) | Log sourcetype inference model training for a data intake and query system | |
US20220036177A1 (en) | Data field extraction by a data intake and query system | |
US10873596B1 (en) | Cybersecurity alert, assessment, and remediation engine | |
CN108388631A (en) | A kind of method, agent apparatus and system threatening intelligence sharing | |
US11550847B1 (en) | Hashing bucket identifiers to identify search nodes for efficient query execution | |
US11562023B1 (en) | Merging buckets in a data intake and query system | |
US9992269B1 (en) | Distributed complex event processing | |
CN109074454A (en) | Malware is grouped automatically based on artefact | |
US20200272734A1 (en) | System and method for file artifact metadata collection and analysis | |
CN108182215A (en) | A kind of method and device of structured query language SQL performance statistics | |
US10659335B1 (en) | Contextual analyses of network traffic | |
US20220103586A1 (en) | Tailored network risk analysis using deep learning modeling | |
US11886844B1 (en) | Updating reusable custom functions across playbooks | |
CN112738040A (en) | Network security threat detection method, system and device based on DNS log | |
US11687487B1 (en) | Text files updates to an active processing pipeline | |
Serketzis et al. | Actionable threat intelligence for digital forensics readiness | |
CN108833389A (en) | A kind of shared processing method and processing device of information data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Patentee after: Qianxin Technology Group Co.,Ltd. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: Beijing Qi'anxin Technology Co.,Ltd. |