CN112148698A - Log auditing method and system for big data platform - Google Patents
Log auditing method and system for big data platform Download PDFInfo
- Publication number
- CN112148698A CN112148698A CN202010944385.2A CN202010944385A CN112148698A CN 112148698 A CN112148698 A CN 112148698A CN 202010944385 A CN202010944385 A CN 202010944385A CN 112148698 A CN112148698 A CN 112148698A
- Authority
- CN
- China
- Prior art keywords
- log
- module
- rule
- analysis
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000004458 analytical method Methods 0.000 claims abstract description 87
- 230000000007 visual effect Effects 0.000 claims abstract description 15
- 230000002159 abnormal effect Effects 0.000 claims abstract description 8
- 238000013507 mapping Methods 0.000 claims description 8
- 230000003993 interaction Effects 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 2
- 238000007726 management method Methods 0.000 abstract description 15
- 238000006243 chemical reaction Methods 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 238000012800 visualization Methods 0.000 description 4
- 238000012550 audit Methods 0.000 description 3
- 238000007405 data analysis Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/182—Distributed file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/14—Details of searching files based on file metadata
- G06F16/148—File search processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/14—Details of searching files based on file metadata
- G06F16/156—Query results presentation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/10—Text processing
- G06F40/12—Use of codes for handling textual entities
- G06F40/151—Transformation
Abstract
The invention provides a log auditing method and system for a big data platform, which comprises the following steps that S1, a log management module acquires log files of a plurality of log generating sources through a data interface, performs format conversion on the received log files, and stores the log files after format conversion in a classified manner; step S2, the security threat analysis module calls the stored log file, analyzes the log file according to the preset rule and obtains the analysis result; the analysis result comprises normal or abnormal; and step S3, the visual display module responds to the received preset instruction, retrieves the analysis result and displays the analysis result graphically. Compared with the traditional analysis technology, the method can realize rapid log positioning and content retrieval by adopting reverse indexing and columnar storage.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a log auditing method and system for a big data platform.
Background
With the rapid development of big data systems, Distributed File systems (Hadoop Distributed File systems) represented by Hadoop; there has also been a geometric growth in the stored and analyzed cyber-security threat data. The huge amount of logs and the complex environment bring huge impact to the traditional analysis mode, and the threat is difficult to be timely and effectively found and the alarm is given. However, the existing security analysis based on the firewall, the IDS and the network audit cannot process massive logs of the Hadoop big data platform, which seriously affects the security monitoring and audit of the Hadoop big data platform, and the judging method is not effective enough, so that the effective monitoring and audit of event logs of the Hadoop big data platform is a big problem in the prior art.
Disclosure of Invention
The invention aims to provide a log auditing method and system for a large data platform, and solves the technical problem that the existing method for safety monitoring, auditing and judging of the large data platform is not effective enough.
In one aspect of the present invention, a log auditing method for a big data platform is provided, which includes the following steps:
step S1, the log management module obtains the log file of the log generation source through the data interface, converts the format of the received log file, and stores the converted log file in classification;
step S2, the security threat analysis module calls the stored log file, analyzes the log file according to the preset rule and obtains the analysis result; the analysis result comprises normal or abnormal;
and step S3, the visual display module responds to the received preset instruction, retrieves the analysis result and displays the analysis result graphically.
Preferably, the step S1 includes: the log management module acquires a log file of a log generation source, judges whether a log storage server is normally started or not, and caches the received log file if the log storage server is normally started; and if the log storage server is not normally started, storing the log file into a local storage device until the log storage server is detected to be started, and sending the locally stored log file to the log storage server.
Preferably, the step S1 includes: and the log management module reads the cached log file, converts the read log file into a structured form, analyzes a log structure, and sends the structured log file to the log storage server for storage.
Preferably, the step S2 includes: the security threat analysis module responds to a log analysis instruction and reads preset log analysis data; retrieving a preset security policy rule base according to the preset log analysis data, and calling rule data corresponding to the preset log analysis data; and analyzing the log file according to the rule data to generate an analysis result.
Preferably, the step S3 includes: the visual display module responds to a preset security policy calling instruction, acquires a corresponding security policy rule, and retrieves the analysis result according to the security rule to generate a retrieval result.
Preferably, the step S3 includes: the visual display module responds to a preset graphical display instruction, obtains a corresponding graphical display rule, and displays a retrieval result according to the graphical display rule.
The embodiment of the invention also provides a log auditing system of the big data platform, which is used for realizing the log auditing method of the big data platform and comprises the following steps:
the log management module is used for acquiring the log file of the log generation source through the data interface, performing format conversion on the received log file, and storing the log file after format conversion in a classified manner;
the security threat analysis module is used for calling the stored log file, analyzing the log file according to a preset rule and acquiring an analysis result; the analysis result comprises normal or abnormal;
and the visual display module is used for responding to the received preset instruction, retrieving the analysis result and graphically displaying the analysis result. Preferably, the log management module obtains a log file of a log generation source, judges whether the log storage server is normally started, and caches the received log file if the log storage server is normally started; if the log storage server is not normally started, storing the log file into a local storage device, and sending the locally stored log file to the log storage server until the log storage server is detected to be started; and reading the cached log file, converting the read log file into a structured form, analyzing a log structure, and sending the structured log file to the log storage server for storage.
Preferably, the security threat analysis module responds to a log analysis instruction and reads preset log analysis data; retrieving a preset security policy rule base according to the preset log analysis data, and calling rule data corresponding to the preset log analysis data; and analyzing the log file according to the rule data to generate an analysis result.
Preferably, the visual display module responds to a preset security policy invoking instruction to obtain a corresponding security policy rule, and retrieves the analysis result according to the security rule to generate a retrieval result; and responding to a preset graphical display instruction, acquiring a corresponding graphical display rule, and displaying the retrieval result according to the graphical display rule.
In summary, the embodiment of the invention has the following beneficial effects:
the log auditing method and system for the big data platform provided by the invention can be distributed and deployed, have high expansibility, can configure a plurality of nodes according to the performance of equipment, can collect data of a plurality of big data platforms at the same time, and support log collection of different data sources.
The method has multi-log association query and analysis, supports quick full-text retrieval, can self-define retrieval display views and retrieval strategies, and automatically displays the visualization effect according to the self-defined retrieval strategies; the method has the advantages that powerful data retrieval and analysis capabilities are provided, logs can be analyzed and queried quickly even though the data size is quite large, real-time data analysis is supported, comprehensive analysis of massive logs is provided by adopting a distributed cluster, and compared with the traditional analysis technology, quick log positioning and content retrieval can be achieved by adopting reverse indexing and column type storage.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is within the scope of the present invention for those skilled in the art to obtain other drawings based on the drawings without inventive exercise.
Fig. 1 is a main flow diagram of a log auditing method for a big data platform according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of a log auditing system of a big data platform in an embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a log management module in an embodiment of the present invention.
Fig. 4 is a schematic structural diagram of a security threat analysis module in an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings.
Fig. 1 is a schematic diagram illustrating an embodiment of a log auditing method for a large data platform according to the present invention. In this embodiment, the method comprises the steps of:
step S1, the log management module obtains the log files of a plurality of log generating sources through the data interface, converts the format of the received log files, and stores the converted log files in a classified manner; it is understood that the log management module may be a log management layer, and the log management layer includes: the system comprises a log receiving server cluster and a log storage server cluster; the system is responsible for receiving the whole log file based on the hadoop ecosystem from the data interface, performing centralized collection and storage, performing canonicalization processing on the collected log, performing unified description on different log formats, and classifying the log. The system can perform centralized management and quasi-real-time search and analysis on the log. The high-speed log engine can realize the fast log processing of a Hadoop big data platform.
In a specific embodiment, the log management module acquires a log file of a log generation source, judges whether a log storage server is normally started, and caches the received log file if the log storage server is normally started; if the log storage server is not normally started, storing the log file into a local storage device, and sending the locally stored log file to the log storage server until the log storage server is detected to be started; the log management module reads the cached log file, converts the read log file into a structured form, analyzes a log structure, and sends the structured log file to the log storage server for storage; it can be understood that on the Hadoop big data platform, when the device generates the log, the log copy is sent in parallel through the log sending protocol to the log receiving server cluster; the log receiving server cluster receives the logs through the appointed host and the appointed port, so that the purpose of centralized collection is achieved; the log continuously sends the log to a log receiving server to form a log stream, and simultaneously, the server carries out normal processing on the log while capturing the log stream and processes the unstructured log into a structured or semi-structured log; the processed logs are finally sent to a log storage server cluster for storage; meanwhile, a high-speed log engine is deployed on the storage cluster, so that log data can be retrieved and analyzed quickly.
Specifically, the log source generates a log and sends the log to the log receiving server cluster through the log sending plug-in; if the log receiving server is normally started, caching the received log to be processed in the next step; if the receiving server is abnormal, the log is stored in the local machine in a file form, and the log is sent when the receiving server is normal; the log normalization processing engine reads the log from the log cache; and analyzing the log structure and storing the structured log.
Step S2, the security threat analysis module calls the stored log file, analyzes the log file according to the preset rule and obtains the analysis result; the analysis result comprises normal or abnormal; it can be understood that the security threat layer program is operated mainly by erecting an application container, and the related method is called to work through a WEBSERVICE interface; the method can monitor the access to sensitive data or malicious operation in real time and perform early warning prompt in time; the data access flow in hadoop can be monitored, and illegal intrusion and security threats violating security rules can be detected.
In a specific embodiment, the security threat analysis module responds to a log analysis instruction and reads preset log analysis data; retrieving a preset security policy rule base according to the preset log analysis data, and calling rule data corresponding to the preset log analysis data; analyzing the log file according to the rule data to generate an analysis result; as can be appreciated, a preset log data analysis task is read; retrieving a security policy rule base according to preset task contents, and acquiring related rules; analyzing the full log text according to relevant rules; gathering the analysis and calculation results; and saving the converged result for query.
Step S3, the visual display module responds to the received preset instruction, retrieves the analysis result and displays the analysis result graphically; it can be understood that the analysis result can be fully displayed to the user from different dimensions in various display modes such as a trend chart, a topological graph, a bar chart, a column chart, a dashboard, a table and the like, the visualization style can be customized, and the parameters can be set. The method supports rapid full-text retrieval, has regular expression self-defined retrieval capability, has multi-log associated query and analysis capability, self-defines an instrument panel, and can organize the specific chart data information displayed according to concerned key contents.
In a specific embodiment, the visual display module responds to a preset security policy invoking instruction to obtain a corresponding security policy rule, and retrieves the analysis result according to the security rule to generate a retrieval result; the visual display module responds to a preset graphical display instruction, acquires a corresponding graphical display rule and displays a retrieval result according to the graphical display rule; as can be understood, the security policy rules are customized according to the page prompt; analyzing the log according to a self-defined rule; gathering the analysis and calculation results; selecting an icon form, and displaying the convergence result in a chemical mode; this custom policy can be stored as needed for the next analysis.
As shown in fig. 2, an embodiment of the present invention further provides a log auditing system for a big data platform, so as to implement the log auditing method for the big data platform, where the log auditing system includes:
the log management module is used for acquiring log files of a plurality of log generating sources through the data interface, converting the format of the received log files and storing the converted log files in a classified manner;
in a specific embodiment, as shown in fig. 3, the log receiving unit (log cluster) is configured to obtain a log file of a log generation source, determine whether a log storage server is normally started, and cache the received log file if the log storage server is normally started; if the log storage server is not normally started, storing the log file into a local storage device, and sending the locally stored log file to the log storage unit until the log storage server is detected to be started; reading the cached log file, converting the read log file into a structured form, analyzing a log structure, and sending the structured log file to the log storage unit for storage; and the log storage unit (log storage cluster) is used for storing the structured log file.
The security threat analysis module is used for calling the stored log file, analyzing the log file according to a preset rule and acquiring an analysis result; the analysis result comprises normal or abnormal; it can be understood that the security threat layer program is operated mainly by erecting an application container, and the related method is called to work through a WEBSERVICE interface; the method can monitor the access to sensitive data or malicious operation in real time and perform early warning prompt in time; the data access flow in hadoop can be monitored, and illegal intrusion and security threats violating security rules can be detected.
In a specific embodiment, as shown in fig. 4, the security threat analysis module includes: the node data exchange module is used for coordinating data transmission among the data interaction nodes; the node active discovery module is used for identifying and searching the data interaction node; the active discovery module and the data exchange module perform related coordination work between the cluster hosts of the security threat layer. The script engine is used for responding to the execution instruction to start the dynamic script; is responsible for executing dynamic scenarios. The index module is used for indexing a specific field of the log related to the security threat; it is responsible for indexing specific fields of the security threat related log. The retrieval module is used for retrieving the safety rules and the logs after the indexing is finished, and performing reverse indexing and column type storage; and the logs which are responsible for searching the safety rules and completing the indexing comprise reverse indexing and columnar storage, so that the searching speed is improved. The mapping module is used for inquiring and applying the security rule mapping; and the system is responsible for inquiring and applying the safety rule mapping. The security rule configuration module is used for providing security rules for the script engine, the index module, the retrieval module and the mapping module and configuring the security rules; the basic module is a script engine, an index module, a retrieval module and a mapping module on the upper layer of the basic module, and the four modules can normally work only based on the safety rules produced by the basic module.
The visual display module is used for responding to the received preset instruction, retrieving the analysis result and graphically displaying the analysis result; it can be understood that the analysis result can be fully displayed to the user from different dimensions in various display modes such as a trend graph, a topological graph, a bar graph, a dashboard, a table and the like, the visualization style can be customized, and parameters can be set; the method supports rapid full-text retrieval, has regular expression self-defined retrieval capability, has multi-log associated query and analysis capability, self-defines an instrument panel, and can organize the specific chart data information displayed according to concerned key contents.
In a specific embodiment, a corresponding security policy rule is obtained in response to a preset security policy invoking instruction, and a retrieval result is generated by retrieving the analysis result according to the security rule; and responding to a preset graphical display instruction, acquiring a corresponding graphical display rule, and displaying the retrieval result according to the graphical display rule.
In summary, the embodiment of the invention has the following beneficial effects:
the log auditing method and system for the big data platform provided by the invention can be distributed and deployed, have high expansibility, can configure a plurality of nodes according to the performance of equipment, can collect data of a plurality of big data platforms at the same time, and support log collection of different data sources.
The method has multi-log association query and analysis, supports quick full-text retrieval, can self-define retrieval display views and retrieval strategies, and automatically displays the visualization effect according to the self-defined retrieval strategies; the method has the advantages that powerful data retrieval and analysis capabilities are provided, logs can be analyzed and queried quickly even though the data size is quite large, real-time data analysis is supported, comprehensive analysis of massive logs is provided by adopting a distributed cluster, and compared with the traditional analysis technology, quick log positioning and content retrieval can be achieved by adopting reverse indexing and column type storage.
While the invention has been described in connection with what is presently considered to be the most practical and preferred embodiment, it is to be understood that the invention is not to be limited to the disclosed embodiment, but on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (10)
1. A log auditing method for a big data platform is characterized by comprising the following steps:
step S1, the log management module obtains the log files of a plurality of log generating sources through the data interface, converts the format of the received log files, and stores the converted log files in a classified manner;
step S2, the security threat analysis module calls the stored log file, analyzes the log file according to the preset rule and obtains the analysis result; the analysis result comprises normal or abnormal;
and step S3, the visual display module responds to the received preset instruction, retrieves the analysis result and displays the analysis result graphically.
2. The method of claim 1, wherein the step S1 includes:
the log management module acquires a log file of a log generation source, judges whether a log storage server is normally started or not, and caches the received log file if the log storage server is normally started; and if the log storage server is not normally started, storing the log file into a local storage device until the log storage server is detected to be started, and sending the locally stored log file to the log storage server.
3. The method of claim 2, wherein the step S1 includes:
and the log management module reads the cached log file, converts the read log file into a structured form, analyzes a log structure, and sends the structured log file to the log storage server for storage.
4. The method of claim 3, wherein the step S2 includes:
the security threat analysis module responds to a log analysis instruction and reads preset log analysis data; retrieving a preset security policy rule base according to the preset log analysis data, and calling rule data corresponding to the preset log analysis data; and analyzing the log file according to the rule data to generate an analysis result.
5. The method of claim 4, wherein the step S3 includes:
the visual display module responds to a preset security policy calling instruction, acquires a corresponding security policy rule, and retrieves the analysis result according to the security rule to generate a retrieval result.
6. The method of claim 5, wherein the step S3 includes:
the visual display module responds to a preset graphical display instruction, obtains a corresponding graphical display rule, and displays a retrieval result according to the graphical display rule.
7. A log auditing system of a large data platform for implementing the method of claims 1-6, comprising:
the log management module is used for acquiring log files of a plurality of log generating sources through the data interface, converting the format of the received log files and storing the converted log files in a classified manner;
the security threat analysis module is used for calling the stored log file, analyzing the log file according to a preset rule and acquiring an analysis result; the analysis result comprises normal or abnormal;
and the visual display module is used for responding to the received preset instruction, retrieving the analysis result and graphically displaying the analysis result.
8. The system of claim 7, wherein the log management module comprises:
the log receiving unit is used for acquiring a log file of a log generation source, judging whether the log storage server is normally started or not, and caching the received log file if the log storage server is normally started; if the log storage server is not normally started, storing the log file into a local storage device, and sending the locally stored log file to the log storage unit until the log storage server is detected to be started; reading the cached log file, converting the read log file into a structured form, analyzing a log structure, and sending the structured log file to the log storage unit for storage;
and the log storage unit is used for storing the structured log file.
9. The system of claim 1, wherein the security threat analysis module comprises:
the node data exchange module is used for coordinating data transmission among the data interaction nodes;
the node active discovery module is used for identifying and searching the data interaction node;
the script engine is used for responding to the execution instruction to start the dynamic script;
the index module is used for indexing a specific field of the log related to the security threat;
the retrieval module is used for retrieving the safety rules and the logs after the indexing is finished, and performing reverse indexing and column type storage;
the mapping module is used for inquiring and applying the security rule mapping;
and the security rule configuration module is used for providing security rules for the script engine, the index module, the retrieval module and the mapping module and configuring the security rules.
10. The system of claim 9, wherein the visual presentation module is configured to respond to a preset security policy invoking instruction to obtain a corresponding security policy rule, and retrieve the analysis result according to the security rule to generate a retrieval result; and responding to a preset graphical display instruction, acquiring a corresponding graphical display rule, and displaying the retrieval result according to the graphical display rule.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010944385.2A CN112148698A (en) | 2020-09-10 | 2020-09-10 | Log auditing method and system for big data platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010944385.2A CN112148698A (en) | 2020-09-10 | 2020-09-10 | Log auditing method and system for big data platform |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112148698A true CN112148698A (en) | 2020-12-29 |
Family
ID=73889940
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010944385.2A Pending CN112148698A (en) | 2020-09-10 | 2020-09-10 | Log auditing method and system for big data platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112148698A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113923192A (en) * | 2021-09-29 | 2022-01-11 | 深信服科技股份有限公司 | Flow auditing method, device, system, equipment and medium |
CN114187597A (en) * | 2022-02-17 | 2022-03-15 | 北京安帝科技有限公司 | Log auditing method and device |
CN114444105A (en) * | 2022-01-28 | 2022-05-06 | 北京中友金审科技有限公司 | Intelligent audit data reporting safety method |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104268254A (en) * | 2014-10-09 | 2015-01-07 | 浪潮电子信息产业股份有限公司 | Security state analysis and statistics method |
CN104794123A (en) * | 2014-01-20 | 2015-07-22 | 阿里巴巴集团控股有限公司 | Method and device for establishing NoSQL database index for semi-structured data |
CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
WO2017210005A1 (en) * | 2016-05-31 | 2017-12-07 | University Of South Florida | Systems and methods for detecting attacks in big data systems |
CN108052679A (en) * | 2018-01-04 | 2018-05-18 | 焦点科技股份有限公司 | A kind of Log Analysis System based on HADOOP |
CN109902072A (en) * | 2019-02-21 | 2019-06-18 | 云南电网有限责任公司红河供电局 | A kind of log processing system |
CN111404909A (en) * | 2020-03-10 | 2020-07-10 | 上海豌豆信息技术有限公司 | Security detection system and method based on log analysis |
-
2020
- 2020-09-10 CN CN202010944385.2A patent/CN112148698A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104794123A (en) * | 2014-01-20 | 2015-07-22 | 阿里巴巴集团控股有限公司 | Method and device for establishing NoSQL database index for semi-structured data |
CN104268254A (en) * | 2014-10-09 | 2015-01-07 | 浪潮电子信息产业股份有限公司 | Security state analysis and statistics method |
WO2017210005A1 (en) * | 2016-05-31 | 2017-12-07 | University Of South Florida | Systems and methods for detecting attacks in big data systems |
CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
CN108052679A (en) * | 2018-01-04 | 2018-05-18 | 焦点科技股份有限公司 | A kind of Log Analysis System based on HADOOP |
CN109902072A (en) * | 2019-02-21 | 2019-06-18 | 云南电网有限责任公司红河供电局 | A kind of log processing system |
CN111404909A (en) * | 2020-03-10 | 2020-07-10 | 上海豌豆信息技术有限公司 | Security detection system and method based on log analysis |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113923192A (en) * | 2021-09-29 | 2022-01-11 | 深信服科技股份有限公司 | Flow auditing method, device, system, equipment and medium |
CN114444105A (en) * | 2022-01-28 | 2022-05-06 | 北京中友金审科技有限公司 | Intelligent audit data reporting safety method |
CN114187597A (en) * | 2022-02-17 | 2022-03-15 | 北京安帝科技有限公司 | Log auditing method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11893703B1 (en) | Precise manipulation of virtual object position in an extended reality environment | |
CN112148698A (en) | Log auditing method and system for big data platform | |
US11645471B1 (en) | Determining a relationship recommendation for a natural language request | |
US11238033B1 (en) | Interactive location queries for raw machine data | |
US9582585B2 (en) | Discovering fields to filter data returned in response to a search | |
US10917389B2 (en) | Trusted tunnel bridge | |
US11410403B1 (en) | Precise scaling of virtual objects in an extended reality environment | |
US11687413B1 (en) | Data snapshots for configurable screen on a wearable device | |
US11886430B1 (en) | Intent-based natural language processing system | |
CN108039959B (en) | Data situation perception method, system and related device | |
US11947614B1 (en) | Method and system for centralized multi-instance deployment consolidation | |
KR102067032B1 (en) | Method and system for data processing based on hybrid big data system | |
US20230018723A1 (en) | Cascading payload replication | |
US20220191105A1 (en) | Generating a three-dimensional cityscape including a cluster of nodes | |
US11699268B1 (en) | Techniques for placement of extended reality objects relative to physical objects in an extended reality environment | |
CN112000992B (en) | Data leakage prevention protection method and device, computer readable medium and electronic equipment | |
US11670062B1 (en) | Web-based three-dimensional extended reality workspace editor | |
CN114791846A (en) | Method for realizing observability aiming at cloud native chaos engineering experiment | |
US11544282B1 (en) | Three-dimensional drill-down data visualization in extended reality environment | |
US11461408B1 (en) | Location-based object identification and data visualization | |
JP5302149B2 (en) | WEB access log confirmation system, method and program | |
US11182576B1 (en) | Techniques for using tag placement to determine 3D object orientation | |
CN114528554B (en) | Information security operation scene monitoring display platform | |
US11482002B1 (en) | Codeless anchor detection for detectable features in an environment | |
US11727643B1 (en) | Multi-environment networked remote collaboration system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |