CN115514670B - Data capturing method, device, electronic equipment and storage medium - Google Patents

Data capturing method, device, electronic equipment and storage medium Download PDF

Info

Publication number
CN115514670B
CN115514670B CN202211036945.XA CN202211036945A CN115514670B CN 115514670 B CN115514670 B CN 115514670B CN 202211036945 A CN202211036945 A CN 202211036945A CN 115514670 B CN115514670 B CN 115514670B
Authority
CN
China
Prior art keywords
capturing
task
information
agent
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211036945.XA
Other languages
Chinese (zh)
Other versions
CN115514670A (en
Inventor
陈蔚然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCB Finetech Co Ltd
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202211036945.XA priority Critical patent/CN115514670B/en
Publication of CN115514670A publication Critical patent/CN115514670A/en
Application granted granted Critical
Publication of CN115514670B publication Critical patent/CN115514670B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles

Abstract

The disclosure provides a data capturing method, which can be applied to the technical field of information security. The data capturing method comprises the following steps: acquiring a capturing task for capturing target data, wherein the capturing task comprises capturing equipment information and capturing parameter information; splitting the capturing task into at least one capturing subtask according to the capturing device information and the capturing parameter information, wherein the capturing subtask comprises capturing device information and capturing subtrameters corresponding to the capturing subtasks; acquiring agent program information corresponding to the capturing device according to capturing device information contained in the capturing subtask; generating an orchestration task corresponding to the capturing subtask according to the agent program information and the capturing subtask; and under the condition that the agent program belongs to the resident process, triggering the agent program to execute the scheduling task according to a task triggering mode corresponding to the agent program so as to capture the target data. The disclosure also provides a data capturing device, equipment and a storage medium.

Description

Data capturing method, device, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of information security, and more particularly, to a data capturing method, apparatus, device, medium, and program product.
Background
In computer networks, network traffic needs to be monitored, captured, and analyzed for troubleshooting network problems. In the related art, when an application process deployed on a host computer is subjected to network packet capturing, the application process generally needs to log in to the corresponding host computer, and a packet capturing tool is operated by using root permission to capture a message.
In the process of implementing the inventive concept of the present disclosure, the inventor found that there are at least the following problems in the related art: the method for capturing the packet needs to use root permission, so that the risk of data leakage is high.
Disclosure of Invention
In view of the foregoing, the present disclosure provides a data capture method, apparatus, device, medium, and program product.
According to one aspect of the present disclosure, there is provided a data capturing method including:
acquiring a capturing task for capturing target data, wherein the capturing task comprises capturing equipment information and capturing parameter information;
splitting the capturing task into at least one capturing subtask according to the capturing device information and the capturing parameter information, wherein the capturing subtask comprises the capturing device information and capturing sub-parameters corresponding to the capturing subtask;
Acquiring agent program information corresponding to the capturing device according to the capturing device information contained in the capturing subtask;
generating an arranging task corresponding to the capturing subtask according to the agent program information and the capturing subparameter; and
and under the condition that the agent program belongs to a resident process, triggering the agent program to execute the arranging task according to a task triggering mode corresponding to the agent program so as to capture the target data.
According to an embodiment of the present disclosure, the task triggering manner includes one of the following: the trigger mode of the task configuration file and the trigger mode of the command line tool.
According to an embodiment of the present disclosure, the task trigger mode corresponding to the agent program includes a trigger mode of the task configuration file;
wherein the triggering the agent to perform the orchestration task comprises:
and under the condition that the agent program monitors that the target folder contains a task configuration file corresponding to the scheduling task, acquiring task information according to the task configuration file so that the agent program can execute the scheduling task according to the task information.
According to an embodiment of the present disclosure, the task trigger mode corresponding to the agent program includes a trigger mode of the command line tool;
Wherein the triggering the agent to perform the orchestration task comprises:
when it is determined that a command line control tool exists, task information corresponding to the scheduling task is transmitted to the agent by using the command line control tool, so that the agent executes the scheduling task based on the task information.
According to an embodiment of the present disclosure, the data capturing method further includes:
in the case that the agent does not belong to the resident process, acquiring an agent configuration file corresponding to the agent from a software library so as to operate the agent according to the agent configuration file;
and sending the scheduling task to the agent program so that the agent program can execute the scheduling task.
According to an embodiment of the present disclosure, the data capturing method further includes:
before the agent program information corresponding to the capturing device is obtained, the capturing subtask is sent to a message middleware;
acquiring the capturing subtask under the condition that the task executor monitors that the message middleware receives the capturing subtask;
and analyzing the capturing device information and the capturing sub-parameters contained in the capturing sub-task.
According to an embodiment of the present disclosure, the data capturing method further includes:
the task executor receives a data packet capturing file sent by the agent program, wherein the data packet capturing file contains the target data;
transmitting the data packet capturing file to a data storage module;
and analyzing the data packet capturing file to generate a file in a webpage format.
According to an embodiment of the present disclosure, the data capturing method further includes:
the data storage module acquires a data packet capturing file from an intermediate storage medium, wherein the data packet capturing file is sent to the intermediate storage medium by the agent program, and the data packet capturing file contains the target data;
and analyzing the data packet capturing file to generate a file in a webpage format.
Another aspect of the present disclosure provides a data capture device comprising:
the first acquisition module is used for acquiring a capture task for capturing target data, wherein the capture task comprises capture equipment information and capture parameter information;
the splitting module is used for splitting the capturing task into at least one capturing subtask according to the capturing equipment information and the capturing parameter information, wherein the capturing subtask comprises the capturing equipment information and capturing sub-parameters corresponding to the capturing subtask;
The second acquisition module is used for acquiring agent program information corresponding to the capturing equipment according to the capturing equipment information contained in the capturing subtask;
the first generation module is used for generating an arranging task corresponding to the capturing subtask according to the agent program information and the capturing subparameter; and
and the triggering module is used for triggering the agent program to execute the arranging task according to a task triggering mode corresponding to the agent program under the condition that the agent program belongs to a resident process so as to capture the target data.
Another aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the data capture method.
Another aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described data capture method.
Another aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described data capture method.
According to the embodiment of the present disclosure, since the target data capturing task of acquiring the information including the capturing device information and the capturing parameter information is adopted; then splitting the capturing task into at least one capturing subtask according to the capturing device information and the capturing parameter information, wherein the capturing subtask comprises capturing device information and capturing subtrameters corresponding to the capturing subtasks; acquiring agent program information corresponding to the capturing device according to capturing device information contained in the capturing subtask; generating an orchestration task according to the agent program information and the capturing subparameter; and then under the condition that the agent program belongs to a resident process, triggering the agent program to execute the arranging task according to a task triggering mode corresponding to the agent program so as to facilitate capturing target data, so that the technical problem that the data leakage risk is high due to the use of root rights in the process of capturing data is at least partially solved, further, the technical effects that the capturing task is executed by utilizing the agent program, the packet capturing rights are used, the root rights are not required, the rights and the network minimizing opening principle are followed, and the data leakage risk is reduced are achieved.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario diagram of a data capture method, apparatus, device, medium and program product according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a data capture method according to an embodiment of the disclosure;
FIG. 3 schematically illustrates a flow chart of a proxy triggering method according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow chart of a method of agent triggering in accordance with another embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow chart of a method of agent triggering in accordance with yet another embodiment of the present disclosure;
FIG. 6 schematically illustrates a flow chart of a data capture method according to another embodiment of the present disclosure;
FIG. 7 schematically illustrates a TCP/IP protocol family schematic according to an embodiment of the present disclosure;
FIG. 8 schematically illustrates a block diagram of a data capture device according to an embodiment of the present disclosure; and
fig. 9 schematically illustrates a block diagram of an electronic device adapted to implement a data capturing method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
In computer networks, thousands of network problems can occur each day, ranging from simple inter-host process communication, to complex router configurations, especially in the development of cloud computing, cloud-oriented, network isolation techniques, software-defined networking, etc., with increasing complexity in network problem investigation. Therefore, monitoring, capturing and analyzing network traffic is currently a necessary means for troubleshooting network problems.
In the related art, when an application process deployed on a host computer is subjected to network packet capturing, the application process generally needs to log in to the corresponding host computer, and a packet capturing tool is operated by using root permission to capture a message. For example, logging in a corresponding linux host, running tcpdump by using root authority, calling a libpcap library by tcpdump to intercept a message, and outputting a file in a pcap format.
Tcpdump is a network data acquisition analysis tool that can completely intercept packets transmitted in the network to provide analysis.
The packet capturing mechanism of the Libpcap is to add a bypass process on the data link layer, when a data packet arrives at the network interface, the Libpcap firstly obtains a copy of the data packet from the link layer driver by using the Socket which is already created, and then sends the data packet to the BPF filter through the Tap function. The BPF filter matches the data packets one by one according to the filtering rules defined by the user, if the matching is successful, the data packets are put into the kernel buffer area and transferred to the user buffer area, and if the matching is failed, the data packets are directly discarded. If the filtering rule is not set, all data packets are put into the kernel buffer area and transferred to the user layer buffer area. The processing of the network protocol stack of the system is not interfered, the transmitted and received data packets are filtered and buffered through a linux kernel, and finally, the data packets are directly transmitted to an upper application program.
In the process of implementing the inventive concept of the present disclosure, the inventor found that there are at least the following problems in the related art: by using the packet grabbing method, operation and maintenance personnel are required to apply for the authority of the fort machine and the system root authority of the related host, and the risk of data leakage exists in some industries with higher network security requirements.
In view of the above, the present disclosure addresses the above technical problems by acquiring a capture task including capture device information and capture parameter information, and executing the capture task by using an agent deployed on the capture device, where only the capture device's packet capturing right is needed, without using root rights, and following the principle of minimizing opening of rights and networks, thereby reducing the risk of data leakage.
Specifically, an embodiment of the present disclosure provides a data capturing method, including: acquiring a capturing task for capturing target data, wherein the capturing task comprises capturing equipment information and capturing parameter information; splitting the capturing task into at least one capturing subtask according to the capturing device information and the capturing parameter information, wherein the capturing subtask comprises the capturing device information and capturing sub-parameters corresponding to the capturing subtask; acquiring agent program information corresponding to the capturing device according to the capturing device information contained in the capturing subtask; generating an arranging task corresponding to the capturing subtask according to the agent program information and the capturing subparameter; and triggering the agent program to execute the arranging task according to a task triggering mode corresponding to the agent program under the condition that the agent program belongs to a resident process so as to capture the target data.
It should be noted that the data capturing method and device provided by the embodiment of the present disclosure may be used in the field of information security. The data capturing method and device provided by the embodiment of the disclosure can also be used in any field except the field of information security, such as the field of finance. The application fields of the data capturing method and the data capturing device provided by the embodiment of the disclosure are not limited.
In the technical scheme of the disclosure, the authorization or consent of the user is obtained before the personal information of the user is obtained or acquired.
In the technical scheme of the disclosure, the processes of acquiring, collecting, storing, using, processing, transmitting, providing, disclosing, applying and the like of the data all conform to the regulations of related laws and regulations, necessary security measures are adopted, and the public order harmony is not violated.
Fig. 1 schematically illustrates an application scenario diagram of a data capturing method, apparatus, device, medium and program product according to an embodiment of the present disclosure.
As shown in fig. 1, the application scenario 100 according to this embodiment may include a network, a terminal device, and a server. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the data capturing method provided by the embodiments of the present disclosure may be generally performed by the server 105. Accordingly, the data capture device provided by embodiments of the present disclosure may be generally disposed in the server 105. The data capturing method provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the data capturing apparatus provided by the embodiments of the present disclosure may also be provided in a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Alternatively, the data capturing method provided by the embodiment of the present disclosure may be performed by the terminal device 101, 102, or 103, or may be performed by another terminal device other than the terminal device 101, 102, or 103. Accordingly, the data capturing apparatus provided by the embodiments of the present disclosure may also be provided in the terminal device 101, 102, or 103, or in another terminal device different from the terminal device 101, 102, or 103.
For example, the acquisition task may be originally stored in any one of the terminal devices 101, 102, or 103 (for example, but not limited to, the terminal device 101), or stored on an external storage device and may be imported into the terminal device 101. Then, the terminal device 101 may locally perform the data capturing method provided by the embodiment of the present disclosure, or transmit a capturing task to other terminal devices, servers, or server clusters, and perform the data capturing method provided by the embodiment of the present disclosure by the other terminal devices, servers, or server clusters that receive the capturing task.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The data capturing method of the disclosed embodiment will be described in detail below with reference to fig. 2 to 7 based on the scenario described in fig. 1.
Fig. 2 schematically illustrates a flow chart of a data capture method according to an embodiment of the present disclosure.
As shown in fig. 2, the data capturing method of this embodiment includes operations S210 to S250, and the data capturing method may be performed by a server.
In operation S210, a capture task for capturing target data is acquired, wherein the capture task includes capture device information and capture parameter information.
According to embodiments of the present disclosure, the capture device information may include any information that enables device differentiation. For example, the capture device information may include capture device identification information such as device name, device model number, device IP, etc.
According to embodiments of the present disclosure, the capture parameter information may include any information related to the capture task. The acquisition parameter information may include, for example, timing task information, acquisition rule information, acquisition data storage information. The timing task information may include, for example, acquisition start time, acquisition interval time, acquisition frequency, and the like. Capturing rule information may include, for example, capturing termination rules and storing packet rotation rules. Specifically, for example, the capture termination rule includes stopping the capture task after 1000 packets are captured, and further, for example, the capture termination rule includes stopping the capture task after 1 hour of capture. The storage packet rotation rule, that is, a rule for generating a new file, includes, for example, when 1000 packets are grabbed, regenerating a new file; and if the grabbed packet reaches 10kb, a new file is regenerated, and if the grabbed packet reaches 10 minutes, a new file is regenerated. Capturing data storage information may include storing file name prefix information, data packet storage formats, data packet storage locations, for example. Specifically, the packet storage format may include, for example, a pcap format or a pcap-ng format.
According to embodiments of the present disclosure, the capture device information and the capture parameter information may be user configurable through a configuration page.
In operation S220, the capturing task is split into at least one capturing subtask according to the capturing device information and the capturing parameter information, wherein the capturing subtask includes the capturing device information and capturing sub-parameters corresponding to the capturing subtask.
According to embodiments of the present disclosure, the capture subtasks may include a single executable task unit. For example, the capturing task includes capturing for 5 minutes every 1 hour for the capturing device a, capturing 10 times in total, splitting the capturing task into 10 capturing subtasks, and sequentially executing the 10 capturing subtasks according to the corresponding time points.
In operation S230, agent information corresponding to the capture device is acquired according to the capture device information included in the capture sub-task.
According to the embodiment of the disclosure, host account numbers, passwords and agent information can be obtained from the fort machine module according to the capturing device information.
According to embodiments of the present disclosure, the agent information may include, for example, an agent type and a trigger manner of the agent. The agent types may include, for example, resident processes and very resident processes. The trigger mode of the agent program may include, for example, a trigger mode of a task profile and a trigger mode of a command line tool.
In operation S240, an orchestration task corresponding to the capture sub-task is generated according to the agent information and the capture sub-parameters.
According to the embodiment of the disclosure, different agents correspond to different orchestration tasks, and the orchestration tasks corresponding to the agents are generated according to the acquired agent information, so that the agents execute the orchestration tasks.
According to an embodiment of the present disclosure, the orchestration task may be an allowable playbook orchestration task. playbooks are an anstable configuration, deployment, orchestration language that may be described as a scheme that requires a remote host to execute commands, or a set of commands that an internet program runs. The anstable is an automatic operation and maintenance tool and can realize functions of batch system configuration, batch program deployment, batch operation commands and the like.
In operation S250, in case that the agent belongs to the resident process, the agent is triggered to execute the orchestration task according to a task trigger mode corresponding to the agent, so as to capture the target data.
According to an embodiment of the present disclosure, the task triggering manner includes one of the following: the trigger mode of the task configuration file and the trigger mode of the command line tool.
According to the embodiment of the present disclosure, since the target data capturing task of acquiring the information including the capturing device information and the capturing parameter information is adopted; then splitting the capturing task into at least one capturing subtask according to the capturing device information and the capturing parameter information, wherein the capturing subtask comprises capturing device information and capturing subtrameters corresponding to the capturing subtasks; acquiring agent program information corresponding to the capturing device according to capturing device information contained in the capturing subtask; generating an orchestration task according to the agent program information and the capturing subparameter; and then under the condition that the agent program belongs to a resident process, triggering the agent program to execute the arranging task according to a task triggering mode corresponding to the agent program so as to facilitate capturing target data, so that the technical problem that the data leakage risk is high due to the use of root rights in the process of capturing data is at least partially solved, further, the technical effects that the capturing task is executed by utilizing the agent program, the packet capturing rights are used, the root rights are not required, the rights and the network minimizing opening principle are followed, and the data leakage risk is reduced are achieved.
According to an embodiment of the present disclosure, the task trigger mode corresponding to the agent program includes a trigger mode of the task configuration file; wherein the triggering the agent to perform the orchestration task comprises: and under the condition that the agent program monitors that the target folder contains a task configuration file corresponding to the scheduling task, acquiring task information according to the task configuration file so that the agent program can execute the scheduling task according to the task information.
According to an embodiment of the present disclosure, in a case where a task trigger mode corresponding to an agent is a trigger mode of a task profile, the task profile corresponding to an orchestration task is stored to a target folder. The agent program monitors the target folder, and analyzes the task configuration file under the condition that the agent program monitors that the target folder contains the task configuration file, so as to acquire task information; and then the agent program executes the arranging task according to the task information, and feeds back the task result and the data packet capturing file.
Fig. 3 schematically illustrates a flowchart of an agent triggering method according to an embodiment of the present disclosure.
As shown in fig. 3, this embodiment includes operations S301 to S306.
In operation S301, a proxy program is started.
In operation S302, a task profile corresponding to the orchestration task is stored to the target folder.
In operation S303, the agent monitors the target folder and acquires a task profile from the target folder.
In operation S304, the agent parses the task profile to obtain task information.
In operation S305, the agent performs the orchestration task according to the task information, resulting in a packet capture file corresponding to the orchestration task.
In operation S306, the task result and the data packet capturing file are fed back to the data capturing system.
According to an embodiment of the present disclosure, the task trigger mode corresponding to the agent program includes a trigger mode of the command line tool; wherein the triggering the agent to perform the orchestration task comprises: when it is determined that a command line control tool exists, task information corresponding to the scheduling task is transmitted to the agent by using the command line control tool, so that the agent executes the scheduling task based on the task information.
In accordance with an embodiment of the present disclosure, a command line control tool is downloaded from a software library in the event that it is determined that no command line control tool is present.
According to an embodiment of the present disclosure, the sending, by the command line control tool, task information corresponding to the orchestration task to the agent includes: the command line control tool communicates with a unix domain socket or tcp port monitored by the agent program and sends task information corresponding to the task arrangement to the agent program; and then the agent program executes the arranging task according to the task information, and feeds back the task result and the data packet capturing file.
According to embodiments of the present disclosure, the unix domain socket is a data communication endpoint for performing data exchanges between processes on the same host operating system. A TCP port is a port that serves TCP protocol communications.
According to embodiments of the present disclosure, the command line control tool may employ agentcl.
Fig. 4 schematically illustrates a flowchart of a proxy triggering method according to another embodiment of the present disclosure.
As shown in fig. 4, this embodiment includes operations S401 to S406.
In operation S401, a proxy program is started.
In operation S402, it is determined whether a command line execution tool exists. In the case where the command line execution tool exists, operation S404 is performed; in the case where the command line execution tool does not exist, operation S403 is executed.
In operation S403, the command line execution tool is downloaded from the software library, and then operation S404 is executed.
In operation S404, the command line control tool communicates with the unix domain socket or tcp port monitored by the agent program, and transmits task information corresponding to the orchestration task to the agent program.
In operation S405, the agent performs the orchestration task according to the task information, resulting in a packet capture file corresponding to the orchestration task.
In operation S406, the task result and the data packet capturing file are fed back to the data capturing system.
According to an embodiment of the present disclosure, the data capturing method further includes: in the case that the agent does not belong to the resident process, acquiring an agent configuration file corresponding to the agent from a software library so as to operate the agent according to the agent configuration file; and sending the scheduling task to the agent program so that the agent program can execute the scheduling task.
According to the embodiment of the disclosure, the agent program provides two versions of the resident process and the non-resident process, can be selected according to the actual situation of the host, and is more flexible to use.
Fig. 5 schematically illustrates a flowchart of a proxy triggering method according to yet another embodiment of the present disclosure.
As shown in fig. 5, this embodiment includes operations S501 to S506.
In operation S501, an agent profile corresponding to an agent is downloaded from a software library.
In operation S502, the agent is run according to the agent profile.
In operation S503, a task profile corresponding to the orchestration task is transmitted to the agent program.
In operation S504, the agent executes the orchestration task according to the task configuration file, resulting in a packet capture file corresponding to the orchestration task.
In operation S505, the task result and the data packet capturing file are fed back to the data capturing system.
In operation S506, the agent profile and the packet capture file are cleaned up.
According to an embodiment of the present disclosure, the data capturing method further includes: before the agent program information corresponding to the capturing device is obtained, the capturing subtask is sent to a message middleware; acquiring the capturing subtask under the condition that the task executor monitors that the message middleware receives the capturing subtask; and analyzing the capturing device information and the capturing sub-parameters contained in the capturing sub-task.
According to embodiments of the present disclosure, a task executor may include a plurality of.
Fig. 6 schematically illustrates a flow chart of a data capture method according to another embodiment of the present disclosure.
As shown in fig. 6, the data capturing method of this embodiment includes operations S601 to S609.
In operation S601, the user configures capturing device information and capturing parameter information through a configuration page, and obtains a capturing task for capturing target data.
In operation S602, the capture task is stored in the target database.
In operation S603, the task scheduling center module acquires a capture task from the target database, and splits the capture task into at least one capture subtask according to the capture device information and the capture parameter information, wherein the capture subtask includes the capture device information and the capture sub-parameters corresponding to the capture subtask.
In operation S604, a capture subtask is sent to the message middleware.
In operation S605, the task executor acquires a capture subtask from the message middleware.
In operation S606, capturing device information and capturing sub-parameter information contained in the capturing sub-task are parsed.
In operation S607, the agent type corresponding to the capture device is acquired from the fort machine according to the capture device information.
In operation S608, a orchestration task corresponding to the agent type is generated from the capture subparameter.
In operation S609, the agent is triggered to perform the orchestration task according to a task trigger corresponding to the agent, so as to capture target data.
According to an embodiment of the present disclosure, the data capturing method further includes: the task executor receives a data packet capturing file sent by the agent program, wherein the data packet capturing file contains the target data; transmitting the data packet capturing file to a data storage module; and analyzing the data packet capturing file to generate a file in a webpage format.
According to the embodiment of the disclosure, the agent program transmits the data packet capturing file back to the task executor, and the task executor uploads the data packet capturing file to the data storage module, so that data analysis is facilitated.
According to an embodiment of the present disclosure, the data capturing method further includes: the data storage module acquires a data packet capturing file from an intermediate storage medium, wherein the data packet capturing file is sent to the intermediate storage medium by the agent program, and the data packet capturing file contains the target data; and analyzing the data packet capturing file to generate a file in a webpage format.
According to embodiments of the present disclosure, the intermediate storage medium may include, for example, a simple storage service (S3, simple Storage Service), an alicloud object storage service (OSS, object Storage Service), or an object storage service (COS, cloud Object Storage).
According to an embodiment of the present disclosure, the agent transmits the packet capture file to the intermediate storage medium, and the data storage module acquires the packet capture file from the intermediate storage module.
According to the embodiment of the disclosure, the data packet capturing file adopts the pcap format, and the file in the pcap format is subjected to hierarchical analysis according to the characteristics of the TCP/IP protocol to obtain the file in the webpage format, and each protocol is analyzed and read in a webpage mode, so that the analysis cost is reduced.
According to an embodiment of the present disclosure, hierarchically parsing a pcap-format file includes: judging the protocol type corresponding to the pcap format file according to the TCP/IP protocol family; and analyzing the file in the pcap format according to the protocol type.
According to embodiments of the present disclosure, protocol types may include Ethernet protocol, IP protocol, ARP/RARP protocol, ICMP protocol, TCP protocol, UDP protocol, DNS protocol, HTTP/HTTPS protocol, FTP protocol, SMTP protocol, TELNET, and the like.
Fig. 7 schematically illustrates a TCP/IP protocol family schematic diagram according to an embodiment of the present disclosure.
As shown in fig. 7, TCP/IP protocol suite 700 includes a link layer 710, a network layer 720, a transport layer 730, and an application layer 740.
The link layer 710 is used to handle the details of the physical interface with the cable (or any other transmission medium). Ethernet protocol resolution may be implemented at the link layer 710.
The network layer 720 is used to handle packet activity in the network, such as packet routing. Resolution of IP protocol, ARP/RARP protocol, ICMP protocol may be implemented at the network layer 720.
Transport layer 730 is used to provide end-to-end communication for applications on two hosts. Resolution of the TCP protocol, UDP protocol may be implemented at transport layer 730.
The application layer 740 is used to handle specific application details. Resolution of DNS protocol, HTTP/HTTPs protocol, FTP protocol, SMTP protocol, TELNET protocol may be implemented at the application layer 740.
It should be noted that, unless there is an execution sequence between different operations or an execution sequence between different operations in technical implementation, the execution sequence between multiple operations may be different, and multiple operations may also be executed simultaneously in the embodiment of the disclosure.
Based on the data capturing method, the disclosure also provides a data capturing device. The device will be described in detail below in connection with fig. 8.
Fig. 8 schematically shows a block diagram of a data capturing apparatus according to an embodiment of the present disclosure.
As shown in fig. 8, the data capturing apparatus 800 of this embodiment includes a first acquisition module 810, a splitting module 820, a second acquisition module 830, a first generation module 840, and a triggering module 850.
The first acquisition module 810 is configured to acquire a capturing task for capturing target data, where the capturing task includes capturing device information and capturing parameter information. In an embodiment, the first obtaining module 810 may be configured to perform the operation S210 described above, which is not described herein.
The splitting module 820 is configured to split the capturing task into at least one capturing subtask according to the capturing device information and the capturing parameter information, where the capturing subtask includes the capturing device information and capturing sub-parameters corresponding to the capturing subtask. In an embodiment, the splitting module 820 may be used to perform the operation S220 described above, which is not described herein.
The second obtaining module 830 is configured to obtain agent information corresponding to the capturing device according to the capturing device information included in the capturing subtask. In an embodiment, the second obtaining module 830 may be configured to perform the operation S230 described above, which is not described herein.
The first generation module 840 is configured to generate an orchestration task corresponding to the capturing subtask according to the agent information and the capturing subparameter. In an embodiment, the first generating module 840 may be used to perform the operation S240 described above, which is not described herein.
The triggering module 850 is configured to trigger the agent to execute the orchestration task according to a task triggering manner corresponding to the agent, so as to capture the target data when the agent belongs to a resident process. In an embodiment, the triggering module 850 may be used to perform the operation S250 described above, which is not described herein.
According to an embodiment of the present disclosure, the task triggering manner includes one of the following: the trigger mode of the task configuration file and the trigger mode of the command line tool.
According to an embodiment of the present disclosure, the task trigger mode corresponding to the agent program includes a trigger mode of the task configuration file.
According to an embodiment of the present disclosure, the triggering module includes: and an acquisition unit.
And the acquisition unit is used for acquiring task information according to the task configuration file when the agent program monitors that the target folder contains the task configuration file corresponding to the scheduling task, so that the agent program can execute the scheduling task according to the task information.
According to an embodiment of the present disclosure, the task trigger mode corresponding to the agent program includes a trigger mode of the command line tool.
According to an embodiment of the present disclosure, the triggering module includes: and a transmitting unit.
And a transmitting unit configured to transmit task information corresponding to the scheduling task to the agent using the command line control tool when it is determined that the command line control tool exists, so that the agent executes the scheduling task based on the task information.
According to an embodiment of the present disclosure, the data capturing device further includes: the device comprises a third acquisition module and a first sending module.
And the third acquisition module is used for acquiring the agent program configuration file corresponding to the agent program from the software library under the condition that the agent program does not belong to the resident process, so as to operate the agent program according to the agent program configuration file.
And the first sending module is used for sending the scheduling task to the agent program so as to facilitate the agent program to execute the scheduling task.
According to an embodiment of the present disclosure, the data capturing device further includes: the system comprises a second sending module, a fourth obtaining module and an analyzing module.
And the second sending module is used for sending the capturing subtask to the message middleware before the agent program information corresponding to the capturing device is obtained.
A fourth obtaining module, configured to obtain the capturing subtask when the task executor monitors that the message middleware receives the capturing subtask;
and the analysis module is used for analyzing the capture equipment information and the capture sub-parameters contained in the capture sub-task.
According to an embodiment of the present disclosure, the data capturing device further includes: the device comprises a receiving module, a third sending module and a second generating module.
And the receiving module is used for receiving the data packet capturing file sent by the agent program by the task executor, wherein the data packet capturing file contains the target data.
And the third sending module is used for sending the data packet capturing file to the data storage module.
And the second generation module is used for analyzing the data packet capturing file to generate a file in a webpage format.
According to an embodiment of the present disclosure, the data capturing device further includes: a fifth acquisition module and a third generation module.
And a fifth acquisition module, configured to acquire a packet capture file from an intermediate storage medium, where the packet capture file is sent to the intermediate storage medium by the agent, and the packet capture file includes the target data.
And the third generation module is used for analyzing the data packet capturing file to generate a file in a webpage format.
Any number of the modules, units, or at least some of the functionality of any number of the modules, units, or units according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, units according to embodiments of the present disclosure may be implemented as split into multiple modules. Any one or more of the modules, units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or in hardware or firmware in any other reasonable manner of integrating or packaging the circuits, or in any one of or in any suitable combination of three of software, hardware, and firmware. Alternatively, one or more of the modules, units according to embodiments of the disclosure may be at least partially implemented as computer program modules, which when executed, may perform the corresponding functions.
According to embodiments of the present disclosure, any of the plurality of modules of the first acquisition module 810, the splitting module 820, the second acquisition module 830, the first generation module 840, and the triggering module 850 may be combined in one module to be implemented, or any of the plurality of modules may be split into a plurality of modules. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the first acquisition module 810, the splitting module 820, the second acquisition module 830, the first generation module 840, and the triggering module 850 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable way of integrating or packaging the circuitry, or in any one of or a suitable combination of any of the three implementations of software, hardware, and firmware. Alternatively, at least one of the first acquisition module 810, the splitting module 820, the second acquisition module 830, the first generation module 840, and the triggering module 850 may be at least partially implemented as computer program modules that, when executed, perform the corresponding functions.
It should be noted that, in the embodiment of the present disclosure, the data capturing device portion corresponds to the data capturing method portion in the embodiment of the present disclosure, and the description of the data capturing device portion refers to the data capturing method portion specifically, and will not be described herein.
Fig. 9 schematically illustrates a block diagram of an electronic device adapted to implement a data capturing method according to an embodiment of the present disclosure.
As shown in fig. 9, an electronic device 900 according to an embodiment of the present disclosure includes a processor 901 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 902 or a program loaded from a storage portion 908 into a Random Access Memory (RAM) 903. The processor 901 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. Processor 901 may also include on-board memory for caching purposes. Processor 901 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 903, various programs and data necessary for the operation of the electronic device 900 are stored. The processor 901, the ROM 902, and the RAM 903 are connected to each other by a bus 904. The processor 901 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 902 and/or the RAM 903. Note that the program may be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the disclosure, the electronic device 900 may also include an input/output (I/O) interface 905, the input/output (I/O) interface 905 also being connected to the bus 904. The electronic device 900 may also include one or more of the following components connected to the I/O interface 905: an input section 906 including a keyboard, a mouse, and the like; an output portion 907 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage portion 908 including a hard disk or the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as needed. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on the drive 910 so that a computer program read out therefrom is installed into the storage section 908 as needed.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 902 and/or RAM 903 and/or one or more memories other than ROM 902 and RAM 903 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to implement the data capture method provided by embodiments of the present disclosure.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 901. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed, and downloaded and installed in the form of a signal on a network medium, via communication portion 909, and/or installed from removable medium 911. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from the network via the communication portion 909 and/or installed from the removable medium 911. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 901. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (11)

1. A data capture method, comprising:
acquiring a capture task for capturing target data, wherein the capture task comprises capture device information and capture parameter information, wherein the target data comprises network traffic data of an application deployed on a host;
Splitting the capturing task into at least one capturing subtask according to the capturing device information and the capturing parameter information, wherein the capturing subtask comprises the capturing device information and capturing sub-parameters corresponding to the capturing subtask;
acquiring agent program information corresponding to capturing equipment according to the capturing equipment information contained in the capturing subtask;
generating an orchestration task corresponding to the capturing subtask according to the agent information and the capturing subparameter; and
and under the condition that the agent program belongs to a resident process, triggering the agent program to execute the scheduling task according to a task triggering mode corresponding to the agent program so as to capture the target data.
2. The method of claim 1, wherein the task trigger mode comprises one of: the trigger mode of the task configuration file and the trigger mode of the command line tool.
3. The method of claim 2, wherein the task trigger corresponding to the agent includes a trigger of the task profile;
wherein said triggering said agent to perform said orchestration task comprises:
And under the condition that the agent program monitors that the target folder contains a task configuration file corresponding to the scheduling task, acquiring task information according to the task configuration file so that the agent program can execute the scheduling task according to the task information.
4. The method of claim 2, wherein the task trigger corresponding to the agent includes a trigger of the command line tool;
wherein said triggering said agent to perform said orchestration task comprises:
and in the case that the command line control tool is determined to exist, transmitting task information corresponding to the scheduling task to the agent program by using the command line control tool so that the agent program can execute the scheduling task according to the task information.
5. The method of claim 1, further comprising:
in the case that the agent does not belong to a resident process, acquiring an agent configuration file corresponding to the agent from a software library so as to operate the agent according to the agent configuration file;
and sending the orchestration task to the agent program so that the agent program can execute the orchestration task.
6. The method of claim 1, further comprising:
before the agent program information corresponding to the capturing device is obtained, the capturing subtask is sent to a message middleware;
acquiring the capturing subtask under the condition that the task executor monitors that the message middleware receives the capturing subtask;
and analyzing the capturing equipment information and the capturing sub-parameters contained in the capturing sub-task.
7. The method of claim 6, further comprising:
the task executor receives a data packet capturing file sent by the agent program, wherein the data packet capturing file contains the target data;
transmitting the data packet capturing file to a data storage module;
and analyzing the data packet capturing file to generate a file in a webpage format.
8. The method of claim 6, further comprising:
the data storage module acquires a data packet capturing file from an intermediate storage medium, wherein the data packet capturing file is sent to the intermediate storage medium by the agent program, and the data packet capturing file contains the target data;
and analyzing the data packet capturing file to generate a file in a webpage format.
9. A data capture device, comprising:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring acquisition tasks for acquiring target data, the acquisition tasks comprise acquisition equipment information and acquisition parameter information, and the target data comprise network traffic data of an application program deployed on a host;
the splitting module is used for splitting the capturing task into at least one capturing subtask according to the capturing equipment information and the capturing parameter information, wherein the capturing subtask comprises the capturing equipment information and capturing sub-parameters corresponding to the capturing subtask;
the second acquisition module is used for acquiring agent program information corresponding to the capturing equipment according to the capturing equipment information contained in the capturing subtask;
the first generation module is used for generating an arranging task corresponding to the capturing subtask according to the agent program information and the capturing subparameter; and
and the triggering module is used for triggering the agent program to execute the arranging task according to a task triggering mode corresponding to the agent program under the condition that the agent program belongs to a resident process so as to capture the target data.
10. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-8.
11. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-8.
CN202211036945.XA 2022-08-26 2022-08-26 Data capturing method, device, electronic equipment and storage medium Active CN115514670B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211036945.XA CN115514670B (en) 2022-08-26 2022-08-26 Data capturing method, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211036945.XA CN115514670B (en) 2022-08-26 2022-08-26 Data capturing method, device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115514670A CN115514670A (en) 2022-12-23
CN115514670B true CN115514670B (en) 2023-06-16

Family

ID=84502504

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211036945.XA Active CN115514670B (en) 2022-08-26 2022-08-26 Data capturing method, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115514670B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850182B1 (en) * 2012-09-28 2014-09-30 Shoretel, Inc. Data capture for secure protocols
CN112698929A (en) * 2020-12-14 2021-04-23 联想(北京)有限公司 Information acquisition method and device
CN114416378A (en) * 2022-01-29 2022-04-29 建信金融科技有限责任公司 Data processing method and device, electronic equipment and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850182B1 (en) * 2012-09-28 2014-09-30 Shoretel, Inc. Data capture for secure protocols
CN112698929A (en) * 2020-12-14 2021-04-23 联想(北京)有限公司 Information acquisition method and device
CN114416378A (en) * 2022-01-29 2022-04-29 建信金融科技有限责任公司 Data processing method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN115514670A (en) 2022-12-23

Similar Documents

Publication Publication Date Title
US11381617B2 (en) Failure recovery for cloud-based services
US11343281B2 (en) Enhanced web application security communication protocol
US20220247788A1 (en) Computer-based policy manager for cloud-based unified functions
US11233863B2 (en) Proxy application supporting multiple collaboration channels
CN111327451B (en) System for identifying and assisting in the creation and implementation of network service configurations using Hidden Markov Models (HMMs)
CN111131320B (en) Asset identification method, device, system and medium
US11848949B2 (en) Dynamic distribution of unified policies in a cloud-based policy enforcement system
CN113424157A (en) Multi-dimensional periodic detection of IoT device behavior
US20080162690A1 (en) Application Management System
US20150295751A1 (en) Systems and methods for optimizing computer network operations
EP3641221B1 (en) Identifying computing devices in a managed network that are involved in blockchain-based mining
CN112187491A (en) Server management method, device and equipment
CN108664316A (en) A kind of method and apparatus for the interface message obtaining API
US11677768B2 (en) Apparatuses, methods, and computer program products for automatic improved network architecture generation
US11805033B2 (en) Monitoring of IoT simulated user experience
US20230164148A1 (en) Enhanced cloud infrastructure security through runtime visibility into deployed software
CN113966595A (en) Intent-based application architecture
US20220103415A1 (en) Remote network and cloud infrastructure management
CN115514670B (en) Data capturing method, device, electronic equipment and storage medium
CN101409647A (en) Method for monitoring and analyzing user router flux
US8612751B1 (en) Method and apparatus for entitled data transfer over the public internet
Mokhov et al. Automating MAC spoofer evidence gathering and encoding for investigations
CN112436951A (en) Method and device for predicting flow path
US20230300141A1 (en) Network security management method and computer device
US11757991B2 (en) Common synchronization of device command into multiple synchronized single device tasks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant