CN101719914B - Security event source integrated system and implementing method thereof - Google Patents
Security event source integrated system and implementing method thereof Download PDFInfo
- Publication number
- CN101719914B CN101719914B CN200910237325A CN200910237325A CN101719914B CN 101719914 B CN101719914 B CN 101719914B CN 200910237325 A CN200910237325 A CN 200910237325A CN 200910237325 A CN200910237325 A CN 200910237325A CN 101719914 B CN101719914 B CN 101719914B
- Authority
- CN
- China
- Prior art keywords
- agency
- behalf
- source
- variable
- configuration information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention provides a security event source integrated system and an implementing method thereof. The system comprises an agent graph model, an agent graph configuration library and an agent graph manager, wherein the agent graph model comprises agents; the agents at least comprise a source agent, a conversion agent and a submission agent, wherein the source agent is used for storing the data from a security event source in a security event variable; the conversion agent is used for receiving the security event variable and performing conversion processing; the submission agent is used for receiving the security event variable and transmitting the received security event variable to a given integrated library, and the agents are connected through interfaces; the agent graph configuration library is used for storing configuration information; and the agent graph manager is used for generating and initializing the agents of the agent graph model according to the configuration information, and starting the source agent. The system can have good properties of configurability, expandability, pluggability, self adaptation and the like.
Description
Technical field
The present invention relates to network safety filed, particularly a kind of security event source integrated system and its implementation.
Background technology
At present; Along with form by all kinds of safety means such as intruding detection system, fire compartment wall, anti-virus softwares have the general safety solution in, the structure of large-scale and even super-huge network environment; The security event source of various isomeries constantly emerges in large numbers, and business demand also improves constantly thereupon.Therefore, all kinds of heterogeneous secure event sources integrated become the problem that the security incident management domain can't be avoided.The target of heterogeneous secure event source integrated system is exactly the security event data that processing and integrated all kinds of security event source are sent.
Although present data source integrated technology has been obtained many progress in the application of other field; The for example multi-source of geography information fusion, multi-sensor data fusion etc.; Integrated all kinds of business datums in the field effectively and solved the problem of " information island ", but but seemed unsatisfactory in the application of security event source integration field.Make a general survey of at present the security event source integrated system that oneself has, usually develop in order to tackle some specific business demand, therefore often framework chaotic even do not have an architecture concept at all.The integration mode that this randomness is very big often exists following problem:
1. extensibility is not high, and the inner couplings degree is generally higher, and contact is too tight between each module.Thereby caused system to lack flexibility, can't adapt to the business demand variation that following security event source change is brought well.
2. system's reusability is relatively poor, often causes having to existed system is made bigger change such as the security event source minor variations of adding new security event source or abandoning old security event source etc., or even develops brand-new system again.
3. maintainability is generally lower, lacks a kind of effective overall maintenance management mechanism, makes the maintenance of integrated system still rest on the very elementary stage.
4. the intelligent level of system is generally lower, and the automation of operation level is not high, needs a large amount of manual works toward contact and participates in, and has influenced the performance of system effectiveness.
Many weak points more than why existing security event source integrated system exists, its underlying cause be not to be a kind of rational in infrastructure, well arranged, be easy to manage and have the software architecture of highly scalable.Therefore, press for a kind of configurable, can expand, can plug and adaptive brand-new heterogeneous secure event source integrated system, thereby the above-mentioned deficiency that in fundamentally solving present existing system, exists.
Summary of the invention
The technical problem that the present invention will solve provides a kind of security event source integrated system and its implementation, make this system can have configurable, can expand, can plug and superperformance such as self adaptation.
According to an aspect of the present invention, a kind of security event source integrated system is provided, has comprised:
Act on behalf of schematic models; It comprises the agency; Said agency comprises source agency, translation proxy and delivery agent at least, wherein said source agency be used for from the storage of security event source at the security incident variable, said translation proxy is used to receive said security incident variable and carries out conversion process; Said delivery agent is used to receive the security incident variable after the said conversion process and is delivered to the integrated storehouse of appointment, and said agency links to each other through interface;
Act on behalf of the chart repository, be used for store configuration information;
Act on behalf of the management through figures device, be used for generating and the said said agency who acts on behalf of schematic models of initialization according to said configuration information, and startup source agency.
In the above-mentioned integrated system; Said conversion process comprises: reject unwanted content in the security incident variable of the said data from security event source of storage; Calculate the numerical variable in the security incident variable of the said data from security event source of storage; Split or merge the string variable in the security incident variable of the said data from security event source of storage, and/or the security incident variable of the said data from security event source of storage is split or be reassembled as the thinner secondary variable of one or more granularities.
In the above-mentioned integrated system, said data from security event source are initiatively extracted or passive reception by said source agency.
In the above-mentioned integrated system, any agency that can be divided into many levels in said source agency, said translation proxy and the said delivery agent.
In the above-mentioned integrated system, said configuration information adopts the organizational form of tree.
In the above-mentioned integrated system, the root node of said tree is a sign of acting on behalf of schematic models; First-level agent's child node of said tree is the said composition information of acting on behalf of schematic models; The secondary attributes child node of said tree is the said attribute information of acting on behalf of the included said agency of schematic models.
In the above-mentioned integrated system, said interface is a pin.
According to a further aspect in the invention, a kind of implementation method of security event source integrated system is provided also, has comprised:
1) confirms to act on behalf of agency and the functional requirement and the service logic of schematic models; Realize said agency; Said agency comprises source agency, translation proxy and delivery agent at least; Wherein said source agency be used for from the storage of security event source at the security incident variable; Said translation proxy is used to receive said security incident variable and carries out conversion process, and said delivery agent is used to receive the security incident variable after the said conversion process and is delivered to the integrated storehouse of appointment, and said agency links to each other through interface;
2) confirm configuration information according to said agency;
3) resolve said configuration information, generate and the said agency of initialization, and start the source agency among the said agency, make up thus and act on behalf of the management through figures device according to said configuration information.
In the said method, said step 2) further comprise:
21) act on behalf of the root node that schematic models are confirmed said configuration information according to said;
22) confirm first-level agent's child node of said configuration information according to the said composition information of acting on behalf of schematic models;
23) confirm the secondary attributes child node of said configuration information according to said agency's attribute information.
In the said method, generating also according to said configuration information described in the said step 3), the said agency's of initialization operation further comprises:
31) generate said agency according to the said composition information of acting on behalf of schematic models in the said configuration information;
32) generate said agency's pin according to the descriptor of the said agency's in the said configuration information I/O pin;
33) carry out being connected between pin and the pin according to the connection descriptor of the said agency's in the said configuration information affiliated pin;
34) according to the said agency's in the said configuration information the said agency of operational factor attribute information initialization.
Remarkable result of the present invention is: security event source integrated system provided by the present invention has structure flexibly and the characteristics that are easy to manage, its can really possess configurable, can expand, can plug and good characteristic such as self adaptation.
Description of drawings
Fig. 1 is the sketch map according to the security event source integrated system of a specific embodiment of the present invention;
Fig. 2 acts on behalf of the schematic models sketch map according to a specific embodiment of the present invention;
Fig. 3 is that the management through figures device of acting on behalf of according to the security event source integrated system of a specific embodiment of the present invention makes up flow chart.
Embodiment
In order to make the object of the invention, technical scheme and advantage clearer, below in conjunction with accompanying drawing, to according to an embodiment of the invention based on agency the further explain of heterogeneous secure event source integrated system.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Fig. 1 shows the sketch map based on agency's heterogeneous secure event source integrated system, and this system is made up of following 3 parts: act on behalf of chart (Agent Graph) model, act on behalf of the management through figures device and act on behalf of the chart repository.Stored configuration information realizes configuration management and operation control to acting on behalf of schematic models in the chart repository according to acting on behalf of to act on behalf of the management through figures device, thereby realizes that the heterogeneous secure event source is integrated.When all business in the face of security event source change; Through to acting on behalf of the modification adaptively of stored configuration information in the chart repository; Acting on behalf of the management through figures device can adjust the existing system structure easily and flexibly: rapidly proxy module newly developed is added in the integrated system; At once out-of-date proxy module is removed from system, thus make this integrated system can really possess configurable, can expand, can plug and good characteristic such as self adaptation.
Heterogeneous secure event source integrated system based on the agency is acted on behalf of schematic models with operation and is the basis, and the agency formed by dissimilar and act on behalf of schematic models.The agency is the minimum component units of acting on behalf of in the schematic models, and different agencies accomplishes corresponding bottom work particularly according to type and purpose of design different of himself.The agency abides by high cohesion and hangs down the form that the thought that is coupled may be implemented as software, hardware, firmware or its combination in any.Especially, when it was form of software, it can be software module form or Agent form independently.
Like acting on behalf of shown in the schematic models among Fig. 1; Act on behalf of schematic models and can be divided into three layers or multilayer more from top to bottom; Wherein comprising three basic layers at least, is respectively source agency (Source Agent) layer, translation proxy (Transform Agent) layer and delivery agent (Rending Agent) layer.With respect to these three that act on behalf of schematic models basic layers, the agency also can correspondingly be divided into three types, and promptly source agency, translation proxy and delivery agent will be described in detail respectively below.
Wherein, Source agency be used for from security event source initiatively extract or passive reception security event source security event data and it is carried out initialization process; Wherein, This security event source can be various Data Sources, for example txt text, various database table, excel form, log information or real time data etc.It is the isomeric data that reads and resolve from different security event sources that source agency's data initialization is handled, and it is stored in the self-defining security incident variable.Every security incident is corresponding to a security incident variable; Its form can define according to the difference of using voluntarily; Can for for example structure variable etc. can the storage security incident type of data structure; Wherein each component, each item element in the structure variable for example corresponds respectively to each item attribute of the security incident of its description.
Translation proxy is used to receive relevant upstream source agency and transmits next security incident variable and do corresponding intermediate conversion processing according to system requirements, passes to corresponding downstream delivery agent then.Specifically; Conversion process can comprise that rejecting source agency passes unwanted content in the security incident variable of coming; To the calculating of numerical variable in this security incident variable, the fractionation or the merging of string variable, a security incident variable is split or is reassembled as various processing such as thinner secondary structure body variable of one or more granularities or other types variable.It is in order to let the form of security incident further near the data format in the integrated data base that the security incident variable is split or be reassembled as the thinner secondary structure body variable of granularity or other types variable.According to embodiments of the invention, a secondary structure body variable is often corresponding to certain opens data of tables of data in the integrated data base.The form of the secondary structure body of being accordinged to during intermediate conversion defines according to the difference of using voluntarily.
Delivery agent is used to receive the security incident variable (structure or other types variable) after the conversion process that corresponding upper reaches translation proxy transmission comes, and the data information transfer in the security incident variable after using concrete DLL that different integrated storehouse provides with conversion process is in the integrated storehouse of appointment.This integrated storehouse can data base-oriented, also can be all possible storage classes such as excel form, txt text formatting.
One of ordinary skill in the art will appreciate that three above-mentioned basic layers can be divided into more subhierarchy according to the needs of practical business.
The schematic models instance of acting on behalf of shown in Fig. 2 is most typical three-layered agency schematic models.Wherein showing two examples of the source agency in the Agent layer of source, is respectively XML source agency and UDP source agency.XML source agency's task is to keep watch on the local file catalogue; Read and resolve the batch data that the telesecurity event source is uploaded with the XML document form, then the deletion file of having resolved and analysis result converted into the form of security incident structure and pass to the downstream translation proxy.UDP source agency's task is to monitor the udp port of appointment; The security event data that receiving remote security event source end sends with UDP message form; And convert the form of security incident structure after the data in having read the UDP message into and pass to the downstream translation proxy, can use the Socket DLL to come concrete the realization.Also show the example of translation proxy among Fig. 2, it receives XML source agency and UDP source agency transmits the security incident structure of coming, and through conversion operations the security incident structure is split into littler secondary structure body and passes to the downstream delivery agent.The example that also shows delivery agent among Fig. 2 is the database delivery agent, and it receives the secondary structure volume data that upper reaches translation proxy transmits, and the DLL of these data through certain database is written in the data designated storehouse.
Can know that from top description the schematic models of acting on behalf of in the system transmit security event data through the agency.Certain upstream agent (Upriver Agent) is down transmitted security event data to a downstream agent (Downriver Agent), the upstream agent agency of Data transmission that indicates wherein, certain layer proxy down that downstream agent representes that security incident will arrive.For make act on behalf of schematic models can operate as normal, the agency must link to each other with correct order.According to one embodiment of present invention, to each data flow of agent processes, it can be implemented on the interface at least.According to a specific embodiment of the present invention, pin (Pin) is an object interface that is generated by certain concrete agency, can be divided into two big types of input pin (Input Pin) and output needles (Output Pin).As the tie point of unidirectional traffic on the agency, pin is used to provide the also interface of inputoutput data that links to each other with other pin.Interconnect through input pin or output needle between the agency of different levels and transmit various intermediate data.
The chart repository (Agent Graph Configuration Repository) of acting on behalf of in the system is used to preserve configuration information, and wherein this configuration information can adopt the form of XML extend markup language to organize.This configuration information comprises: act on behalf of schematic models sign, act on behalf of the included agency's of schematic models composition information and the attribute information of acting on behalf of the included agency of schematic models.Preferably; Configuration information adopts the organizational form of tree with the clear relation of expressing between each information; Particularly; Root node is the concrete sign of acting on behalf of schematic models, and each first-level agent's child node of root node subordinate is formed information for acting on behalf of schematic models, and its sign is formed concrete Proxy Name and the type information of acting on behalf of schematic models; And each child node subordinate's of first-level agent secondary attributes child node is each generic attribute (Property) information of affiliated agency, and common attribute has: the connection descriptor of acting on behalf of operational factor attribute, the descriptor of affiliated I/O pin, affiliated pin.Through this configuration information mode, can realize neatly in the overall architecture each agency configurable, can expand and can plug.One of ordinary skill in the art will appreciate that, act on behalf of the chart repository and also can adopt other modes to realize above-mentioned advantage, as long as it has stored configuration information.Show the topology example of acting on behalf of a Typical Disposition information in the chart repository below.
-<AgentGraph>
-<Agenttype=″SourceAgent″name=″UDPSourceAgent″>
<Property?name=″Monitor_Port″>8888</Property>
<Pin?Type=″OutputPin″Destination=″TransformAgent″/>
</Agent>
-<Agent?type=″Source?Agent″name=″XmlSourceAgent″>
<Property?name=″Directory_Name″>/mnt/sftp?Dir</Property>
<Pin?Type=″OutputPin″Destination=″TransformAgent″/>
</Agent>
-<Agent?type=″Transform?Agent″name=″TransformAgent″>
<Pin?Type=″InputPin″Source=″UDPS?ourceAgent″/>
<Pin?Type=″InputPin″Source=″XmlSourceAgent″/>
<Pin?Type=″OutputPin″Destination=″OracleAgent″/>
<Pin?Type=″OutputPin″Destination=″MySQLAgent″/>
</Agent>
-<Agent?type=″Rendering?Agent″name=″OracleAgent″>
<Property?name=″DataBase_Service_Name″>orcl</Property>
<Property?name=″DataBase_User″>scott</Property>
<Property?name=″DataBase_Passwd″>tiger</Property>
<Pin?Type=″InputPin″Source=″TransformAgent″/>
</Agent>
-<Agent?type=″Rendering?Agent″name=″MySQLAgent″>
<Property?name=″DataBase_IP_Address″>10.0.15.10</Property>
<Property?name=″Data?Base_User″>root</Property>
<Property?name=″DataBase_Passwd″>passwd</Property>
<Property?name=″DataBase_Name″>events3</Property>
<Pin?Type=″InputPin″Source=″TransformAgent″/>
</Agent>
</AgentGraph>
The management through figures device of acting on behalf of in the system is the maincenter that whole security event source integrated system is controlled and managed.After system powers on, start and act on behalf of the management through figures device.Act on behalf of the management through figures device and at first read the composition information of acting on behalf of schematic models accordingly according to the sign of acting on behalf of schematic models in the configuration information.Then; Acting on behalf of the management through figures device acts on behalf of schematic models composition information according to this and generates and to act on behalf of each agency in the schematic models; And, be connected descriptor with affiliated pin according to the affiliated I/O pin information in the attribute and generate affiliated pin and act on behalf of the trend that flows with control data through these pins being connected to other according to each agency of information initializings such as the type information of acting on behalf of, attribute.At last, act on behalf of the management through figures device and also be responsible for starting all source agencies to accomplish the startup of system.
Use system architecture provided by the present invention and implementation method construct one have configurable, can expand, can plug and the heterogeneous secure event source integrated system of good characteristic such as self adaptation; Can be according to system architecture top level structure figure shown in Figure 1, the practical implementation of system is divided into following three key steps:
Step 10) makes up acts on behalf of chart (Agent Graph) model;
Step 20) structure is acted on behalf of chart repository (Agent Graph Configuration Repository);
Step 30) structure is acted on behalf of management through figures device (Agent Graph Manager);
The existing detail that above each key step is detailed respectively:
Chart (Agent Graph) model structure figure acts on behalf of in system that shown in Figure 2 is, can step 10 be divided into following steps 101 further with reference to Fig. 2) and step 102) two sub-steps:
Step 101): build and act on behalf of schematic models; Promptly according to three level frameworks of structure chart among Fig. 2 with every concrete function demand and service logic decompose be mapped as three levels on different agencies, and then confirm to form all that act on behalf of schematic models and act on behalf of member and particular functionality demand and service logic separately.
Step 102): realize acting on behalf of each composition agency in the schematic models, promptly on the basis of step 101, specific function demand and the service logic confirmed according to each agency realize these agencies respectively.Concrete business scenario is depended in different agencies' realization; The agency is an example with the UDP source among Fig. 2: the function that this agency will accomplish is that the security event data from the long-range UDP form that transmits is reported on certain port of monitoring, in native system, comes concrete this function of realization through use Socket DLL.A concrete agency can be implemented as a proxy module and then program division of a plurality of such modules compositions is deployed on the acting server, also can be implemented as an Agent and is deployed in independently and at last form a distributed agent system by many such acting servers on the acting server.
Topology example with reference to above-mentioned configuration information can further be refined as following steps with the configuration information structure work in the step 20:
Step 201): at first, confirm the root node of configuration information according to acting on behalf of schematic models.
Step 202): act on behalf of the agency's of schematic models title and first-level agent's child node that type information is confirmed configuration information according to composition, be about in the step 101 to be mapped as first-level agent's child node of root node according to business demand and determined each agency of logic.Shown in the topology example of above-mentioned configuration information, a typical first-level agent child node can be expressed as<agent type=" SourceAgent " name=" UDPSourceAgent ”>...</Agent>Form.This step comes down to information mapping is formed to the process of acting on behalf of in the chart repository in the inside of acting on behalf of schematic models.
Step 203): confirm the secondary attributes child node of said configuration information according to said agency's attribute information, this step further comprises following two steps:
2031): confirm to form each agency's who acts on behalf of schematic models pin attribute, all the pin type informations of first-level agent's child node and the source or the purpose information of pin under promptly confirming.Shown in the topology example of above-mentioned configuration information, the form that typical secondary pin attribute child node can be expressed as < Pin Type=" InputPin " Source=" UDPSourceAgent " />.This step comes down to the inside link information of acting on behalf of schematic models is mapped to the process of acting on behalf of in the chart repository.
2032): confirm to form each agency's who acts on behalf of schematic models operational factor attribute, promptly confirm the operational factor attribute in the secondary attributes child node, comprise the occurrence of the title and the parameter of parameter.Shown in the topology example of above-mentioned configuration information, a typical secondary parameters attribute child node can be expressed as<property name=" Database_Name ”>Events3</Property>Form.
Shown in the accompanying drawing 3 be system act on behalf of management through figures device (Agent Graph Manager) workflow diagram, the structure of acting on behalf of the management through figures device in the step 30 can be with reference to realizing in this flow chart:
Step 301): at first obtain and resolve the configuration information in " the acting on behalf of the chart repository " of in step 20, creating.The form that for example configuration information of XML form is read and resolve to DOM leaves in the internal memory.
Step 302): according to configuration information, each composition that circular treatment is acted on behalf of in the schematic models and comprised is acted on behalf of, and also promptly each is formed the agency and all will pass through the processing of step 303~step 306.After handling all composition agencies, jump to step 307 and continue.
Step 303):, generate current certain composition that needs to handle and act on behalf of according to the composition information of acting on behalf of schematic models in the configuration information.
Step 304):, generate the affiliated needle interface of current agency according to the descriptor of I/O pin under the current agency in the configuration information.
Step 305):, these pins are connected with the pin of related proxy according to the connection descriptor of pin under the current agency in the configuration information.
Step 306): according to each item trip information of current agency in the configuration information, the current agency of initialization.For example act on behalf of XML Source Agent, come the supervision of initialization according to the value of its operational factor " Directory_Name " to specified catalogue for the source.
Step 307): after handling all composition agencies; Start and act on behalf of the active agency in the schematic models; Made up thus and acted on behalf of the management through figures device, thereby said system can begin to accept or extract the data in each secure data source and carry out the integrated of security event source.
Because the source and destination storage mode has a variety of in the reality; Through acting on behalf of this well-bedded mode of chart all possibilities are included in the unified framework; New source of every increase or purpose only need the exploitation corresponding interface and increase corresponding configuration information to get final product.Can find out from above embodiment, the present invention proposes a kind of integrated framework of configurable flexibly multi-source security incident, solve the deficiency of current safety event source integrated system effectively.According to the constructed heterogeneous secure event source integrated system structure of the present invention flexible, well arranged and be easy to the management, have configurable, can expand, can plug and adaptive good characteristic.
Should be noted that and understand, under the situation that does not break away from the desired the spirit and scope of the present invention of accompanying Claim, can make various modifications and improvement the present invention of above-mentioned detailed description.Therefore, the scope of the technical scheme of requirement protection does not receive the restriction of given any specific exemplary teachings.
Claims (10)
1. security event source integrated system comprises:
Act on behalf of schematic models; It comprises the agency; Said agency comprises source agency, translation proxy and delivery agent at least, wherein said source agency be used for from the storage of security event source at the security incident variable, said translation proxy is used to receive said security incident variable and carries out conversion process; Said delivery agent is used to receive the security incident variable after the said conversion process and is delivered to the integrated storehouse of appointment, and said agency links to each other through interface; Said conversion process comprises: reject unwanted content in the security incident variable of the said data from security event source of storage; Calculate the numerical variable in the security incident variable of the said data from security event source of storage; Split or merge the string variable in the security incident variable of the said data from security event source of storage, and/or the security incident variable of the said data from security event source of storage is split or be reassembled as the thinner secondary variable of one or more granularities;
Act on behalf of the chart repository, be used for store configuration information;
Act on behalf of the management through figures device, be used for generating and the said said agency who acts on behalf of schematic models of initialization according to said configuration information, and startup source agency.
2. integrated system according to claim 1 is characterized in that, said data from security event source are initiatively extracted or passive reception by said source agency.
3. integrated system according to claim 1 is characterized in that, any agency that can be divided into many levels in said source agency, said translation proxy and the said delivery agent.
4. integrated system according to claim 1 is characterized in that, said configuration information adopts the organizational form of tree.
5. integrated system according to claim 4 is characterized in that, the root node of said tree is a sign of acting on behalf of schematic models; First-level agent's child node of said tree is the said composition information of acting on behalf of schematic models; The secondary attributes child node of said tree is the said attribute information of acting on behalf of the included said agency of schematic models.
6. integrated system according to claim 5 is characterized in that, said said title and the type information of acting on behalf of the included agency of schematic models of composition message identification of acting on behalf of schematic models.
7. integrated system according to claim 1 is characterized in that said interface is a pin.
8. the implementation method of a security event source integrated system comprises:
1) confirms to act on behalf of agency and the functional requirement and the service logic of schematic models; Realize said agency; Said agency comprises source agency, translation proxy and delivery agent at least; Wherein said source agency be used for from the storage of security event source at the security incident variable; Said translation proxy is used to receive said security incident variable and carries out conversion process, and said delivery agent is used to receive the security incident variable after the said conversion process and is delivered to the integrated storehouse of appointment, and said agency links to each other through interface; Said conversion process comprises: reject unwanted content in the security incident variable of the said data from security event source of storage; Calculate the numerical variable in the security incident variable of the said data from security event source of storage; Split or merge the string variable in the security incident variable of the said data from security event source of storage, and/or the security incident variable of the said data from security event source of storage is split or be reassembled as the thinner secondary variable of one or more granularities;
2) confirm configuration information according to said agency;
3) resolve said configuration information, generate and the said agency of initialization, and start the source agency among the said agency according to said configuration information.
9. method according to claim 8 is characterized in that, said step 2) further comprise:
21) act on behalf of the root node that schematic models are confirmed said configuration information according to said;
22) confirm first-level agent's child node of said configuration information according to the said composition information of acting on behalf of schematic models;
23) confirm the secondary attributes child node of said configuration information according to said agency's attribute information.
10. according to Claim 8 or 9 described methods, it is characterized in that said interface is a pin, generate according to said configuration information described in the said step 3) and the said agency's of initialization operation further comprises:
31) generate said agency according to the said composition information of acting on behalf of schematic models in the said configuration information;
32) generate said agency's pin according to the descriptor of the said agency's in the said configuration information I/O pin;
33) carry out being connected between pin and the pin according to the connection descriptor of the said agency's in the said configuration information affiliated pin;
34) according to the said agency's in the said configuration information the said agency of operational factor attribute information initialization.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910237325A CN101719914B (en) | 2009-11-10 | 2009-11-10 | Security event source integrated system and implementing method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910237325A CN101719914B (en) | 2009-11-10 | 2009-11-10 | Security event source integrated system and implementing method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101719914A CN101719914A (en) | 2010-06-02 |
| CN101719914B true CN101719914B (en) | 2012-09-05 |
Family
ID=42434429
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910237325A Active CN101719914B (en) | 2009-11-10 | 2009-11-10 | Security event source integrated system and implementing method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101719914B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107609093B (en) * | 2017-09-08 | 2020-12-18 | 东软集团股份有限公司 | Database table monitoring method, device, equipment and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001042988A2 (en) * | 1999-11-15 | 2001-06-14 | Transcom Software Inc. | Computer network information management system and method |
| KR20030035142A (en) * | 2001-10-30 | 2003-05-09 | 주식회사 이글루시큐리티 | Method for Providing Enterprise Security Management Service |
| CN1874219A (en) * | 2006-04-06 | 2006-12-06 | 华为技术有限公司 | Method for updating security related information in associated response system |
| CN101018119A (en) * | 2007-02-09 | 2007-08-15 | 浪潮电子信息产业股份有限公司 | Hardware-based server network security centralized management system without relevance to the operation system |
| CN101160876A (en) * | 2005-10-15 | 2008-04-09 | 华为技术有限公司 | Network security control method and system |
| CN101242658A (en) * | 2008-03-11 | 2008-08-13 | 金柘苗 | Mobile information multi-layer network secure auditing system |
| US7424742B1 (en) * | 2004-10-27 | 2008-09-09 | Arcsight, Inc. | Dynamic security events and event channels in a network security system |
| CN101399698A (en) * | 2007-09-30 | 2009-04-01 | 华为技术有限公司 | Safety management system, device and method |
| CN101517564A (en) * | 2006-09-15 | 2009-08-26 | 勃姆巴迪尔运输有限公司 | Integrated security event management system |
-
2009
- 2009-11-10 CN CN200910237325A patent/CN101719914B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001042988A2 (en) * | 1999-11-15 | 2001-06-14 | Transcom Software Inc. | Computer network information management system and method |
| KR20030035142A (en) * | 2001-10-30 | 2003-05-09 | 주식회사 이글루시큐리티 | Method for Providing Enterprise Security Management Service |
| US7424742B1 (en) * | 2004-10-27 | 2008-09-09 | Arcsight, Inc. | Dynamic security events and event channels in a network security system |
| CN101160876A (en) * | 2005-10-15 | 2008-04-09 | 华为技术有限公司 | Network security control method and system |
| CN1874219A (en) * | 2006-04-06 | 2006-12-06 | 华为技术有限公司 | Method for updating security related information in associated response system |
| CN101517564A (en) * | 2006-09-15 | 2009-08-26 | 勃姆巴迪尔运输有限公司 | Integrated security event management system |
| CN101018119A (en) * | 2007-02-09 | 2007-08-15 | 浪潮电子信息产业股份有限公司 | Hardware-based server network security centralized management system without relevance to the operation system |
| CN101399698A (en) * | 2007-09-30 | 2009-04-01 | 华为技术有限公司 | Safety management system, device and method |
| CN101242658A (en) * | 2008-03-11 | 2008-08-13 | 金柘苗 | Mobile information multi-layer network secure auditing system |
Non-Patent Citations (3)
| Title |
|---|
| 于海.网络安全事件管理系统的设计与实现.《北京交通大学学位论文》.2007, * |
| 王景新.安全事件管理系统关键技术研究.《国防科学技术大学学位论文》.2009, * |
| 胡成锴.安全事件管理系统的研究与实现.《华东师范大学学位论文》.2009, * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101719914A (en) | 2010-06-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Medved et al. | Opendaylight: Towards a model-driven sdn controller architecture | |
| CN103281197B (en) | A kind of ForCES collocation method based on NETCONF | |
| CN102185901B (en) | Client message conversion method | |
| CN107454092A (en) | A kind of OPCUA and DDS protocol signals conversion equipment, communication system and communication means | |
| CN100490391C (en) | Multi-stage network administration system and method for processing northward interface in it | |
| KR102000990B1 (en) | Micro grid energy management system using dds middleware | |
| CN108123842A (en) | A kind of adaption system and method that can access more plant equipments based on KNX agreements | |
| CN104360844A (en) | Protocol conversion server based on OPC UA standard and ATS system | |
| CN100539597C (en) | Configuring management method and device | |
| CN104320441B (en) | Information sharing method between wireless communication system | |
| CN105830052A (en) | Method for an integrated data handling for the engineering and operation of a plant | |
| CN102571420A (en) | Method and system for network element data management | |
| KR102382564B1 (en) | Data Parsing and Configuration method for Building OPC UA Environment based on AutomationML | |
| CN100372290C (en) | Method for automatic generating of net management report form | |
| Shafer | An architecture for network management using netconf and yang | |
| CN102196027A (en) | System and method for implementing mobile cloud service | |
| CN101719914B (en) | Security event source integrated system and implementing method thereof | |
| Stopper et al. | Service-oriented architecture design aspects of OPC UA for industrial applications | |
| CN101296232A (en) | Adapting device and method with multi-network management and multi-north interface | |
| AU2005255266A1 (en) | Mutual access method of data and mutual access system of data | |
| Mangler et al. | On the origin of services using riddl for description, evolution and composition of restful services | |
| JP2009265718A (en) | Network device transmitting only difference data of network management information, server, program and method | |
| Koprov | Streaming machine generated data via the MQTT sparkplug b protocol for smart factory operations | |
| CN114124859B (en) | Intelligent customer service robot of network maintenance platform and maintenance method | |
| CN101217485B (en) | A flexible grouping link management method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180823 Address after: 100044 B sixteen, No. 22 building, South Road, Haidian District, Beijing. Patentee after: Guoxin electronic bill Platform Information Service Co., Ltd. Address before: 100190 South Road, Zhongguancun Science Academy, Haidian District, Beijing 6 Patentee before: Institute of Computing Technology, Chinese Academy of Sciences |
|
| TR01 | Transfer of patent right |