CN112182065A - Asset management system and method based on automatic acquisition and multi-source import - Google Patents

Asset management system and method based on automatic acquisition and multi-source import Download PDF

Info

Publication number
CN112182065A
CN112182065A CN202011029760.7A CN202011029760A CN112182065A CN 112182065 A CN112182065 A CN 112182065A CN 202011029760 A CN202011029760 A CN 202011029760A CN 112182065 A CN112182065 A CN 112182065A
Authority
CN
China
Prior art keywords
asset
information
asset information
module
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202011029760.7A
Other languages
Chinese (zh)
Inventor
尤小明
刘明慧
汤震宇
胡绍谦
张春合
林青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NR Electric Co Ltd
NR Engineering Co Ltd
Original Assignee
NR Electric Co Ltd
NR Engineering Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NR Electric Co Ltd, NR Engineering Co Ltd filed Critical NR Electric Co Ltd
Priority to CN202011029760.7A priority Critical patent/CN112182065A/en
Publication of CN112182065A publication Critical patent/CN112182065A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2465Query processing support for facilitating data mining operations in structured databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • G06F16/254Extract, transform and load [ETL] procedures, e.g. ETL data flows in data warehouses
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • G06F16/90335Query processing
    • G06F16/90344Query processing by using string matching techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities

Abstract

The invention discloses an asset management system and method based on automatic acquisition and multi-source import, wherein the system comprises: the manual input asset module is used for inputting first asset information in batches; the SCD analysis asset module analyzes the SCD file to obtain second asset information of the spacer layer and the process layer; the standing book analysis asset module analyzes the standing book information to obtain third asset information; the dynamic scanning asset module acquires fourth asset information by an active network scanning technology; the network monitoring asset module is used for passively monitoring network information to obtain fifth asset information; the asset automatic mining module is used for acquiring and combining and associating the first asset information, the second asset information, the third asset information, the fourth asset information and the fifth asset information; and the asset information analysis module is connected with the asset automatic mining module and used for carrying out safety classification and risk assessment on the asset information. The invention can efficiently and comprehensively acquire the asset information and the equipment risk assessment value in the network and uniformly manage the connected network asset equipment.

Description

Asset management system and method based on automatic acquisition and multi-source import
Technical Field
The invention relates to a plant station equipment network information and safety technology in the field of power systems, in particular to an asset management system and method based on automatic acquisition and multi-source import.
Background
With the rapid development of the internet, security vulnerabilities of various network assets and information systems are a major hidden danger of information security. A security hole is a kind of problem that occurs in each stage of the life cycle (design, implementation, operation and maintenance, etc.) of an information system, and the problem affects the security (confidentiality, integrity, availability) of the system. Due to software defects, misconfiguration of applications and IT equipment, conventional errors and the like, new bugs occur every day, and currently, bug scanning is generally adopted by a bug scanning system regularly or security inspection is carried out regularly to find security bugs and then repair and reinforcement work is carried out, so that the following defects exist:
1) the method depends on manual operation, and lacks of automatic and standardized means;
2) the discovery and the disposal of the loophole have hysteresis;
3) the information of the information assets is not completely mastered, and the bugs are difficult to find and repair accurately in time.
Therefore, how to establish a network asset management system to realize more timely, effective, reliable and accurate acquisition of network asset information so as to better discover and repair security vulnerabilities in time is a problem to be solved urgently in the prior art.
Disclosure of Invention
Aiming at the problems, the invention provides an asset management system and method based on automatic acquisition and multi-source import, which can efficiently and comprehensively acquire asset information and asset equipment risk assessment values in a network and uniformly manage connected network asset equipment.
In order to achieve the technical purpose and achieve the technical effects, the invention is realized by the following technical scheme:
in a first aspect, the present invention provides an asset management system based on automatic acquisition and multi-source import, including:
a manual entry asset module that enters first asset information in batches based on a manual schema through a formatted template;
the SCD analysis asset module obtains second asset information of the spacer layer and the process layer by analyzing the SCD file;
the standing book analysis asset module is used for obtaining third asset information by analyzing the standing book information;
the dynamic scanning asset module acquires fourth asset information through an active network scanning technology;
the network monitoring asset module acquires fifth asset information through passive monitoring network information;
the asset automatic mining module is respectively connected with the manual entry asset module, the SCD asset analysis module, the standing book asset analysis module, the dynamic scanning asset module and the network monitoring asset module, and is used for merging and associating the first asset information, the second asset information, the third asset information, the fourth asset information and the fifth asset information to obtain processed asset information;
and the asset information analysis module is connected with the asset automatic mining module and used for carrying out safety classification on the processed asset information and risk assessment on asset equipment.
Optionally, the manual asset entry module imports the first asset information in batches on the basis of manual through formatted excel or xml, or manually enters the first asset information on the display interface.
Optionally, the processing procedure of the processed asset information is as follows:
and matching is carried out on the basis of key fields contained in the first asset information, the second asset information, the third asset information, the fourth asset information and the fifth asset information, and merging, associating and de-duplicating the asset information.
Optionally, the key fields include an IP address, a MAC address, and an asset device name.
Alternatively, when the IP address segments of the assets are different but the lower two bits of the IP address are the same, the A, B network that is identified as the same asset and the two assets are merged into the same asset.
In a second aspect, the present invention provides an asset management method based on automatic acquisition and multi-source import, including:
inputting first asset information in batches based on a manual mode by utilizing a manual input asset module through a formatted template;
acquiring second asset information of the spacer layer and the process layer by analyzing the SCD file by using the SCD asset analyzing module;
acquiring third asset information by analyzing the standing book information by using a standing book analysis asset module;
acquiring fourth asset information by using a dynamic asset scanning module through an active network scanning technology;
acquiring fifth asset information through passive monitoring network information by using a network monitoring asset module;
merging and associating the first asset information, the second asset information, the third asset information, the fourth asset information and the fifth asset information by using an asset automatic mining module to obtain processed asset information;
and utilizing an asset information analysis module to perform security classification and risk assessment of asset equipment on the processed asset information.
Optionally, the manual asset entry module imports the first asset information in batches on the basis of manual through formatted excel or xml, or manually enters the first asset information on the display interface.
Optionally, the processing procedure of the processed asset information is as follows:
and matching is carried out on the basis of key fields contained in the first asset information, the second asset information, the third asset information, the fourth asset information and the fifth asset information, and merging, associating and de-duplicating the asset information.
Optionally, the key fields include an IP address, a MAC address, and an asset device name.
Alternatively, when the IP address segments of the assets are different but the lower two bits of the IP address are the same, the A, B network that is identified as the same asset and the two assets are merged into the same asset.
Compared with the prior art, the invention has the beneficial effects that:
1. the invention acquires the network assets and the asset information in a multidimensional, efficient, comprehensive, reliable and accurate way through the asset manual input module, the SCD asset analysis module, the standing book asset analysis module and the dynamic scanning asset module.
2. According to the invention, the first asset information, the second asset information, the third asset information, the fourth asset information and the fifth asset information are obtained and merged, associated and deduplicated by the asset automatic mining module.
3. The invention can acquire the operating system, the operating system version and the developed port number of the asset in real time by dynamically scanning the asset, and can accurately and reliably discover the security vulnerability of the information system by analyzing the information and comparing the information with the security vulnerability library.
Drawings
In order that the present disclosure may be more readily and clearly understood, reference is now made to the following detailed description of the present disclosure taken in conjunction with the accompanying drawings, in which:
fig. 1 is a schematic structural diagram of an asset management system based on automatic acquisition and multi-source import according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the scope of the invention.
The following detailed description of the principles of the invention is provided in connection with the accompanying drawings.
Example 1
The embodiment of the invention provides an asset management system based on automatic acquisition and multi-source import, which comprises the following components:
a manual entry asset module that enters first asset information in batches based on a manual schema through a formatted template;
the SCD analysis asset module obtains second asset information of the spacer layer and the process layer by analyzing the SCD file;
the standing book analysis asset module is used for obtaining third asset information by analyzing the standing book information;
the dynamic scanning asset module acquires fourth asset information through an active network scanning technology;
the network monitoring asset module acquires fifth asset information by passively monitoring network information (namely passively capturing network messages through the switch mirror image);
the asset automatic mining module is respectively connected with the manual entry asset module, the SCD asset analysis module, the standing book asset analysis module, the dynamic scanning asset module and the network monitoring asset module, and is used for merging and associating the first asset information, the second asset information, the third asset information, the fourth asset information and the fifth asset information to obtain processed asset information;
and the asset information analysis module is connected with the asset automatic mining module and used for carrying out safety classification on the processed asset information and risk assessment on asset equipment.
In summary, in the embodiment of the present invention, the active network scanning and the passive network monitoring are combined to realize automatic acquisition; and combining manual entry, SCD analysis and standing book analysis for realizing multi-source import.
In a specific implementation manner of the embodiment of the present invention, the manual entry asset module manually imports the first asset information in batch through formatted excel or xml, or manually enters the first asset information on the display interface.
In a specific implementation manner of the embodiment of the present invention, the processing process of the processed asset information is as follows:
and matching is carried out on the basis of key fields contained in the first asset information, the second asset information, the third asset information, the fourth asset information and the fifth asset information, and merging, associating and de-duplicating the asset information. In a specific implementation, the first asset information may be manually defined, and at most includes: the system comprises a unit name, a station name, a user, a contact telephone, a storage position, an asset management number, a factory date, a production date, an application system name, a network layer, a safety partition, a device type, a device brand, a device model, a device name, an operating system version, a network interface, an IP address, a mask address and an MAC address. The second asset information typically includes: device name, network interface, IP address, mask address, MAC address. The third asset information typically includes: the system comprises a unit name, a station name, a user, a contact telephone, a storage position, an asset management number, a delivery date, a production date, an application system name, a network layer, a safety partition, an equipment type, an equipment brand, an equipment model and an equipment name; the fourth asset information generally includes: network level, operating system name, operating system version, network interface, IP address, mask address, MAC address, open port number. The fifth asset information generally includes: network level, IP address, mask address, MAC address, open port number.
In a specific implementation manner of the embodiment of the present invention, the key fields include an IP address, a MAC address, and an asset device name. When the IP address segments of the assets are different but the lower two bits of the IP address are the same, the A, B network of the same asset is identified and the two assets are merged into the same asset. When the equipment name of one of the first asset information is the same as that of one of the second asset information, combining the two assets, and associating the information of different fields in the two pieces of information; and when the field information acquired by the fourth asset information and the field information acquired by the fifth asset information are completely the same, deleting one of the field information.
Example 2
The embodiment of the invention provides an asset management method based on automatic acquisition and multi-source import, which comprises the following steps:
inputting first asset information in batches based on a manual mode by utilizing a manual input asset module through a formatted template;
acquiring second asset information of the spacer layer and the process layer by analyzing the SCD file by using the SCD asset analyzing module;
acquiring third asset information by analyzing the standing book information by using a standing book analysis asset module;
acquiring fourth asset information by using a dynamic asset scanning module through an active network scanning technology;
acquiring fifth asset information through passive monitoring network information by using a network monitoring asset module;
merging and associating the first asset information, the second asset information, the third asset information, the fourth asset information and the fifth asset information by using an asset automatic mining module to obtain processed asset information;
and utilizing an asset information analysis module to perform security classification and risk assessment of asset equipment on the processed asset information.
In a specific implementation manner of the embodiment of the present invention, the manual entry asset module manually imports the first asset information in batch through formatted excel or xml, or manually enters the first asset information on the display interface.
In a specific implementation manner of the embodiment of the present invention, the processing process of the processed asset information is as follows:
and matching based on key fields contained in the first asset information, the second asset information, the third asset information, the fourth asset information and the fifth asset information, and merging, associating and removing the weight of the asset information.
In a specific implementation manner of the embodiment of the present invention, the key field includes an IP address, a MAC address, and an asset device name; when the IP address segments of the assets are different but the lower two bits of the IP address are the same, the A, B network of the same asset is identified and the two assets are merged into the same asset. When the equipment name of one of the first asset information is the same as that of one of the second asset information, combining the two assets, and associating the information of different fields in the two pieces of information; when the field information obtained by the fourth asset information and the fifth asset information is identical, one of the field information is deleted
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (10)

1. An asset management system based on automatic acquisition and multi-source import, comprising:
a manual entry asset module that enters first asset information in batches based on a manual schema through a formatted template;
the SCD analysis asset module obtains second asset information of the spacer layer and the process layer by analyzing the SCD file;
the standing book analysis asset module is used for obtaining third asset information by analyzing the standing book information;
the dynamic scanning asset module acquires fourth asset information through an active network scanning technology;
the network monitoring asset module acquires fifth asset information through passive monitoring network information;
the asset automatic mining module is respectively connected with the manual entry asset module, the SCD asset analysis module, the standing book asset analysis module, the dynamic scanning asset module and the network monitoring asset module, and is used for merging and associating the first asset information, the second asset information, the third asset information, the fourth asset information and the fifth asset information to obtain processed asset information;
and the asset information analysis module is connected with the asset automatic mining module and used for carrying out safety classification on the processed asset information and risk assessment on asset equipment.
2. The asset management system based on automatic acquisition and multi-source import according to claim 1, wherein: the manual asset entry module manually leads in first asset information in batches through formatted excel or xml, or manually enters the first asset information on a display interface.
3. The asset management system based on automatic acquisition and multi-source import according to claim 1, wherein: the processing process of the processed asset information comprises the following steps:
and matching is carried out on the basis of key fields contained in the first asset information, the second asset information, the third asset information, the fourth asset information and the fifth asset information, and merging, associating and de-duplicating the asset information.
4. The asset management system based on automatic acquisition and multi-source import according to claim 3, wherein: the key fields include an IP address, a MAC address, and an asset device name.
5. The asset management system based on automatic acquisition and multi-source import according to claim 4, wherein: when the IP address segments of the assets are different but the lower two bits of the IP address are the same, the A, B network of the same asset is identified and the two assets are merged into the same asset.
6. An asset management method based on automatic acquisition and multi-source import is characterized by comprising the following steps:
inputting first asset information in batches based on a manual mode by utilizing a manual input asset module through a formatted template;
acquiring second asset information of the spacer layer and the process layer by analyzing the SCD file by using the SCD asset analyzing module;
acquiring third asset information by analyzing the standing book information by using a standing book analysis asset module;
acquiring fourth asset information by using a dynamic asset scanning module through an active network scanning technology;
acquiring fifth asset information through passive monitoring network information by using a network monitoring asset module;
merging and associating the first asset information, the second asset information, the third asset information, the fourth asset information and the fifth asset information by using an asset automatic mining module to obtain processed asset information;
and utilizing an asset information analysis module to perform security classification and risk assessment of asset equipment on the processed asset information.
7. The asset management method based on automatic collection and multi-source import according to claim 6, wherein the asset management method comprises the following steps: the manual asset entry module manually leads in first asset information in batches through formatted excel or xml, or manually enters the first asset information on a display interface.
8. The asset management method based on automatic collection and multi-source import according to claim 6, wherein the asset management method comprises the following steps: the processing process of the processed asset information comprises the following steps:
and matching is carried out on the basis of key fields contained in the first asset information, the second asset information, the third asset information, the fourth asset information and the fifth asset information, and merging, associating and de-duplicating the asset information.
9. The asset management method based on automatic collection and multi-source import according to claim 8, wherein the asset management method comprises the following steps: the key fields include an IP address, a MAC address, and an asset device name.
10. The asset management method based on automatic collection and multi-source import according to claim 9, wherein the asset management method comprises the following steps: when the IP address segments of the assets are different but the lower two bits of the IP address are the same, the A, B network of the same asset is identified and the two assets are merged into the same asset.
CN202011029760.7A 2020-09-27 2020-09-27 Asset management system and method based on automatic acquisition and multi-source import Withdrawn CN112182065A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011029760.7A CN112182065A (en) 2020-09-27 2020-09-27 Asset management system and method based on automatic acquisition and multi-source import

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011029760.7A CN112182065A (en) 2020-09-27 2020-09-27 Asset management system and method based on automatic acquisition and multi-source import

Publications (1)

Publication Number Publication Date
CN112182065A true CN112182065A (en) 2021-01-05

Family

ID=73943633

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011029760.7A Withdrawn CN112182065A (en) 2020-09-27 2020-09-27 Asset management system and method based on automatic acquisition and multi-source import

Country Status (1)

Country Link
CN (1) CN112182065A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113938326A (en) * 2021-12-17 2022-01-14 北京华顺信安科技有限公司 Method and device for acquiring enterprise internet assets
CN116980468A (en) * 2023-09-20 2023-10-31 长扬科技(北京)股份有限公司 Asset discovery and management method, device, equipment and medium in industrial control environment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113938326A (en) * 2021-12-17 2022-01-14 北京华顺信安科技有限公司 Method and device for acquiring enterprise internet assets
CN116980468A (en) * 2023-09-20 2023-10-31 长扬科技(北京)股份有限公司 Asset discovery and management method, device, equipment and medium in industrial control environment
CN116980468B (en) * 2023-09-20 2023-12-19 长扬科技(北京)股份有限公司 Asset discovery and management method, device, equipment and medium in industrial control environment

Similar Documents

Publication Publication Date Title
CN112631913B (en) Method, device, equipment and storage medium for monitoring operation faults of application program
CN111475370A (en) Operation and maintenance monitoring method, device and equipment based on data center and storage medium
CN105630682A (en) System and method for automatically collecting and analyzing collapse of mobile terminal
Jayathilake Towards structured log analysis
CN111915143B (en) Complex product assembly management and control system based on intelligent contract
CN112182065A (en) Asset management system and method based on automatic acquisition and multi-source import
CN113242157B (en) Centralized data quality monitoring method under distributed processing environment
CN112380533A (en) Method for checking security baseline of computer terminal
Välja et al. Automated architecture modeling for enterprise technology manageme using principles from data fusion: A security analysis case
CN101425070B (en) Deadlock positioning method, deadlock positioning device and data system
CN116205396A (en) Data panoramic monitoring method and system based on data center
US20220358495A1 (en) Blockchain-based dynamic payterm generator
CN116069838A (en) Data processing method, device, computer equipment and storage medium
CN112822210B (en) Vulnerability management system based on network assets
CN111858236B (en) Knowledge graph monitoring method and device, computer equipment and storage medium
CN112528295A (en) Vulnerability repairing method and device of industrial control system
CN107766167A (en) A kind of fault log repeats to report an error the method for merger
CN116362443A (en) Data management method and device for enterprise information platform
CN114037270A (en) Industrial control safety evaluation system and method
CN115017213A (en) Sensitive data processing method and device
CN109062797B (en) Method and device for generating information
CN111461527A (en) Equipment quality evaluation method based on remote operation of distribution network
CN114978937B (en) Page data verification method and device
CN112561262B (en) Experience feedback data pushing method applied to barrier analysis and computer terminal
CN115795058B (en) Threat modeling method, threat modeling system, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20210105

WW01 Invention patent application withdrawn after publication