CN112714125A - System safety monitoring method and device, storage medium and electronic equipment - Google Patents
System safety monitoring method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN112714125A CN112714125A CN202011590723.3A CN202011590723A CN112714125A CN 112714125 A CN112714125 A CN 112714125A CN 202011590723 A CN202011590723 A CN 202011590723A CN 112714125 A CN112714125 A CN 112714125A
- Authority
- CN
- China
- Prior art keywords
- monitoring
- item
- project
- target terminal
- work order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Alarm Systems (AREA)
Abstract
The application provides a system safety monitoring method, a device, a storage medium and electronic equipment, wherein a monitoring request is sent to a target terminal according to a task work order, the task work order comprises at least one monitoring project, the monitoring project is a vulnerability detection project, a system information acquisition project or a configuration information acquisition project, and the monitoring request comprises a characteristic identifier of the corresponding monitoring project; acquiring monitoring results fed back by a target terminal, wherein different monitoring results respectively correspond to different monitoring items, and the monitoring results comprise characteristic identifiers of the corresponding monitoring items; when the monitoring result is in an abnormal state, judging whether the monitoring item corresponding to the monitoring result is an exceptional item; and if not, generating an alarm main point, and transmitting the alarm main point to the client corresponding to the monitoring result. By pushing the alarm key points to the corresponding client, a user or a manager of the client is reminded to pay attention to the monitoring result in the abnormal state and the corresponding monitoring item, and maintenance is carried out in time, so that safety accidents are avoided.
Description
Technical Field
The present disclosure relates to the field of information security, and in particular, to a system security monitoring method, device, storage medium, and electronic device.
Background
With the development of society and scientific progress, the internet is widely applied to various industries. Important components of the internet include various information systems consisting of servers and clients. The security of the information system directly affects the security of the information of the internet users. A level protection security check needs to be performed for the terminals in the information system.
Level protection safety inspection is an important link of information safety work, and network security and industry supervision departments need to follow level protection related regulation policies and regularly perform safety compliance inspection on information systems of record units. The traditional mode of carrying out safety inspection on monitored units at regular time is inconvenient in time and labor consumption, cannot meet the latest requirements of network safety supervision work, and cannot dynamically master the latest safety conditions of important information systems and websites in the jurisdiction.
Disclosure of Invention
The present application is directed to a system safety monitoring method, device, storage medium and electronic device, so as to at least partially improve the above problems.
In order to achieve the above purpose, the embodiments of the present application employ the following technical solutions:
in a first aspect, an embodiment of the present application provides a system safety monitoring method, where the method includes:
sending a monitoring request to a target terminal according to a task work order, wherein the task work order comprises at least one monitoring project, the monitoring project is a vulnerability detection project, a system information acquisition project or a configuration information acquisition project, and the monitoring request comprises a feature identifier of the corresponding monitoring project;
acquiring monitoring results fed back by the target terminal, wherein different monitoring results respectively correspond to different monitoring items, and the monitoring results comprise the characteristic identifiers of the corresponding monitoring items;
when the monitoring result is in an abnormal state, judging whether the monitoring item corresponding to the monitoring result is an exceptional item;
and if not, generating an alarm main point, and transmitting the alarm main point to a client corresponding to the monitoring result, wherein the alarm main point comprises the monitoring result in the abnormal state and a corresponding monitoring item.
In a second aspect, an embodiment of the present application provides a system safety monitoring device, where the device includes:
the monitoring center module is used for sending a monitoring request to a target terminal according to a task work order, wherein the task work order comprises at least one monitoring project, the monitoring project is a vulnerability detection project, a system information acquisition project or a configuration information acquisition project, and the monitoring request comprises a feature identifier of the corresponding monitoring project;
the monitoring center module is further used for acquiring monitoring results fed back by the target terminal, wherein different monitoring results respectively correspond to different monitoring items, and the monitoring results comprise characteristic identifiers of the corresponding monitoring items;
the monitoring center module is also used for judging whether a monitoring item corresponding to the monitoring result is an exceptional item when the monitoring result is in an abnormal state;
and if not, the alarm center module is used for generating alarm key points and transmitting the alarm key points to the client corresponding to the monitoring result, wherein the alarm key points comprise the monitoring result in the abnormal state and the corresponding monitoring item.
In a third aspect, the present application provides a storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the method described above.
In a fourth aspect, an embodiment of the present application provides an electronic device, including: a processor and memory for storing one or more programs; the one or more programs, when executed by the processor, implement the methods described above.
Compared with the prior art, in the system safety monitoring method, the device, the storage medium and the electronic device provided by the embodiment of the application, a monitoring request is sent to a target terminal according to a task work order, wherein the task work order comprises at least one monitoring item, the monitoring item is a vulnerability detection item, a system information acquisition item or a configuration information acquisition item, and the monitoring request comprises a feature identifier of the corresponding monitoring item; acquiring monitoring results fed back by a target terminal, wherein different monitoring results respectively correspond to different monitoring items, and the monitoring results comprise characteristic identifiers of the corresponding monitoring items; when the monitoring result is in an abnormal state, judging whether the monitoring item corresponding to the monitoring result is an exceptional item; and if not, generating an alarm main point, and transmitting the alarm main point to the client corresponding to the monitoring result. By pushing the alarm key points to the corresponding client, a user or a manager of the client is reminded to pay attention to the monitoring result in the abnormal state and the corresponding monitoring item, and maintenance is carried out in time, so that safety accidents are avoided.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and it will be apparent to those skilled in the art that other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure;
fig. 2 is a schematic flow chart of a system safety monitoring method according to an embodiment of the present application;
fig. 3 is a schematic view of the substeps of S105 provided in the embodiment of the present application;
fig. 4 is a schematic flow chart of a system safety monitoring method according to an embodiment of the present application;
fig. 5 is a schematic flow chart of a system safety monitoring method according to an embodiment of the present application;
fig. 6 is a schematic block diagram of a system safety monitoring device according to an embodiment of the present application.
In the figure: 10-a processor; 11-a memory; 12-a bus; 13-a communication interface; 201-monitoring center module; 202-alarm centre module.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
In the description of the present application, it should be noted that the terms "upper", "lower", "inner", "outer", and the like indicate orientations or positional relationships based on orientations or positional relationships shown in the drawings or orientations or positional relationships conventionally found in use of products of the application, and are used only for convenience in describing the present application and for simplification of description, but do not indicate or imply that the referred devices or elements must have a specific orientation, be constructed in a specific orientation, and be operated, and thus should not be construed as limiting the present application.
In the description of the present application, it is also to be noted that, unless otherwise explicitly specified or limited, the terms "disposed" and "connected" are to be interpreted broadly, e.g., as being either fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present application can be understood in a specific case by those of ordinary skill in the art.
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the features of the embodiments can be combined with each other without conflict.
The level protection checking and monitoring system in the embodiment of the application is a system capable of testing, evaluating and monitoring the safety level protection compliance of a peer-to-peer protected object. The level protection evaluation is an evaluation organization certified by related departments and having qualification, and is entrusted by related units according to the national information security level protection regulations, and the level protection evaluation performs the activity of detecting and evaluating the security level protection condition of the information system according to related management regulations and technical standards. The level protection object is the target to be checked and evaluated by the level protection checking and monitoring system, and can be in the form of a server, a network device, a service system and the like. The level protection inspection knowledge base comprises the standard and the basis of level protection inspection, and the interior of the level protection inspection knowledge base is divided into inspection items of multiple levels and multiple types according to different level protection levels and different technical and management directions.
The embodiment of the application provides an electronic device which can be a server device or a system cloud. Please refer to fig. 1, a schematic structural diagram of an electronic device. The electronic device comprises a processor 10, a memory 11, a bus 12. The processor 10 and the memory 11 are connected by a bus 12, and the processor 10 is configured to execute an executable module, such as a computer program, stored in the memory 11.
The processor 10 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the system safety monitoring method may be implemented by integrated logic circuits of hardware or instructions in the form of software in the processor 10. The Processor 10 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.
The Memory 11 may comprise a high-speed Random Access Memory (RAM) and may further comprise a non-volatile Memory (non-volatile Memory), such as at least one disk Memory.
The bus 12 may be an ISA (Industry Standard architecture) bus, a PCI (peripheral Component interconnect) bus, an EISA (extended Industry Standard architecture) bus, or the like. Only one bi-directional arrow is shown in fig. 1, but this does not indicate only one bus 12 or one type of bus 12.
The memory 11 is used for storing programs, such as programs corresponding to the system safety monitoring device. The system security monitoring device includes at least one software function module which can be stored in the memory 11 in the form of software or firmware (firmware) or is fixed in an Operating System (OS) of the electronic device. The processor 10 executes the program to implement the system safety monitoring method after receiving the execution instruction.
Possibly, the electronic device provided by the embodiment of the present application further includes a communication interface 13. The communication interface 13 is connected to the processor 10 via a bus. The electronic device may communicate with other terminals, such as clients, via the communication interface 13.
It should be understood that the structure shown in fig. 1 is merely a structural schematic diagram of a portion of an electronic device, which may also include more or fewer components than shown in fig. 1, or have a different configuration than shown in fig. 1. The components shown in fig. 1 may be implemented in hardware, software, or a combination thereof.
The system safety monitoring method provided in the embodiment of the present invention can be applied to, but is not limited to, the electronic device shown in fig. 1, and please refer to fig. 2:
and S104, sending a monitoring request to the target terminal according to the task work order.
The task work order comprises at least one monitoring project, the monitoring project is a vulnerability detection project, a system information acquisition project or a configuration information acquisition project, and the monitoring request comprises a feature identifier of the corresponding monitoring project.
Alternatively, the target terminal may be the above-mentioned hierarchical protection object. The characteristic identifier of the monitoring item can be a name or a serial number.
And S105, acquiring a monitoring result fed back by the target terminal.
And different monitoring results respectively correspond to different monitoring projects, and the monitoring results comprise the characteristic identifications of the corresponding monitoring projects.
Optionally, the monitoring result includes data information or attribute information that needs to be monitored by the corresponding monitoring item. And sending a monitoring request to the target terminal to acquire data information or attribute information required to be monitored by the corresponding monitoring project, so that the conventional monitoring of all assets in the target terminal is completed.
And S106, judging whether the monitoring item corresponding to the monitoring result is an exceptional item or not when the monitoring result is in an abnormal state. If yes, executing S108; if not, S107 is executed.
Specifically, when the monitoring result is in the abnormal state and the monitoring item corresponding to the monitoring result is the non-exceptional item, it is characterized that the monitoring item needs to be normally alarmed, and then S107 is executed. Otherwise, if the monitoring item corresponding to the monitoring result is an exception item, S108 is executed.
And S107, generating an alarm main point, and transmitting the alarm main point to a client corresponding to the monitoring result.
The key points of the alarm comprise monitoring results of abnormal states and corresponding monitoring items.
Optionally, the warning key points are pushed to the corresponding client to remind a user or a manager of the client to pay attention to the monitoring result in the abnormal state and the corresponding monitoring item, and maintenance is performed in time, so that safety accidents are avoided.
S108, ignoring the abnormal state.
Optionally, when the monitoring item corresponding to the monitoring result is an exception item, the monitoring item may not have an influence on the safe operation of the system, and the abnormal state of the monitoring result does not need to be processed, so as to avoid causing interference to the user, and the abnormal state is ignored at this time.
To sum up, in the system safety monitoring method provided by the embodiment of the application, a monitoring request is sent to a target terminal according to a task work order, wherein the task work order includes at least one monitoring project, the monitoring project is a vulnerability detection project, a system information acquisition project or a configuration information acquisition project, and the monitoring request includes a feature identifier of a corresponding monitoring project; acquiring monitoring results fed back by a target terminal, wherein different monitoring results respectively correspond to different monitoring items, and the monitoring results comprise characteristic identifiers of the corresponding monitoring items; when the monitoring result is in an abnormal state, judging whether the monitoring item corresponding to the monitoring result is an exceptional item; and if not, generating an alarm main point, and transmitting the alarm main point to the client corresponding to the monitoring result. By pushing the alarm key points to the corresponding client, a user or a manager of the client is reminded to pay attention to the monitoring result in the abnormal state and the corresponding monitoring item, and maintenance is carried out in time, so that safety accidents are avoided.
Optionally, for how the target terminal generates the monitoring result, the embodiment of the present application further provides a possible implementation manner, please refer to the following.
And when the target terminal receives the monitoring request, acquiring the characteristic identifier of the corresponding monitoring item contained in the monitoring request. And acquiring a monitoring tool matched with the characteristic identifier through a local Agent (Agent) program, and operating the monitoring tool by the target terminal so as to acquire a monitoring result.
Optionally, a local Agent (Agent) program of the target terminal sends a monitoring tool acquisition request to the electronic device according to the feature identifier, and the electronic device feeds back the monitoring tool corresponding to the feature identifier to the target terminal.
Optionally, after the alarm key point is generated, regarding storage of the alarm key point, the embodiment of the present application further provides a possible implementation manner, please refer to the following.
When the alarm center module receives the abnormal prompt of the monitoring center module, an alarm main point is generated, the detailed alarm main point and a result are stored, grouping inquiry aggregation is carried out through an information system to which the main point belongs, an affiliated unit, an affiliated inspection plan monitoring task and the like, and the main point is displayed on a corresponding user interface. When a non-primary alarm is received, the latest alarm time of the original alarm key points is updated.
On the basis of fig. 2, regarding the content in S105, the embodiment of the present application further provides a possible implementation manner, please refer to fig. 3, where S105 includes:
and S105-1, acquiring the data message fed back by the target terminal.
Optionally, the data message is parsed into a standard XML format to facilitate extraction of the inspection data therein. The analyzed data meets the data format of the knowledge base parameter.
S105-2, extracting the feature identification in the data message.
And S105-3, matching the corresponding conversion relation according to the feature identification.
Optionally, since there are more than ten monitoring tools, the formats of the monitoring data returned by each tool are different, and in order to facilitate subsequent unified processing, the monitoring data needs to be compared with corresponding entries in the level protection inspection knowledge base to determine a conversion relationship, and the conversion relationship is converted into a unified and unique value that can indicate whether the level protection inspection requirements are met.
And S105-4, converting the data message into a monitoring result according to the conversion relation.
Optionally, whether the monitoring item corresponding to the protection object meets the requirement or not may be determined by identifying and converting whether the monitoring item meets the requirement or not, and if not, the monitoring item is in an abnormal state, and if so, the monitoring item is in a non-abnormal state.
On the basis of fig. 2, as to how to set exception items, the embodiment of the present application further provides a possible implementation manner, please refer to fig. 4, where the system security monitoring method further includes:
and S102, receiving an exception item setting instruction transmitted by the client.
Wherein the exception item setting instruction comprises a first exception characteristic identifier.
S103, marking the monitoring item with the characteristic identifier as a first exception characteristic identifier as an exception item.
And S109, receiving an exception item canceling instruction transmitted by the client.
Wherein the exception item canceling instruction comprises a second exception characteristic identifier;
and S110, marking the monitoring item with the characteristic identification as the second exceptional characteristic identification as a non-exceptional item.
Alternatively, S109 may be performed at any time after S103. The execution of S109 after S108 shown in fig. 4 is only one possible implementation and is not intended to be limiting.
On the basis of fig. 2, regarding how to obtain the task work order, the embodiment of the present application further provides a possible implementation manner, please refer to fig. 5, where the system safety monitoring method further includes:
and S101, receiving the task work order transmitted by the client.
Wherein the task work order includes a monitoring period.
S104 comprises the following steps:
and S104-1, sending a monitoring request to the target terminal every other monitoring period according to the task work order.
Optionally, after receiving the task work order transmitted by the client, extracting the monitoring period, and converting the monitoring period into the monitoring period identified by the computer through a planning task (cron) expression.
According to the system safety monitoring method provided by the embodiment of the application, the purpose of automatically monitoring the peer-to-peer security object periodically every day, every week, every month and the like can be achieved, safety alarm key points are pushed to a user in real time, and the user can find and solve problems conveniently according to monitoring results. Through online real-time supervision, effectively promote inspection efficiency, reverse the passive situation that current safety inspection becomes the mended leakage after the incident takes place, take precautionary measure in advance.
Referring to fig. 6, fig. 6 is a system safety monitoring device according to an embodiment of the present application, and optionally, the system safety monitoring device is applied to the electronic device described above.
The system safety monitoring device comprises: a monitoring center module 201 and an alarm center module 202.
The monitoring center module 201 is configured to send a monitoring request to a target terminal according to a task work order, where the task work order includes at least one monitoring item, the monitoring item is a vulnerability detection item, a system information acquisition item, or a configuration information acquisition item, and the monitoring request includes a feature identifier of a corresponding monitoring item.
The monitoring center module 201 is further configured to obtain a monitoring result fed back by the target terminal, where different monitoring results respectively correspond to different monitoring items, and the monitoring result includes feature identifiers of the corresponding monitoring items.
The monitoring center module 201 is further configured to determine whether a monitoring item corresponding to the monitoring result is an exception item when the monitoring result is in an abnormal state.
Alternatively, the monitoring center module 201 may perform S104 to S106 described above.
If not, the alarm center module 202 is configured to generate an alarm main point, and transmit the alarm main point to a client corresponding to the monitoring result, where the alarm main point includes the monitoring result in the abnormal state and a corresponding monitoring item. Optionally, the alert center module 202 may perform S107 and S108 described above.
Optionally, the monitoring center module 201 is further configured to obtain a data message fed back by the target terminal; extracting feature identifiers in the data message; matching corresponding conversion relations according to the feature identifiers; and converting the data message into a monitoring result according to the conversion relation. The monitoring center module 201 may perform the above-described S104-1 to S104-4.
It should be noted that the system safety monitoring device provided in this embodiment may execute the method flows shown in the above method flow embodiments to achieve corresponding technical effects. For the sake of brevity, the corresponding contents in the above embodiments may be referred to where not mentioned in this embodiment.
The embodiment of the invention also provides a storage medium, wherein the storage medium stores computer instructions and programs, and the computer instructions and the programs execute the system safety monitoring method of the embodiment when being read and run. The storage medium may include memory, flash memory, registers, or a combination thereof, etc.
The following provides an electronic device, which may be a server device or a system cloud, and the electronic device is shown in fig. 1, and may implement the system security monitoring method described above; specifically, the electronic device includes: processor 10, memory 11, bus 12. The processor 10 may be a CPU. The memory 11 is used for storing one or more programs, and when the one or more programs are executed by the processor 10, the system safety monitoring method of the above embodiment is performed.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (10)
1. A system security monitoring method, the method comprising:
sending a monitoring request to a target terminal according to a task work order, wherein the task work order comprises at least one monitoring project, the monitoring project is a vulnerability detection project, a system information acquisition project or a configuration information acquisition project, and the monitoring request comprises a feature identifier of the corresponding monitoring project;
acquiring monitoring results fed back by the target terminal, wherein different monitoring results respectively correspond to different monitoring items, and the monitoring results comprise the characteristic identifiers of the corresponding monitoring items;
when the monitoring result is in an abnormal state, judging whether the monitoring item corresponding to the monitoring result is an exceptional item;
and if not, generating an alarm main point, and transmitting the alarm main point to a client corresponding to the monitoring result, wherein the alarm main point comprises the monitoring result in the abnormal state and a corresponding monitoring item.
2. The system safety monitoring method according to claim 1, wherein the step of obtaining the monitoring result fed back by the target terminal comprises:
acquiring a data message fed back by the target terminal;
extracting feature identifiers in the data message;
matching corresponding conversion relations according to the feature identifiers;
and converting the data message into a monitoring result according to the conversion relation.
3. The system safety monitoring method of claim 1, wherein the method further comprises:
and if the monitoring item corresponding to the monitoring result is an exceptional item, ignoring the abnormal state.
4. The system safety monitoring method according to claim 1, before sending the monitoring request to the target terminal according to the task work order, the method further comprising:
receiving an exception item setting instruction transmitted by a client, wherein the exception item setting instruction comprises a first exception characteristic identifier;
and marking the monitoring items with the characteristic identifications as the first exception characteristic identifications as exception items.
5. The system safety monitoring method of claim 4, wherein after ignoring the abnormal condition, the method further comprises:
receiving an exception item cancelling instruction transmitted by a client, wherein the exception item cancelling instruction comprises a second exception characteristic identifier;
and marking the monitoring item with the characteristic identification as the second exceptional characteristic identification as a non-exceptional item.
6. The system safety monitoring method according to claim 1, before sending the monitoring request to the target terminal according to the task work order, the method further comprising:
receiving a task work order transmitted by the client, wherein the task work order comprises a monitoring period;
the step of sending a monitoring request to a target terminal according to the task work order comprises the following steps:
and sending a monitoring request to a target terminal every other monitoring period according to the task work order.
7. A system safety monitoring device, the device comprising:
the monitoring center module is used for sending a monitoring request to a target terminal according to a task work order, wherein the task work order comprises at least one monitoring project, the monitoring project is a vulnerability detection project, a system information acquisition project or a configuration information acquisition project, and the monitoring request comprises a feature identifier of the corresponding monitoring project;
the monitoring center module is further used for acquiring monitoring results fed back by the target terminal, wherein different monitoring results respectively correspond to different monitoring items, and the monitoring results comprise characteristic identifiers of the corresponding monitoring items;
the monitoring center module is also used for judging whether a monitoring item corresponding to the monitoring result is an exceptional item when the monitoring result is in an abnormal state;
and if not, the alarm center module is used for generating alarm key points and transmitting the alarm key points to the client corresponding to the monitoring result, wherein the alarm key points comprise the monitoring result in the abnormal state and the corresponding monitoring item.
8. The system safety monitoring device according to claim 7, wherein the monitoring center module is further configured to obtain a data message fed back by the target terminal; extracting feature identifiers in the data message; matching corresponding conversion relations according to the feature identifiers; and converting the data message into a monitoring result according to the conversion relation.
9. A storage medium having a computer program stored thereon, the computer program, when being executed by a processor, performing the steps of the method as set forth in any one of the claims 1-6.
10. An electronic device, comprising: a processor and memory for storing one or more programs; the one or more programs, when executed by the processor, implement steps in a method as claimed in any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011590723.3A CN112714125B (en) | 2020-12-29 | 2020-12-29 | System safety monitoring method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011590723.3A CN112714125B (en) | 2020-12-29 | 2020-12-29 | System safety monitoring method and device, storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112714125A true CN112714125A (en) | 2021-04-27 |
| CN112714125B CN112714125B (en) | 2023-04-07 |
Family
ID=75546262
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011590723.3A Active CN112714125B (en) | 2020-12-29 | 2020-12-29 | System safety monitoring method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112714125B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113434498A (en) * | 2021-05-14 | 2021-09-24 | 国网河北省电力有限公司衡水供电分公司 | Method and device for monitoring data abnormity of database of power system and electronic equipment |
| US20210352096A1 (en) * | 2020-05-05 | 2021-11-11 | Uber Technologies, Inc. | Automatically detecting vulnerability remediations and regressions |
| CN114629817A (en) * | 2022-03-23 | 2022-06-14 | 天津国能津能滨海热电有限公司 | Control method and device of alarm device and electronic equipment |
| CN115190171A (en) * | 2022-06-02 | 2022-10-14 | 河北秦淮数据有限公司 | Alarm data processing method and device, electronic equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008171104A (en) * | 2007-01-10 | 2008-07-24 | Nec Corp | Monitoring apparatus, monitoring system, monitoring method and monitoring program for monitoring business service and system performance |
| US20170289091A1 (en) * | 2015-05-20 | 2017-10-05 | Tencent Technology (Shenzhen) Company Limited | Warning method and apparatus, and processing server |
| CN107247649A (en) * | 2016-10-12 | 2017-10-13 | 北京奇虎科技有限公司 | Method, device and the gateway of detecting system health status |
| CN110661659A (en) * | 2019-09-23 | 2020-01-07 | 上海艾融软件股份有限公司 | Alarm method, device and system and electronic equipment |
| CN110941830A (en) * | 2019-11-15 | 2020-03-31 | 泰康保险集团股份有限公司 | Vulnerability data processing method and device |
| CN111831514A (en) * | 2020-07-21 | 2020-10-27 | 深信服科技股份有限公司 | Equipment monitoring method, device, equipment and storage medium |
-
2020
- 2020-12-29 CN CN202011590723.3A patent/CN112714125B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008171104A (en) * | 2007-01-10 | 2008-07-24 | Nec Corp | Monitoring apparatus, monitoring system, monitoring method and monitoring program for monitoring business service and system performance |
| US20170289091A1 (en) * | 2015-05-20 | 2017-10-05 | Tencent Technology (Shenzhen) Company Limited | Warning method and apparatus, and processing server |
| CN107247649A (en) * | 2016-10-12 | 2017-10-13 | 北京奇虎科技有限公司 | Method, device and the gateway of detecting system health status |
| CN110661659A (en) * | 2019-09-23 | 2020-01-07 | 上海艾融软件股份有限公司 | Alarm method, device and system and electronic equipment |
| CN110941830A (en) * | 2019-11-15 | 2020-03-31 | 泰康保险集团股份有限公司 | Vulnerability data processing method and device |
| CN111831514A (en) * | 2020-07-21 | 2020-10-27 | 深信服科技股份有限公司 | Equipment monitoring method, device, equipment and storage medium |
Non-Patent Citations (3)
| Title |
|---|
| SHIH-HSING YANG: "Intelligent Alarm System of Mechanical Ventilation: Innovative Pressure Alarm for Immediate Clinical Management", 《2012 INTERNATIONAL CONFERENCE ON BIOMEDICAL ENGINEERING AND BIOTECHNOLOGY》 * |
| 尤小明等: "变电站内网安全监测装置的设计与实现", 《电气技术》 * |
| 徐茹枝等: "电力信息安全监测管理中心数据采集层的研究", 《华北电力大学学报(自然科学版)》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210352096A1 (en) * | 2020-05-05 | 2021-11-11 | Uber Technologies, Inc. | Automatically detecting vulnerability remediations and regressions |
| US11509677B2 (en) * | 2020-05-05 | 2022-11-22 | Uber Technologies, Inc. | Automatically detecting vulnerability remediations and regressions |
| US12003527B2 (en) | 2020-05-05 | 2024-06-04 | Uber Technologies, Inc. | Automatically detecting vulnerability regressions |
| CN113434498A (en) * | 2021-05-14 | 2021-09-24 | 国网河北省电力有限公司衡水供电分公司 | Method and device for monitoring data abnormity of database of power system and electronic equipment |
| CN114629817A (en) * | 2022-03-23 | 2022-06-14 | 天津国能津能滨海热电有限公司 | Control method and device of alarm device and electronic equipment |
| CN115190171A (en) * | 2022-06-02 | 2022-10-14 | 河北秦淮数据有限公司 | Alarm data processing method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112714125B (en) | 2023-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112714125B (en) | System safety monitoring method and device, storage medium and electronic equipment | |
| CN108572907B (en) | Alarm method, alarm device, electronic equipment and computer readable storage medium | |
| CN113949748B (en) | Network asset identification method and device, storage medium and electronic equipment | |
| CN107239381B (en) | Method, device and system for processing crash information | |
| CN112311617A (en) | Configured data monitoring and alarming method and system | |
| CN109947616A (en) | A kind of automatically-monitored operational system of the cloud operating system based on OpenStack technology | |
| CN109995555B (en) | Monitoring method, device, equipment and medium | |
| CN113992431B (en) | Linkage blocking method and device, electronic equipment and storage medium | |
| CN110764988A (en) | Alarm method, device and system | |
| CN111756745A (en) | Alarm method, alarm device and terminal equipment | |
| CN113778026A (en) | Monitoring method and system based on industrial Internet of things | |
| CN111625700B (en) | Anti-grabbing method, device, equipment and computer storage medium | |
| CN113434498A (en) | Method and device for monitoring data abnormity of database of power system and electronic equipment | |
| CN113076112A (en) | Database deployment method and device and electronic equipment | |
| CN114513334B (en) | Risk management method and risk management device | |
| CN117033552A (en) | Information evaluation method, device, electronic equipment and storage medium | |
| CN115208695A (en) | Black box safety scanning method, device and system and electronic equipment | |
| CN114722037A (en) | Industrial internet middleware data processing method, middleware and readable storage medium | |
| US10474665B2 (en) | Systems and methods for generating blueprints for enterprises | |
| CN112668744A (en) | Data processing method and device | |
| CN112687030A (en) | Vehicle condition information processing method and device | |
| CN112671756A (en) | Method and device for filtering abnormal traffic | |
| CN111629005A (en) | Anti-cheating method and device, electronic equipment and storage medium | |
| CN113806196B (en) | Root cause analysis method and system | |
| CN115766099B (en) | Network security processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 9/F, Building C, No. 28, North Tianfu Avenue, China (Sichuan) Pilot Free Trade Zone, Hi tech Zone, Chengdu, 610000, Sichuan Patentee after: CHENGDU KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd. Address before: 610000, 11th floor, building 2, no.219, Tianfu Third Street, Chengdu pilot Free Trade Zone, hi tech Zone, Chengdu, Sichuan Province 610000 Patentee before: CHENGDU KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd. |