CN112765600A - Control method for collecting automatic synchronization CMDB based on HIDS intrusion detection - Google Patents

Control method for collecting automatic synchronization CMDB based on HIDS intrusion detection Download PDF

Info

Publication number
CN112765600A
CN112765600A CN202011585014.6A CN202011585014A CN112765600A CN 112765600 A CN112765600 A CN 112765600A CN 202011585014 A CN202011585014 A CN 202011585014A CN 112765600 A CN112765600 A CN 112765600A
Authority
CN
China
Prior art keywords
cmdb
hids
intrusion detection
api
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011585014.6A
Other languages
Chinese (zh)
Inventor
严峥涛
张宏豪
陈希
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Data Center of China Life Insurance Co Ltd
Original Assignee
Shanghai Data Center of China Life Insurance Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Data Center of China Life Insurance Co Ltd filed Critical Shanghai Data Center of China Life Insurance Co Ltd
Priority to CN202011585014.6A priority Critical patent/CN112765600A/en
Publication of CN112765600A publication Critical patent/CN112765600A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • G06F16/254Extract, transform and load [ETL] procedures, e.g. ETL data flows in data warehouses
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to a control method for collecting automatic synchronization CMDB based on HIDS intrusion detection, which comprises the following steps: step 1: acquiring data information of each dimension based on an API acquisition interface provided by an API of an HIDS host intrusion detection product; step 2: creating a CMDB temporary table between data information acquired by an HIDS host intrusion detection product and a CMDB configuration item; and step 3: inserting data information acquired by an HIDS host intrusion detection product into the temporary table through a mapping relation; and 4, step 4: and processing the CMDB temporary table through an ETL tool to complete automatic synchronization from the HIDS host intrusion detection product to the CMDB configuration item. Compared with the prior art, the method has the advantages of providing a solution for the configuration item blind spot which is difficult to manage by the CMDB, improving the proportion of automatic data entry, improving the overall working efficiency and the like.

Description

Control method for collecting automatic synchronization CMDB based on HIDS intrusion detection
Technical Field
The invention relates to the technical field of CMDB, in particular to a control method for collecting automatic synchronization CMDB based on HIDS intrusion detection.
Background
As the content of the CMDB (Configuration Management Database) in managing IT asset Configuration items is increasing and closely connected with all the flows of service support and service delivery, the core position of the CMDB is more and more emphasized, and due to the importance of the CMDB, the operation of the core operation and maintenance data becomes a Management problem. Data of the CMDB is divided into two categories of automatic discovery data and manual entry data, the manual entry process usually needs management means to improve data quality, and the efficiency of an acquisition mode is low. Therefore, in the whole basic data source obtaining process, the automatic discovery range is expanded as much as possible, and the cost of configuration management is reduced.
The current main data entry mode is that manual maintenance is combined with automatic discovery, the manual maintenance is that data are deleted through a background interface in batch new modification, and the automatic discovery is that required configuration item data are collected through an automatic discovery program so as to update fields or association relations in a CMDB model.
Some CMDB manufacturers in the market at present carry automatic discovery programs, and can realize automatic discovery of CMDB configuration items to a certain extent, but the automatic discovery programs are tightly coupled with the CMDB, so that external discovery programs cannot be well integrated, discovery contents are fixed, and the discovery contents are not subjected to centralized control.
From the above, the following problems exist in the prior art:
1) only a single type of IT resources can be found, all IT resources cannot be found in a centralized manner, and the finding is not comprehensive enough.
2) The discovery program is tightly coupled to the CMDB, making it difficult to integrate the CMDB with other discovery programs external thereto.
3) The discovery content cannot be flexibly extended by a configuration manner.
4) The data presentation layer does not intuitively distinguish self-discovery data from non-self-discovery data, and confuses the user to understand the data.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a control method for collecting and automatically synchronizing CMDB based on HIDS intrusion detection, which can flexibly obtain information of each dimension through an interface provided by HIDS, solves the problem of configuration item data needing manual collection, is easy to integrate a plurality of discovery programs by the calling program, realizes flexible expansion of discovery contents, and improves data identification and management capabilities.
The purpose of the invention can be realized by the following technical scheme:
a control method for collecting automatic synchronization CMDB based on HIDS intrusion detection comprises the following steps:
step 1: acquiring data information of each dimension based on an API acquisition interface provided by an API of an HIDS host intrusion detection product;
step 2: creating a CMDB temporary table between data information acquired by an HIDS host intrusion detection product and a CMDB configuration item;
and step 3: inserting data information acquired by an HIDS host intrusion detection product into the temporary table through a mapping relation;
and 4, step 4: and processing the CMDB temporary table through an ETL tool to complete automatic synchronization from the HIDS host intrusion detection product to the CMDB configuration item.
Further, the step 4 comprises the following sub-steps:
step 401: extracting data in the CMDB temporary table through an ETL tool;
step 402: matching according to the ip address in the data and the ip address of the logic server recorded in the CMDB configuration item;
step 403: and adding data to the CMDB configuration items aiming at the data meeting the matching conditions so as to complete automatic synchronization.
Further, the step 1 comprises the following steps:
step 101: initiating an API provided by an HIDS host intrusion detection product API to acquire an interface service API request;
step 102: performing api identity authentication, and performing signature verification on the request parameters after the api identity authentication is passed to obtain a token string, a company id, a system current timestamp and a signature value after the authentication;
step 103: different processing is carried out on different business API request types to obtain a secret key string-to-sign;
step 104: carrying out hash algorithm calculation on the key string-to-sign to obtain a sign character string;
step 105: assembling http request header parameters based on the sign character string;
step 106: and completing the API calling step, and inserting the output json array into the CMDB database to obtain the data information of each dimension.
Further, the step 103 specifically includes:
for the get request, sequencing request parameters according to parameter names, and splicing the sequenced request parameters and corresponding values with a company id, a system current timestamp and a signature value according to formats to obtain a secret key string-to-sign;
for the put/post/delete request, data json is used as a character string parameter body, and the data json are spliced according to a format to obtain a string-to-sign key.
Further, the hash algorithm in step 104 adopts a SHA1 algorithm.
Further, the process of performing api identity authentication in step 102 specifically includes: parameters of a user name and a password are defined in a restful interface, and relevant parameters are obtained and api identity authentication is carried out.
Further, the data information of each dimension in step 1 includes coverage host information, process information, system account information, user group information, Web application information, software application information, and database information.
Further, the API call in step 106 is written by python, and the output result is a json array, which is inserted into the CMDB database.
The invention also provides terminal equipment which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the processor realizes the step of the control method for collecting the automatic synchronous CMDB based on the HIDS intrusion detection when executing the computer program.
The invention also provides a computer readable storage medium, which stores a computer program, and the computer program, when executed by a processor, implements the steps of the control method for collecting the automatic synchronization CMDB based on HIDS intrusion detection.
Compared with the prior art, the invention has the following advantages:
(1) the invention is based on the data acquisition of HIDS intrusion detection, writes related calling programs, and automatically updates the related calling programs to the CMDB configuration management system, thereby realizing the automatic entry function of most operation and maintenance configuration items.
(2) Based on the acquisition capability of the safety equipment, the server configuration data collected by the HIDS is acquired through the interface, and the comprehensiveness and accuracy of data acquisition can be ensured.
(3) The temporary table is used for storing the automatically acquired data, secondary processing is carried out on the data, the data can be closer to a CMDB model, a good use environment is provided for a user, in addition, a data collection script is decoupled from the CMDB, the CMDB and an external platform realize data synchronization through the table, and the table is an extended application of external data interaction.
Drawings
FIG. 1 is a flow chart of the HIDS data acquisition step portion of the overall method steps of the present invention;
FIG. 2 is a flow chart of the ETL processing CMDB temporary table step portion of the overall method steps of the present invention;
FIG. 3 is a flow chart of the overall method steps of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, shall fall within the scope of protection of the present invention.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
The HIDS host intrusion detection product API provides an API acquisition interface with partial functions, which can be used to flexibly acquire information of each dimension, and the current API provides the following queries. All the api requests the mode according to restful, and the returned result is in a json data format. The whole interface call is compiled by python, the output result is a json array, and the json array is inserted into the CMDB database.
S01) as shown in FIG. 1, initiating a request for an API interface of an HIDS product, url being a request address, a corresponding server address being an address of an HIDS java server, and a port being 6000, such as http:// $ { server }:6000/v 1/API/auth; before requesting the service api, the service api needs to pass an authentication request; the service api requests need to be signed by parameters; for the GET/POST mode api, parameters are uniformly put in url for passing, and the mode similar to form is submitted, such as name & key1value 1& key2value 2.
S02) carrying out an api identity authentication mode: before a service API is requested, the service API can be requested only after the parameters user name and password are defined in a restful interface through identity authentication to obtain relevant parameters.
S03), signature verification is carried out on the request parameters, firstly, jwt (authenticated token string), comId (company id), signKey (signature value) parameters and system current timestamp pS03) are obtained through the previous request, for the get request, the parameters are sequenced according to parameter names (natural ascending sequence), the sequenced request parameters and values are spliced with the comId, timetag and signKey according to formats, and a secret key string-to-sign is obtained
The format is as follows: { comId } { key1value1key2value2} { timestamp } { signKey };
s04) for put/post/delete request, data json is used as character string parameter body, and the key string-to-sign is obtained by splicing according to the following form
The format is as follows: { comId } { body } { timetag } { signKey };
s05) carrying out Hash calculation on the key string-to-sign to obtain a sign character string. The Hash algorithm uses SHA 1.
S06) assembling http request header parameters
S07), completing the API calling step, and inserting the output json array into the CMDB database
S08) creating a temporary table object as a transition device of HIDS collection and CMDB configuration items;
s09) establishing mapping relation between the intermediate table object and HIDS collection and CMDB configuration items respectively
S10) inserting the configuration information collected by the HIDS interface into a temporary table through the mapping relation by the previous calling program;
s11) as shown in fig. 2, automatic synchronization from HIDS to CMDB configuration items is done by ETL tool according to server ip address.
As shown in FIG. 3, the present invention uses HIDS as the source of the acquisition data. The HIDS is a Host-based Intrusion Detection System, i.e., a Host-based Intrusion Detection System. As a monitor and analyzer for a computer system, the dynamic behavior of all or part of the system and the state of the entire computer system are monitored. It has the ability to collect almost all server system resources, such as servers, databases, middleware, processes, ports, etc.
In the implementation method for automatically synchronizing CMDB based on HIDS acquisition, the HIDS data acquisition mode is a python calling program, and the HIDS acquisition unit regularly collects relevant configuration information at a server terminal by adopting an Agent deployment mode for a host, a database and various software components.
According to the implementation method of the automatic synchronization CMDB based on the HIDS intrusion detection, the HIDS platform is adopted to achieve comprehensive data acquisition, resources such as covering host information, process information, system account information, user group information, Web application information, software application information, database information and the like are acquired, the comprehensiveness and the neutrality of acquisition capacity are achieved, a solution is provided for configuration item blind spots which are difficult to manage by the CMDB, the proportion of automatic data entry is improved, and the overall working efficiency is improved.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. A control method for collecting automatic synchronization CMDB based on HIDS intrusion detection is characterized by comprising the following steps:
step 1: acquiring data information of each dimension based on an API acquisition interface provided by an API of an HIDS host intrusion detection product;
step 2: creating a CMDB temporary table between data information acquired by an HIDS host intrusion detection product and a CMDB configuration item;
and step 3: inserting data information acquired by an HIDS host intrusion detection product into the temporary table through a mapping relation;
and 4, step 4: and processing the CMDB temporary table through an ETL tool to complete automatic synchronization from the HIDS host intrusion detection product to the CMDB configuration item.
2. The HIDS intrusion detection collection based control method for automatically synchronizing CMDBs according to claim 1, wherein the step 4 comprises the following sub-steps:
step 401: extracting data in the CMDB temporary table through an ETL tool;
step 402: matching according to the ip address in the data and the ip address of the logic server recorded in the CMDB configuration item;
step 403: and adding data to the CMDB configuration items aiming at the data meeting the matching conditions so as to complete automatic synchronization.
3. The HIDS intrusion detection collection based control method for automatically synchronizing CMDBs according to claim 1, wherein the step 1 comprises the steps of:
step 101: initiating an API provided by an HIDS host intrusion detection product API to acquire an interface service API request;
step 102: performing api identity authentication, and performing signature verification on the request parameters after the api identity authentication is passed to obtain a token string, a company id, a system current timestamp and a signature value after the authentication;
step 103: different processing is carried out on different business API request types to obtain a secret key string-to-sign;
step 104: carrying out hash algorithm calculation on the key string-to-sign to obtain a sign character string;
step 105: assembling http request header parameters based on the sign character string;
step 106: and completing the API calling step, and inserting the output json array into the CMDB database to obtain the data information of each dimension.
4. The HIDS intrusion detection collection-based automatic synchronization CMDB control method according to claim 3, wherein the step 103 specifically comprises:
for the get request, sequencing request parameters according to parameter names, and splicing the sequenced request parameters and corresponding values with a company id, a system current timestamp and a signature value according to formats to obtain a secret key string-to-sign;
for the put/post/delete request, data json is used as a character string parameter body, and the data json are spliced according to a format to obtain a string-to-sign key.
5. The HIDS intrusion detection collection-based control method for automatically synchronizing the CMDB according to claim 3, wherein the hash algorithm in step 104 employs a SHA1 algorithm.
6. The HIDS intrusion detection collection-based automatic synchronization CMDB control method according to claim 3, wherein the process of api identity authentication in step 102 specifically comprises: parameters of a user name and a password are defined in a restful interface, and relevant parameters are obtained and api identity authentication is carried out.
7. The HIDS intrusion detection acquisition-based automatic synchronization CMDB control method according to claim 1, wherein the data information of each dimension in step 1 includes overlay host information, process information, system account information, user group information, Web application information, software application information and database information.
8. The method as claimed in claim 3, wherein the API call in step 106 is written in python, and the output result is json array, which is inserted into CMDB database.
9. A terminal device comprising a memory, a processor and a computer program stored in said memory and executable on said processor, characterized in that said processor when executing said computer program implements the steps of the HIDS intrusion detection acquisition auto-synchronizing CMDB based control method according to any of claims 1 to 8.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the HIDS intrusion detection acquisition based auto-synchronizing CMDB control method according to any one of claims 1 to 8.
CN202011585014.6A 2020-12-28 2020-12-28 Control method for collecting automatic synchronization CMDB based on HIDS intrusion detection Pending CN112765600A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011585014.6A CN112765600A (en) 2020-12-28 2020-12-28 Control method for collecting automatic synchronization CMDB based on HIDS intrusion detection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011585014.6A CN112765600A (en) 2020-12-28 2020-12-28 Control method for collecting automatic synchronization CMDB based on HIDS intrusion detection

Publications (1)

Publication Number Publication Date
CN112765600A true CN112765600A (en) 2021-05-07

Family

ID=75696342

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011585014.6A Pending CN112765600A (en) 2020-12-28 2020-12-28 Control method for collecting automatic synchronization CMDB based on HIDS intrusion detection

Country Status (1)

Country Link
CN (1) CN112765600A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117370470A (en) * 2023-12-08 2024-01-09 北京大数元科技发展有限公司 System and method for realizing data synchronization by dynamic request interface

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103400226A (en) * 2013-07-31 2013-11-20 湖南省烟草公司永州市公司 Integrated tobacco industry information security, operation and maintenance application platform system
US20140143868A1 (en) * 2012-11-19 2014-05-22 Hewlett-Packard Development Company, L.P. Monitoring for anomalies in a computing environment
CN108960456A (en) * 2018-08-14 2018-12-07 东华软件股份公司 Private clound secure, integral operation platform
CN108989385A (en) * 2018-06-05 2018-12-11 陈艳 A kind of implementation method based on Zabbix monitoring collection automatic synchronization CMDB
US10425292B1 (en) * 2018-10-17 2019-09-24 Servicenow, Inc. Functional discovery and mapping of serverless resources

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140143868A1 (en) * 2012-11-19 2014-05-22 Hewlett-Packard Development Company, L.P. Monitoring for anomalies in a computing environment
CN103400226A (en) * 2013-07-31 2013-11-20 湖南省烟草公司永州市公司 Integrated tobacco industry information security, operation and maintenance application platform system
CN108989385A (en) * 2018-06-05 2018-12-11 陈艳 A kind of implementation method based on Zabbix monitoring collection automatic synchronization CMDB
CN108960456A (en) * 2018-08-14 2018-12-07 东华软件股份公司 Private clound secure, integral operation platform
US10425292B1 (en) * 2018-10-17 2019-09-24 Servicenow, Inc. Functional discovery and mapping of serverless resources

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
林鹏: "互联网安全建设从0到1", 30 June 2020, 机械工业出版社, pages: 228 - 233 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117370470A (en) * 2023-12-08 2024-01-09 北京大数元科技发展有限公司 System and method for realizing data synchronization by dynamic request interface
CN117370470B (en) * 2023-12-08 2024-03-12 北京大数元科技发展有限公司 System and method for realizing data synchronization by dynamic request interface

Similar Documents

Publication Publication Date Title
CN109687991B (en) User behavior identification method, device, equipment and storage medium
WO2020220638A1 (en) Method and apparatus for associating link system with log system, and storage medium
US8838679B2 (en) Providing state service for online application users
JP5080428B2 (en) Configuration management server, name identification method and name identification program
CN108959430B (en) Advertisement promotion data acquisition method, device and equipment
JP2013534675A (en) Provisioning multiple network resources
CN112671887B (en) Asset identification method and device, electronic equipment and computer storage medium
CN110287696B (en) Detection method, device and equipment for rebound shell process
CN106708859A (en) Auditing method for resource access behaviors and device
CN112506755A (en) Log collection method and device, computer equipment and storage medium
CN112052227A (en) Data change log processing method and device and electronic equipment
CN113709187B (en) Multi-server data request method, device, equipment and storage medium
CN115576600A (en) Code change-based difference processing method and device, terminal and storage medium
CN115408569A (en) Process traceability tree simplification method, device, equipment and medium
CN111177481A (en) User identifier mapping method and device
CN112765600A (en) Control method for collecting automatic synchronization CMDB based on HIDS intrusion detection
CN117171108A (en) Virtual model mapping method and system
CN111488286B (en) Method and device for independently developing Android modules
CN107968798B (en) Network management resource label obtaining method, cache synchronization method, device and system
CN111026637B (en) Method and device for positioning problem code
CN111339173A (en) Data sharing method, server and readable storage medium
JP2009276862A (en) Document management system, server device, client device, document management method, program, and recording medium
JP5224839B2 (en) Document management system, document management apparatus, document management method, and program
CN113326506B (en) Applet monitoring method and device
CN116451191A (en) Information auditing method, device, electronic equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination