CN112860637A - Method and system for processing log based on audit strategy - Google Patents

Method and system for processing log based on audit strategy Download PDF

Info

Publication number
CN112860637A
CN112860637A CN202110158970.4A CN202110158970A CN112860637A CN 112860637 A CN112860637 A CN 112860637A CN 202110158970 A CN202110158970 A CN 202110158970A CN 112860637 A CN112860637 A CN 112860637A
Authority
CN
China
Prior art keywords
access
login
logs
strategy
processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110158970.4A
Other languages
Chinese (zh)
Inventor
秋明明
黄晓涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Mass Database Technology Co Ltd
Original Assignee
Guangzhou Mass Database Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Mass Database Technology Co Ltd filed Critical Guangzhou Mass Database Technology Co Ltd
Priority to CN202110158970.4A priority Critical patent/CN112860637A/en
Publication of CN112860637A publication Critical patent/CN112860637A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/1734Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/242Query formulation
    • G06F16/2433Query languages
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/205Parsing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/253Grammatical analysis; Style critique
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/279Recognition of textual entities
    • G06F40/284Lexical analysis, e.g. tokenisation or collocates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/30Semantic analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computational Linguistics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Artificial Intelligence (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Mathematical Physics (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method for processing logs based on an auditing strategy, which comprises the following steps: when receiving an access request for requesting data processing on a database from an access subject, analyzing the access request to determine identity information and access information of the access subject; when the access request is determined to pass the authorization authentication, extracting a plurality of processing items for performing data processing on the database from the access information, wherein each processing item comprises: processing tasks and accessing objects, performing data processing on each processing item, and acquiring a plurality of logs generated during data processing; removing the unsatisfactory logs in the plurality of logs according to a first analysis result to obtain a plurality of filtered logs; and matching each log in the filtered logs with an auditing strategy in the data dictionary to determine a strategy matching degree, and determining the log with the strategy matching degree being greater than or equal to a matching degree threshold value as an auditing log so as to obtain a plurality of auditing logs.

Description

Method and system for processing log based on audit strategy
Technical Field
The present invention relates to the field of database technologies, and in particular, to a method and a system for processing logs based on an audit policy.
Background
In the existing database, the database logs are filtered to extract audit information, log printing is carried out in each database, and audit logs meeting requirements are screened out from the logs according to audit keywords and statements. In the prior art, under the condition of starting the full log, the database log is expanded, and because the full log needs to be started, the log is rapidly increased, the log is expanded and the audit log is inaccurate. In addition, execution error information can also be input into the log, the auditing log is inaccurate due to the fact that the screening rule is not strict in the screening process, and the session cannot be interrupted due to dangerous events. Some audit events require that the session can be immediately interrupted if a dangerous operation occurs, which cannot be done.
Disclosure of Invention
The method aims to solve the problems of log expansion, inaccurate audit log, response of audit dangerous operation and the like in the existing audit. The invention appoints the position of auditing treatment in the semantic analysis stage, and eliminates the influence of grammar error on the auditing result by utilizing the prior lexical/grammatical analysis. And the semantic analysis stage is used for checking the object attribute and the authority, so that the auditing result is more accurate. For example, whether the SQL statement subject, object and operation meet the auditing strategy is judged in the SQL semantic parsing stage.
According to an aspect of the present invention, there is provided a method of processing logs based on an audit policy, the method comprising:
when receiving an access request for requesting data processing on a database from an access subject, analyzing the access request to determine identity information and access information of the access subject;
extracting an identity identifier and authentication information of the access subject from the identity information, wherein the identity identifier can uniquely identify the access subject, and the authentication information comprises at least one authentication information item associated with the access subject;
acquiring a plurality of authorization information items associated with an access subject in an authentication information base based on the identity, performing authorization authentication on each authentication information item in at least one authentication information item according to the plurality of authorization information items, and determining that the access request passes the authorization authentication when each authentication information item passes the authorization authentication;
extracting a plurality of processing items for performing data processing on the database from the access information, wherein each processing item comprises: processing tasks and accessing objects, performing data processing on each processing item, and acquiring a plurality of logs generated during data processing;
when a new audit strategy is determined not to be created, performing lexical analysis, syntactic analysis or semantic analysis on the plurality of logs to determine a first analysis result, wherein the first analysis result in the plurality of logs is removed for the log which does not meet the requirement to obtain a plurality of filtered logs;
and matching each log in the filtered logs with an auditing strategy in the data dictionary to determine strategy matching degree, determining the log with the strategy matching degree being greater than or equal to a matching degree threshold value as an auditing log so as to obtain a plurality of auditing logs, and storing the auditing logs into a log file library.
Wherein the access subject is a user equipment or a mobile terminal.
Wherein the access object is a table in a database.
Before extracting a plurality of processing items for data processing of the database from the access information, the method further comprises the following steps:
determining whether a login strategy associated with the access subject exists, and if the login strategy associated with the access subject exists, recording login information of the access subject;
if there is no login policy associated with the access principal, determining whether to create a login policy associated with the access principal;
if the creation is determined, creating an associated login policy for the access subject based on the identity;
if it is determined not to create, then the associated login policy is not created for the accessing principal.
Wherein creating an associated login policy for the accessing principal based on the identity comprises:
initiating a login strategy creating party to create an associated login strategy for the access subject based on the identity;
determining whether the login policy creator has a login policy creation authority; if so, the login policy creator creates an associated login policy for the access subject, and if not, returns a notification message indicating that the creation failed.
Also, creating a security policy in advance and storing the security policy in the data dictionary.
The log includes: the occurrence time of the data processing event, the identity information of the access subject, the identity information of the access object, the type of the data processing event, the Structured Query Language (SQL) statement and the result of the data processing event.
The semantic analysis includes checking tables, attribute information, and permissions that appear in SQL.
The method also comprises the step of presetting a matching degree threshold value, wherein no grammar error, no table, attribute information error and permission error exist in the audit log.
The method also comprises the steps of receiving a query request of the audit log, extracting a time interval from the query request, and querying the audit log in the time interval in a log library through a function.
According to another aspect of the present invention, there is provided a system for processing logs based on an audit policy, the system comprising:
the analysis device analyzes the access request to determine the identity information and the access information of the access subject when receiving the access request for requesting data processing on the database from the access subject;
extracting means for extracting, from the identity information, an identity identifier of the access principal capable of uniquely identifying the access principal and authentication information including at least one authentication information item associated with the access principal;
the authentication device acquires a plurality of authorization information items related to the access subject from an authentication information base based on the identity, performs authorization authentication on each authentication information item in at least one authentication information item according to the plurality of authorization information items, and determines that the access request passes the authorization authentication when each authentication information item passes the authorization authentication;
a processing device which extracts a plurality of processing items for performing data processing on the database from the access information, wherein each processing item comprises: processing tasks and accessing objects, performing data processing on each processing item, and acquiring a plurality of logs generated during data processing; when a new audit strategy is determined not to be created, performing lexical analysis, syntactic analysis or semantic analysis on the plurality of logs to determine a first analysis result, wherein the first analysis result in the plurality of logs is removed for the log which does not meet the requirement to obtain a plurality of filtered logs;
and the matching device is used for matching each log in the plurality of filtered logs with the auditing strategy in the data dictionary to determine the strategy matching degree, determining the log with the strategy matching degree being greater than or equal to the matching degree threshold value as the auditing log so as to obtain the plurality of auditing logs, and storing the plurality of auditing logs in a log file library.
Wherein the access subject is a user equipment or a mobile terminal.
Wherein the access object is a table in a database.
The creating device is used for determining whether a login strategy associated with the access subject exists or not, and recording login information of the access subject if the login strategy associated with the access subject exists; if there is no login policy associated with the access principal, determining whether to create a login policy associated with the access principal; if the creation is determined, creating an associated login policy for the access subject based on the identity; if it is determined not to create, then the associated login policy is not created for the accessing principal.
Wherein the creating means creating an associated login policy for the accessing principal based on the identity comprises: the creating device initiates a login strategy creating party to create a related login strategy for the access subject based on the identity; the creating device is used for determining whether the login strategy creator has the creation authority of the login strategy; if so, the login policy creator creates an associated login policy for the access subject, and if not, returns a notification message indicating that the creation failed.
The creating device creates the security policy in advance and stores the security policy in the data dictionary.
The log includes: the occurrence time of the data processing event, the identity information of the access subject, the identity information of the access object, the type of the data processing event, the Structured Query Language (SQL) statement and the result of the data processing event. The semantic analysis includes checking tables, attribute information, and permissions that appear in SQL.
The device also comprises a setting device, wherein the setting device is used for presetting a matching degree threshold value, and the audit log has no grammar error, table error, attribute information error and permission error.
The audit log management system further comprises a query device, wherein the query device is used for receiving a query request of the audit log, extracting a time interval from the query request, and querying the audit log in the time interval in a log library through a function.
The technical scheme of the invention defines a system table in a database to store the audit strategy created by the user. And then, traversing the analysis tree in a semantic analysis stage, comparing the keyword or object in the analysis tree with the content in the policy data dictionary, and if the keyword or object meets an audit policy, forming logs of the event occurrence time, the subject identity, the object identity, the event type, the SQL statement and the event result into audit log files and writing the logs into the audit log files.
Drawings
A more complete understanding of exemplary embodiments of the present invention may be had by reference to the following drawings in which:
FIG. 1 is a flow diagram of a method of processing logs based on an audit policy according to an embodiment of the invention;
FIG. 2 is a schematic diagram of an audit process flow during database execution according to an embodiment of the present invention;
FIG. 3 is a block diagram of a system for processing logs based on an audit policy according to an embodiment of the present invention.
Detailed Description
FIG. 1 is a flow diagram of a method 100 of processing logs based on an audit policy according to an embodiment of the present invention. The method 100 starts at step 101.
When an access request requesting data processing of a database is received from an accessing principal, the access request is parsed to determine identity information and access information of the accessing principal in step 101.
In step 103, an identity of the access principal and authentication information are extracted from the identity information, wherein the identity can uniquely identify the access principal, and the authentication information includes at least one authentication information item associated with the access principal.
In step 103, a plurality of authorization information items associated with the access subject are obtained in the authentication information base based on the identity, each authentication information item in at least one authentication information item is authorized and authenticated according to the plurality of authorization information items, and when each authentication information item passes the authorization and authentication, it is determined that the access request passes the authorization and authentication.
At step 104, a plurality of processing items for performing data processing on the database are extracted from the access information, wherein each processing item comprises: and processing the tasks and accessing the objects, performing data processing on each processing item, and acquiring a plurality of logs generated during data processing.
At step 105, when it is determined that a new audit policy is not to be created, lexical analysis, syntactic analysis or semantic analysis is performed on the plurality of logs to determine a first analysis result, and the first analysis result in the plurality of logs is removed as an unsatisfactory log to obtain a plurality of filtered logs.
In step 106, each log in the filtered logs is matched with an auditing strategy in the data dictionary to determine a strategy matching degree, the log with the strategy matching degree being greater than or equal to a matching degree threshold value is determined as an auditing log, so that a plurality of auditing logs are obtained, and the auditing logs are stored in a log file library.
Wherein the access subject is a user equipment or a mobile terminal. Wherein the access object is a table in a database. Before extracting a plurality of processing items for data processing of the database from the access information, the method further comprises the following steps: determining whether a login strategy associated with the access subject exists, and if the login strategy associated with the access subject exists, recording login information of the access subject; if there is no login policy associated with the access principal, determining whether to create a login policy associated with the access principal; if the creation is determined, creating an associated login policy for the access subject based on the identity; if it is determined not to create, then the associated login policy is not created for the accessing principal.
Wherein creating an associated login policy for the accessing principal based on the identity comprises: initiating a login strategy creating party to create an associated login strategy for the access subject based on the identity; determining whether the login policy creator has a login policy creation authority; if so, the login policy creator creates an associated login policy for the access subject, and if not, returns a notification message indicating that the creation failed.
Also, creating a security policy in advance and storing the security policy in the data dictionary. Wherein the log comprises: the occurrence time of the data processing event, the identity information of the access subject, the identity information of the access object, the type of the data processing event, the Structured Query Language (SQL) statement and the result of the data processing event. The semantic analysis includes checking tables, attribute information, and permissions that appear in SQL. The method also comprises the step of presetting a matching degree threshold value, wherein no grammar error, no table, attribute information error and permission error exist in the audit log. The method also comprises the steps of receiving a query request of the audit log, extracting a time interval from the query request, and querying the audit log in the time interval in a log library through a function.
Fig. 2 is a schematic diagram of an audit process flow in the database execution process according to the embodiment of the invention. Creating a security audit policy and storing the security audit policy to a specific data dictionary; in the SQL semantic parsing stage, a data dictionary is retrieved to judge whether a subject, an object and an operation related to an SQL statement meet an auditing strategy; if the audit strategy is met, forming logs of the event occurrence time, the subject identity, the object identity, the event type, the SQL statement and the event result, and writing the logs into an audit log file;
defining an audit event data dictionary, and recording audit strategy information in the audit data dictionary, such as login (success, failure, login time and the like) of an audit user, subject identity, object identity, event type, SQL statement and event result. The database processing SQL is divided into lexical/syntactic analysis, semantic analysis, analysis rewriting, creation of an execution plan and execution according to the execution plan, tables, attribute information and permission appearing in the SQL are checked in the semantic analysis stage, auditing is carried out after the semantic analysis stage, problems of grammar error, table absence, attribute information error, permission and the like can be avoided, the whole SQL is analyzed and completed in the semantic analysis stage, auditing processing can be carried out on analysis results according to strategy information in an auditing dictionary, and the analysis results are written into a log file if auditing strategies are met. And (4) auditing log query, wherein an auditor queries the auditing log in a specified time node in SQL through a function, and the auditing result can be checked.
Specifically, after the audit processing flow starts, the identity authentication is performed on the user first. After the user passes the identity authentication, determining whether an audit login strategy is defined, and if so, recording login information; if not, SQL is executed.
Determine if an audit policy is defined? If yes, determining whether the mobile terminal is an auditor, and if not, performing error reporting processing; if so, an audit policy is defined,
and if the auditing strategy is not defined, carrying out syntactic/semantic analysis and carrying out semantic analysis/matching auditing strategy.
Determine if an audit policy is satisfied? If yes, recording an audit log, and creating an execution plan; if not, the execution plan is directly created.
FIG. 3 is a block diagram of a system 300 for processing logs based on an audit policy according to an embodiment of the present invention. The system 300 includes: parsing means 301, extracting means 302, authenticating means 303, processing means 304, matching means 305, creating means 306, setting means 307 and querying means 308.
The analysis device 301, when receiving an access request requesting data processing on the database from the access subject, analyzes the access request to determine the identity information and the access information of the access subject.
Extracting means 302 for extracting, from the identity information, an identity of the access principal that can uniquely identify the access principal and authentication information including at least one authentication information item associated with the access principal.
The authentication device 303 obtains a plurality of authorization information items associated with the access subject from the authentication information base based on the identity, performs authorization authentication on each authentication information item in at least one authentication information item according to the plurality of authorization information items, and determines that the access request passes the authorization authentication when each authentication information item passes the authorization authentication.
A processing device 304, which extracts a plurality of processing items for performing data processing on the database from the access information, wherein each processing item comprises: processing tasks and accessing objects, performing data processing on each processing item, and acquiring a plurality of logs generated during data processing; and when determining that a new audit strategy is not created, performing lexical analysis, syntactic analysis or semantic analysis on the plurality of logs to determine a first analysis result, wherein the first analysis result in the plurality of logs is removed for the unqualified logs to obtain a plurality of filtered logs.
The matching device 305 matches each log of the filtered logs with an audit policy in the data dictionary to determine a policy matching degree, determines the log with the policy matching degree greater than or equal to a matching degree threshold value as an audit log, thereby obtaining a plurality of audit logs, and stores the audit logs into a log file library. Wherein the access subject is a user equipment or a mobile terminal. Wherein the access object is a table in a database.
Creating means 306 for determining whether a login policy associated with the access subject exists, and if so, recording login information of the access subject; if there is no login policy associated with the access principal, determining whether to create a login policy associated with the access principal; if the creation is determined, creating an associated login policy for the access subject based on the identity; if it is determined not to create, then the associated login policy is not created for the accessing principal.
The creating means 306 creates an associated login policy for the accessing principal based on the identity, including: the creating device 306 initiates to the login policy creator to create an associated login policy for the access subject based on the identity; the creating means 306 determines whether the login policy creator has a creation authority of the login policy; if so, the login policy creator creates an associated login policy for the access subject, and if not, returns a notification message indicating that the creation failed. The creating means 306 creates the security policy in advance and stores the security policy in the data dictionary.
The setting device 307 sets a matching degree threshold in advance, and the audit log has no syntax error, table, attribute information error and permission error.
The query device 308 receives a query request of the audit log, extracts a time interval from the query request, and queries the audit log in the time interval through a function in the log library.
Wherein the log comprises: the occurrence time of the data processing event, the identity information of the access subject, the identity information of the access object, the type of the data processing event, the Structured Query Language (SQL) statement and the result of the data processing event. The semantic analysis includes checking tables, attribute information, and permissions that appear in SQL.

Claims (10)

1. A method of processing logs based on an audit policy, the method comprising:
when receiving an access request for requesting data processing on a database from an access subject, analyzing the access request to determine identity information and access information of the access subject;
extracting an identity identifier and authentication information of the access subject from the identity information, wherein the identity identifier can uniquely identify the access subject, and the authentication information comprises at least one authentication information item associated with the access subject;
acquiring a plurality of authorization information items associated with an access subject in an authentication information base based on the identity, performing authorization authentication on each authentication information item in at least one authentication information item according to the plurality of authorization information items, and determining that the access request passes the authorization authentication when each authentication information item passes the authorization authentication;
extracting a plurality of processing items for performing data processing on the database from the access information, wherein each processing item comprises: processing tasks and accessing objects, performing data processing on each processing item, and acquiring a plurality of logs generated during data processing;
when a new audit strategy is determined not to be created, performing lexical analysis, syntactic analysis or semantic analysis on the plurality of logs to determine a first analysis result, wherein the first analysis result in the plurality of logs is removed for the log which does not meet the requirement to obtain a plurality of filtered logs;
and matching each log in the filtered logs with an auditing strategy in the data dictionary to determine strategy matching degree, determining the log with the strategy matching degree being greater than or equal to a matching degree threshold value as an auditing log so as to obtain a plurality of auditing logs, and storing the auditing logs into a log file library.
2. The method of claim 1, wherein the access subject is a user equipment or a mobile terminal.
3. The method of claim 1, wherein the access object is a table in a database.
4. The method of claim 1, further comprising, prior to extracting from the access information a plurality of processing items for data processing of a database:
determining whether a login strategy associated with the access subject exists, and if the login strategy associated with the access subject exists, recording login information of the access subject;
if there is no login policy associated with the access principal, determining whether to create a login policy associated with the access principal;
if the creation is determined, creating an associated login policy for the access subject based on the identity;
if it is determined not to create, then the associated login policy is not created for the accessing principal.
5. The method of claim 4, wherein creating an associated login policy for the access principal based on the identity comprises:
initiating a login strategy creating party to create an associated login strategy for the access subject based on the identity;
determining whether the login policy creator has a login policy creation authority; if so, the login policy creator creates an associated login policy for the access subject, and if not, returns a notification message indicating that the creation failed.
6. A system for processing logs based on an audit policy, the system comprising:
the analysis device analyzes the access request to determine the identity information and the access information of the access subject when receiving the access request for requesting data processing on the database from the access subject;
extracting means for extracting, from the identity information, an identity identifier of the access principal capable of uniquely identifying the access principal and authentication information including at least one authentication information item associated with the access principal;
the authentication device acquires a plurality of authorization information items related to the access subject from an authentication information base based on the identity, performs authorization authentication on each authentication information item in at least one authentication information item according to the plurality of authorization information items, and determines that the access request passes the authorization authentication when each authentication information item passes the authorization authentication;
a processing device which extracts a plurality of processing items for performing data processing on the database from the access information, wherein each processing item comprises: processing tasks and accessing objects, performing data processing on each processing item, and acquiring a plurality of logs generated during data processing; when a new audit strategy is determined not to be created, performing lexical analysis, syntactic analysis or semantic analysis on the plurality of logs to determine a first analysis result, wherein the first analysis result in the plurality of logs is removed for the log which does not meet the requirement to obtain a plurality of filtered logs;
and the matching device is used for matching each log in the plurality of filtered logs with the auditing strategy in the data dictionary to determine the strategy matching degree, determining the log with the strategy matching degree being greater than or equal to the matching degree threshold value as the auditing log so as to obtain the plurality of auditing logs, and storing the plurality of auditing logs in a log file library.
7. The system of claim 6, wherein the access agent is a user equipment or a mobile terminal.
8. The system of claim 6, wherein the access object is a table in a database.
9. The system of claim 6, further comprising creating means,
determining whether a login strategy associated with the access subject exists, and if the login strategy associated with the access subject exists, recording login information of the access subject;
if there is no login policy associated with the access principal, determining whether to create a login policy associated with the access principal;
if the creation is determined, creating an associated login policy for the access subject based on the identity;
if it is determined not to create, then the associated login policy is not created for the accessing principal.
10. The system of claim 9, wherein the means for creating creates an associated login policy for the access principal based on the identity comprises:
the creating device initiates a login strategy creating party to create a related login strategy for the access subject based on the identity;
the creating device is used for determining whether the login strategy creator has the creation authority of the login strategy; if so, the login policy creator creates an associated login policy for the access subject, and if not, returns a notification message indicating that the creation failed.
CN202110158970.4A 2021-02-05 2021-02-05 Method and system for processing log based on audit strategy Pending CN112860637A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110158970.4A CN112860637A (en) 2021-02-05 2021-02-05 Method and system for processing log based on audit strategy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110158970.4A CN112860637A (en) 2021-02-05 2021-02-05 Method and system for processing log based on audit strategy

Publications (1)

Publication Number Publication Date
CN112860637A true CN112860637A (en) 2021-05-28

Family

ID=75988973

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110158970.4A Pending CN112860637A (en) 2021-02-05 2021-02-05 Method and system for processing log based on audit strategy

Country Status (1)

Country Link
CN (1) CN112860637A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113505367A (en) * 2021-06-29 2021-10-15 杭州华橙软件技术有限公司 Security audit method, device, system, electronic device and readable storage medium
CN117371932A (en) * 2023-10-07 2024-01-09 浙江山迪智能科技有限公司 Engineering electronic archive resource integrated management method based on single-set system
CN118427859A (en) * 2024-05-10 2024-08-02 深圳市德比网络设备有限公司 Data transmission method and system of cloud computer
CN118427859B (en) * 2024-05-10 2024-11-05 深圳市德比网络设备有限公司 Data transmission method and system of cloud computer

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101075256A (en) * 2007-06-08 2007-11-21 北京神舟航天软件技术有限公司 System and method for real-time auditing and analyzing database
US20080201339A1 (en) * 2007-02-21 2008-08-21 Mcgrew Robert J Providing unique views of data based on changes or rules
CN102509057A (en) * 2011-10-18 2012-06-20 国网电力科学研究院 Mark-based method for safely filtering unstructured data
CN107547498A (en) * 2017-05-10 2018-01-05 新华三信息安全技术有限公司 A kind of auditing method and device
CN108280367A (en) * 2018-01-22 2018-07-13 腾讯科技(深圳)有限公司 Management method, device, computing device and the storage medium of data manipulation permission
US20180276234A1 (en) * 2017-03-24 2018-09-27 Nicira, Inc. Distributed transaction conflict resolution
CN109409849A (en) * 2018-12-05 2019-03-01 广州中浩控制技术有限公司 A kind of audit trail method and system of MES system
CN109711141A (en) * 2018-11-05 2019-05-03 中兴通讯股份有限公司 The processing method and processing device of the call request of sensitive permission module in terminal
CN109726272A (en) * 2018-12-20 2019-05-07 杭州数梦工场科技有限公司 Audit regulation recommended method and device
US20200117730A1 (en) * 2018-10-16 2020-04-16 Microsoft Technology Licensing, Llc Database management

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080201339A1 (en) * 2007-02-21 2008-08-21 Mcgrew Robert J Providing unique views of data based on changes or rules
CN101075256A (en) * 2007-06-08 2007-11-21 北京神舟航天软件技术有限公司 System and method for real-time auditing and analyzing database
CN102509057A (en) * 2011-10-18 2012-06-20 国网电力科学研究院 Mark-based method for safely filtering unstructured data
US20180276234A1 (en) * 2017-03-24 2018-09-27 Nicira, Inc. Distributed transaction conflict resolution
CN107547498A (en) * 2017-05-10 2018-01-05 新华三信息安全技术有限公司 A kind of auditing method and device
CN108280367A (en) * 2018-01-22 2018-07-13 腾讯科技(深圳)有限公司 Management method, device, computing device and the storage medium of data manipulation permission
US20200117730A1 (en) * 2018-10-16 2020-04-16 Microsoft Technology Licensing, Llc Database management
CN109711141A (en) * 2018-11-05 2019-05-03 中兴通讯股份有限公司 The processing method and processing device of the call request of sensitive permission module in terminal
CN109409849A (en) * 2018-12-05 2019-03-01 广州中浩控制技术有限公司 A kind of audit trail method and system of MES system
CN109726272A (en) * 2018-12-20 2019-05-07 杭州数梦工场科技有限公司 Audit regulation recommended method and device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113505367A (en) * 2021-06-29 2021-10-15 杭州华橙软件技术有限公司 Security audit method, device, system, electronic device and readable storage medium
CN113505367B (en) * 2021-06-29 2024-05-28 杭州华橙软件技术有限公司 Security audit method, device, system, electronic device and readable storage medium
CN117371932A (en) * 2023-10-07 2024-01-09 浙江山迪智能科技有限公司 Engineering electronic archive resource integrated management method based on single-set system
CN118427859A (en) * 2024-05-10 2024-08-02 深圳市德比网络设备有限公司 Data transmission method and system of cloud computer
CN118427859B (en) * 2024-05-10 2024-11-05 深圳市德比网络设备有限公司 Data transmission method and system of cloud computer

Similar Documents

Publication Publication Date Title
EP2244418B1 (en) Database security monitoring method, device and system
CA2407628C (en) System and method for determining user identity fraud using similarity searching
US20060212438A1 (en) SQL injection protection by variable normalization
CN106384057B (en) Data access authority recognition methods and device
CN110795450A (en) SQL processing method and device
CN111857721B (en) SQL statement verification method, data acquisition method, equipment and storage device
CN112860637A (en) Method and system for processing log based on audit strategy
CN112417492A (en) Service providing method based on data classification and classification
CN111767572A (en) Method and device for safely accessing database
CN101763593A (en) Method and device for realizing audit log of system
CN110633217A (en) Interface checking method and device
CN115203750A (en) Hive data authority control and security audit method and system based on Hive plug-in
CN117194146A (en) Data security audit and monitoring system
KR100906454B1 (en) Database log data management apparatus and method thereof
CN116541887B (en) Data security protection method for big data platform
KR101104300B1 (en) System of access management comprising exclusive tool for accessing of personal information database and method thereof
CN113672457B (en) Method and device for identifying abnormal operation in database
CN114238244A (en) Result set generation method, device, equipment and storage medium
KR102182573B1 (en) Apparatus for Setting Access Permission in Large-Scale Data Environment and Computer-Readable Recording Medium with Program therefor
CN111934949A (en) Safety test system based on database injection test
KR100906449B1 (en) Database tool identifying apparatus and method thereof
CN117150569B (en) Safe interaction method and system of banking library
KR102446674B1 (en) Security method via network packet for tracking the information user
CN110362579B (en) Information processing method and electronic equipment
CN115269637A (en) Interception processing method and device for structured query language statement

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210528