CN113220285A - Security event response script generation method, system, device and storage medium - Google Patents
Security event response script generation method, system, device and storage medium Download PDFInfo
- Publication number
- CN113220285A CN113220285A CN202110434300.0A CN202110434300A CN113220285A CN 113220285 A CN113220285 A CN 113220285A CN 202110434300 A CN202110434300 A CN 202110434300A CN 113220285 A CN113220285 A CN 113220285A
- Authority
- CN
- China
- Prior art keywords
- security
- action
- safety
- event response
- actions
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/34—Graphical or visual programming
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/31—Programming languages or programming paradigms
- G06F8/315—Object-oriented languages
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method, a system, a computer device and a storage medium for generating a security event response script. The method for generating the security event response script comprises the steps of determining a security function entity according to a security scene, identifying security actions supported by the security function entity, marking the security actions as reading types or writing types, generating the security event response script by taking the security actions as generating nodes, and the like. The invention introduces a classification mechanism and technical realization of read-write analysis, so that the safety action in the generated safety incident response script is identified as a writing-in type or a reading type, the usability of the arrangement of the safety script is improved by classifying the safety action, the misoperation in the arrangement process of safety script editors is reduced, the action and the permission are allowed to be adapted, and the optimization technologies of permission setting, safety action execution approval, newly-inserted safety action risk degree detection and the like can be further realized on the basis. The invention is widely applied to the technical field of network security.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method, a system, a computer device and a storage medium for generating a security event response script.
Background
The security event response scenario may be represented as a set of data representing in what order (flow), what security devices (apps) are invoked, what actions (actions) are performed, by which the network security event response may be implemented. Mainstream SOAR (security orchestration, automation and response) products provide a graphical-based visualization orchestration capability, allowing security personnel to orchestrate various atomized actions (actions) in the emergency response process according to certain logic to form a security response script (playbook), thereby developing rapid emergency responses upon occurrence of a security event. The existing script arrangement technology only completes the arrangement of action sequences, and lacks of action management and control and risk identification mechanisms.
Disclosure of Invention
In view of at least one of the above-mentioned technical problems, it is an object of the present invention to provide a security incident response scenario generation method, system, computer device and storage medium.
In one aspect, an embodiment of the present invention includes a method for generating a security incident response scenario, including the following steps:
determining a safety scene;
determining a safety function entity to be used according to the safety scene;
identifying security actions supported by the security function entity;
according to the content of the safety action, marking the safety action as a reading class or a writing class;
and generating the security event response script by taking the security action as a generating node.
Further, the security actions supported by the security function entity include security actions that the security function entity has performed and security actions that the security function entity will perform.
Further, the step of marking the security action as a read class or a write class according to the content of the security action specifically includes:
when the safety action is used for executing the operation of acquiring information, marking the safety action as a reading class;
and when the safety action is used for executing the operation of sending the information, marking the safety action as a writing class.
Further, the method for generating the security incident response scenario further comprises the following steps:
performing visual processing on the security event response script; the visualization process is used to distinguish the security actions belonging to a read class and the security actions belonging to a write class in the security event response script by producing a visual effect.
Further, the method for generating the security incident response scenario further comprises the following steps:
setting the authority of the security event response script; the permission settings are used for giving different access permissions and/or modification permissions to the security actions belonging to the read class and the security actions belonging to the write class in the security event response scenario.
Further, the method for generating the security incident response scenario further comprises the following steps:
performing approval processing on part or all of the safety actions in the safety event response script; the security actions subjected to the approval process are executed by the security event response script, and the security actions not subjected to the approval process are not executed by the security event response script.
Further, the method for generating the security incident response scenario further comprises the following steps:
detecting an insert action of a response script to the security event; the insert action is to insert a new security action to a particular location in the security event response script;
identifying the new security action as a read class or a write class;
and determining the risk degree of the new safety action according to the type relation between the safety action before and/or after the specific position in the safety event response script and the new safety action.
On the other hand, the embodiment of the present invention further includes a system for generating a security incident response scenario, including:
a first module to determine a security scenario;
a second module, configured to determine, according to the security scenario, a security function entity to be used;
a third module for identifying a security action supported by the security function entity;
a fourth module, configured to mark the security action as a read class or a write class according to the content of the security action;
and the fifth module is used for generating the security event response script by taking the security action as a generating node.
In another aspect, embodiments of the present invention also include a computer apparatus including a memory for storing at least one program and a processor for loading the at least one program to perform a security event response scenario generation method.
In another aspect, embodiments of the present invention also include a storage medium having stored therein processor-executable instructions that, when executed by a processor, are operable to perform a security event response scenario generation method.
The invention has the beneficial effects that: in the method for generating the safety incident response script in the embodiment, a classification mechanism and a technical implementation of read-write analysis are introduced on the basis of the prior art, so that the safety action in the generated safety incident response script is identified as a writing type or a reading type, the safety script arrangement easiness is improved, misoperation in the arrangement process of safety script editors is reduced, and the safety risk of an automatic script is reduced; and a read-write separation technology mechanism is adopted, so that the security arrangement system is allowed to adapt to actions and permissions aiming at different personnel and scenes, and optimization technologies such as access permission and/or permission setting modification, security action execution approval, newly-inserted security action risk degree detection and the like can be further realized on the basis.
Drawings
Fig. 1 is a flowchart of a security event response scenario generation method in an embodiment;
fig. 2 is a schematic diagram of a security event response scenario generation method in an embodiment.
Detailed Description
In this embodiment, a flow of the security incident response scenario generation method is shown in fig. 1, and includes the following steps:
s1, determining a safety scene;
s2, determining a safety function entity to be used according to a safety scene;
s3, identifying the safety action supported by the safety function entity;
s4, according to the content of the safety action, marking the safety action as a reading type or a writing type;
and S5, generating a security event response script by taking the security action as a generating node.
The principle of steps S1-S5 is shown in FIG. 2. In step S1, a security scenario is determined according to actual usage requirements, for example, the security scenario is determined to be a network security forbidden scenario. According to the requirements of the network security forbidden scenario, the network security engineer may propose a security policy of the following form:
(1) given an input IP address
(2) Disabling IP addresses via Huashi firewall API interfaces
(3) Query Huawei firewall API interface confirms that IP has been blocked
(4) Sending message notification to WeChat according to the result of the forbidden query
(5) Since IP barring is a high-risk action, network security engineers wish to add an approval before the barring action.
The above-mentioned security policies (1) - (5) involving one input (i.e., IP address), two security function entities (i.e., hua is firewall and wechat), and one judgment rule are parsed, thereby performing step S2 to determine that the security function entities to be used include hua is firewall and wechat.
The security action in this embodiment may refer to an action performed by a security function entity when the security function entity performs its own function, for example, the security action supported by the security function entity, which is a firewall, includes: inquiring whether an IP is forbidden, issuing an instruction to forbid an IP address, and inquiring the running state of a firewall; the security actions supported by the WeChat security function entity include: sending messages to individual users through WeChats and sending messages to groups through WeChats. The security action in this embodiment may also refer to a system or process action optimized with a security response, such as a network device, an IT system, or a SaaS service for providing an operating condition for the security function entity, for example: starting antivirus software, updating a client virus library, inquiring a MAC address table of a switch, restarting the switch, closing a port of the switch, inquiring user mailbox information in Windows AD, freezing an employee account, calling SaaS service to inquire the attribution of a certain IP address and the like.
Further, the security action may be an action name, or may be a set of actions, for example, the security action may refer to an action of restarting a server, or may refer to a set of actions of creating an employee account, and specifically includes a series of sub-actions of creating a Windows AD account, creating a company Exchange mailbox, and updating information of a department where the employee is located.
In step S3, the security actions supported by the security function entity may be identified by querying or the like. In this embodiment, the security actions may be security actions executed by the security function entity and security actions to be executed by the security function entity.
Then, the network security engineer combs the security actions supported by the security function entity, and performs read-write type classification and identification, wherein the identification standard is as follows: if a security action is mainly used for executing the operation of acquiring the information, marking the security action as a reading class; if a security action is primarily used to perform the operation of sending information, then this security action is marked as a write class. Under this standard, security actions for queries or notifications may also be marked as read or write classes.
Table 1 is an example table of classification results.
TABLE 1
In step S4, when the security action is marked as read or write, the security action may be marked simultaneously or separately in a data level or a visual graphics level. For example, when performing security event response script layout using a programming language such as Java, Python, etc., the capabilities included in the security actions may be specified item by item, including: action name, action parameter, action type, etc., to determine whether the security action belongs to read or write. Specifically, the security actions are marked by JSON files, XML files, or text-type identification bits.
When the marks are made in the visual graphic layer, the security incident response script can be visually processed to generate visual effects such as highlighting or background color blocks, for example, each security action in the security incident response script is displayed through graphs such as squares or buttons, the security actions belonging to the writing class can be highlighted, the security actions belonging to the reading class are not highlighted, and the like, so that a network security engineer can conveniently and quickly identify which security actions belong to the reading class and which security actions belong to the writing class.
And after finishing the classification of the safety actions supported by the safety function entity, generating a safety event response script by taking the safety actions as nodes.
In this embodiment, by classifying the write-in type or the read-out type of the security actions supported by the security function entity, and by using the characteristic that the write-in type security actions and the read-out type security actions have different operation risks, the operation risk corresponding to the security action can be marked in the security incident response script, so that a network security engineer can perform optimization based on the operation risk in the process of using the security incident response script.
In this embodiment, the optimization that the network security engineer can make according to the classification of the security actions in the process of using the security incident response scenario includes:
s6, setting the authority of the security event response script; the permission settings are used for giving different access permissions and/or modification permissions to the security actions belonging to the read class and the security actions belonging to the write class in the security event response scenario.
Different access rights and/or modification rights may be opened to different persons when performing step S6. For example, the access right and/or modification right of writing-in type security actions is opened to the high-level script arrangement personnel, the access right and/or modification right of reading-type security actions is opened to the common script arrangement personnel, the access right and/or modification right of writing-in type security actions is opened to the event handling personnel, and the access right and/or modification right of reading-type security actions is opened to the common observer.
In this embodiment, the optimization that the network security engineer can make according to the classification of the security actions in the process of using the security incident response scenario further includes:
s7, carrying out approval treatment on part or all of safety actions in the safety event response script; the approved security actions are executed by the security event response script, and the unapproved security actions are not executed by the security event response script.
When step S7 is executed, since the write-type security action has a higher operation risk than the read-type security action, the write-type security action such as IP barring may be set to require approval, and only the approved security action such as IP barring can be executed by the security event response script, and the security action that is not approved cannot be executed by the security event response script. Most of the reading-type safety actions can be subjected to approval processing by default, so that the reading-type safety actions can be executed by the safety event response script without manual or automatic special approval.
In this embodiment, the optimization that the network security engineer can make according to the classification of the security actions in the process of using the security incident response scenario further includes:
s8, detecting the insertion action of the response script to the security incident; the insert action is used to insert a new security action into a particular location in the security event response script;
s9, identifying the new safety action as a reading type or a writing type;
and S10, determining the risk degree of the new safety action according to the type relation between the safety action before and/or after the specific position in the safety event response script and the new safety action.
In this embodiment, the network security engineer may also be provided with the functionality to insert a new security action at a particular location of the security event response script. When the network security engineer inserts a new security action into the specific location of the security incident response scenario, step S9 is executed, the new security action is identified as belonging to the read class or the write class according to the same principle as step S4, and then it is determined whether one or more security actions before and/or after the specific location in the security incident response scenario belong to the read class or the write class, respectively, and the risk of the new security action is determined according to the type relationship between the security actions before and/or after the specific location in the security incident response scenario and the new security action. For example, if a plurality of consecutive write-type security actions occur near a specific location of the security event response scenario after a new security action is inserted, the risk of the new security action is obtained by determining the possibility of occurrence of a failure due to the insertion of the new security action, such as "server restart", "service interruption", "network interruption", "temporary database unavailability", and the like, based on the information such as the number of the write-type security actions and the read-type security actions, the number of consecutive occurrences, and the like. The mode that can remind the danger degree to the staff for the staff keeps track of whether its newly-joined safety action is appropriate, avoids causing the trouble because of newly-joined safety action.
In the method for generating the security incident response script in the embodiment, a classification mechanism and a technical implementation of read-write analysis are introduced on the basis of the prior art, so that the security actions in the generated security incident response script are identified as a writing class or a reading class, the ease of arranging the security script is improved, misoperation in the arranging process of security script editors is reduced, and the security risk of an automatic script is reduced; by adopting a read-write separation technology mechanism, the security arrangement system is allowed to adapt to actions and permissions aiming at different personnel and scenes, and optimization technologies such as access permission and/or permission modification setting, security action execution approval, newly-inserted security action risk degree detection and the like are further realized.
The method for generating the security incident response script in the embodiment can be used in emergency response of network security incidents, and can also be used in design and arrangement of various system interaction processes in the fields of operation and maintenance, wind control and industrial automation.
In this embodiment, the security event response scenario generation method may be executed using a security event response scenario generation system. The security incident response scenario generation system includes:
a first module to determine a security scenario;
a second module for determining a security function entity to be used according to the security scenario;
a third module for identifying a security action supported by the security function entity;
a fourth module, configured to mark the security action as a read class or a write class according to the content of the security action;
and the fifth module is used for generating a security event response script by taking the security action as a generating node.
In this embodiment, the first module, the second module, the third module, the fourth module and the fifth module may be hardware modules, software modules or a combination of hardware and software having corresponding functions. The security event response scenario generation system can be operated to execute the security event response scenario generation method, thereby achieving the same technical effect as the embodiment of the security event response scenario generation method.
In this embodiment, a computer apparatus includes a memory for storing at least one program and a processor for loading the at least one program to execute the security event response scenario generation method in this embodiment.
In the present embodiment, a storage medium having stored therein processor-executable instructions for executing the security event response scenario generation method in the present embodiment when executed by a processor achieves the same technical effects as described in the present embodiment.
It should be noted that, unless otherwise specified, when a feature is referred to as being "fixed" or "connected" to another feature, it may be directly fixed or connected to the other feature or indirectly fixed or connected to the other feature. Furthermore, the descriptions of upper, lower, left, right, etc. used in the present disclosure are only relative to the mutual positional relationship of the constituent parts of the present disclosure in the drawings. As used in this disclosure, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. In addition, unless defined otherwise, all technical and scientific terms used in this example have the same meaning as commonly understood by one of ordinary skill in the art. The terminology used in the description of the embodiments herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this embodiment, the term "and/or" includes any combination of one or more of the associated listed items.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element of the same type from another. For example, a first element could be termed a second element, and, similarly, a second element could be termed a first element, without departing from the scope of the present disclosure. The use of any and all examples, or exemplary language ("e.g.," such as "or the like") provided with this embodiment is intended merely to better illuminate embodiments of the invention and does not pose a limitation on the scope of the invention unless otherwise claimed.
It should be recognized that embodiments of the present invention can be realized and implemented by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The methods may be implemented in a computer program using standard programming techniques, including a non-transitory computer-readable storage medium configured with the computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner, according to the methods and figures described in the detailed description. Each program may be implemented in a high level procedural or object terminal oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose.
Further, operations of processes described in this embodiment can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described in this embodiment (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.
Further, the method may be implemented in any type of computing platform operatively connected to a suitable interface, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like. Aspects of the invention may be embodied in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optically read and/or write storage medium, RAM, ROM, or the like, such that it may be read by a programmable computer, which when read by the storage medium or device, is operative to configure and operate the computer to perform the procedures described herein. Further, the machine-readable code, or portions thereof, may be transmitted over a wired or wireless network. The invention described in this embodiment includes these and other different types of non-transitory computer-readable storage media when such media include instructions or programs that implement the steps described above in conjunction with a microprocessor or other data processor. The invention also includes the computer itself when programmed according to the methods and techniques described herein.
A computer program can be applied to input data to perform the functions described in the present embodiment to convert the input data to generate output data that is stored to a non-volatile memory. The output information may also be applied to one or more output devices, such as a display. In a preferred embodiment of the present invention, the transformed data represents a physical and tangible target terminal, including a particular visual depiction of the physical and tangible target terminal produced on a display.
The above description is only a preferred embodiment of the present invention, and the present invention is not limited to the above embodiment, and any modifications, equivalent substitutions, improvements, etc. within the spirit and principle of the present invention should be included in the protection scope of the present invention as long as the technical effects of the present invention are achieved by the same means. The invention is capable of other modifications and variations in its technical solution and/or its implementation, within the scope of protection of the invention.
Claims (10)
1. A method for generating a security incident response scenario, comprising the steps of:
determining a safety scene;
determining a safety function entity to be used according to the safety scene;
identifying security actions supported by the security function entity;
according to the content of the safety action, marking the safety action as a reading class or a writing class;
and generating the security event response script by taking the security action as a generating node.
2. The security event response scenario generation method of claim 1, wherein the security actions supported by the security function entity comprise security actions already performed by the security function entity and security actions to be performed by the security function entity.
3. The method for generating a security incident response scenario according to claim 1, wherein the step of marking the security action as a read class or a write class according to the content of the security action specifically comprises:
when the safety action is used for executing the operation of acquiring information, marking the safety action as a reading class;
and when the safety action is used for executing the operation of sending the information, marking the safety action as a writing class.
4. The security event response scenario generation method of claim 1, further comprising the steps of:
performing visual processing on the security event response script; the visualization process is used to distinguish the security actions belonging to a read class and the security actions belonging to a write class in the security event response script by producing a visual effect.
5. The security event response scenario generation method of claim 1, further comprising the steps of:
setting the authority of the security event response script; the permission settings are used for giving different access permissions and/or modification permissions to the security actions belonging to the read class and the security actions belonging to the write class in the security event response scenario.
6. The security event response scenario generation method of claim 1, further comprising the steps of:
performing approval processing on part or all of the safety actions in the safety event response script; the security actions subjected to the approval process are executed by the security event response script, and the security actions not subjected to the approval process are not executed by the security event response script.
7. The security event response scenario generation method of claim 1, further comprising the steps of:
detecting an insert action of a response script to the security event; the insert action is to insert a new security action to a particular location in the security event response script;
identifying the new security action as a read class or a write class;
and determining the risk degree of the new safety action according to the type relation between the safety action before and/or after the specific position in the safety event response script and the new safety action.
8. A security incident response script generating system, comprising:
a first module to determine a security scenario;
a second module, configured to determine, according to the security scenario, a security function entity to be used;
a third module for identifying a security action supported by the security function entity;
a fourth module, configured to mark the security action as a read class or a write class according to the content of the security action;
and the fifth module is used for generating the security event response script by taking the security action as a generating node.
9. A computer apparatus comprising a memory for storing at least one program and a processor for loading the at least one program to perform the method of any one of claims 1-7.
10. A storage medium having stored therein processor-executable instructions, which when executed by a processor, are configured to perform the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110434300.0A CN113220285B (en) | 2021-04-22 | 2021-04-22 | Security event response scenario generation method, system, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110434300.0A CN113220285B (en) | 2021-04-22 | 2021-04-22 | Security event response scenario generation method, system, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113220285A true CN113220285A (en) | 2021-08-06 |
| CN113220285B CN113220285B (en) | 2023-08-22 |
Family
ID=77088441
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110434300.0A Active CN113220285B (en) | 2021-04-22 | 2021-04-22 | Security event response scenario generation method, system, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113220285B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116471122A (en) * | 2023-06-12 | 2023-07-21 | 南京众智维信息科技有限公司 | Network security script arrangement method based on Q learning |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102681882A (en) * | 2011-03-15 | 2012-09-19 | 新奥特(北京)视频技术有限公司 | Method for controlling broadcasting task execution by using script plug-in |
| US20150039556A1 (en) * | 2013-07-30 | 2015-02-05 | Box, Inc. | Scalability improvement in a system which incrementally updates clients with events that occurred in a cloud-based collaboration platform |
| US20160217029A1 (en) * | 2015-01-28 | 2016-07-28 | Qualcomm Incorporated | Data Flow Tracking Via Memory Monitoring |
| US20170300748A1 (en) * | 2015-04-02 | 2017-10-19 | Scripthop Llc | Screenplay content analysis engine and method |
| US20180020021A1 (en) * | 2016-07-13 | 2018-01-18 | Hill Top Security, Inc. | Computerized system and method for providing cybersecurity detection and response functionality |
| US20190052660A1 (en) * | 2016-02-05 | 2019-02-14 | Defensestorm, Inc. | Enterprise policy tracking with security incident integration |
| CN109800421A (en) * | 2018-12-19 | 2019-05-24 | 武汉西山艺创文化有限公司 | A kind of game scenario generation method and its device, equipment, storage medium |
| CN111506306A (en) * | 2019-01-31 | 2020-08-07 | 北京神州泰岳软件股份有限公司 | Method and device for compiling Ansible script and electronic equipment |
| CN111831275A (en) * | 2020-07-14 | 2020-10-27 | 绿盟科技集团股份有限公司 | Method, server, medium and computer equipment for arranging micro-scene script |
| CN111835768A (en) * | 2020-07-14 | 2020-10-27 | 绿盟科技集团股份有限公司 | Method, device, medium and computer equipment for processing security event |
| CN111931463A (en) * | 2019-04-26 | 2020-11-13 | 广州声活圈信息科技有限公司 | Multi-terminal script compiling and automatic importing generation method |
| CN112114833A (en) * | 2020-09-21 | 2020-12-22 | 中国建设银行股份有限公司 | Device and method for determining middleware installation and deployment |
-
2021
- 2021-04-22 CN CN202110434300.0A patent/CN113220285B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102681882A (en) * | 2011-03-15 | 2012-09-19 | 新奥特(北京)视频技术有限公司 | Method for controlling broadcasting task execution by using script plug-in |
| US20150039556A1 (en) * | 2013-07-30 | 2015-02-05 | Box, Inc. | Scalability improvement in a system which incrementally updates clients with events that occurred in a cloud-based collaboration platform |
| US20160217029A1 (en) * | 2015-01-28 | 2016-07-28 | Qualcomm Incorporated | Data Flow Tracking Via Memory Monitoring |
| US20170300748A1 (en) * | 2015-04-02 | 2017-10-19 | Scripthop Llc | Screenplay content analysis engine and method |
| US20190052660A1 (en) * | 2016-02-05 | 2019-02-14 | Defensestorm, Inc. | Enterprise policy tracking with security incident integration |
| US20180020021A1 (en) * | 2016-07-13 | 2018-01-18 | Hill Top Security, Inc. | Computerized system and method for providing cybersecurity detection and response functionality |
| CN109800421A (en) * | 2018-12-19 | 2019-05-24 | 武汉西山艺创文化有限公司 | A kind of game scenario generation method and its device, equipment, storage medium |
| CN111506306A (en) * | 2019-01-31 | 2020-08-07 | 北京神州泰岳软件股份有限公司 | Method and device for compiling Ansible script and electronic equipment |
| CN111931463A (en) * | 2019-04-26 | 2020-11-13 | 广州声活圈信息科技有限公司 | Multi-terminal script compiling and automatic importing generation method |
| CN111831275A (en) * | 2020-07-14 | 2020-10-27 | 绿盟科技集团股份有限公司 | Method, server, medium and computer equipment for arranging micro-scene script |
| CN111835768A (en) * | 2020-07-14 | 2020-10-27 | 绿盟科技集团股份有限公司 | Method, device, medium and computer equipment for processing security event |
| CN112114833A (en) * | 2020-09-21 | 2020-12-22 | 中国建设银行股份有限公司 | Device and method for determining middleware installation and deployment |
Non-Patent Citations (5)
| Title |
|---|
| ANDREW GORECKI: "Crafting an Incident Response Plan", 《WILEY DATA AND CYBERSECURITY》, pages 143 * |
| 佚名: "Ansible系列基础篇 1.7.2、PlayBook之tags", pages 1 - 5, Retrieved from the Internet <URL:《https://www.cnblogs.com/wsongl/p/14193852.html》> * |
| 佚名: "国产SOAR产品HoneyGuide试用体验", pages 1 - 9, Retrieved from the Internet <URL:《http://realsoar.com/topics/26》> * |
| 杨帆帆: "安全运营赋能关键信息基础设施安全防护实践", 《警察技术》, pages 1 - 4 * |
| 邢家鸣: "SOAR 技术在银行业应用浅析", 《中国金融电脑》, pages 66 - 69 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116471122A (en) * | 2023-06-12 | 2023-07-21 | 南京众智维信息科技有限公司 | Network security script arrangement method based on Q learning |
| CN116471122B (en) * | 2023-06-12 | 2023-08-29 | 南京众智维信息科技有限公司 | Network security script arrangement method based on Q learning |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113220285B (en) | 2023-08-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11797322B2 (en) | Cloud native virtual machine runtime protection | |
| CN104011611A (en) | System and method for managing industrial processes | |
| KR102284497B1 (en) | World-driven access control | |
| CN101329781A (en) | Access control system with rules engine architecture | |
| US9392013B1 (en) | Defending against a cyber attack via asset overlay mapping | |
| CN117321584A (en) | Processing management of high data I/O ratio modules | |
| WO2019084289A1 (en) | Asset management devices and methods | |
| CN113516337A (en) | Method and device for monitoring data security operation | |
| CN113220285A (en) | Security event response script generation method, system, device and storage medium | |
| WO2018061621A1 (en) | Application development environment provision system, application development environment provision method, computer-readable non-transitory medium, and terminal device | |
| WO2023108254A1 (en) | Methods and systems for fingerprinting malicious behavior | |
| CN107329947B (en) | The determination method, device and equipment of Similar Text | |
| CN109753819B (en) | Method and device for processing access control policy | |
| CN105447384B (en) | A kind of anti-method monitored, system and mobile terminal | |
| JPH04147361A (en) | System for processing for change of processing screen | |
| CN111368275A (en) | Robot control method, device, equipment and storage medium | |
| WO2020250320A1 (en) | Operation log acquisition device, operation log acquisition method, and operation log acquisition program | |
| CN114584391B (en) | Method, device, equipment and storage medium for generating abnormal flow processing strategy | |
| CN111767585A (en) | Object identification method and device, electronic equipment and storage medium | |
| KR101631316B1 (en) | File management method using icon badge and recoding medium recorded program thereof | |
| US20240127690A1 (en) | Communications bridge with unified building alarm processing | |
| WO2021075577A1 (en) | Generating device, program, and generating method | |
| EP4198827A1 (en) | Methods and systems for training a neural network based on impure data | |
| US11182506B2 (en) | Intelligent platform | |
| CN114116042B (en) | Command processing method and system for Linux service system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |