CN113468212A - Event execution method and device and electronic equipment - Google Patents
Event execution method and device and electronic equipment Download PDFInfo
- Publication number
- CN113468212A CN113468212A CN202110823105.7A CN202110823105A CN113468212A CN 113468212 A CN113468212 A CN 113468212A CN 202110823105 A CN202110823105 A CN 202110823105A CN 113468212 A CN113468212 A CN 113468212A
- Authority
- CN
- China
- Prior art keywords
- event
- task
- target
- attribute information
- specific
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
Abstract
The embodiment of the application provides an event execution method, an event execution device and electronic equipment, wherein the method is applied to an event management system, a plurality of specific event scripts and a calling interface corresponding to a task node included in the specific event scripts are stored in a storage database connected with the event management system in advance; extracting a received security event query instruction sent by a client to obtain a carried security event and event attribute information corresponding to the security event, and determining a target event scenario matched with the event attribute information from a plurality of specific event scenarios to trigger a server to call an interface service based on a call interface carried in the target event scenario and perform security on a task node; because the calling interface is pre-written and stored in the storage database, developers do not need to re-develop the calling interface to execute the task node when in use, thereby reducing the development cost and improving the response speed of events.
Description
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a method and an apparatus for executing an event, and an electronic device.
Background
SOAR (Security organization and Response) products have been popular in the field of network Security for some time and are the developing direction of enterprise Security. The SOAR product improves the efficiency of event response, improves the efficiency of teams through integrated case management and task automation, and well shares a large amount of transactional work of security analysts.
However, the existing SOAR products have fewer interface clients (security capabilities), and when a new security capability needs to be added, a second party needs to invest personnel to customize and develop a new interface client (a new interface) and a new user interface, so that the use cost is increased.
Disclosure of Invention
In view of the above, the present invention provides a method, an apparatus and an electronic device for executing an event, which effectively alleviate the above technical problems.
In a first aspect, an embodiment of the present invention provides a method for executing an event, where the method is applied to an event management system, and a server and a storage database are both connected to the event management system; the system comprises a storage database, a task node and a task node, wherein the storage database is pre-stored with a plurality of specific event scripts and calling interfaces corresponding to the task nodes included in the specific event scripts; the method comprises the following steps: receiving a security event query instruction sent by a client; extracting the security events carried in the security event query instruction and event attribute information corresponding to the security events; determining a target event scenario matching the event attribute information from a plurality of specific event scenarios; generating an event trigger instruction based on the target event script; and sending the event trigger instruction to a server so as to trigger the server to extract task nodes and calling interfaces corresponding to the task nodes in a target event script carried by the event trigger instruction, calling interface services corresponding to the calling interfaces, and implementing the execution of the task nodes by using the interface services.
With reference to the first aspect, an embodiment of the present invention provides a possible implementation manner of the first aspect, where specific event attribute information corresponding to each specific event scenario is further stored in the storage database; the step of determining a target event scenario matching the event attribute information from a plurality of specific event scenarios includes: searching target specific event attribute information matched with the event attribute information from the plurality of specific event attribute information; and determining the specific event script corresponding to the target specific event attribute information as the target event script matched with the event attribute information.
With reference to the first aspect, an embodiment of the present invention provides two possible implementation manners of the first aspect, where before receiving a security event query instruction sent by a client, the method further includes: generating a special event script in response to a script creating operation on a graphical user interface of the event management system; and sending the special event script to a storage database for storage.
With reference to the second possible implementation manner of the first aspect, an embodiment of the present invention provides three possible implementation manners of the first aspect, where, in response to a scenario creation operation on a graphical user interface of an event management system, the step of generating a specific event scenario includes one of: responding to the dragging operation of a task node on a user interface of the event management system to generate a specific event script; alternatively, the specific event scenario may be generated in response to a programming operation of a task node on a user interface of the event management system.
With reference to the third possible implementation manner of the first aspect, an embodiment of the present invention provides four possible implementation manners of the first aspect, where the step of generating the specific event scenario in response to a drag operation of a task node on a user interface of the event management system includes: responding to the dragging operation of task nodes on a user interface of the event management system, and determining a plurality of target task nodes; and performing connection operation of the dependency relationship on the target task nodes to generate a special event script.
With reference to the third possible implementation manner of the first aspect, an embodiment of the present invention provides five possible implementation manners of the first aspect, where the step of generating the specific event scenario in response to a programming operation of a task node on a user interface of the event management system includes: compiling task nodes and node information corresponding to the task nodes based on Python scripts; the node information comprises attribute parameter information corresponding to the task node and task dependency relationship information corresponding to the task node; utilizing a template engine to generate DAG source codes corresponding to the task nodes from the node information and the DAG template; a particular event transcript is generated from the DAG source code.
With reference to the fifth possible implementation manner of the first aspect, an embodiment of the present invention provides six possible implementation manners of the first aspect, where the step of generating, by using a template engine, a DAG source code corresponding to the task node from the node information and a DAG template includes: importing the node information into a DAG template to obtain a first DAG template; inserting the call-back function after DAG operation into the first DAG template to obtain a second DAG template; and instantiating the second DAG template to generate DAG source codes corresponding to the task nodes.
In a second aspect, an embodiment of the present invention further provides an event execution apparatus, where the apparatus is applied to an event management system, and a server and a storage database are both connected to the event management system; the system comprises a storage database, a task node and a task node, wherein the storage database is pre-stored with a plurality of specific event scripts and calling interfaces corresponding to the task nodes included in the specific event scripts; the device includes: the receiving module is used for receiving a security event query instruction sent by a client; the extraction module is used for extracting the security events carried in the security event query instruction and the event attribute information corresponding to the security events; the determining module is used for determining a target event scenario matched with the event attribute information from a plurality of specific event scenarios; the generation module is used for generating an event trigger instruction based on the target event script; and the sending module is used for sending the event trigger instruction to the server so as to trigger the server to extract the task node and the calling interface corresponding to the task node, wherein the task node and the calling interface are included in the target event script carried by the event trigger instruction, call the interface service corresponding to the calling interface, and realize the execution of the task node by utilizing the interface service.
In a third aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes a processor and a memory, where the memory stores computer-executable instructions that can be executed by the processor, and the processor executes the computer-executable instructions to implement the foregoing method.
In a fourth aspect, the embodiments of the present invention also provide a computer-readable storage medium, where the computer-readable storage medium stores computer-executable instructions, and when the computer-executable instructions are called and executed by a processor, the computer-executable instructions cause the processor to implement the above-mentioned method.
The embodiment of the invention has the following beneficial effects:
the embodiment of the application provides an event execution method, an event execution device and electronic equipment, wherein the method is applied to an event management system, and a server and a storage database are connected with the event management system; the system comprises a storage database, a task node and a task node, wherein the storage database is pre-stored with a plurality of specific event scripts and calling interfaces corresponding to the task nodes included in the specific event scripts; the method and the system can extract a received security event query instruction sent by a client to obtain a carried security event and event attribute information corresponding to the security event, and determine a target event scenario matched with the event attribute information from a plurality of specific event scenarios to trigger a server to call an interface service based on a call interface corresponding to a task node carried in the target event scenario, so as to realize the safe execution of the task node; since the calling interfaces corresponding to the task nodes included in the special event script are pre-written and stored in the storage database, developers do not need to re-develop the calling interfaces to execute the task nodes when in use, and therefore the development cost is reduced and the response speed of the events is improved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and drawings.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is an architecture diagram of an event management platform according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method for event execution according to an embodiment of the present invention;
FIG. 3 is a flow chart of another method for event execution according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of an event execution apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Considering that the existing SOAR product has fewer interface clients, when the safety capacity needs to be newly increased, a second party needs to invest personnel to develop a new interface client and a new user interface in a customized manner, and further the use cost is increased; according to the method, the device and the electronic equipment for executing the event, the calling interfaces corresponding to the task nodes included in the specific event script are pre-written and stored in the storage database, so that developers do not need to re-develop the calling interfaces to execute the task nodes when in use, development cost is reduced, and meanwhile response speed of the event is improved.
To facilitate understanding of the present embodiment, a method for executing events provided by the present embodiment is first described in detail below. Wherein, the execution subject is an event management system, fig. 1 shows an architecture diagram of an event management platform, which includes the above event management system 100, and a server 101 and a storage database 102 connected to the event management system 100; a plurality of specific event scenarios and call interfaces corresponding to task nodes included in the specific event scenarios are stored in the storage database 102 in advance.
Each specific event scenario is an operation step for disposing the safety event, and is a jointed event disposing process based on the workflow engine; in the present embodiment, a plurality of special event scenarios are different from one another; the specific event scenario pre-stored in the storage database 102 and the call interface corresponding to the task node included in the specific event scenario are written by a developer in advance, the written content may be set according to actual needs, and the specific time scenario and the call interface are not limited herein.
Based on the event management system, an embodiment of the present invention provides an event execution method, as shown in fig. 2, the method includes the following steps:
step S202, receiving a security event query instruction sent by a client;
in actual use, the client is pre-installed with an application program corresponding to the event management system, and a user can log in the application program based on the identity information (name, identification number, login password or the like) so that the user can send a security event query instruction to the event management system by using an interface displayed on the client by the application program.
Step S204, extracting the security event carried in the security event query instruction and event attribute information corresponding to the security event;
a security event is an event that relates to security. The safety event can be an event affecting the safe operation of the computer equipment, an event endangering the information safety of a computer equipment user, and an event endangering the property safety of the computer equipment user; the event attribute information may be understood as unique identification information corresponding to the security event, and may be represented by an event type, a number, a letter, a character, or the like, which is not limited herein.
The event type may specifically include a network virus type, a malicious website type, a communication fraud type, or a payment security type.
Step S206, determining a target event scenario matched with the event attribute information from a plurality of specific event scenarios;
in actual use, since the storage database also stores specific event attribute information corresponding to each specific event scenario, the target event scenario can be determined based on the event attribute information and the specific event attribute information, and the specific determination process is as follows: searching target specific event attribute information matched with the event attribute information from the plurality of specific event attribute information; and determining the specific event script corresponding to the target specific event attribute information as the target event script matched with the event attribute information.
For example, there are 5 specific event scenarios, where the specific event attribute information of the specific event scenario 1 is a, the specific event attribute information of the specific event scenario 2 is b, the specific event attribute information of the specific event scenario 3 is c, the specific event attribute information of the specific event scenario 4 is d, the specific event attribute information of the specific event scenario 5 is e, and the event attribute information corresponding to the security event carried in the security event query instruction is c, and the event attribute information matches with the specific event attribute information c of the specific event scenario 3, so that the specific event scenario 3 is determined as the target event scenario.
Step S208, generating an event trigger instruction based on the target event script;
step S210, sending the event trigger instruction to the server, so as to trigger the server to extract the task node included in the target event scenario carried by the event trigger instruction and the call interface corresponding to the task node, call the interface service corresponding to the call interface, and implement execution of the task node by using the interface service.
When the server receives the event triggering instruction, the server extracts the task nodes in the target event script carried by the event triggering instruction and the calling interfaces corresponding to the task nodes, and then calls the interface services corresponding to the calling interfaces to execute the task nodes.
The embodiment of the application provides an event execution method, wherein the method is applied to an event management system, and a server and a storage database are connected with the event management system; the system comprises a storage database, a task node and a task node, wherein the storage database is pre-stored with a plurality of specific event scripts and calling interfaces corresponding to the task nodes included in the specific event scripts; the method and the system can extract a received security event query instruction sent by a client to obtain a carried security event and event attribute information corresponding to the security event, and determine a target event scenario matched with the event attribute information from a plurality of specific event scenarios to trigger a server to call an interface service based on a call interface corresponding to a task node carried in the target event scenario, so as to realize the safe execution of the task node; since the calling interfaces corresponding to the task nodes included in the special event script are pre-written and stored in the storage database, developers do not need to re-develop the calling interfaces to execute the task nodes when in use, and therefore the development cost is reduced and the response speed of the events is improved.
The embodiment provides another event execution method, which is implemented on the basis of the above embodiment; the present embodiment focuses on a specific implementation of event-specific scenario generation. As shown in fig. 3, another flow chart of the event execution method, the event execution method in this embodiment includes the following steps:
step S302, responding to a script creating operation on a graphical user interface of an event management system, and generating a special event script;
generally, the special event script can be realized based on the dragging operation of task nodes on a graphical user interface by developers, and the method is convenient for the developers to visually and quickly realize the writing of the script.
Specifically, the scenario generation process based on the drag operation may be implemented through step a1 to step a 2:
step A1, responding to the drag operation of task nodes on the user interface of the event management system, and determining a plurality of target task nodes;
the graphical user interface is divided into a display area and a planning area, usually, a plurality of different task nodes are displayed in the display area, when a developer develops a specific event script, the task nodes forming the specific event script can be dragged from the display area to the planning area from the plurality of task nodes, and the task nodes dragged to the planning area are target task nodes.
And step A2, performing dependent relation connection operation on the target task nodes to generate a special event script.
In this embodiment, a line segment with an arrow may be used to connect two target task nodes to indicate a dependency relationship between the two target task nodes, and a plurality of target task nodes are connected in pairs to generate a special event scenario, for example, a connection is pulled from a connection point on the left side of a target task node a to a target task node B to indicate B dependency a, and a task dependency relationship may be deleted by clicking a connection between tasks.
In addition to the generation of the specific event scenario by using the visualization manner, in this embodiment, the specific event scenario may be generated based on a programming operation of a Python script, where Python is a Turing complete language (language), so when dealing with a complex security event, the flexibility of the event scenario written by using Python is far better than that of the visualization task layout, but in the face of some daily security events, the visualization task layout is easier for a person without programming experience.
Specifically, in response to the programming operation of the task node on the user interface of the event management system, the process of generating the specific event scenario may be implemented by steps B1 through B3:
step B1, compiling task nodes and node information corresponding to the task nodes based on Python scripts; the node information comprises attribute parameter information corresponding to the task node and task dependency relationship information corresponding to the task node;
the attribute parameter information is parameter information for indicating the attribute of the task node, such as a name, a value, a type, and the like, the task dependency relationship information is used for defining the dependency relationship between the task node and other task nodes, and in actual use, the attribute parameter information and the task dependency relationship information may be set according to actual needs, and are not limited herein.
In actual use, the Python script writing task node is not limited, and the tasks can be written by using scripts such as Shell and Perl.
Step B2, utilizing the template engine to generate DAG source codes corresponding to the task nodes from the node information and the DAG template;
a DAG (Directed Acyclic Graph) template is preset in the event management system.
The step B2 can be realized by the steps C1 to C3:
step C1, importing the node information into a DAG template to obtain a first DAG template;
step C2, inserting the call-back function after the DAG operation into the first DAG template to obtain a second DAG template;
the callback function in the DAG source code construction process is realized by means of a configurable Retry tool library, namely a Retry tool for referencing Requests, and the insertion of the callback function can effectively improve the success rate of callback updating event states after DAG operation and reduce the error probability of an event management system.
Step C3, instantiating the second DAG template, and generating a DAG source code corresponding to the task node.
Step B3, generating a specific event scenario from the DAG source code.
The production process is the same as the existing process of generating an event scenario based on DAG source code, and therefore, will not be described in detail herein.
Step S304, sending the special event script to a storage database for storage;
step S306, receiving a security event query instruction sent by a client;
step S308, extracting the security event carried in the security event query instruction and event attribute information corresponding to the security event;
step S310, determining a target event scenario matched with the event attribute information from a plurality of specific event scenarios;
step S312, generating an event trigger instruction based on the target event script;
step S314, sending the event trigger instruction to the server, so as to trigger the server to extract the task node and the call interface corresponding to the task node from the target event scenario carried by the event trigger instruction, call the interface service corresponding to the call interface, and implement execution of the task node by using the interface service.
The method for executing the event provided by the embodiment can support a visualization mode and a programming mode to construct a specific event script, and also allows staff to visually edit a DAG source code; furthermore, due to the fact that abundant Operators are provided, scripts or programs such as Shell, Python and Perl can be submitted to the event management system for evaluation and operation, and the requirements of customer personalization or customization can be met flexibly.
Corresponding to the method embodiment, the embodiment of the invention also provides an event execution device, wherein the event execution device is applied to an event management system, and the server and the storage database are both connected with the event management system; the system comprises a storage database, a task node and a task node, wherein the storage database is pre-stored with a plurality of specific event scripts and calling interfaces corresponding to the task nodes included in the specific event scripts; fig. 4 is a schematic structural diagram of an event execution apparatus, which includes, as shown in fig. 4:
a receiving module 402, configured to receive a security event query instruction sent by a client;
an extracting module 404, configured to extract a security event carried in the security event query instruction and event attribute information corresponding to the security event;
a determining module 406, configured to determine a target event scenario matching the event attribute information from a plurality of specific event scenarios;
a generating module 408, configured to generate an event trigger instruction based on the target event scenario;
the sending module 410 is configured to send the event trigger instruction to the server, so as to trigger the server to extract the task node included in the target event scenario carried by the event trigger instruction and the call interface corresponding to the task node, call the interface service corresponding to the call interface, and implement execution of the task node by using the interface service.
The embodiment of the application provides an event execution device, wherein the method is applied to an event management system, and a server and a storage database are connected with the event management system; the system comprises a storage database, a task node and a task node, wherein the storage database is pre-stored with a plurality of specific event scripts and calling interfaces corresponding to the task nodes included in the specific event scripts; the method and the system can extract a received security event query instruction sent by a client to obtain a carried security event and event attribute information corresponding to the security event, and determine a target event scenario matched with the event attribute information from a plurality of specific event scenarios to trigger a server to call an interface service based on a call interface corresponding to a task node carried in the target event scenario, so as to realize the safe execution of the task node; since the calling interfaces corresponding to the task nodes included in the special event script are pre-written and stored in the storage database, developers do not need to re-develop the calling interfaces to execute the task nodes when in use, and therefore the development cost is reduced and the response speed of the events is improved.
The event execution device provided by the embodiment of the invention has the same technical characteristics as the event execution method provided by the embodiment, so that the same technical problems can be solved, and the same technical effects can be achieved.
An electronic device is further provided in the embodiment of the present application, as shown in fig. 5, which is a schematic structural diagram of the electronic device, where the electronic device includes a processor 121 and a memory 120, the memory 120 stores computer-executable instructions that can be executed by the processor 121, and the processor 121 executes the computer-executable instructions to implement the event execution method.
In the embodiment shown in fig. 5, the electronic device further comprises a bus 122 and a communication interface 123, wherein the processor 121, the communication interface 123 and the memory 120 are connected by the bus 122.
The Memory 120 may include a high-speed Random Access Memory (RAM) and may also include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The communication connection between the network element of the system and at least one other network element is realized through at least one communication interface 123 (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, and the like may be used. The bus 122 may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus 122 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one double-headed arrow is shown in FIG. 5, but this does not indicate only one bus or one type of bus.
The processor 121 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 121. The Processor 121 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and the processor 121 reads information in the memory and completes the steps of the event execution method of the foregoing embodiment in combination with hardware thereof.
Embodiments of the present application further provide a computer-readable storage medium, where the computer-readable storage medium stores computer-executable instructions, and when the computer-executable instructions are called and executed by a processor, the computer-executable instructions cause the processor to implement the method for executing the event, and specific implementation may refer to the foregoing method embodiments, and is not described herein again.
The method and apparatus for event execution and the computer program product of the electronic device provided in the embodiments of the present application include a computer-readable storage medium storing program codes, where instructions included in the program codes may be used to execute the method described in the foregoing method embodiments, and specific implementations may refer to the method embodiments and are not described herein again.
Unless specifically stated otherwise, the relative steps, numerical expressions, and values of the components and steps set forth in these embodiments do not limit the scope of the present application.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer-readable storage medium executable by a processor. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In the description of the present application, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, and do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present application. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present application, and are used for illustrating the technical solutions of the present application, but not limiting the same, and the scope of the present application is not limited thereto, and although the present application is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope disclosed in the present application; such modifications, changes or substitutions do not depart from the spirit and scope of the exemplary embodiments of the present application, and are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method for executing events is characterized in that the method is applied to an event management system, and a server and a storage database are connected with the event management system; the system comprises a storage database, a task node and a task node, wherein the storage database is pre-stored with a plurality of specific event scripts and calling interfaces corresponding to the task nodes included in the specific event scripts; the method comprises the following steps:
receiving a security event query instruction sent by a client;
extracting the security event carried in the security event query instruction and event attribute information corresponding to the security event;
determining a target event scenario matching the event attribute information from a plurality of specific event scenarios;
generating an event trigger instruction based on the target event script;
and sending the event trigger instruction to the server to trigger the server to extract task nodes and calling interfaces corresponding to the task nodes in a target event script carried by the event trigger instruction, calling interface services corresponding to the calling interfaces, and implementing execution of the task nodes by using the interface services.
2. The method according to claim 1, wherein specific event attribute information corresponding to each of the specific event scenarios is further stored in the storage database;
the step of determining a target event scenario matching the event attribute information from a plurality of specific event scenarios includes:
searching target specific event attribute information matched with the event attribute information from the specific event attribute information;
and determining the specific event scenario corresponding to the target specific event attribute information as the target event scenario matched with the event attribute information.
3. The method of claim 1, wherein before receiving the security event query instruction sent by the client, the method further comprises:
generating a special event script in response to a script creation operation on a graphical user interface of the event management system;
and sending the specific event script to the storage database for storage.
4. A method according to claim 3, wherein the step of generating a particular event transcript in response to a transcript creation operation on a graphical user interface of the event management system comprises one of:
responding to the dragging operation of a task node on a user interface of the event management system to generate a specific event script; alternatively, the first and second electrodes may be,
generating a specific event scenario in response to a programming operation of a task node on a user interface of the event management system.
5. The method of claim 4, wherein the step of generating a specific event scenario in response to a drag operation of a task node on a user interface of the event management system comprises:
responding to the dragging operation of the task nodes on the user interface of the event management system, and determining a plurality of target task nodes;
and performing dependent relation connection operation on the target task nodes to generate a special event script.
6. The method of claim 4, wherein the step of generating a particular event transcript in response to a programming operation of a task node on a user interface of the event management system comprises:
compiling task nodes and node information corresponding to the task nodes based on Python scripts; the node information comprises attribute parameter information corresponding to the task node and task dependency relationship information corresponding to the task node;
utilizing a template engine to generate DAG source codes corresponding to the task nodes by using the node information and a DAG template;
and generating a specific event script according to the DAG source code.
7. The method of claim 6, wherein the step of generating the DAG source code corresponding to the task node by using the template engine to generate the node information and DAG template comprises:
importing the node information into the DAG template to obtain a first DAG template;
inserting a call-back function after DAG operation into the first DAG template to obtain a second DAG template;
instantiating the second DAG template, and generating DAG source codes corresponding to the task nodes.
8. The device for executing the event is applied to an event management system, and a server and a storage database are connected with the event management system; the system comprises a storage database, a task node and a task node, wherein the storage database is pre-stored with a plurality of specific event scripts and calling interfaces corresponding to the task nodes included in the specific event scripts; the device comprises:
the receiving module is used for receiving a security event query instruction sent by a client;
the extracting module is used for extracting the security event carried in the security event query instruction and the event attribute information corresponding to the security event;
a determining module, configured to determine a target event scenario matched with the event attribute information from a plurality of specific event scenarios;
the generation module is used for generating an event trigger instruction based on the target event script;
and the sending module is used for sending the event triggering instruction to the server so as to trigger the server to extract task nodes and calling interfaces corresponding to the task nodes, wherein the task nodes are included in a target event script carried by the event triggering instruction, call interface services corresponding to the calling interfaces, and implement execution on the task nodes by using the interface services.
9. An electronic device comprising a processor and a memory, the memory storing computer-executable instructions executable by the processor, the processor executing the computer-executable instructions to implement the method of any one of claims 1 to 7.
10. A computer-readable storage medium having computer-executable instructions stored thereon which, when invoked and executed by a processor, cause the processor to implement the method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110823105.7A CN113468212A (en) | 2021-07-21 | 2021-07-21 | Event execution method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110823105.7A CN113468212A (en) | 2021-07-21 | 2021-07-21 | Event execution method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113468212A true CN113468212A (en) | 2021-10-01 |
Family
ID=77881478
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110823105.7A Pending CN113468212A (en) | 2021-07-21 | 2021-07-21 | Event execution method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113468212A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338178A (en) * | 2021-12-30 | 2022-04-12 | 北京安博通科技股份有限公司 | SOAR script model, script construction method, electronic device and storage medium |
| CN115964197A (en) * | 2023-03-16 | 2023-04-14 | 北京仁科互动网络技术有限公司 | Event execution system, method, electronic device, and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107315581A (en) * | 2017-05-23 | 2017-11-03 | 努比亚技术有限公司 | Mission script generating means and method, task scheduling system and method |
| CN110377413A (en) * | 2019-07-24 | 2019-10-25 | 上海金融期货信息技术有限公司 | Based on the distributed task scheduling asynchronous schedule of BPMN standard and the system of monitoring |
| CN110888721A (en) * | 2019-10-15 | 2020-03-17 | 平安科技(深圳)有限公司 | Task scheduling method and related device |
| CN111835768A (en) * | 2020-07-14 | 2020-10-27 | 绿盟科技集团股份有限公司 | Method, device, medium and computer equipment for processing security event |
| CN112422484A (en) * | 2019-08-23 | 2021-02-26 | 华为技术有限公司 | Method, apparatus, and storage medium for determining a scenario for processing a security event |
| CN112468457A (en) * | 2020-11-12 | 2021-03-09 | 中国建设银行股份有限公司 | Event handling method and device, electronic equipment and readable storage medium |
| CN112529417A (en) * | 2020-12-14 | 2021-03-19 | 杭州安恒信息技术股份有限公司 | Security event processing method, device, equipment and storage medium |
| CN113037774A (en) * | 2021-03-31 | 2021-06-25 | 新华三信息安全技术有限公司 | Security management method, device, equipment and machine readable storage medium |
-
2021
- 2021-07-21 CN CN202110823105.7A patent/CN113468212A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107315581A (en) * | 2017-05-23 | 2017-11-03 | 努比亚技术有限公司 | Mission script generating means and method, task scheduling system and method |
| CN110377413A (en) * | 2019-07-24 | 2019-10-25 | 上海金融期货信息技术有限公司 | Based on the distributed task scheduling asynchronous schedule of BPMN standard and the system of monitoring |
| CN112422484A (en) * | 2019-08-23 | 2021-02-26 | 华为技术有限公司 | Method, apparatus, and storage medium for determining a scenario for processing a security event |
| CN110888721A (en) * | 2019-10-15 | 2020-03-17 | 平安科技(深圳)有限公司 | Task scheduling method and related device |
| CN111835768A (en) * | 2020-07-14 | 2020-10-27 | 绿盟科技集团股份有限公司 | Method, device, medium and computer equipment for processing security event |
| CN112468457A (en) * | 2020-11-12 | 2021-03-09 | 中国建设银行股份有限公司 | Event handling method and device, electronic equipment and readable storage medium |
| CN112529417A (en) * | 2020-12-14 | 2021-03-19 | 杭州安恒信息技术股份有限公司 | Security event processing method, device, equipment and storage medium |
| CN113037774A (en) * | 2021-03-31 | 2021-06-25 | 新华三信息安全技术有限公司 | Security management method, device, equipment and machine readable storage medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338178A (en) * | 2021-12-30 | 2022-04-12 | 北京安博通科技股份有限公司 | SOAR script model, script construction method, electronic device and storage medium |
| CN114338178B (en) * | 2021-12-30 | 2022-11-29 | 北京安博通科技股份有限公司 | SOAR script model, script construction method, electronic device and storage medium |
| CN115964197A (en) * | 2023-03-16 | 2023-04-14 | 北京仁科互动网络技术有限公司 | Event execution system, method, electronic device, and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108427731B (en) | Page code processing method and device, terminal equipment and medium | |
| CN113065656A (en) | Rule engine configuration method and device, server and readable storage medium | |
| CN106708704B (en) | Method and device for classifying crash logs | |
| CN113468212A (en) | Event execution method and device and electronic equipment | |
| CN107835228B (en) | Instruction processing method and device based on dynamic generalized routing | |
| CN110955409B (en) | Method and device for creating resources on cloud platform | |
| CN113448862B (en) | Software version testing method and device and computer equipment | |
| CN112947914A (en) | Code generation method and device based on model, computer equipment and medium | |
| CN115495142A (en) | Cloud resource arranging method and device, computer equipment and storage medium | |
| CN115437933A (en) | Automatic testing method and device, computer equipment and storage medium | |
| CN112783568A (en) | Initialization method, device, equipment and storage medium of application program | |
| CN111831365A (en) | Interface route forwarding method, system, computer equipment and readable storage medium | |
| CN112947907A (en) | Method for creating code branch | |
| CN111507676A (en) | Method, device, storage medium and system for establishing and implementing business order flow | |
| CN112631949B (en) | Debugging method and device, computer equipment and storage medium | |
| CN114637672A (en) | Automatic data testing method and device, computer equipment and storage medium | |
| CN110221952B (en) | Service data processing method and device and service data processing system | |
| CN114356290A (en) | Data processing method and device and computer readable storage medium | |
| CN113935847A (en) | Online process risk processing method, device, server and medium | |
| CN113377608A (en) | Method and device for alarming task abnormity, terminal equipment and storage medium | |
| CN114371866A (en) | Version reconfiguration test method, device and equipment of service system | |
| CN113886216A (en) | Interface test and tool configuration method, device, electronic equipment and storage medium | |
| CN111399842A (en) | Code compiling method and device | |
| CN113364773B (en) | Security identification method and device and electronic equipment | |
| CN116185425B (en) | Event flow arrangement method, device, equipment and medium based on node combination |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |