CN114397988A - Display method, device, system, electronic equipment and medium of safety analysis data - Google Patents

Display method, device, system, electronic equipment and medium of safety analysis data Download PDF

Info

Publication number
CN114397988A
CN114397988A CN202210062799.1A CN202210062799A CN114397988A CN 114397988 A CN114397988 A CN 114397988A CN 202210062799 A CN202210062799 A CN 202210062799A CN 114397988 A CN114397988 A CN 114397988A
Authority
CN
China
Prior art keywords
displaying
information
virus
network attack
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210062799.1A
Other languages
Chinese (zh)
Inventor
李淑一
韩永亮
李文娟
邵广玉
王洪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BOE Technology Group Co Ltd
Beijing Zhongxiangying Technology Co Ltd
Original Assignee
BOE Technology Group Co Ltd
Beijing Zhongxiangying Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BOE Technology Group Co Ltd, Beijing Zhongxiangying Technology Co Ltd filed Critical BOE Technology Group Co Ltd
Priority to CN202210062799.1A priority Critical patent/CN114397988A/en
Publication of CN114397988A publication Critical patent/CN114397988A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0481Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
    • G06F3/0482Interaction with lists of selectable items, e.g. menus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/32Monitoring with visual or acoustical indication of the functioning of the machine
    • G06F11/324Display of status information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • G06F3/04842Selection of displayed objects or displayed text elements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • G06F3/04847Interaction techniques to control parameter settings, e.g. interaction with sliders or dials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces

Abstract

The disclosure provides a method, a device, a system, electronic equipment and a medium for displaying safety analysis data, and belongs to the technical field of computers. The method comprises the following steps: in response to a user login, displaying a security analysis interface, the security analysis interface comprising at least: a safety data indicator and analysis function module, the analysis function module comprising at least: the system comprises an equipment management module, a virus information module, a network attack module and an event recording module; responding to the selection operation of the equipment management module, and displaying an equipment management list and equipment detail information; responding to the selection operation of the virus information module, and displaying a virus information list and virus detail information; responding to the selection operation of the network attack module, and displaying a network attack record list and network attack detail information; and responding to the selection operation of the event recording module, and displaying event recording information and event detail information. Therefore, the diversity of the display modes of the safety data indexes is improved.

Description

Display method, device, system, electronic equipment and medium of safety analysis data
Technical Field
The present disclosure relates to computer technologies, and in particular, to a method, an apparatus, a system, an electronic device, and a medium for displaying security analysis data.
Background
With market development, after enterprise security terminals and antivirus software systems are built, intercepted security risk data display, existing security risk problem display and security investment value embodiment are difficult to visually display through a large screen or the template is seriously fixed. According to the traditional system, viruses or attacks are intercepted only through a safety system, or equipment asset information is only counted, even if statistics and display can be carried out, the display effect is generally a fixed template, dynamic replacement cannot be achieved, or large-screen display cannot be replaced according to the intention of a client, labor cost is wasted, and the maintenance effect is not obvious.
Disclosure of Invention
Some embodiments of the present disclosure provide a method, an apparatus, a system, an electronic device, and a medium for displaying security analysis data, so as to solve the above technical problems as much as possible.
Some embodiments of the present disclosure provide a method for displaying security analysis data, including:
in response to a user login, displaying a security analysis interface, the security analysis interface comprising at least: a safety data indicator and analysis function module, the analysis function module comprising at least: the system comprises an equipment management module, a virus information module, a network attack module and an event recording module;
responding to the selection operation of the equipment management module, and displaying an equipment management list and equipment detail information;
responding to the selection operation of the virus information module, and displaying a virus information list and virus detail information;
responding to the selection operation of the network attack module, and displaying a network attack record list and network attack detail information;
and responding to the selection operation of the event recording module, and displaying event recording information and event detail information.
Optionally, the displaying the device management list and the device details includes:
displaying a device management interface, the device management interface comprising at least: an equipment management list and at least two equipment screening conditions;
in response to a selection operation of a target device screening condition in the at least two device screening conditions, screening device information in the device management list based on the target device screening condition;
responding to the selection operation of the target equipment information in the screened equipment management list, and displaying equipment detail information corresponding to the target equipment information;
wherein the device screening conditions comprise at least: all the devices, the devices under protection and/or the devices without protection.
Optionally, the displaying the virus information list and the virus details includes:
displaying a virus information interface, wherein the virus information interface at least comprises: a virus information list and at least two virus screening conditions;
responding to the selection operation of a target virus screening condition in the at least two virus screening conditions, and screening the virus information in the virus information list based on the target virus screening condition;
responding to the selection operation of the target virus information in the screened virus information list, and displaying virus detail information corresponding to the target virus information;
wherein the virus screening conditions comprise at least: at least one of a number of infected devices and a time of infecting the devices.
Optionally, the displaying the network attack record list and the network attack detail information includes:
displaying a network attack interface, wherein the network attack interface at least comprises: a network attack list and at least two network attack screening conditions;
in response to the selection operation of the target network attack screening condition in the at least two network attack screening conditions, screening the network attacks in the network attack list based on the target network attack screening condition;
responding to the selection operation of the target network attack in the screened network attack list, and displaying network attack detail information corresponding to the target network attack;
wherein the network attack screening conditions at least comprise: at least one of a number of cyber attacks and a cyber attack time.
Optionally, the displaying the event record information and the event detail information includes:
displaying an event logging interface, the event logging interface comprising at least: an event record list and at least two event record screening conditions;
in response to a selection operation of a target event record screening condition in the at least two event record screening conditions, screening the event records in the event record list based on the target event record screening condition;
responding to the selection operation of a target event record in the screened event record list, and displaying event record detail information corresponding to the target event record;
wherein the event record screening conditions include at least: at least one of a number of viral infections and an event recording time.
Optionally, the method further comprises:
responding to the creation operation of the safety analysis interface, and displaying a chart configuration interface;
responding to the input operation of the chart configuration interface, determining chart configuration parameters, and displaying an interactive information configuration interface;
responding to the input operation of the interactive information configuration interface, and determining a link configuration parameter;
responding to the selection operation of the release option, and acquiring security data based on the link configuration parameters;
carrying out statistical analysis on the safety data to obtain a safety analysis index;
and generating and issuing a safety analysis interface according to the chart configuration parameters and the safety analysis indexes.
Some embodiments of the present disclosure provide a display device of security analysis data, including:
a display module configured to display a security analysis interface in response to a user login, the security analysis interface including at least: a safety data indicator and analysis function module, the analysis function module comprising at least: the system comprises an equipment management module, a virus information module, a network attack module and an event recording module;
the response module is configured to respond to the selection operation of the equipment management module and display an equipment management list and equipment detail information;
responding to the selection operation of the virus information module, and displaying a virus information list and virus detail information;
responding to the selection operation of the network attack module, and displaying a network attack record list and network attack detail information;
and responding to the selection operation of the event recording module, and displaying event recording information and event detail information.
Optionally, the response module is further configured to:
displaying a device management interface, the device management interface comprising at least: an equipment management list and at least two equipment screening conditions;
in response to a selection operation of a target device screening condition in the at least two device screening conditions, screening device information in the device management list based on the target device screening condition;
responding to the selection operation of the target equipment information in the screened equipment management list, and displaying equipment detail information corresponding to the target equipment information;
wherein the device screening conditions comprise at least: all the devices, the devices under protection and/or the devices without protection.
Optionally, the response module is further configured to:
displaying a virus information interface, wherein the virus information interface at least comprises: a virus information list and at least two virus screening conditions;
responding to the selection operation of a target virus screening condition in the at least two virus screening conditions, and screening the virus information in the virus information list based on the target virus screening condition;
responding to the selection operation of the target virus information in the screened virus information list, and displaying virus detail information corresponding to the target virus information;
wherein the virus screening conditions comprise at least: at least one of a number of infected devices and a time of infecting the devices.
Optionally, the response module is further configured to:
displaying a network attack interface, wherein the network attack interface at least comprises: a network attack list and at least two network attack screening conditions;
in response to the selection operation of the target network attack screening condition in the at least two network attack screening conditions, screening the network attacks in the network attack list based on the target network attack screening condition;
responding to the selection operation of the target network attack in the screened network attack list, and displaying network attack detail information corresponding to the target network attack;
wherein the network attack screening conditions at least comprise: at least one of a number of cyber attacks and a cyber attack time.
Optionally, the response module is further configured to:
displaying an event logging interface, the event logging interface comprising at least: an event record list and at least two event record screening conditions;
in response to a selection operation of a target event record screening condition in the at least two event record screening conditions, screening the event records in the event record list based on the target event record screening condition;
responding to the selection operation of a target event record in the screened event record list, and displaying event record detail information corresponding to the target event record;
wherein the event record screening conditions include at least: at least one of a number of viral infections and an event recording time.
Optionally, the apparatus further comprises: a creation module configured to:
responding to the creation operation of the safety analysis interface, and displaying a chart configuration interface;
responding to the input operation of the chart configuration interface, determining chart configuration parameters, and displaying an interactive information configuration interface;
responding to the input operation of the interactive information configuration interface, and determining a link configuration parameter;
responding to the selection operation of the release option, and acquiring security data based on the link configuration parameters;
carrying out statistical analysis on the safety data to obtain a safety analysis index;
and generating and issuing a safety analysis interface according to the chart configuration parameters and the safety analysis indexes.
Some embodiments of the present disclosure provide a security analysis display system, the system comprising: an edge layer and a safety analysis display platform;
the edge layer is configured to gather security data from the data source;
the security analysis presentation platform is configured to obtain the security data from the edge layer according to a link configuration parameter; carrying out statistical analysis on the safety data to obtain safety index data; sending the safety index data to the display equipment; and displaying a safety analysis interface containing the safety index data based on the display method of the safety analysis data.
Some embodiments of the present disclosure provide a computing processing device comprising:
a memory having computer readable code stored therein;
one or more processors that, when the computer readable code is executed by the one or more processors, the computing processing device performs the method for presenting security analytics data as described above.
Some embodiments of the present disclosure provide a computer program comprising computer readable code which, when run on a computing processing device, causes the computing processing device to perform a method of presenting security analysis data as described above.
Some embodiments of the present disclosure provide a computer-readable medium in which the method of presenting security analysis data as described above is stored.
According to the method, the device, the system, the electronic equipment and the medium for displaying the safety analysis data, the safety analysis interface containing the safety index data is displayed for a user to check after the user logs in, the equipment management module, the virus information module, the network attack module and the event recording module are provided for the user to further analyze and count the safety index data, and the diversity of the display mode of the safety data index is improved.
The foregoing description is only an overview of the technical solutions of the present disclosure, and the embodiments of the present disclosure are described below in order to make the technical means of the present disclosure more clearly understood and to make the above and other objects, features, and advantages of the present disclosure more clearly understandable.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present disclosure, and other drawings can be obtained according to the drawings without creative efforts for those skilled in the art.
Fig. 1 schematically illustrates a flow chart of a method for displaying security analysis data according to some embodiments of the present disclosure;
FIG. 2 is an interface diagram schematically illustrating a method for displaying security analysis data according to some embodiments of the present disclosure;
fig. 3 schematically illustrates one of the flow diagrams of another method for presenting security analysis data according to some embodiments of the present disclosure;
FIG. 4 schematically illustrates one of the interface diagrams of another method for presenting security analysis data provided by some embodiments of the present disclosure;
fig. 5 schematically illustrates a second interface diagram of another method for displaying security analysis data according to some embodiments of the present disclosure;
fig. 6 schematically illustrates a second flow chart of another method for displaying security analysis data according to some embodiments of the present disclosure;
fig. 7 schematically illustrates a third interface diagram of another method for displaying security analysis data according to some embodiments of the present disclosure;
FIG. 8 schematically illustrates a fourth interface diagram of another method for presenting security analysis data provided by some embodiments of the present disclosure;
fig. 9 schematically illustrates a third flowchart of another method for displaying security analysis data according to some embodiments of the present disclosure;
FIG. 10 schematically illustrates a fifth interface diagram of another method for presenting security analysis data provided by some embodiments of the present disclosure;
fig. 11 schematically illustrates a sixth interface diagram of another method for displaying security analysis data according to some embodiments of the present disclosure;
fig. 12 schematically illustrates a fourth flowchart of another method for displaying security analysis data according to some embodiments of the present disclosure;
fig. 13 schematically illustrates a seventh interface diagram of another method for displaying security analysis data according to some embodiments of the present disclosure;
fig. 14 schematically illustrates a fifth flowchart of another method for displaying security analysis data according to some embodiments of the present disclosure;
fig. 15 schematically illustrates an eighth interface diagram of another method for displaying security analysis data according to some embodiments of the present disclosure;
fig. 16 schematically illustrates a ninth interface diagram of another method for displaying security analysis data according to some embodiments of the present disclosure;
FIG. 17 schematically illustrates ten interface diagrams of another method for presenting security analysis data provided by some embodiments of the present disclosure;
FIG. 18 is a schematic structural diagram illustrating a presentation system for security analysis data according to some embodiments of the present disclosure;
fig. 19 schematically illustrates a structural diagram of a display device for security analysis data according to some embodiments of the present disclosure;
FIG. 20 schematically illustrates a block diagram of a computing processing device for performing a method according to some embodiments of the present disclosure;
fig. 21 schematically illustrates a memory unit for holding or carrying program code implementing methods according to some embodiments of the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
Fig. 1 schematically shows a flow chart of a method for displaying security analysis data provided by the present disclosure, including:
step 101, responding to user login, displaying a security analysis interface, wherein the security analysis interface at least comprises: a safety data indicator and analysis function module, the analysis function module comprising at least: the device comprises a device management module, a virus information module, a network attack module and an Event Data Recorder (EDR).
In the embodiment of the disclosure, when a user logs in, the user can select whether to automatically jump to a default security analysis interface in a login interface, if so, the user automatically jumps to the default security analysis interface after logging in, obtains security data from a corresponding data source through preset link configuration parameters and draws the security analysis interface for display, and otherwise, the user directly enters a menu link of background management for the user to create the security analysis interface for use.
Referring to fig. 2, the security analysis interface includes chart information of risk ranking, illegal access near condition, asset level comparison, asset collapse rate, abnormal behavior asset ranking, threat warning ranking and risk trend for different viruses, and also includes statistical indexes of total number of assets, abnormal behavior, threat warning, illegal access and collapse assets and a total security index obtained based on statistical analysis.
And 102, responding to the selection operation of the equipment management module, and displaying an equipment management list and equipment detail information.
In the embodiment of the present disclosure, the device management module is a functional module for a user to view monitored device assets, and includes not only a device management list, but also device information can be screened and device detail information corresponding to the device information can be viewed through table condition screening.
And 103, responding to the selection operation of the virus information module, and displaying a virus information list and virus detail information.
In the embodiment of the present disclosure, the virus information module is a functional module for a user to view monitored virus information, and includes not only a virus information list, but also a table condition screening to screen virus information and view virus detail information corresponding to the virus information.
And 104, responding to the selection operation of the network attack module, and displaying a network attack record list and network attack detail information.
In the embodiment of the present disclosure, the network attack module is a functional module for a user to view the monitored network attack, and includes not only a network attack list, but also a table condition screening to screen the network attack information and view the network attack detail information corresponding to the network attack event.
And 105, responding to the selection operation of the event recording module, and displaying the event recording information and the event detail information.
In the embodiment of the present disclosure, the event recording module is a functional module for a user to view monitored event records related to network security events, and includes event recording information, and can filter event records and view event detail information corresponding to event records through table condition filtering.
According to the embodiment of the invention, the security analysis interface containing the security index data is displayed for the user to check after the user logs in, and the equipment management module, the virus information module, the network attack module and the event recording module are provided for the user to further analyze and count the security index data, so that the diversity of the display mode of the security data index is improved.
Optionally, referring to fig. 3, the step 102 includes:
step 1021, displaying a device management interface, where the device management interface at least includes: a device management list and at least two device screening conditions.
Step 1022, in response to the selection operation of the target device screening condition in the at least two device screening conditions, performing screening on the device information in the device management list based on the target device screening condition.
Step 1023, responding to the selection operation of the target device information in the filtered device management list, and displaying the device detail information corresponding to the target device information, wherein the device filtering condition at least comprises: all the devices, the devices under protection and/or the devices without protection.
In the embodiment of the present disclosure, referring to fig. 4, a security analysis interface described in fig. 2 may jump to a device management interface, where a header of a device management list includes a serial number, a device name, an IP address, an operating system, a domain name, whether to protect, and an operation option. All the equipment selection controls, the protected equipment selection controls and the unprotected equipment selection controls are arranged above the equipment management list, so that a user can input equipment screening conditions by executing setting operation on each control. For example, the user may screen the device information in the device management list by clicking at least one of all device selection controls, a protected device selection control, and an unprotected device selection control. The query control corresponds to a query condition input box, and the query condition input box displays a word of 'please input device name/IP', and is used for inputting the device name/IP address of the specific device so as to view the information of the specific device.
Further, the user may jump to the interface illustrated in fig. 5 to display the device detail information corresponding to the target device information after selecting and inputting the target device information in the device management list, where the device detail information includes not only the device information but also an infection list corresponding to the device, where the infection list includes a malicious program name, an infected file hash value, an infection date, a processing result, and the like, and the setting may be specifically set according to actual requirements, and is not limited herein.
Optionally, referring to fig. 6, the step 103 includes:
step 1031, displaying a virus information interface, wherein the virus information interface at least comprises: a list of virus information and at least two virus screening conditions.
Step 1032, in response to the selection operation of the target virus screening condition in the at least two virus screening conditions, screening the virus information in the virus information list based on the target virus screening condition.
Step 1033, in response to the selection operation on the target virus information in the screened virus information list, displaying the virus detail information corresponding to the target virus information, where the virus screening condition at least includes: at least one of a number of infected devices and a time of infecting the devices.
In this disclosure, referring to fig. 7, the security analysis interface illustrated in fig. 2 may jump to a virus information interface, where a header of the virus information list includes a malicious program name, an infected device name, an infected IP, an infected date, a processing result, and an operation option, an equipment screening condition is above the virus information list, and a user may screen virus information in the virus information list by inputting a data volume of the infected device and a time of the infected device, or may check specific virus information through an upper query control.
Further, the user may jump to the interface illustrated in fig. 8 to display the virus detail information corresponding to the target virus information after selecting and inputting the target virus information in the virus information list, where the virus detail information includes not only the virus information but also virus information corresponding to the virus, including virus ID, malicious link, creation time, last update, IP, popularity, most affected country, and the like, and may be specifically set according to actual requirements, and the setting is not limited herein.
Optionally, referring to fig. 9, the step 104 includes:
step 1041, displaying a network attack interface, where the network attack interface at least includes: a network attack list and at least two network attack screening conditions.
Step 1042, in response to the operation of selecting the target network attack screening condition of the at least two network attack screening conditions, screening the network attacks in the network attack list based on the target network attack screening condition.
Step 1043, responding to the selection operation of the target network attack in the screened network attack list, and displaying the network attack detail information corresponding to the target network attack, wherein the network attack screening condition at least includes: at least one of a number of cyber attacks and a cyber attack time.
In this disclosure, referring to fig. 10, the security analysis interface described in fig. 2 may jump to a network attack interface, where a header of the network attack list includes a source IP, a destination IP, a device attack device name, an attack port, an attack type, attack time, an identifier, and an operation option, a device screening condition is above the network attack list, and a user may screen the network attacks in the network attack list by inputting the number of the network attacks and the network attack time, or may check a specific network attack through an upper query control.
Further, the user may select and input a target network attack in the network attack list and then jump to the interface illustrated in fig. 11 to display details of the network attack corresponding to the target network attack, where the details include not only the network attack, but also network attack information corresponding to the network attack, including a virus ID, a malicious link, creation time, last update, an IP, a popularity, a most affected country, and the like, and may be specifically set according to actual requirements, which is not limited herein.
Optionally, referring to fig. 12, the step 105 includes:
step 1051, displaying an event recording interface, wherein the event recording interface at least comprises: a list of event records and at least two event record filtering conditions.
Step 1052, in response to the selecting operation on the target event record screening condition of the at least two event record screening conditions, screening the event records in the event record list based on the target event record screening condition.
Step 1053, responding to the selection operation of the target event record in the filtered event record list, and displaying the event record detail information corresponding to the target event record, wherein the event record filtering condition at least includes: at least one of a number of viral infections and an event recording time.
In an embodiment of the present disclosure, referring to fig. 13, a jump may be made from the security analysis interface described in fig. 2 to the event logging interface. The head of the event record list comprises a serial number, a behavior name, an equipment name, a danger level, time, identification and operation, and an input control for inputting the number of infected equipment and the infection time is arranged above the event record list so as to input equipment screening conditions. The user can filter the events recorded in the event record list by inputting the number of devices infected by the virus and the recording time of the infection event. Of course, the specific event record can be viewed through the upper query control. The query control corresponds to a query condition input box, and the query condition input box displays a word of 'please input source IP/attack type', and is used for inputting a source IP address and a virus type of equipment for initiating the attack by the virus, so that a user can record and audit computer behaviors, and can trace and analyze found problems.
Optionally, referring to fig. 14, the method further includes:
step 201, responding to the creation operation of the safety analysis interface, and displaying a chart configuration interface.
Step 202, responding to the input operation of the chart configuration interface, determining chart configuration parameters, and displaying an interactive information configuration interface.
Step 203, responding to the input operation of the interactive information configuration interface, and determining link configuration parameters.
And step 204, responding to the selection operation of the release option, and acquiring the security data based on the link configuration parameters.
And step 205, performing statistical analysis on the safety data to obtain a safety analysis index.
And step 206, generating and issuing a safety analysis interface according to the chart configuration parameters and the safety analysis indexes.
In the embodiment of the present disclosure, when a scene creation operation of creating a security analysis interface newly input by a user is received, the user jumps to the icon configuration interface as shown in fig. 15, so as to perform configuration operations of chart attributes, data, and the like, where the left side is a configuration control of various configuration parameters, and the right side is an effect display interface based on different configuration parameters.
After completing the chart configuration, the user may further add links to the data source through the interactive information configuration interface illustrated in fig. 16, where the link configuration control on the left side may be used for the user to select whether to open the links, select whether the links are external links or internal links, and input specific links. And the right side is the illegal access approximate condition of the input link so as to conveniently jump to a detailed interface corresponding to the safety data index in the safety analysis interface.
After the development of the security data interface is completed, a user can check the configured effect graph of the security analysis interface by clicking the browsing option at the upper right corner, or directly release the security analysis interface by clicking the release option at the upper right corner, so as to obtain the link and the verification information, and the security analysis interface is used as a default interface entered when the user logs in.
After the release of the security analysis interface is completed, a release detail interface shown in fig. 17 may be displayed, where the release state of the security analysis interface may be configured, and whether the security analysis interface is used as a configuration option of a home page, and a view voucher token of the security analysis interface and a sharing link of the security analysis interface are provided.
Fig. 18 schematically illustrates a structural diagram of a display system of security analysis data provided by the present disclosure, which includes an edge layer 302 communicatively connected to a data source 303, and a security analysis display platform 301 communicatively connected to the edge layer 302;
the edge layer 302 is configured to gather security data from the data sources;
in the disclosed embodiments, the data source may be a KAS, a weblog or traffic, a data file, or the like. The collected data source can not be directly put in storage and needs to be operated later. The edge layer 302 is used for data acquisition, original data analysis and data authentication, so that the safety of data communication is ensured, and the subsequent data operation is facilitated.
Furthermore, the edge layer is a bridging module of the firewall system and the industrial control platform, and has the main functions of collecting and analyzing data and providing basic data for analysis and display of a large screen. Meanwhile, the edge layer module supports independent deployment, and the module can be deployed independently at a plurality of places in the implementation process so as to collect and summarize data of the plurality of places.
The following briefly introduces the flow of collecting the device, virus and network attack data of the firewall system by the lower insulating layer module.
The equipment data is mainly obtained through an asset database of the real-time synchronous firewall system, and a virus list infected by the equipment is further obtained through equipment name association equipment data and virus data.
The virus information is essentially the behavior log information recorded by the firewall system when the device is infected by the virus. The firewall system server sends the behavior log of the virus to the edge layer through a TCP protocol, then the edge layer analyzes the received data, and the analyzed data is sent to a database of the platform through Kafka.
The network attack data is mainly divided into two types, one type is monitored network flow data, the other type is data collected from a firewall system terminal, the partial data is also transmitted to an edge layer through a TCP protocol, and the data is sent to a database of a platform after being analyzed by the edge layer.
The security analysis presentation platform 301 is configured to obtain the security data from the edge layer according to a link configuration parameter; carrying out statistical analysis on the safety data to obtain safety index data; sending the safety index data to the display equipment; displaying a security analysis interface including the security index data based on the method for displaying security analysis data according to any one of claims 1 to 6.
In the embodiment of the present disclosure, the data communication includes an action that when a component is changed, other components having events received will respond by receiving an event value transmitted by eventBus through an eventBus event bus principle when the data authority is selected, where the action of responding is to request API interface data again.
The default security analysis interface is set whether to automatically forward to an entry page of a default preview large screen when a user logs in when the 'my large screen' is published; if the user selects 'set home page' when the user releases the large screen, the user can jump to the default large screen after logging in, and enter the corresponding routing page after clicking the link by configuring the large screen link; otherwise, directly entering the background management first menu link. The safety analysis interface is used for drawing the chart to a blank canvas in a dragging and pulling mode, and changing the style and display of the chart by configuring the attribute of the chart; the real-time display of the comprehensive situation and the industrial control situation data is realized by configuring four different data sources (static data, CSV files, API interface mode and database mode).
Fig. 19 schematically shows a structural diagram of a display device 50 for security analysis data provided by the present disclosure, including:
a display module 401 configured to display a security analysis interface in response to a user login, the security analysis interface including at least: a safety data indicator and analysis function module, the analysis function module comprising at least: the system comprises an equipment management module, a virus information module, a network attack module and an event recording module;
a response module 402 configured to display a device management list and device detail information in response to a selection operation for the device management module;
responding to the selection operation of the virus information module, and displaying a virus information list and virus detail information;
responding to the selection operation of the network attack module, and displaying a network attack record list and network attack detail information;
and responding to the selection operation of the event recording module, and displaying event recording information and event detail information.
Optionally, the response module 402 is further configured to:
displaying a device management interface, the device management interface comprising at least: an equipment management list and at least two equipment screening conditions;
in response to a selection operation of a target device screening condition in the at least two device screening conditions, screening device information in the device management list based on the target device screening condition;
responding to the selection operation of the target equipment information in the screened equipment management list, and displaying equipment detail information corresponding to the target equipment information;
wherein the device screening conditions comprise at least: all the devices, the devices under protection and/or the devices without protection.
Optionally, the response module 402 is further configured to:
displaying a virus information interface, wherein the virus information interface at least comprises: a virus information list and at least two virus screening conditions;
responding to the selection operation of a target virus screening condition in the at least two virus screening conditions, and screening the virus information in the virus information list based on the target virus screening condition;
responding to the selection operation of the target virus information in the screened virus information list, and displaying virus detail information corresponding to the target virus information;
wherein the virus screening conditions comprise at least: at least one of a number of infected devices and a time of infecting the devices.
Optionally, the response module 402 is further configured to:
displaying a network attack interface, wherein the network attack interface at least comprises: a network attack list and at least two network attack screening conditions;
in response to the selection operation of the target network attack screening condition in the at least two network attack screening conditions, screening the network attacks in the network attack list based on the target network attack screening condition;
responding to the selection operation of the target network attack in the screened network attack list, and displaying network attack detail information corresponding to the target network attack;
wherein the network attack screening conditions at least comprise: at least one of a number of cyber attacks and a cyber attack time.
Optionally, the response module 402 is further configured to:
displaying an event logging interface, the event logging interface comprising at least: an event record list and at least two event record screening conditions;
in response to a selection operation of a target event record screening condition in the at least two event record screening conditions, screening the event records in the event record list based on the target event record screening condition;
responding to the selection operation of a target event record in the screened event record list, and displaying event record detail information corresponding to the target event record;
wherein the event record screening conditions include at least: at least one of a number of viral infections and an event recording time.
Optionally, the apparatus further comprises: a creation module configured to:
responding to the creation operation of the safety analysis interface, and displaying a chart configuration interface;
responding to the input operation of the chart configuration interface, determining chart configuration parameters, and displaying an interactive information configuration interface;
responding to the input operation of the interactive information configuration interface, and determining a link configuration parameter;
responding to the selection operation of the release option, and acquiring security data based on the link configuration parameters;
carrying out statistical analysis on the safety data to obtain a safety analysis index;
and generating and issuing a safety analysis interface according to the chart configuration parameters and the safety analysis indexes.
According to the embodiment of the invention, the security analysis interface containing the security index data is displayed for the user to check after the user logs in, and the equipment management module, the virus information module, the network attack module and the event recording module are provided for the user to further analyze and count the security index data, so that the diversity of the display mode of the security data index is improved.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Various component embodiments of the disclosure may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components in a computing processing device according to embodiments of the present disclosure. The present disclosure may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present disclosure may be stored on a computer-readable medium or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
For example, FIG. 20 illustrates a computing processing device that may implement methods in accordance with the present disclosure. The computing processing device conventionally includes a processor 510 and a computer program product or computer-readable medium in the form of a memory 520. The memory 520 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. The memory 520 has a memory space 530 for program code 531 for performing any of the method steps in the method described above. For example, the storage space 530 for the program code may include respective program codes 531 for implementing various steps in the above method, respectively. The program code can be read from or written to one or more computer program products. These computer program products comprise a program code carrier such as a hard disk, a Compact Disc (CD), a memory card or a floppy disk. Such a computer program product is typically a portable or fixed storage unit as described with reference to fig. 21. The memory unit may have memory segments, memory spaces, etc. arranged similarly to the memory 520 in the computing processing device of fig. 20. The program code may be compressed, for example, in a suitable form. Typically, the memory unit comprises computer readable code 531', i.e. code that can be read by a processor, such as 510, for example, which when executed by a computing processing device causes the computing processing device to perform the steps of the method described above.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
Reference herein to "one embodiment," "an embodiment," or "one or more embodiments" means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present disclosure. Moreover, it is noted that instances of the word "in one embodiment" are not necessarily all referring to the same embodiment.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the disclosure may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The disclosure may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solutions of the present disclosure, not to limit them; although the present disclosure has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present disclosure.

Claims (10)

1. A method for displaying security analysis data is characterized by comprising the following steps:
in response to a user login, displaying a security analysis interface, the security analysis interface comprising at least: a safety data indicator and analysis function module, the analysis function module comprising at least: the system comprises an equipment management module, a virus information module, a network attack module and an event recording module;
responding to the selection operation of the equipment management module, and displaying an equipment management list and equipment detail information;
responding to the selection operation of the virus information module, and displaying a virus information list and virus detail information;
responding to the selection operation of the network attack module, and displaying a network attack record list and network attack detail information;
and responding to the selection operation of the event recording module, and displaying event recording information and event detail information.
2. The method of claim 1, wherein displaying the device management list and the device details comprises:
displaying a device management interface, the device management interface comprising at least: an equipment management list and at least two equipment screening conditions;
in response to a selection operation of a target device screening condition in the at least two device screening conditions, screening device information in the device management list based on the target device screening condition;
responding to the selection operation of the target equipment information in the screened equipment management list, and displaying equipment detail information corresponding to the target equipment information;
wherein the device screening conditions comprise at least: all the devices, the devices under protection and/or the devices without protection.
3. The method of claim 1, wherein displaying the list of virus information and the details of the virus comprises:
displaying a virus information interface, wherein the virus information interface at least comprises: a virus information list and at least two virus screening conditions;
responding to the selection operation of a target virus screening condition in the at least two virus screening conditions, and screening the virus information in the virus information list based on the target virus screening condition;
responding to the selection operation of the target virus information in the screened virus information list, and displaying virus detail information corresponding to the target virus information;
wherein the virus screening conditions comprise at least: at least one of a number of infected devices and a time of infecting the devices.
4. The method according to claim 1, wherein the displaying the network attack record list and the network attack detail information comprises:
displaying a network attack interface, wherein the network attack interface at least comprises: a network attack list and at least two network attack screening conditions;
in response to the selection operation of the target network attack screening condition in the at least two network attack screening conditions, screening the network attacks in the network attack list based on the target network attack screening condition;
responding to the selection operation of the target network attack in the screened network attack list, and displaying network attack detail information corresponding to the target network attack;
wherein the network attack screening conditions at least comprise: at least one of a number of cyber attacks and a cyber attack time.
5. The method of claim 1, wherein displaying the event record information and the event detail information comprises:
displaying an event logging interface, the event logging interface comprising at least: an event record list and at least two event record screening conditions;
in response to a selection operation of a target event record screening condition in the at least two event record screening conditions, screening the event records in the event record list based on the target event record screening condition;
responding to the selection operation of a target event record in the screened event record list, and displaying event record detail information corresponding to the target event record;
wherein the event record screening conditions include at least: at least one of a number of viral infections and an event recording time.
6. The method of claim 1, further comprising:
responding to the creation operation of the safety analysis interface, and displaying a chart configuration interface;
responding to the input operation of the chart configuration interface, determining chart configuration parameters, and displaying an interactive information configuration interface;
responding to the input operation of the interactive information configuration interface, and determining a link configuration parameter;
responding to the selection operation of the release option, and acquiring security data based on the link configuration parameters;
carrying out statistical analysis on the safety data to obtain a safety analysis index;
and generating and issuing a safety analysis interface according to the chart configuration parameters and the safety analysis indexes.
7. A display device for safety analysis data is characterized in that,
a display module configured to display a security analysis interface in response to a user login, the security analysis interface including at least: a safety data indicator and analysis function module, the analysis function module comprising at least: the system comprises an equipment management module, a virus information module, a network attack module and an event recording module;
the response module is configured to respond to the selection operation of the equipment management module and display an equipment management list and equipment detail information;
responding to the selection operation of the virus information module, and displaying a virus information list and virus detail information;
responding to the selection operation of the network attack module, and displaying a network attack record list and network attack detail information;
and responding to the selection operation of the event recording module, and displaying event recording information and event detail information.
8. A security analysis display system, the system comprising: an edge layer and a safety analysis display platform;
the edge layer is configured to gather security data from the data source;
the security analysis presentation platform is configured to obtain the security data from the edge layer according to a link configuration parameter; carrying out statistical analysis on the safety data to obtain safety index data; sending the safety index data to the display equipment; displaying a security analysis interface including the security index data based on the method for displaying security analysis data according to any one of claims 1 to 6.
9. A computing processing device, comprising:
a memory having computer readable code stored therein;
one or more processors that, when the computer readable code is executed by the one or more processors, the computing processing device performs the method for presentation of security analytics data as claimed in any one of claims 1 to 6.
10. A non-transitory computer-readable medium in which a computer program of the method for presenting security analysis data according to any one of claims 1 to 6 is stored.
CN202210062799.1A 2022-01-19 2022-01-19 Display method, device, system, electronic equipment and medium of safety analysis data Pending CN114397988A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210062799.1A CN114397988A (en) 2022-01-19 2022-01-19 Display method, device, system, electronic equipment and medium of safety analysis data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210062799.1A CN114397988A (en) 2022-01-19 2022-01-19 Display method, device, system, electronic equipment and medium of safety analysis data

Publications (1)

Publication Number Publication Date
CN114397988A true CN114397988A (en) 2022-04-26

Family

ID=81230173

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210062799.1A Pending CN114397988A (en) 2022-01-19 2022-01-19 Display method, device, system, electronic equipment and medium of safety analysis data

Country Status (1)

Country Link
CN (1) CN114397988A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115391419A (en) * 2022-08-12 2022-11-25 杭州易靓好车互联网科技有限公司 Asset quality statistical method and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115391419A (en) * 2022-08-12 2022-11-25 杭州易靓好车互联网科技有限公司 Asset quality statistical method and device

Similar Documents

Publication Publication Date Title
US11196636B2 (en) Systems and methods for network data flow aggregation
JP6201614B2 (en) Log analysis apparatus, method and program
CN107295021B (en) Security detection method and system of host based on centralized management
EP3726410B1 (en) Interpretation device, interpretation method and interpretation program
CN107579956B (en) User behavior detection method and device
CN109600441B (en) Alliance link information publishing control method and terminal equipment
CN107005544A (en) For network analysis and the system and method for report
KR101503701B1 (en) Method and Apparatus for Protecting Information Based on Big Data
CN110691080B (en) Automatic tracing method, device, equipment and medium
CN111131253A (en) Scene-based security event global response method, device, equipment and storage medium
CN107547490B (en) Scanner identification method, device and system
CN111131221B (en) Interface checking device, method and storage medium
JP6932779B2 (en) Methods and systems to verify that detection results are valid
CN110535806A (en) Monitor method, apparatus, equipment and the computer storage medium of abnormal website
CN112118261B (en) Session illegal access detection method and device
CN109783316B (en) Method and device for identifying tampering behavior of system security log, storage medium and computer equipment
CN112688806A (en) Method and system for presenting network assets
CN111221625A (en) File detection method, device and equipment
CN104486320B (en) Intranet sensitive information leakage evidence-obtaining system and method based on sweet network technology
CN104640105A (en) Method and system for mobile phone virus analyzing and threat associating
CN111404937B (en) Method and device for detecting server vulnerability
CN107423090B (en) Flash player abnormal log management method and system
CN114397988A (en) Display method, device, system, electronic equipment and medium of safety analysis data
CN115766258B (en) Multi-stage attack trend prediction method, equipment and storage medium based on causal relationship graph
CN110191097B (en) Method, system, equipment and storage medium for detecting security of login page

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination