CN114513334A - Risk management method and risk management device - Google Patents
Risk management method and risk management device Download PDFInfo
- Publication number
- CN114513334A CN114513334A CN202210036448.3A CN202210036448A CN114513334A CN 114513334 A CN114513334 A CN 114513334A CN 202210036448 A CN202210036448 A CN 202210036448A CN 114513334 A CN114513334 A CN 114513334A
- Authority
- CN
- China
- Prior art keywords
- risk
- monitored
- preset
- monitoring
- devices
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 83
- 238000012544 monitoring process Methods 0.000 claims abstract description 91
- 238000012502 risk assessment Methods 0.000 claims abstract description 58
- 238000000034 method Methods 0.000 claims abstract description 40
- 230000015654 memory Effects 0.000 claims description 38
- 238000012545 processing Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 7
- 238000003860 storage Methods 0.000 claims description 7
- 230000006870 function Effects 0.000 description 13
- 238000010586 diagram Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000001737 promoting effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The application provides a risk management method and a risk management device, relates to the field of network security, and can carry out unified risk management on equipment so as to improve the security of a network system. The method comprises the following steps: acquiring device names and Internet Protocol (IP) addresses of a plurality of devices to be monitored; monitoring the plurality of devices to be monitored based on a preset monitoring rule to obtain monitoring data, wherein the preset monitoring rule comprises the step of collecting different monitoring data for the devices to be monitored of different device types; performing risk analysis on the multiple devices to be monitored based on the monitoring data to obtain multiple risk analysis results, wherein the multiple risk analysis results are used for representing the risk level of each device to be monitored in the multiple devices to be monitored, and the risk levels comprise critical, high-risk, medium-risk and low-risk; and selecting the risk analysis result meeting a preset reporting rule from the plurality of risk analysis results and reporting the risk analysis result.
Description
Technical Field
The present application relates to the field of network security, and in particular, to a risk management method and a risk management apparatus.
Background
The information technology of a new generation is deeply integrated with the economic performance of an entity, the rapid development of the industrial internet becomes an important basis for promoting and manufacturing the strong country and the network strong country, but the importance and the urgency of the information security work of the industrial internet are more prominent due to the characteristics of openness, cross-domain and interconnection. Therefore, the industrial internet safety supervision work is well done, the industrial internet safety public service capacity is enhanced, the industrial internet safety technological innovation and the industrial development are promoted, and the method is an important work for enhancing the national industrial internet safety guarantee.
Therefore, it is desirable to provide a risk management method for performing unified risk management on devices in a network system to improve the security of the network system.
Disclosure of Invention
The application provides a risk management method and a risk management testing device, which can carry out unified risk management on equipment, thereby improving the safety of a network system.
In a first aspect, a risk management method is provided, including: acquiring device names and Internet Protocol (IP) addresses of a plurality of devices to be monitored; monitoring the plurality of devices to be monitored based on a preset monitoring rule to obtain monitoring data, wherein the preset monitoring rule comprises the step of collecting different monitoring data for the devices to be monitored of different device types; performing risk analysis on the multiple devices to be monitored based on the monitoring data to obtain multiple risk analysis results, wherein the multiple risk analysis results are used for representing the risk level of each device to be monitored in the multiple devices to be monitored, and the risk levels comprise critical, high-risk, medium-risk and low-risk; and selecting the risk analysis result meeting a preset reporting rule from the plurality of risk analysis results and reporting the risk analysis result.
In the application, the risk management device can obtain the monitoring data by monitoring the devices to be monitored, perform risk analysis on the corresponding devices to be monitored based on the monitoring data, and obtain and display a plurality of risk analysis results, wherein the plurality of risk analysis results are used for representing the risk level of each device to be monitored in the plurality of devices to be monitored, that is, the application can perform unified risk management on the devices, thereby improving the security of the network system.
With reference to the first aspect, in some implementation manners of the first aspect, the preset reporting rule includes: the method comprises the steps of presetting an IP address, a preset time period, a preset risk level or a preset data source.
With reference to the first aspect, in certain implementations of the first aspect, the monitoring data includes at least one of: CPU usage, memory occupancy, disk usage, system disk usage, number of connections, traffic, interface status, or device online status.
With reference to the first aspect, in certain implementations of the first aspect, the device type includes at least one of: a network device, a security device, a host device, or a server.
In a second aspect, a risk management apparatus is provided, which includes an obtaining module and a processing module, where the obtaining module is configured to: acquiring device names and Internet Protocol (IP) addresses of a plurality of devices to be monitored; the processing module is used for: monitoring the plurality of devices to be monitored based on a preset monitoring rule to obtain monitoring data, wherein the preset monitoring rule comprises the step of collecting different monitoring data for the devices to be monitored of different device types; performing risk analysis on the multiple devices to be monitored based on the monitoring data to obtain multiple risk analysis results, wherein the multiple risk analysis results are used for representing the risk level of each device to be monitored in the multiple devices to be monitored, and the risk levels comprise critical, high-risk, medium-risk and low-risk; and selecting the risk analysis result meeting a preset reporting rule from the plurality of risk analysis results and reporting the risk analysis result.
With reference to the second aspect, in some implementation manners of the second aspect, the preset reporting rule includes: the method comprises the steps of presetting an IP address, a preset time period, a preset risk level or a preset data source.
With reference to the second aspect, in certain implementations of the second aspect, the monitoring data includes at least one of: CPU usage, memory occupancy, disk usage, system disk usage, number of connections, traffic, interface status, or device online status.
With reference to the second aspect, in certain implementations of the second aspect, the device type includes at least one of: a network device, a security device, a host device, or a server.
In a third aspect, a processor is provided, including: input circuit, output circuit and processing circuit. The processing circuit is configured to receive a signal via the input circuit and transmit a signal via the output circuit, so that the processor performs the method of any one of the possible implementations of the first aspect.
In a specific implementation process, the processor may be a chip, the input circuit may be an input pin, the output circuit may be an output pin, and the processing circuit may be a transistor, a gate circuit, a flip-flop, various logic circuits, and the like. The input signal received by the input circuit may be received and input by, for example and without limitation, a receiver, the signal output by the output circuit may be output to and transmitted by a transmitter, for example and without limitation, and the input circuit and the output circuit may be the same circuit that functions as the input circuit and the output circuit, respectively, at different times. The embodiment of the present application does not limit the specific implementation manner of the processor and various circuits.
In a fourth aspect, a processing apparatus is provided that includes a processor and a memory. The processor is configured to read instructions stored in the memory, and may receive signals via the receiver and transmit signals via the transmitter to perform the method of any one of the possible implementations of the first aspect.
Optionally, there are one or more processors and one or more memories.
Alternatively, the memory may be integrated with the processor, or provided separately from the processor.
In a specific implementation process, the memory may be a non-transient memory, such as a Read Only Memory (ROM), which may be integrated on the same chip as the processor, or may be separately disposed on different chips.
The processing device in the fourth aspect may be a chip, and the processor may be implemented by hardware or software, and when implemented by hardware, the processor may be a logic circuit, an integrated circuit, or the like; when implemented in software, the processor may be a general-purpose processor implemented by reading software code stored in a memory, which may be integrated with the processor, located external to the processor, or stand-alone.
In a fifth aspect, there is provided a computer program product comprising: computer program (also called code, or instructions), which when executed, causes a computer to perform the method of any of the possible implementations of the first aspect described above.
In a sixth aspect, a computer-readable storage medium is provided, which stores a computer program (which may also be referred to as code or instructions) that, when executed on a computer, causes the computer to perform the method of any of the possible implementations of the first aspect described above.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present application;
fig. 2 is a schematic flow chart of a risk management method provided in an embodiment of the present application;
FIG. 3 is a schematic diagram of a display interface of a risk management device provided by an embodiment of the present application;
FIG. 4 is a schematic diagram of a display interface of a risk management device provided by an embodiment of the present application;
FIG. 5 is a schematic diagram of a display interface of a risk management device provided by an embodiment of the present application;
FIG. 6 is a schematic diagram of a display interface of a risk management device provided by an embodiment of the present application;
FIG. 7 is a schematic diagram of a display interface of a risk management device provided by an embodiment of the present application;
fig. 8 is a schematic diagram of a risk management device provided in an embodiment of the present application;
fig. 9 is a schematic diagram of another risk management device provided in the embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments that can be made by one skilled in the art based on the embodiments in the present application in light of the present disclosure are within the scope of the present application.
The information technology of a new generation is deeply integrated with the economic performance of an entity, the rapid development of the industrial internet becomes an important basis for promoting and manufacturing the strong country and the network strong country, but the importance and the urgency of the information security work of the industrial internet are more prominent due to the characteristics of openness, cross-domain and interconnection. Therefore, the industrial internet safety work is well done, the industrial internet safety public service capacity is enhanced, the industrial internet safety technological innovation and the industrial development are promoted, and the method is an important work for enhancing the national industrial internet safety guarantee.
Therefore, it is desirable to provide a risk management method for performing unified risk management on devices in a network system to improve the security of the network system.
In view of this, the present application provides a risk management method and a risk management apparatus, where monitoring equipment to be monitored is monitored to obtain monitoring data, a corresponding equipment to be monitored is risk analyzed based on the monitoring data to obtain and display a plurality of risk analysis results, and the plurality of risk analysis results are used to indicate a risk level of each equipment to be monitored in the plurality of equipment to be monitored, so as to more clearly reflect a security situation of a current network device, that is, the present application can perform unified risk management on the equipment, thereby improving security of a network system.
Before describing the risk management method and the risk management apparatus provided in the embodiments of the present application, the following description is made.
First, in the embodiments shown below, each term and english abbreviation is an exemplary example given for convenience of description and should not constitute any limitation to the present application. This application is not intended to exclude the possibility that other terms may be defined in existing or future protocols to carry out the same or similar functions.
Second, the first, second and various numerical numbers in the embodiments shown below are merely for convenience of description and are not intended to limit the scope of the embodiments of the present application.
Third, "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, and c, may represent: a, or b, or c, or a and b, or a and c, or b and c, or a, b and c, wherein a, b and c can be single or multiple.
In order to make the purpose and technical solution of the present application more clear and intuitive, the risk management method and risk management apparatus provided in the present application will be described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Fig. 1 is a schematic diagram of an application scenario 100 provided in the present application, and as shown in fig. 1, the application scenario 100 includes a risk management device 101, a device to be monitored 102, and a device to be monitored 103. The risk management device 101 is deployed with a risk management system, and may monitor the device to be monitored 102 and the device to be monitored 103, and obtain monitoring data corresponding to the device to be monitored 102 and the device to be monitored 103.
It should be understood that besides the above-described device to be monitored 102 and device to be monitored 103, the application scenario 100 may also include a plurality of other different devices to be monitored, which is not limited in this embodiment of the application.
Fig. 2 is a schematic flow chart of a risk management method 200 provided in an embodiment of the present application. The method 200 may be applied to the application scenario 100 or may also be applied to other application scenarios, which is not limited in this application. As shown in fig. 2, the method 200 may include the following steps:
s201, the risk management device obtains device names and Internet Protocol (IP) addresses of a plurality of devices to be monitored.
It should be understood that the device to be monitored may include a network device, a security device, a host device, a server, and the like, which is not limited in this application.
The plurality of devices to be monitored may be all devices in the network system, or may be some devices in the network system selected according to a preset rule, or may be devices manually set by a worker, which is not limited in this embodiment of the present application. The manner in which the worker manually sets the settings is described below with reference to fig. 3.
Fig. 3 shows one display interface 300 of the risk management device. The staff member inputs the device name "a" of the device to be monitored and the IP address "1095. XX1 XX" of the device to be monitored in the display interface 300, which indicates that the device a with the monitoring IP address "1095. XX1 XX" is monitored. The risk management device detects the input operation of the worker, and thus obtains the device name and the internet protocol IP address of the device a according to the information in the input box.
S202, monitoring the multiple devices to be monitored by the risk management device based on a preset monitoring rule to obtain monitoring data, wherein the preset monitoring rule comprises the step of collecting different monitoring data for the devices to be monitored of different device types.
It should be understood that the device types include at least one of: a network device, a security device, a host device, or a server.
In a possible case, the multiple devices to be monitored are devices of the same type, and the risk management device monitors the multiple devices to be monitored of the same type to obtain the monitoring data of the same type.
Taking the device types of the multiple devices to be monitored as network devices, and the multiple devices to be monitored are specifically network device a, network device B, and network device C as examples, fig. 4 shows another display interface 400 of the risk management device. As shown in fig. 4, the display interface 400 shows the monitoring data corresponding to the network device a, the network device B, and the network device C, respectively. The monitoring data includes a Central Processing Unit (CPU) usage rate, a memory occupancy rate, a disk usage rate, a connection number, a system disk usage rate, and a traffic corresponding to each network device.
In another possible implementation manner, the multiple devices to be monitored include devices of different types, and the risk management device may monitor the multiple devices to be monitored of different types to obtain monitoring data of different types.
Taking the device types of the multiple devices to be monitored including network devices and security devices, and the multiple devices to be monitored specifically being network device a, network device B, and security device D as an example, fig. 5 shows another display interface 500 of the risk management device. As shown in fig. 5, the display interface 500 shows the monitoring data corresponding to the network device a, the network device B, and the security device D, respectively. The types of monitoring data are different under different equipment types. The monitoring data of the network device A and the network device B comprise CPU utilization rate, memory occupancy rate, disk utilization rate, connection number and flow rate, and the monitoring data of the security device D comprise CPU utilization rate, memory occupancy rate, disk utilization rate, connection number, system disk utilization rate, flow rate, interface state and device online state.
It should be understood that the risk management device may periodically obtain the monitoring data, and may also flexibly obtain the monitoring data according to the requirement of the worker, which is not limited in the present application.
Fig. 6 shows yet another display interface 600 of the risk management device, in which display interface 600 the staff member can input the device name "a" of the device to be monitored and the IP address "1095. XX1 XX" of the device to be monitored, and a monitoring period 5, which indicates that monitoring data of the device a having an IP of "1095. XX1 XX" is acquired every 5 seconds. The risk management apparatus detects the input operation by the worker, and thus acquires the monitoring data of the apparatus a having the IP address "1095. XX1 XX" at a cycle of 5 seconds based on the information in the input box.
It should be understood that the monitoring data, such as CPU usage, memory usage, disk usage, connection number, system disk usage, flow, interface status, and device online status, may be preset in advance, or may be set according to user requirements, which is not limited in this application.
Fig. 7 shows another display interface 700 of the risk management device, in the display interface 700, in addition to the device name "a" of the device to be monitored and the IP address "1095, XX1 XX" of the device to be monitored, and the monitoring period 5, the staff may also set the category of the monitoring data, that is, the staff may input the CPU usage, the memory occupancy, the disk usage, the system disk usage, the number of connections, and the flow, which means that the CPU usage, the memory occupancy, the disk usage, the system disk usage, the number of connections, and the flow monitoring data of the device a whose IP is "1095, XX1 XX" are obtained at a period of 5 seconds during the monitoring process, and the risk management device detects the input operation of the staff, so that the monitoring data of the device a whose IP address is "1095, XX1 XX", that is the CPU usage, the memory occupancy, the system disk usage, the number of connections, and the flow monitoring data are obtained at a period of 5 seconds according to the information in the input frame, Memory occupancy, disk usage, system disk usage, number of connections, and traffic.
Optionally, after acquiring the monitoring data, the risk management device may perform cleaning, classifying, storing, merging, marking, and the like on the monitoring data, so as to perform risk analysis subsequently.
And S203, the risk management device performs risk analysis on the multiple devices to be monitored based on the monitoring data to obtain multiple risk analysis results, wherein the multiple risk analysis results are used for indicating the risk level of each device to be monitored in the multiple devices to be monitored, and the risk levels comprise critical, high-risk, medium-risk and low-risk.
Specifically, the risk management device may perform risk analysis on each device to be monitored in the multiple devices to be monitored respectively based on the monitored data such as the CPU usage rate, the memory occupancy rate, the disk usage rate, the system disk usage rate, the connection number, the traffic, the interface state, or the device online state, so as to obtain a risk level of each device to be monitored.
Optionally, the risk management device may display the risk analysis result in a form of a chart or a list, which is not limited in this application.
And S204, the risk management equipment selects a risk analysis result meeting a preset reporting rule from the plurality of risk analysis results and reports the risk analysis result.
It should be understood that the preset reporting rule includes: the method comprises the steps of presetting an IP address, a preset time period, a preset risk level or a preset data source.
Taking preset risk levels as medium risk and high risk as an example, in the example of fig. 4, assuming that the risk level of the network device a is medium risk, the risk level of the network device B is low, and the risk level of the network device C is high risk, the risk management device may report the risk level of the network device a and the risk of the network device C. For example, the risk management device may report information of the device name, the IP address, the risk level, and the like of the network device a and the network device C, respectively.
Optionally, the risk management device may further take a corresponding measure to intervene based on the risk analysis result meeting the preset reporting rule, so as to reduce the security risk.
In this embodiment of the application, the risk management device may obtain the monitoring data by monitoring the devices to be monitored, perform risk analysis on the corresponding devices to be monitored based on the monitoring data, and obtain and display a plurality of risk analysis results, where the plurality of risk analysis results are used to indicate a risk level of each device to be monitored in the plurality of devices to be monitored, that is, the application may perform uniform risk management on the devices, thereby improving the security of the network system.
Optionally, the risk management device may further store log data generated in the monitoring process of the device to be monitored, so as to be retrieved and used later.
It should be understood that the risk management device may provide different retrieval modes for users with different roles, which is not limited in this application.
Illustratively, the non-security risk analyst may use an interactive quick search mode, such as by selecting and dragging operations, to complete the retrieval of the log data. The security risk analyst can use an advanced search mode, such as providing data analysis and data mining functions of Structured Query Language (SQL), to effectively help the security risk analyst to trace the root and source and draw a complete monitoring event portrait.
It should be understood that the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
In order to implement the functions in the method provided by the embodiment of the present application, the risk management device may include a hardware structure and/or a software module, and the functions are implemented in the form of a hardware structure, a software module, or a hardware structure and a software module. Whether any of the above-described functions is implemented as a hardware structure, a software module, or a hardware structure plus a software module depends upon the particular application and design constraints imposed on the technical solution.
The risk management method provided by the embodiment of the present application is described in detail above with reference to fig. 1 to 7, and the risk management device provided by the embodiment of the present application is described in detail below with reference to fig. 8 and 9.
Fig. 8 illustrates a risk management apparatus 800 according to an embodiment of the present application, including: an acquisition module 801 and a processing module 802.
The obtaining module 801 is configured to: acquiring device names and Internet Protocol (IP) addresses of a plurality of devices to be monitored; the processing module 802 is configured to: monitoring the plurality of devices to be monitored based on a preset monitoring rule to obtain monitoring data, wherein the preset monitoring rule comprises the step of collecting different monitoring data for the devices to be monitored of different device types; performing risk analysis on the multiple devices to be monitored based on the monitoring data to obtain multiple risk analysis results, wherein the multiple risk analysis results are used for representing the risk level of each device to be monitored in the multiple devices to be monitored, and the risk levels comprise critical, high-risk, medium-risk and low-risk; and selecting the risk analysis result meeting a preset reporting rule from the plurality of risk analysis results and reporting the risk analysis result.
Optionally, the preset reporting rule includes: the method comprises the steps of presetting an IP address, a preset time period, a preset risk level or a preset data source.
Optionally, the monitoring data includes at least one of: CPU usage, memory occupancy, disk usage, system disk usage, number of connections, traffic, interface status, or device online status.
Optionally, the device types include at least one of: a network device, a security device, a host device, or a server.
It should be appreciated that the apparatus 800 herein is embodied in the form of functional modules. The term module herein may refer to an Application Specific Integrated Circuit (ASIC), an electronic circuit, a processor (e.g., a shared, dedicated, or group processor) and memory that execute one or more software or firmware programs, a combinational logic circuit, and/or other suitable components that support the described functionality. In an optional example, it may be understood by those skilled in the art that the apparatus 800 may be embodied as a risk management device in the foregoing embodiment, or functions of the risk management device in the foregoing embodiment may be integrated in the apparatus 800, and the apparatus 800 may be configured to execute each procedure and/or step corresponding to the risk management device in the foregoing method embodiment, and in order to avoid repetition, details are not described here again. The device 800 has the function of implementing the corresponding steps executed by the risk management equipment in the method; the above functions may be implemented by hardware, or may be implemented by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.
In an embodiment of the present application, the apparatus 800 in fig. 8 may also be a chip or a chip system, for example: system on chip (SoC).
Fig. 9 illustrates another risk management device 900 provided in an embodiment of the present application. The apparatus 900 includes: a processor 901, a memory 902, a communication interface 903, and a bus 904. Wherein the memory 902 is used for storing instructions, and the processor 901 is used for executing the instructions stored in the memory 902. The processor 901, the memory 902 and the communication interface 903 are communicatively connected to each other by a bus 904.
Wherein the processor 901 is configured to: acquiring device names and Internet Protocol (IP) addresses of a plurality of devices to be monitored; monitoring the plurality of devices to be monitored based on a preset monitoring rule to obtain monitoring data, wherein the preset monitoring rule comprises the step of collecting different monitoring data for the devices to be monitored of different device types; performing risk analysis on the multiple devices to be monitored based on the monitoring data to obtain multiple risk analysis results, wherein the multiple risk analysis results are used for representing the risk level of each device to be monitored in the multiple devices to be monitored, and the risk levels comprise critical, high-risk, medium-risk and low-risk; and selecting and reporting the risk analysis result meeting a preset reporting rule from the plurality of risk analysis results.
Optionally, the preset reporting rule includes: the method comprises the steps of presetting an IP address, a preset time period, a preset risk level or a preset data source.
Optionally, the monitoring data includes at least one of: CPU usage, memory occupancy, disk usage, system disk usage, number of connections, traffic, interface status, or device online status.
Optionally, the device types include at least one of: a network device, a security device, a host device, or a server.
It should be understood that the apparatus 900 may be embodied as a risk management device in the foregoing embodiment, or the functions of the risk management device in the foregoing embodiment may be integrated in the apparatus 900, and the apparatus 900 may be configured to perform each step and/or flow corresponding to the risk management device in the foregoing method embodiment. Alternatively, the memory 903 may include both read-only memory and random access memory, and provides instructions and data to the processor. The portion of memory may also include non-volatile random access memory. For example, the memory may also store device type information. The processor 901 may be configured to execute the instructions stored in the memory, and when the processor executes the instructions, the processor may perform the steps and/or processes corresponding to the risk management device in the method embodiment described above.
It should be understood that, in the embodiments of the present application, the processor may be a Central Processing Unit (CPU), and the processor may also be other general processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor executes instructions in the memory, in combination with hardware thereof, to perform the steps of the above-described method. To avoid repetition, it is not described in detail here.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (11)
1. A method of risk management, comprising:
acquiring device names and Internet Protocol (IP) addresses of a plurality of devices to be monitored;
monitoring the multiple devices to be monitored based on a preset monitoring rule to obtain monitoring data, wherein the preset monitoring rule comprises the step of collecting different monitoring data for the devices to be monitored of different device types;
performing risk analysis on the multiple devices to be monitored based on the monitoring data to obtain multiple risk analysis results, wherein the multiple risk analysis results are used for representing the risk level of each device to be monitored in the multiple devices to be monitored, and the risk levels comprise critical, high-risk, medium-risk and low-risk;
and selecting the risk analysis result meeting a preset reporting rule from the plurality of risk analysis results and reporting the risk analysis result.
2. The method of claim 1, wherein the preset reporting rule comprises:
the method comprises the steps of presetting an IP address, a preset time period, a preset risk level or a preset data source.
3. The method of claim 1, wherein the monitoring data comprises at least one of:
CPU usage, memory occupancy, disk usage, system disk usage, number of connections, traffic, interface status, or device online status.
4. The method according to any one of claims 1 to 3, wherein the device type comprises at least one of:
a network device, a security device, a host device, or a server.
5. A risk management device, comprising:
the system comprises an acquisition module, a monitoring module and a monitoring module, wherein the acquisition module is used for acquiring the equipment names and the Internet protocol IP addresses of a plurality of pieces of equipment to be monitored;
the processing module is used for monitoring the multiple devices to be monitored based on a preset monitoring rule to acquire monitoring data, wherein the preset monitoring rule comprises the step of acquiring different monitoring data for the devices to be monitored of different device types; performing risk analysis on the multiple devices to be monitored based on the monitoring data to obtain multiple risk analysis results, wherein the multiple risk analysis results are used for representing the risk level of each device to be monitored in the multiple devices to be monitored, and the risk levels comprise critical, high-risk, medium-risk and low-risk; and selecting and reporting the risk analysis result meeting a preset reporting rule from the plurality of risk analysis results.
6. The apparatus of claim 5, wherein the preset reporting rule comprises:
the method comprises the steps of presetting an IP address, a preset time period, a preset risk level or a preset data source.
7. The apparatus of claim 5, wherein the monitoring data comprises at least one of:
CPU usage, memory occupancy, disk usage, system disk usage, number of connections, traffic, interface status, or device online status.
8. The apparatus according to any of claims 5 to 7, wherein the device type comprises at least one of:
a network device, a security device, a host device, or a server.
9. A risk management device, comprising: a processor coupled to a memory for storing a computer program that, when invoked by the processor, causes the apparatus to perform the risk management method of any of claims 1 to 4.
10. A computer-readable storage medium for storing a computer program comprising instructions for implementing the risk management method of any of claims 1 to 4.
11. A computer program product comprising a computer program which, when executed by a processor, implements the risk management method of any of claims 1 to 4.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210036448.3A CN114513334B (en) | 2022-01-13 | 2022-01-13 | Risk management method and risk management device |
| PCT/CN2022/130832 WO2023134285A1 (en) | 2022-01-13 | 2022-11-09 | Risk management method and risk management apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210036448.3A CN114513334B (en) | 2022-01-13 | 2022-01-13 | Risk management method and risk management device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114513334A true CN114513334A (en) | 2022-05-17 |
| CN114513334B CN114513334B (en) | 2023-11-28 |
Family
ID=81549104
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210036448.3A Active CN114513334B (en) | 2022-01-13 | 2022-01-13 | Risk management method and risk management device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN114513334B (en) |
| WO (1) | WO2023134285A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023134285A1 (en) * | 2022-01-13 | 2023-07-20 | 卡奥斯工业智能研究院(青岛)有限公司 | Risk management method and risk management apparatus |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104009883A (en) * | 2014-05-09 | 2014-08-27 | 烽火通信科技股份有限公司 | Computer resource centralized remote real-time monitoring system and method |
| CN105407011A (en) * | 2015-10-26 | 2016-03-16 | 贵州电网公司信息通信分公司 | IT base platform monitoring index acquisition system and acquisition method |
| CN109462621A (en) * | 2019-01-10 | 2019-03-12 | 国网浙江省电力有限公司杭州供电公司 | Network safety protective method, device and electronic equipment |
| CN110163621A (en) * | 2018-02-10 | 2019-08-23 | 广州供电局有限公司 | A kind of electric power customer service big data DSS |
| CN111563018A (en) * | 2020-04-28 | 2020-08-21 | 北京航空航天大学 | Resource management and monitoring method of man-machine-object fusion cloud computing platform |
| CN112073389A (en) * | 2020-08-21 | 2020-12-11 | 苏州浪潮智能科技有限公司 | Cloud host security situation awareness system, method, device and storage medium |
| CN112667475A (en) * | 2020-12-30 | 2021-04-16 | 广州力挚网络科技有限公司 | Risk notification method and device, electronic equipment and storage medium |
| CN113467885A (en) * | 2021-06-25 | 2021-10-01 | 合肥供水集团有限公司 | Equipment operation and maintenance monitoring system |
| CN113556348A (en) * | 2021-07-23 | 2021-10-26 | 中能融合智慧科技有限公司 | Server asset management system based on integrated monitoring |
| CN113642919A (en) * | 2021-08-27 | 2021-11-12 | 上海掌门科技有限公司 | Risk control method, electronic device, and storage medium |
| CN113704636A (en) * | 2021-08-23 | 2021-11-26 | 福建亿榕信息技术有限公司 | Fused media public opinion analysis method based on information dissemination |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10460103B2 (en) * | 2016-09-20 | 2019-10-29 | International Business Machines Corporation | Security for devices connected to a network |
| US20190311438A1 (en) * | 2018-04-06 | 2019-10-10 | Traffk, Llc | Insurance risk evaluation systems and methods |
| CN109361713A (en) * | 2018-12-17 | 2019-02-19 | 深信服科技股份有限公司 | Internet risk monitoring and control method, apparatus, equipment and storage medium |
| CN110430225A (en) * | 2019-09-16 | 2019-11-08 | 杭州安恒信息技术股份有限公司 | A kind of industrial equipment monitoring and managing method, device, equipment and readable storage medium storing program for executing |
| CN114513334B (en) * | 2022-01-13 | 2023-11-28 | 卡奥斯工业智能研究院(青岛)有限公司 | Risk management method and risk management device |
-
2022
- 2022-01-13 CN CN202210036448.3A patent/CN114513334B/en active Active
- 2022-11-09 WO PCT/CN2022/130832 patent/WO2023134285A1/en unknown
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104009883A (en) * | 2014-05-09 | 2014-08-27 | 烽火通信科技股份有限公司 | Computer resource centralized remote real-time monitoring system and method |
| CN105407011A (en) * | 2015-10-26 | 2016-03-16 | 贵州电网公司信息通信分公司 | IT base platform monitoring index acquisition system and acquisition method |
| CN110163621A (en) * | 2018-02-10 | 2019-08-23 | 广州供电局有限公司 | A kind of electric power customer service big data DSS |
| CN109462621A (en) * | 2019-01-10 | 2019-03-12 | 国网浙江省电力有限公司杭州供电公司 | Network safety protective method, device and electronic equipment |
| CN111563018A (en) * | 2020-04-28 | 2020-08-21 | 北京航空航天大学 | Resource management and monitoring method of man-machine-object fusion cloud computing platform |
| CN112073389A (en) * | 2020-08-21 | 2020-12-11 | 苏州浪潮智能科技有限公司 | Cloud host security situation awareness system, method, device and storage medium |
| CN112667475A (en) * | 2020-12-30 | 2021-04-16 | 广州力挚网络科技有限公司 | Risk notification method and device, electronic equipment and storage medium |
| CN113467885A (en) * | 2021-06-25 | 2021-10-01 | 合肥供水集团有限公司 | Equipment operation and maintenance monitoring system |
| CN113556348A (en) * | 2021-07-23 | 2021-10-26 | 中能融合智慧科技有限公司 | Server asset management system based on integrated monitoring |
| CN113704636A (en) * | 2021-08-23 | 2021-11-26 | 福建亿榕信息技术有限公司 | Fused media public opinion analysis method based on information dissemination |
| CN113642919A (en) * | 2021-08-27 | 2021-11-12 | 上海掌门科技有限公司 | Risk control method, electronic device, and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023134285A1 (en) * | 2022-01-13 | 2023-07-20 | 卡奥斯工业智能研究院(青岛)有限公司 | Risk management method and risk management apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114513334B (en) | 2023-11-28 |
| WO2023134285A1 (en) | 2023-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110245078B (en) | Software pressure testing method and device, storage medium and server | |
| CN107798108B (en) | Asynchronous task query method and device | |
| CN112311617A (en) | Configured data monitoring and alarming method and system | |
| CN109558746B (en) | Data desensitization method and device, electronic equipment and storage medium | |
| CN109960635B (en) | Monitoring and alarming method, system, equipment and storage medium of real-time computing platform | |
| CN109995555B (en) | Monitoring method, device, equipment and medium | |
| CN112714125B (en) | System safety monitoring method and device, storage medium and electronic equipment | |
| CN112615742A (en) | Method, device, equipment and storage medium for early warning | |
| CN114513334B (en) | Risk management method and risk management device | |
| CN112948224A (en) | Data processing method, device, terminal and storage medium | |
| CN110046086B (en) | Expected data generation method and device for test and electronic equipment | |
| CN111309743A (en) | Report pushing method and device | |
| CN117271177A (en) | Root cause positioning method and device based on link data, electronic equipment and storage medium | |
| CN112087320A (en) | Abnormity positioning method and device, electronic equipment and readable storage medium | |
| CN109558300B (en) | Whole cabinet alarm processing method and device, terminal and storage medium | |
| CN116737491A (en) | Abnormality monitoring method, abnormality monitoring device, abnormality monitoring equipment, abnormality monitoring medium and abnormality monitoring product | |
| CN116303013A (en) | Source code analysis method, device, electronic equipment and storage medium | |
| WO2018201864A1 (en) | Method, device, and equipment for database performance diagnosis, and storage medium | |
| CN114675952A (en) | Information processing method, information processing apparatus, electronic device, information processing medium, and program product | |
| CN110888811B (en) | Code coverage rate information processing method and device, electronic equipment and medium | |
| CN113407706A (en) | Abnormal data acquisition method, device, equipment and storage medium | |
| CN112416800A (en) | Intelligent contract testing method, device, equipment and storage medium | |
| US9396083B2 (en) | Computer system processes | |
| CN112637355B (en) | Multi-concurrency single-channel based wireless data processing method, device, equipment and medium | |
| CN116401138B (en) | Operating system running state detection method and device, electronic equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 266000 No. 1, Minshan Road, Qingdao area, China (Shandong) pilot Free Trade Zone, Qingdao, Shandong Applicant after: CAOS industrial Intelligence Research Institute (Qingdao) Co.,Ltd. Applicant after: Kaos Digital Technology (Qingdao) Co.,Ltd. Applicant after: Karos IoT Technology Co.,Ltd. Address before: 266555 room 257, management committee of Sino German ecological park, 2877 Tuanjie Road, Huangdao District, Qingdao City, Shandong Province Applicant before: QINGDAO HAIER INDUSTRIAL INTELLIGENCE RESEARCH INSTITUTE Co.,Ltd. Applicant before: Haier digital technology (Qingdao) Co.,Ltd. Applicant before: Haier Kaos IOT Technology Co.,Ltd. Address after: 266555 room 257, management committee of Sino German ecological park, 2877 Tuanjie Road, Huangdao District, Qingdao City, Shandong Province Applicant after: QINGDAO HAIER INDUSTRIAL INTELLIGENCE RESEARCH INSTITUTE Co.,Ltd. Applicant after: Haier digital technology (Qingdao) Co.,Ltd. Applicant after: Haier Kaos IOT Technology Co.,Ltd. Address before: 266555 room 257, management committee of Sino German ecological park, 2877 Tuanjie Road, Huangdao District, Qingdao City, Shandong Province Applicant before: QINGDAO HAIER INDUSTRIAL INTELLIGENCE RESEARCH INSTITUTE Co.,Ltd. Applicant before: Haier digital technology (Qingdao) Co.,Ltd. Applicant before: Haier CAOS IOT Ecological Technology Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |