CN114513334B - Risk management method and risk management device - Google Patents
Risk management method and risk management device Download PDFInfo
- Publication number
- CN114513334B CN114513334B CN202210036448.3A CN202210036448A CN114513334B CN 114513334 B CN114513334 B CN 114513334B CN 202210036448 A CN202210036448 A CN 202210036448A CN 114513334 B CN114513334 B CN 114513334B
- Authority
- CN
- China
- Prior art keywords
- risk
- monitored
- preset
- devices
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims abstract description 82
- 238000012544 monitoring process Methods 0.000 claims abstract description 99
- 238000012502 risk assessment Methods 0.000 claims abstract description 66
- 238000000034 method Methods 0.000 claims abstract description 31
- 238000012545 processing Methods 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 5
- 230000002452 interceptive effect Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 5
- 238000011161 development Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application provides a risk management method and a risk management device, relates to the field of network security, and can perform unified risk management on equipment so as to improve the security of a network system. The method comprises the following steps: acquiring device names and Internet Protocol (IP) addresses of a plurality of devices to be monitored; monitoring the plurality of devices to be monitored based on a preset monitoring rule to obtain monitoring data, wherein the preset monitoring rule comprises the steps of collecting different monitoring data for the devices to be monitored of different device types; based on the monitoring data, performing risk analysis on the plurality of devices to be monitored to obtain a plurality of risk analysis results, wherein the plurality of risk analysis results are used for representing the risk level of each device to be monitored in the plurality of devices to be monitored, and the risk level comprises critical, high-risk, medium-risk and low-risk; and selecting a risk analysis result meeting a preset reporting rule from the multiple risk analysis results and reporting the risk analysis result.
Description
Technical Field
The present application relates to the field of network security, and in particular, to a risk management method and a risk management device.
Background
The new generation of information technology and entity economy are deeply fused, the vigorous development of the industrial Internet has become an important foundation for pushing the manufacturing of the China and the China of the network, but the importance and urgency of the information security work of the industrial Internet are more prominent due to the characteristics of opening, cross-domain and interconnection. Therefore, the industrial Internet safety supervision work is well done, the industrial Internet safety public service capability is enhanced, the industrial Internet safety and technological innovation and industrial development are promoted, and the industrial Internet safety supervision work is an important work for enhancing the national industrial Internet safety guarantee.
Therefore, it is needed to provide a risk management method for performing unified risk management on devices in a network system to improve the security of the network system.
Disclosure of Invention
The application provides a risk management method and a risk management measurement device, which can perform unified risk management on equipment, thereby improving the security of a network system.
In a first aspect, a risk management method is provided, including: acquiring device names and Internet Protocol (IP) addresses of a plurality of devices to be monitored; monitoring the plurality of devices to be monitored based on a preset monitoring rule to obtain monitoring data, wherein the preset monitoring rule comprises the steps of collecting different monitoring data for the devices to be monitored of different device types; based on the monitoring data, performing risk analysis on the plurality of devices to be monitored to obtain a plurality of risk analysis results, wherein the plurality of risk analysis results are used for representing the risk level of each device to be monitored in the plurality of devices to be monitored, and the risk level comprises critical, high-risk, medium-risk and low-risk; and selecting a risk analysis result meeting a preset reporting rule from the multiple risk analysis results and reporting the risk analysis result.
In the application, the risk management device can obtain the monitoring data by monitoring the devices to be monitored, and perform risk analysis on the corresponding devices to be monitored based on the monitoring data to obtain and display a plurality of risk analysis results, wherein the plurality of risk analysis results are used for representing the risk grade of each device to be monitored in the plurality of devices to be monitored, namely, the application can perform unified risk management on the devices, thereby improving the security of a network system.
With reference to the first aspect, in some implementation manners of the first aspect, the preset reporting rule includes: preset IP address, preset time period, preset risk level, or preset data source.
With reference to the first aspect, in certain implementation manners of the first aspect, the monitoring data includes at least one of the following: CPU utilization, memory occupancy, disk utilization, system disk utilization, connection number, traffic, interface status, or device on-line status.
With reference to the first aspect, in certain implementations of the first aspect, the device types include at least one of: a network device, a security device, a host device, or a server.
In a second aspect, there is provided a risk management apparatus, including an acquisition module and a processing module, where the acquisition module is configured to: acquiring device names and Internet Protocol (IP) addresses of a plurality of devices to be monitored; the processing module is used for: monitoring the plurality of devices to be monitored based on a preset monitoring rule to obtain monitoring data, wherein the preset monitoring rule comprises the steps of collecting different monitoring data for the devices to be monitored of different device types; based on the monitoring data, performing risk analysis on the plurality of devices to be monitored to obtain a plurality of risk analysis results, wherein the plurality of risk analysis results are used for representing the risk level of each device to be monitored in the plurality of devices to be monitored, and the risk level comprises critical, high-risk, medium-risk and low-risk; and selecting a risk analysis result meeting a preset reporting rule from the multiple risk analysis results and reporting the risk analysis result.
With reference to the second aspect, in some implementations of the second aspect, the preset reporting rule includes: preset IP address, preset time period, preset risk level, or preset data source.
With reference to the second aspect, in certain implementations of the second aspect, the monitoring data includes at least one of: CPU utilization, memory occupancy, disk utilization, system disk utilization, connection number, traffic, interface status, or device on-line status.
With reference to the second aspect, in certain implementations of the second aspect, the device types include at least one of: a network device, a security device, a host device, or a server.
In a third aspect, there is provided a processor comprising: input circuit, output circuit and processing circuit. The processing circuitry is configured to receive signals via the input circuitry and to transmit signals via the output circuitry such that the processor performs the method of any one of the possible implementations of the first aspect described above.
In a specific implementation process, the processor may be a chip, the input circuit may be an input pin, the output circuit may be an output pin, and the processing circuit may be a transistor, a gate circuit, a trigger, various logic circuits, and the like. The input signal received by the input circuit may be received and input by, for example and without limitation, a receiver, the output signal may be output by, for example and without limitation, a transmitter and transmitted by a transmitter, and the input circuit and the output circuit may be the same circuit, which functions as the input circuit and the output circuit, respectively, at different times. The embodiment of the application does not limit the specific implementation modes of the processor and various circuits.
In a fourth aspect, a processing apparatus is provided that includes a processor and a memory. The processor is configured to read instructions stored in the memory and to receive signals via the receiver and to transmit signals via the transmitter to perform the method of any one of the possible implementations of the first aspect.
Optionally, the processor is one or more and the memory is one or more.
Alternatively, the memory may be integrated with the processor or the memory may be separate from the processor.
In a specific implementation process, the memory may be a non-transient (non-transitory) memory, for example, a Read Only Memory (ROM), which may be integrated on the same chip as the processor, or may be separately disposed on different chips.
The processing means in the fourth aspect may be a chip, and the processor may be implemented by hardware or software, and when implemented by hardware, the processor may be a logic circuit, an integrated circuit, or the like; when implemented in software, the processor may be a general-purpose processor, implemented by reading software code stored in a memory, which may be integrated in the processor, or may reside outside the processor, and exist separately.
In a fifth aspect, there is provided a computer program product comprising: a computer program (which may also be referred to as code, or instructions) which, when executed, causes a computer to perform the method of any one of the possible implementations of the first aspect.
In a sixth aspect, a computer readable storage medium is provided, which stores a computer program (which may also be referred to as code, or instructions) which, when run on a computer, causes the computer to perform the method of any one of the possible implementations of the first aspect.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions of the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the application, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present application;
FIG. 2 is a schematic flow chart of a risk management method provided by an embodiment of the present application;
FIG. 3 is a schematic diagram of a display interface of a risk management device according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a display interface of a risk management device according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a display interface of a risk management device according to an embodiment of the present application;
FIG. 6 is a schematic diagram of a display interface of a risk management device according to an embodiment of the present application;
FIG. 7 is a schematic diagram of a display interface of a risk management device according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a risk management device according to an embodiment of the present application;
fig. 9 is a schematic diagram of yet another risk management device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which are made by a person skilled in the art based on the embodiments of the application in light of the present disclosure, are intended to be within the scope of the application.
The new generation of information technology and entity economy are deeply fused, the vigorous development of the industrial Internet has become an important foundation for pushing the manufacturing of the China and the China of the network, but the importance and urgency of the information security work of the industrial Internet are more prominent due to the characteristics of opening, cross-domain and interconnection. Therefore, the industrial Internet security work is done, the industrial Internet security public service capability is enhanced, the industrial Internet security technological innovation and industrial development are promoted, and the industrial Internet security work is an important work for enhancing the national industrial Internet security guarantee.
Therefore, it is needed to provide a risk management method for performing unified risk management on devices in a network system to improve the security of the network system.
In view of the above, the present application provides a risk management method and a risk management apparatus, by monitoring devices to be monitored, obtaining monitoring data, performing risk analysis on corresponding devices to be monitored based on the monitoring data, and obtaining and displaying a plurality of risk analysis results, where the plurality of risk analysis results are used to represent risk levels of each device to be monitored in the plurality of devices to be monitored, so as to more clearly represent a security situation of a current network device, that is, the present application can perform unified risk management on devices, thereby improving security of a network system.
Before describing the risk management method and the risk management device provided by the embodiment of the application, the following description is made.
First, in the embodiments shown below, each term and english abbreviation are given as exemplary examples for convenience of description, and should not constitute any limitation on the present application. The present application does not exclude the possibility of defining other terms in existing or future protocols that perform the same or similar functions.
Second, the first, second and various numerical numbers in the embodiments shown below are merely for convenience of description and are not intended to limit the scope of the embodiments of the present application.
Third, "at least one" means one or more, and "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a alone, a and B together, and B alone, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, and c may represent: a, b, or c, or a and b, or a and c, or b and c, or a, b and c, wherein a, b and c can be single or multiple.
In order to make the purpose and the technical scheme of the application clearer and more intuitive, the risk management method and the risk management device provided by the application are described in detail below with reference to the accompanying drawings and the embodiment. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
Fig. 1 is a schematic diagram of an application scenario 100 provided by the present application, and as shown in fig. 1, the application scenario 100 includes a risk management device 101, a device to be monitored 102, and a device to be monitored 103. The risk management device 101 is deployed with a risk management system, and may monitor the device to be monitored 102 and the device to be monitored 103, and obtain monitoring data corresponding to the device to be monitored 102 and the device to be monitored 103.
It should be understood that, in addition to the device to be monitored 102 and the device to be monitored 103, the application scenario 100 may further include a plurality of different devices to be monitored, which is not limited in this embodiment of the present application.
Fig. 2 is a schematic flow chart of a risk management method 200 provided by an embodiment of the present application. The method 200 may be applied to the application scenario 100 described above or may be applied to other application scenarios, which the present application is not limited to. As shown in fig. 2, the method 200 may include the steps of:
s201, the risk management device obtains device names and internet protocol (internet protocol, IP) addresses of a plurality of devices to be monitored.
It should be understood that the device to be monitored may include a network device, a security device, a host device, a server, and the like, which is not limited by the present application.
The plurality of devices to be monitored may be all devices in the network system, may be part of devices in the network system selected according to a preset rule, or may be devices manually set by a worker, which is not limited in the embodiment of the present application. The manner in which the worker manually sets is described below in conjunction with fig. 3.
Fig. 3 shows a display interface 300 of the risk management device. The worker inputs the device name "a" of the device to be monitored and the IP address "1095.xx1xx" of the device to be monitored, which indicates the device a whose monitoring IP address is "1095.xx1xx", in the display interface 300. The risk management device detects an input operation of a worker, and thereby obtains a device name and an internet protocol IP address of the device a according to the information in the input box.
S202, monitoring the plurality of devices to be monitored by the risk management device based on a preset monitoring rule to obtain monitoring data, wherein the preset monitoring rule comprises the step of collecting different monitoring data for the devices to be monitored of different device types.
It should be understood that the device type includes at least one of the following: a network device, a security device, a host device, or a server.
In one possible case, the plurality of devices to be monitored are devices of the same type, and the risk management device monitors the plurality of devices to be monitored of the same type to obtain monitoring data of the same type.
Taking the example that the device types of the plurality of devices to be monitored are network devices, and the plurality of devices to be monitored are specifically network device a, network device B, and network device C, fig. 4 shows another display interface 400 of the risk management device. As shown in fig. 4, the display interface 400 shows monitoring data corresponding to the network device a, the network device B, and the network device C, respectively. The monitoring data includes a central processing unit (central processing unit, CPU) usage, a memory occupancy, a disk usage, a connection number, a system disk usage, and a traffic corresponding to each network device.
In another possible implementation manner, the plurality of devices to be monitored include different types of devices, and the risk management device may monitor the plurality of different types of devices to be monitored to obtain different types of monitoring data.
Taking the example that the device types of the plurality of devices to be monitored include a network device and a security device, and the plurality of devices to be monitored are specifically a network device a, a network device B, and a security device D, fig. 5 shows yet another display interface 500 of the risk management device. As shown in fig. 5, the display interface 500 shows monitoring data corresponding to the network device a, the network device B, and the security device D, respectively. The category of monitoring data varies from device type to device type. The monitoring data of the network device A and the network device B comprise CPU utilization rate, memory occupancy rate, disk utilization rate, connection number and flow, and the monitoring data of the safety device D comprise CPU utilization rate, memory occupancy rate, disk utilization rate, connection number, system disk utilization rate, flow, interface state and device on-line state.
It should be understood that the risk management device may periodically obtain the monitoring data, or may flexibly obtain the monitoring data according to the needs of the staff, which is not limited in the present application.
Fig. 6 shows yet another display interface 600 of a risk management device, in which display interface 600 a worker may enter a device name "a" of the device to be monitored and an IP address "1095.xx1xx" of the device to be monitored, and a monitoring period 5, representing that monitoring data of device a with IP "1095.xx1xx" is acquired every 5 seconds. The risk management device detects an input operation of the worker, thereby acquiring the monitoring data of the device a with the IP address of "1095.xx1xx" at a period of 5 seconds based on the information in the input box.
It should be understood that the above monitoring data, such as CPU usage, memory occupancy, disk usage, connection number, system disk usage, flow, interface status, and on-line status of the device, may be preset in advance, or may be set according to a user requirement, which is not limited in the present application.
Fig. 7 shows a further display interface 700 of the risk management device, in which, in addition to the device name "a" of the device to be monitored and the IP address "1095.xx1xx" of the device to be monitored, and the monitoring period 5, the worker may set the category of the monitoring data, that is, the worker may input the CPU usage, the memory occupancy, the disk usage, the system disk usage, the connection number, and the flow rate, which means that the CPU usage, the memory occupancy, the disk usage, the system disk usage, the connection number, and the flow rate of the device a having the IP of "1095.xx1xx" are acquired at a period of 5 seconds in the monitoring process, and the risk management device detects the input operation of the worker, so that the monitoring data of the device a having the IP address "1095.xx1xx" is acquired at a period of 5 seconds, that is, the CPU usage, the memory occupancy, the disk usage, the connection number, and the flow rate according to the information in the input frame.
Optionally, after acquiring the monitoring data, the risk management device may clean, classify, store, merge, mark, etc. the monitoring data for subsequent risk analysis.
And S203, performing risk analysis on the plurality of devices to be monitored by the risk management device based on the monitoring data to obtain a plurality of risk analysis results, wherein the plurality of risk analysis results are used for representing the risk level of each device to be monitored in the plurality of devices to be monitored, and the risk level comprises critical, high-risk, medium-risk and low-risk.
Specifically, the risk management device may perform risk analysis on each device to be monitored in the multiple devices to be monitored based on the monitored data such as the CPU usage rate, the memory occupancy rate, the disk usage rate, the system disk usage rate, the connection number, the flow, the interface state, or the device on-line state, to obtain a risk level of each device to be monitored.
Alternatively, the risk management device may display the risk analysis result in a chart or a list, which is not limited by the present application.
S204, the risk management equipment selects a risk analysis result meeting a preset reporting rule from the multiple risk analysis results and reports the risk analysis result.
It should be understood that the preset reporting rules include: preset IP address, preset time period, preset risk level, or preset data source.
Taking the example that the preset risk level is the medium risk and the high risk as an example, in the example of fig. 4, it is assumed that the risk level of the network device a is the medium risk, the risk level of the network device B is low, the risk level of the network device C is the high risk, and the risk management device may report the risk level of the network device a and the risk of the network device C. For example, the risk management device may report the device names, IP addresses, and risk levels of the network device a and the network device C, respectively.
Optionally, the risk management device may further take corresponding measures to intervene based on the risk analysis result meeting the preset reporting rule, so as to reduce the security risk.
In the embodiment of the application, the risk management equipment can obtain the monitoring data by monitoring the equipment to be monitored, and perform risk analysis on the corresponding equipment to be monitored based on the monitoring data to obtain and display a plurality of risk analysis results, wherein the plurality of risk analysis results are used for representing the risk grade of each equipment to be monitored in the plurality of equipment to be monitored, namely the application can perform unified risk management on the equipment, thereby improving the security of a network system.
Optionally, the risk management device may further store log data generated in the monitoring process of the device to be monitored, so as to facilitate subsequent retrieval and use.
It should be understood that the risk management device may provide different ways of retrieving in the face of users of different roles, as the application is not limited in this regard.
For example, a non-security risk analyst may use an interactive shortcut search, such as through a selection, drag operation, to complete retrieval of log data. The security risk analysis personnel can use an advanced search mode, such as providing data analysis and data mining functions of structured query sentences (structured query language, SQL), so that the security risk analysis personnel can be effectively assisted to trace the source and draw a complete monitoring event portrait.
It should be understood that the sequence numbers of the above processes do not mean the order of execution, and the execution order of the processes should be determined by the functions and internal logic of the processes, and should not be construed as limiting the implementation process of the embodiments of the present application.
In order to implement the functions in the method provided by the embodiment of the present application, the risk management device may include a hardware structure and/or a software module, and implement the functions in the form of a hardware structure, a software module, or a hardware structure plus a software module. Some of the functions described above are performed in a hardware configuration, a software module, or a combination of hardware and software modules, depending on the specific application of the solution and design constraints.
The risk management method provided by the embodiment of the present application is described in detail above with reference to fig. 1 to fig. 7, and the risk management device provided by the embodiment of the present application is described in detail below with reference to fig. 8 and fig. 9.
Fig. 8 shows a risk management device 800 provided by an embodiment of the present application, including: an acquisition module 801 and a processing module 802.
Wherein, the acquisition module 801 is configured to: acquiring device names and Internet Protocol (IP) addresses of a plurality of devices to be monitored; the processing module 802 is configured to: monitoring the plurality of devices to be monitored based on a preset monitoring rule to obtain monitoring data, wherein the preset monitoring rule comprises the steps of collecting different monitoring data for the devices to be monitored of different device types; based on the monitoring data, performing risk analysis on the plurality of devices to be monitored to obtain a plurality of risk analysis results, wherein the plurality of risk analysis results are used for representing the risk level of each device to be monitored in the plurality of devices to be monitored, and the risk level comprises critical, high-risk, medium-risk and low-risk; and selecting a risk analysis result meeting a preset reporting rule from the multiple risk analysis results and reporting the risk analysis result.
Optionally, the preset reporting rule includes: preset IP address, preset time period, preset risk level, or preset data source.
Optionally, the monitoring data includes at least one of: CPU utilization, memory occupancy, disk utilization, system disk utilization, connection number, traffic, interface status, or device on-line status.
Optionally, the above device types include at least one of: a network device, a security device, a host device, or a server.
It should be appreciated that the apparatus 800 herein is embodied in the form of functional modules. The term module herein may refer to an application specific integrated circuit (application specific integrated circuit, ASIC), an electronic circuit, a processor (e.g., a shared, dedicated, or group processor, etc.) and memory that execute one or more software or firmware programs, a combinational logic circuit, and/or other suitable components that support the described functionality. In an alternative example, it will be understood by those skilled in the art that the apparatus 800 may be specifically a risk management device in the foregoing embodiment, or the functions of the risk management device in the foregoing embodiment may be integrated in the apparatus 800, and the apparatus 800 may be configured to perform each flow and/or step corresponding to the risk management device in the foregoing method embodiment, so that repetition is avoided herein. The apparatus 800 has a function of implementing the corresponding steps performed by the risk management device in the method; the above functions may be implemented by hardware, or may be implemented by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.
In an embodiment of the present application, the apparatus 800 in fig. 8 may also be a chip or a chip system, for example: system on chip (SoC).
Fig. 9 illustrates another risk management device 900 provided by an embodiment of the present application. The apparatus 900 includes: processor 901, memory 902, communication interface 903, and bus 904. Wherein the memory 902 is configured to store instructions, and the processor 901 is configured to execute the instructions stored in the memory 902. The processor 901, the memory 902 and the communication interface 903 implement communication connection therebetween through the bus 904.
Wherein, the processor 901 is used for: acquiring device names and Internet Protocol (IP) addresses of a plurality of devices to be monitored; monitoring the plurality of devices to be monitored based on a preset monitoring rule to obtain monitoring data, wherein the preset monitoring rule comprises the steps of collecting different monitoring data for the devices to be monitored of different device types; based on the monitoring data, performing risk analysis on the plurality of devices to be monitored to obtain a plurality of risk analysis results, wherein the plurality of risk analysis results are used for representing the risk level of each device to be monitored in the plurality of devices to be monitored, and the risk level comprises critical, high-risk, medium-risk and low-risk; and selecting and reporting risk analysis results meeting preset reporting rules from the multiple risk analysis results.
Optionally, the preset reporting rule includes: preset IP address, preset time period, preset risk level, or preset data source.
Optionally, the monitoring data includes at least one of: CPU utilization, memory occupancy, disk utilization, system disk utilization, connection number, traffic, interface status, or device on-line status.
Optionally, the above device types include at least one of: a network device, a security device, a host device, or a server.
It should be understood that the apparatus 900 may be specifically a risk management device in the foregoing embodiment, or the functions of the risk management device in the foregoing embodiment may be integrated in the apparatus 900, and the apparatus 900 may be configured to perform the steps and/or flows corresponding to the risk management device in the foregoing method embodiment. The memory 903 may optionally include read-only memory and random access memory, and provide instructions and data to the processor. A portion of the memory may also include non-volatile random access memory. For example, the memory may also store information of the device type. The processor 901 may be configured to execute instructions stored in the memory, and when the processor executes the instructions, the processor may perform the steps and/or processes corresponding to the risk management device in the above-described method embodiments.
It should be appreciated that in embodiments of the present application, the processor may be a central processing unit (Central Processing Unit, CPU), the processor may also be other general purpose processors, digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The steps of a method disclosed in connection with the embodiments of the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in the processor for execution. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor executes instructions in the memory to perform the steps of the method described above in conjunction with its hardware. To avoid repetition, a detailed description is not provided herein.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (8)
1. A method of risk management, comprising:
responding to the input operation of a user in an input box of a display interface;
acquiring device names and Internet Protocol (IP) addresses of a plurality of devices to be monitored according to the information in the input box;
monitoring the plurality of devices to be monitored based on a preset monitoring rule, obtaining monitoring data, and displaying the monitoring data on the display interface, wherein the preset monitoring rule comprises the step of collecting different monitoring data for the devices to be monitored of different device types;
based on the monitoring data, performing risk analysis on the plurality of devices to be monitored to obtain a plurality of risk analysis results, wherein the plurality of risk analysis results are used for representing the risk level of each device to be monitored in the plurality of devices to be monitored, and the risk level comprises critical, high-risk, medium-risk and low-risk;
selecting a risk analysis result meeting a preset reporting rule from the multiple risk analysis results and reporting the risk analysis result;
taking corresponding measures to intervene based on risk analysis results meeting the preset reporting rules;
the preset reporting rule comprises the following steps: preset IP address, preset time period, preset risk level, or preset data source;
the monitoring of the plurality of devices to be monitored based on the preset monitoring rule to obtain monitoring data further comprises:
setting the category of the monitoring data, and acquiring the monitoring data with the set category according to a preset monitoring period;
the method further comprises;
storing log data generated in the monitoring process of the equipment to be monitored so as to facilitate subsequent retrieval and use, wherein users with different roles adopt different retrieval modes, and if the users are non-security risk analyzers, the users adopt an interactive shortcut search mode for retrieval; and if the user is a security risk analysis personnel, searching by adopting a structured query statement.
2. The method of claim 1, wherein the monitoring data comprises at least one of:
CPU utilization, memory occupancy, disk utilization, system disk utilization, connection number, traffic, interface status, or device on-line status.
3. The method according to any one of claims 1 to 2, wherein the device type comprises at least one of:
a network device, a security device, a host device, or a server.
4. A risk management device, comprising:
the acquisition module is used for acquiring the device names and the Internet Protocol (IP) addresses of the devices to be monitored;
the processing module is used for monitoring the plurality of devices to be monitored based on a preset monitoring rule, acquiring monitoring data and displaying the monitoring data on a display interface, wherein the preset monitoring rule comprises the step of collecting different monitoring data for the devices to be monitored of different device types; based on the monitoring data, performing risk analysis on the plurality of devices to be monitored to obtain a plurality of risk analysis results, wherein the plurality of risk analysis results are used for representing the risk level of each device to be monitored in the plurality of devices to be monitored, and the risk level comprises critical, high-risk, medium-risk and low-risk; and selecting a risk analysis result meeting a preset reporting rule from the multiple risk analysis results and reporting the risk analysis result;
the preset reporting rule comprises the following steps:
preset IP address, preset time period, preset risk level, or preset data source;
the processing module is specifically configured to set the category of the monitoring data, and acquire the monitoring data with the set category according to a preset monitoring period;
the acquired module is specifically used for responding to the input operation of a user in an input box of the display interface;
acquiring device names and Internet Protocol (IP) addresses of a plurality of devices to be monitored according to the information in the input box
The processing module is further used for taking corresponding measures to intervene based on risk analysis results meeting the preset reporting rules;
storing log data generated in the monitoring process of the equipment to be monitored so as to facilitate subsequent retrieval and use, wherein users with different roles adopt different retrieval modes, and if the users are non-security risk analyzers, the users adopt an interactive shortcut search mode for retrieval; and if the user is a security risk analysis personnel, searching by adopting a structured query statement.
5. The apparatus of claim 4, wherein the monitoring data comprises at least one of:
CPU utilization, memory occupancy, disk utilization, system disk utilization, connection number, traffic, interface status, or device on-line status.
6. The apparatus of claim 4, wherein the device type comprises at least one of:
a network device, a security device, a host device, or a server.
7. A risk management device, comprising: a processor coupled to a memory for storing a computer program, which when invoked by the processor, causes the apparatus to perform the risk management method of any one of claims 1 to 2.
8. A computer readable storage medium storing a computer program comprising instructions for implementing the risk management method of any one of claims 1 to 2.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210036448.3A CN114513334B (en) | 2022-01-13 | 2022-01-13 | Risk management method and risk management device |
| PCT/CN2022/130832 WO2023134285A1 (en) | 2022-01-13 | 2022-11-09 | Risk management method and risk management apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210036448.3A CN114513334B (en) | 2022-01-13 | 2022-01-13 | Risk management method and risk management device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114513334A CN114513334A (en) | 2022-05-17 |
| CN114513334B true CN114513334B (en) | 2023-11-28 |
Family
ID=81549104
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210036448.3A Active CN114513334B (en) | 2022-01-13 | 2022-01-13 | Risk management method and risk management device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN114513334B (en) |
| WO (1) | WO2023134285A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114513334B (en) * | 2022-01-13 | 2023-11-28 | 卡奥斯工业智能研究院(青岛)有限公司 | Risk management method and risk management device |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104009883A (en) * | 2014-05-09 | 2014-08-27 | 烽火通信科技股份有限公司 | Computer resource centralized remote real-time monitoring system and method |
| CN105407011A (en) * | 2015-10-26 | 2016-03-16 | 贵州电网公司信息通信分公司 | IT base platform monitoring index acquisition system and acquisition method |
| CN109462621A (en) * | 2019-01-10 | 2019-03-12 | 国网浙江省电力有限公司杭州供电公司 | Network safety protective method, device and electronic equipment |
| CN110163621A (en) * | 2018-02-10 | 2019-08-23 | 广州供电局有限公司 | A kind of electric power customer service big data DSS |
| CN111563018A (en) * | 2020-04-28 | 2020-08-21 | 北京航空航天大学 | Resource management and monitoring method of man-machine-object fusion cloud computing platform |
| CN112073389A (en) * | 2020-08-21 | 2020-12-11 | 苏州浪潮智能科技有限公司 | Cloud host security situation awareness system, method, device and storage medium |
| CN112667475A (en) * | 2020-12-30 | 2021-04-16 | 广州力挚网络科技有限公司 | Risk notification method and device, electronic equipment and storage medium |
| CN113467885A (en) * | 2021-06-25 | 2021-10-01 | 合肥供水集团有限公司 | Equipment operation and maintenance monitoring system |
| CN113556348A (en) * | 2021-07-23 | 2021-10-26 | 中能融合智慧科技有限公司 | Server asset management system based on integrated monitoring |
| CN113642919A (en) * | 2021-08-27 | 2021-11-12 | 上海掌门科技有限公司 | Risk control method, electronic device, and storage medium |
| CN113704636A (en) * | 2021-08-23 | 2021-11-26 | 福建亿榕信息技术有限公司 | Fused media public opinion analysis method based on information dissemination |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10460103B2 (en) * | 2016-09-20 | 2019-10-29 | International Business Machines Corporation | Security for devices connected to a network |
| US20190311438A1 (en) * | 2018-04-06 | 2019-10-10 | Traffk, Llc | Insurance risk evaluation systems and methods |
| CN109361713A (en) * | 2018-12-17 | 2019-02-19 | 深信服科技股份有限公司 | Internet risk monitoring and control method, apparatus, equipment and storage medium |
| CN110430225A (en) * | 2019-09-16 | 2019-11-08 | 杭州安恒信息技术股份有限公司 | A kind of industrial equipment monitoring and managing method, device, equipment and readable storage medium storing program for executing |
| CN114513334B (en) * | 2022-01-13 | 2023-11-28 | 卡奥斯工业智能研究院(青岛)有限公司 | Risk management method and risk management device |
-
2022
- 2022-01-13 CN CN202210036448.3A patent/CN114513334B/en active Active
- 2022-11-09 WO PCT/CN2022/130832 patent/WO2023134285A1/en unknown
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104009883A (en) * | 2014-05-09 | 2014-08-27 | 烽火通信科技股份有限公司 | Computer resource centralized remote real-time monitoring system and method |
| CN105407011A (en) * | 2015-10-26 | 2016-03-16 | 贵州电网公司信息通信分公司 | IT base platform monitoring index acquisition system and acquisition method |
| CN110163621A (en) * | 2018-02-10 | 2019-08-23 | 广州供电局有限公司 | A kind of electric power customer service big data DSS |
| CN109462621A (en) * | 2019-01-10 | 2019-03-12 | 国网浙江省电力有限公司杭州供电公司 | Network safety protective method, device and electronic equipment |
| CN111563018A (en) * | 2020-04-28 | 2020-08-21 | 北京航空航天大学 | Resource management and monitoring method of man-machine-object fusion cloud computing platform |
| CN112073389A (en) * | 2020-08-21 | 2020-12-11 | 苏州浪潮智能科技有限公司 | Cloud host security situation awareness system, method, device and storage medium |
| CN112667475A (en) * | 2020-12-30 | 2021-04-16 | 广州力挚网络科技有限公司 | Risk notification method and device, electronic equipment and storage medium |
| CN113467885A (en) * | 2021-06-25 | 2021-10-01 | 合肥供水集团有限公司 | Equipment operation and maintenance monitoring system |
| CN113556348A (en) * | 2021-07-23 | 2021-10-26 | 中能融合智慧科技有限公司 | Server asset management system based on integrated monitoring |
| CN113704636A (en) * | 2021-08-23 | 2021-11-26 | 福建亿榕信息技术有限公司 | Fused media public opinion analysis method based on information dissemination |
| CN113642919A (en) * | 2021-08-27 | 2021-11-12 | 上海掌门科技有限公司 | Risk control method, electronic device, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114513334A (en) | 2022-05-17 |
| WO2023134285A1 (en) | 2023-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107809331B (en) | Method and device for identifying abnormal flow | |
| CN112311617A (en) | Configured data monitoring and alarming method and system | |
| CN112615742A (en) | Method, device, equipment and storage medium for early warning | |
| CN112714125B (en) | System safety monitoring method and device, storage medium and electronic equipment | |
| CN115396289B (en) | Fault alarm determining method and device, electronic equipment and storage medium | |
| CN114513334B (en) | Risk management method and risk management device | |
| CN115509797A (en) | Method, device, equipment and medium for determining fault category | |
| CN112948224A (en) | Data processing method, device, terminal and storage medium | |
| CN112256548B (en) | Abnormal data monitoring method and device, server and storage medium | |
| CN113312321A (en) | Abnormal monitoring method for traffic and related equipment | |
| CN116471174B (en) | Log data monitoring system, method, device and storage medium | |
| CN110535972B (en) | Centralized control and communication system, equipment and readable storage medium for platform gas detection equipment | |
| CN117271177A (en) | Root cause positioning method and device based on link data, electronic equipment and storage medium | |
| CN113448795A (en) | Method, apparatus and computer program product for obtaining system diagnostic information | |
| CN110943887A (en) | Probe scheduling method, device, equipment and storage medium | |
| CN113535458B (en) | Abnormal false alarm processing method and device, storage medium and terminal | |
| CN113342619A (en) | Log monitoring method and system, electronic device and readable medium | |
| US9396083B2 (en) | Computer system processes | |
| CN116401138B (en) | Operating system running state detection method and device, electronic equipment and medium | |
| CN114885231B (en) | Communication protocol self-adaptive signal acquisition method, system, terminal and medium | |
| CN116185856A (en) | Software system health detection method, device, storage medium and equipment | |
| CN114253593A (en) | Information feedback method and device of application program, terminal equipment and storage medium | |
| CN117131453A (en) | Abnormality diagnosis method and device, electronic equipment and storage medium | |
| CN117749614A (en) | Protocol rule determining method and device, electronic equipment and storage medium | |
| CN116366420A (en) | Log monitoring method, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 266000 No. 1, Minshan Road, Qingdao area, China (Shandong) pilot Free Trade Zone, Qingdao, Shandong Applicant after: CAOS industrial Intelligence Research Institute (Qingdao) Co.,Ltd. Applicant after: Kaos Digital Technology (Qingdao) Co.,Ltd. Applicant after: Karos IoT Technology Co.,Ltd. Address before: 266555 room 257, management committee of Sino German ecological park, 2877 Tuanjie Road, Huangdao District, Qingdao City, Shandong Province Applicant before: QINGDAO HAIER INDUSTRIAL INTELLIGENCE RESEARCH INSTITUTE Co.,Ltd. Applicant before: Haier digital technology (Qingdao) Co.,Ltd. Applicant before: Haier Kaos IOT Technology Co.,Ltd. Address after: 266555 room 257, management committee of Sino German ecological park, 2877 Tuanjie Road, Huangdao District, Qingdao City, Shandong Province Applicant after: QINGDAO HAIER INDUSTRIAL INTELLIGENCE RESEARCH INSTITUTE Co.,Ltd. Applicant after: Haier digital technology (Qingdao) Co.,Ltd. Applicant after: Haier Kaos IOT Technology Co.,Ltd. Address before: 266555 room 257, management committee of Sino German ecological park, 2877 Tuanjie Road, Huangdao District, Qingdao City, Shandong Province Applicant before: QINGDAO HAIER INDUSTRIAL INTELLIGENCE RESEARCH INSTITUTE Co.,Ltd. Applicant before: Haier digital technology (Qingdao) Co.,Ltd. Applicant before: Haier CAOS IOT Ecological Technology Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |