CN115455475B - Vulnerability library establishment method and related equipment - Google Patents
Vulnerability library establishment method and related equipment Download PDFInfo
- Publication number
- CN115455475B CN115455475B CN202211127096.9A CN202211127096A CN115455475B CN 115455475 B CN115455475 B CN 115455475B CN 202211127096 A CN202211127096 A CN 202211127096A CN 115455475 B CN115455475 B CN 115455475B
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- document
- cloud platform
- information
- party cloud
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000004220 aggregation Methods 0.000 claims abstract description 61
- 230000002776 aggregation Effects 0.000 claims abstract description 61
- 238000004590 computer program Methods 0.000 claims description 20
- 238000003860 storage Methods 0.000 claims description 15
- 238000013507 mapping Methods 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 abstract description 8
- 238000007726 management method Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 12
- 238000012545 processing Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 238000004140 cleaning Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013523 data management Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000033772 system development Effects 0.000 description 2
- 230000004931 aggregating effect Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009193 crawling Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6272—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a vulnerability database building method, which comprises the following steps: obtaining vulnerability information; determining an AGG aggregation data table based on the vulnerability information; sending the AGG aggregation data table to a third party cloud platform, and generating a vulnerability document through the third party cloud platform, wherein the third party cloud platform is a document online writing platform; and sending the vulnerability document to a vulnerability database system. In the embodiment of the application, the working content for generating the vulnerability document is transferred to the third-party cloud platform, and the third-party cloud platform can automatically generate the vulnerability document only by supervising the AGG aggregation data table. Therefore, the front-end maintenance can be performed by the third-party cloud platform, the maintenance cost of the system and the workload of network security management personnel can be reduced, and the operation cost of a network security department can be further reduced.
Description
Technical Field
The present invention relates to the field of computer network security technologies, and in particular, to a vulnerability database establishment method and related devices.
Background
Vulnerabilities are defects in the specific implementation of software, hardware and protocols or system security policies, which result in that an attacker can access the system without authorization, even destroy the system, and have a great impact on network security. In order to record and solve various vulnerabilities, a network security department establishes a vulnerability database to store basic information, characteristics, solutions and other contents of various security vulnerabilities, which is an important ring in information security infrastructure.
However, the current vulnerability library is built and maintained by each network security management department, and usually, the system development is completed by each network security management department, so that the front-end display layer and the background data management layer both need to be developed and maintained by a system administrator, and further, the problems of high operation cost of the network security management departments, complex maintenance operation of the administrator and the like are caused.
Disclosure of Invention
The invention provides a vulnerability database establishing method, which aims to solve the problems that the operation cost and the workload of a network security management department are large because the prior vulnerability database needs to be established and maintained by a system which is developed by a user, and the front-end display and the background data management need to be cooperatively maintained.
In a first aspect, the present invention provides a vulnerability library establishment method, including:
obtaining vulnerability information;
determining an AGG aggregation data table based on the vulnerability information;
sending the AGG aggregation data table to a third party cloud platform, and generating a vulnerability document through the third party cloud platform, wherein the third party cloud platform is a document online writing platform;
and sending the vulnerability document to a vulnerability database system.
Optionally, the determining, based on the vulnerability information, an AGG aggregate data table includes:
analyzing the vulnerability information based on a target data format;
and storing the resolved vulnerability information into the AGG aggregation data table.
Optionally, the sending the AGG aggregate data table to a third party cloud platform, and generating the vulnerability document through the third party cloud platform includes:
sending document creation request information to the third party cloud platform, wherein the document creation request information comprises a document creation format;
sending the target vulnerability information in the AGG aggregation data table to the third party cloud platform;
and generating a vulnerability document of the target vulnerability information through the third party cloud platform based on the target vulnerability information and the document creation format.
Optionally, the method further comprises:
and acquiring a return result of the vulnerability document sent by the third-party cloud platform, wherein the return result comprises access address information of the vulnerability document.
Optionally, the method further comprises:
determining an index type of the vulnerability document;
determining index information of vulnerability information associated with the vulnerability document based on the index type;
and establishing a vulnerability information index table according to the mapping relation between the index information and the access address information.
Optionally, the storing the parsed vulnerability information in the AGG aggregate data table includes:
acquiring a historical AGG aggregation data table;
based on the resolved vulnerability information, acquiring a CVE number of the vulnerability information;
and under the condition that the CVE number in the historical AGG aggregation data table comprises the CVE number of the vulnerability information, merging the analyzed vulnerability information into AGG aggregation data corresponding to the CVE number of the vulnerability information in the historical AGG aggregation data table, and acquiring an updated AGG aggregation data table.
Optionally, the method further comprises:
and storing the parsed vulnerability information into the historical AGG aggregation data table to acquire the updated AGG aggregation data table when the CVE number in the historical AGG aggregation data table does not comprise the CVE number of the vulnerability information or the CVE number does not exist in the vulnerability information.
In a second aspect, the present invention further provides a vulnerability library building device, including:
the acquisition module is used for acquiring vulnerability information;
the determining module is used for determining an AGG aggregation data table based on the vulnerability information;
the file generation module is used for sending the AGG aggregation data table to a third party cloud platform and generating a vulnerability file through the third party cloud platform, wherein the third party cloud platform is a file online writing platform;
and the sending module is used for sending the vulnerability document to a vulnerability library system.
In a third aspect, the present invention further provides an electronic device, including a memory, and a processor, where the processor is configured to implement the steps of the vulnerability library building method according to any one of the first aspect when executing a computer program stored in the memory.
In a fourth aspect, the present invention also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the vulnerability library creation method of any of the first aspects above.
As can be seen from the above technical solutions, the present invention provides a vulnerability database establishment method, which includes: obtaining vulnerability information; determining an AGG aggregation data table based on the vulnerability information; sending the AGG aggregation data table to a third party cloud platform, and generating a vulnerability document through the third party cloud platform, wherein the third party cloud platform is a document online writing platform; and sending the vulnerability document to a vulnerability database system. Because the current vulnerability library is built and maintained by each network security management department, the system development is usually completed by each network security management department, so that a front-end display layer and a background data management layer both need to be developed and maintained by a system administrator, and further the problems of high operation cost of the network security management departments, complex maintenance operation of the administrator and the like are caused. In the embodiment of the application, the working content for generating the vulnerability document is transferred to the third-party cloud platform, and the third-party cloud platform can automatically generate the vulnerability document only by supervising the AGG aggregation data table. Therefore, the front-end maintenance can be performed by the third-party cloud platform, the maintenance cost of the system and the workload of network security management personnel can be reduced, and the operation cost of a network security department can be further reduced.
Drawings
In order to more clearly illustrate the technical solutions of the present application, the drawings that are needed in the embodiments will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
FIG. 1 is a schematic flow chart of a vulnerability database establishment method provided in an embodiment of the present application;
fig. 2 is a schematic structural diagram of a vulnerability library establishment apparatus provided in an embodiment of the present application;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The embodiments described in the examples below do not represent all embodiments consistent with the present application. Merely as examples of systems and methods consistent with some aspects of the present application as detailed in the claims. In the several embodiments provided in the embodiments of the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners, and the apparatus embodiments described below are merely exemplary.
As shown in fig. 1, an embodiment of the present application provides a method for establishing a vulnerability database, and fig. 1 is a method for establishing a vulnerability database, where the method includes:
step S110, obtaining vulnerability information.
For example, vulnerability data shared by an official vulnerability website may be obtained, where the official vulnerability website may include a CVE official network, a CNNVD official network, and a CNVD official network, and text files containing the vulnerability data in formats of csv, xml, and the like may be downloaded on the official vulnerability website. The crawler can be used for crawling the vulnerability information web pages from other security websites or vulnerability libraries to obtain vulnerability information. Vulnerability information can also be studied autonomously by network security administrators.
And step S120, determining an AGG aggregation data table based on the vulnerability information.
For example, the AGG aggregate data table may include: ID, vulnerability number, cve_id, cnvd_id, title, english description, chinese description, related links, affected product, patch information, process advice, hazard level, POC information, etc. The AGG aggregate data table can be stored in a local system to view information in a network-free environment.
Step S130, the AGG aggregation data table is sent to a third party cloud platform, and a vulnerability document is generated through the third party cloud platform, wherein the third party cloud platform is a document online writing platform.
For example, through a scripting language, such as python, the AGG aggregate data table may be read, and a document writing instruction may be sent to the third party cloud platform. The vulnerability document can be read through the web or through the API.
And step 140, transmitting the vulnerability document to a vulnerability database system.
By transferring the work content for generating the vulnerability document to the third party cloud platform, the third party cloud platform can automatically generate the vulnerability document only by supervising the AGG aggregation data table. Therefore, the front-end maintenance can be performed by the third-party cloud platform, the maintenance cost of the system and the workload of network security management personnel can be reduced, and the operation cost of a network security department can be further reduced.
According to some embodiments, determining the AGG aggregate data table based on the vulnerability information includes:
analyzing the vulnerability information based on a target data format;
and storing the resolved vulnerability information into the AGG aggregation data table.
For example, the vulnerability information may be parsed by compiling a script, reading the vulnerability information, and storing the parsed vulnerability information and a data source associated with the vulnerability information in a target data format to a database. Wherein, the script may be python and the database may be a MongoDB database. And performing data cleaning on the database according to a preset cleaning format based on the vulnerability information in the database, wherein the preset cleaning format is a format for covering all information contained in the vulnerability. And aggregating the cleaned vulnerability information based on an AGG aggregation operation method to obtain the AGG aggregation data table.
Analyzing the vulnerability information in a target data format, and storing the analyzed vulnerability information in an AGG aggregation data table, so that the format of the AGG aggregation data table can be unified, a third-party cloud platform can conveniently read data, and the establishment efficiency of a vulnerability database can be improved.
According to some embodiments, the sending the AGG aggregate data table to a third party cloud platform, and generating the vulnerability document by the third party cloud platform, includes:
transmitting document creation request information to the third party cloud platform, wherein the document creation request information comprises a document creation format;
transmitting the target vulnerability information in the AGG aggregation data table to the third party cloud platform;
and generating a vulnerability document of the target vulnerability information through the third party cloud platform based on the target vulnerability information and the document creation format.
The document creation request information may be an API request, for example. The target vulnerability information is vulnerability information needed to be created by the document. The file creation format can be set by a network security manager based on management requirements, and can also be determined by collecting the use condition of the network security manager on vulnerability information through a flow collection technology and analyzing the use condition.
Based on the file creation format, the third party cloud platform is used for generating the vulnerability file of the target vulnerability information, so that the usefulness and the integrity of the vulnerability information in the vulnerability file can be improved, network security management personnel can conveniently extract and search the vulnerability information, and the quality of the data information in the vulnerability database can be improved.
According to some embodiments, the above method further comprises:
and acquiring a return result of the vulnerability document sent by the third-party cloud platform, wherein the return result comprises access address information of the vulnerability document.
For example, a return instruction may be sent to the third party cloud platform, and the third party cloud platform may send a return result associated with the vulnerability document while generating the vulnerability document based on the return instruction. The returned result may include at least one of web access URL information, API access interface information, and vulnerability document ID of the vulnerability document. An access link associated with the vulnerability document may be established based on the access address information of the vulnerability document, and by entering the access link, a web page of the vulnerability document may be directly entered.
By acquiring the access address information of the vulnerability document sent by the third-party cloud platform, network security management personnel can search the vulnerability document conveniently, and the working efficiency of the security management personnel can be improved.
According to some embodiments, the above method further comprises:
determining the index type of the vulnerability document;
determining index information of vulnerability information associated with the vulnerability document based on the index type;
and establishing a vulnerability information index table according to the mapping relation between the index information and the access address information.
By way of example, the index types may include information such as a vulnerability document number and vulnerability document version.
By establishing the vulnerability information index table, information reading by a vulnerability document information user can be facilitated, a target vulnerability document can be determined directly based on at least one of the number and version information of the vulnerability document, access address information of the target vulnerability document can be obtained directly based on the vulnerability information index table, the target vulnerability document can be read directly through the access address, and therefore the use efficiency and practicality of a vulnerability database can be improved.
According to some embodiments, the storing the parsed vulnerability information in the AGG aggregate data table includes:
acquiring a historical AGG aggregation data table;
based on the resolved vulnerability information, acquiring a CVE number of the vulnerability information;
and when the CVE number in the historical AGG aggregation data table comprises the CVE number of the vulnerability information, merging the analyzed vulnerability information into AGG aggregation data corresponding to the CVE number of the vulnerability information in the historical AGG aggregation data table, and acquiring an updated AGG aggregation data table.
Under the condition that the hole information is updated by the loophole network, the situation that the data of the loophole information determined based on the same CVE number is changed possibly occurs, and if the complete loophole information comprising the CVE number is stored in the AGG aggregation data table, the situation that two pieces of AGG aggregation data information simultaneously occur under the same CVE number possibly occurs, so that the information complexity in the AGG aggregation data table is improved, and the situation that reading is not facilitated is caused. Therefore, by combining the vulnerability information under the same CVE number, the data quality in the AGG aggregation data table can be improved, and the readability of the vulnerability information can be improved.
According to some embodiments, the above method further comprises:
and when the CVE number in the historical AGG aggregation data table does not comprise the CVE number of the vulnerability information or the CVE number does not exist in the vulnerability information, storing the analyzed vulnerability information into the historical AGG aggregation data table, and acquiring the updated AGG aggregation data table.
And when the CVE number in the historical AGG aggregate data table does not comprise the CVE number of the vulnerability information or the CVE number does not exist in the vulnerability information, indicating that the historical AGG aggregate data table does not exist in the target CVE number, and creating new AGG aggregate data based on the target CVE information is needed. Therefore, the analyzed vulnerability information is stored in the historical AGG aggregation data table, so that the vulnerability information richness of the AGG aggregation data table can be improved, and the comprehensiveness of the vulnerability information is improved.
As shown in fig. 2, fig. 2 is a schematic structural diagram of a vulnerability database building apparatus provided in an embodiment of the present application.
The embodiment of the application provides a vulnerability library establishment device 200, which comprises:
an obtaining module 201, configured to obtain vulnerability information;
a determining module 202, configured to determine an AGG aggregate data table based on the vulnerability information;
the document generation module 203 is configured to send the AGG aggregate data table to a third party cloud platform, and generate a vulnerability document through the third party cloud platform, where the third party cloud platform is a document online writing platform;
and the sending module 204 is configured to send the vulnerability document to a vulnerability database system.
The vulnerability database establishment apparatus 200 can implement each process implemented in the method embodiment of fig. 1, and in order to avoid repetition, a description thereof will be omitted.
Referring to fig. 3, fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
The embodiment of the present application provides an electronic device 300, including a memory 310, a processor 320, and a computer program 311 stored in the memory 310 and executable on the processor 320, wherein the processor 320 implements the following steps when executing the computer program 311:
obtaining vulnerability information;
determining an AGG aggregation data table based on the vulnerability information;
sending the AGG aggregation data table to a third party cloud platform, and generating a vulnerability document through the third party cloud platform, wherein the third party cloud platform is a document online writing platform;
and sending the vulnerability document to a vulnerability database system.
In a specific implementation, when the processor 320 executes the computer program 311, any implementation manner of the embodiment corresponding to fig. 1 may be implemented.
Since the electronic device described in this embodiment is a device for implementing an apparatus in this embodiment, based on the method described in this embodiment, those skilled in the art can understand the specific implementation of the electronic device in this embodiment and various modifications thereof, so how to implement the method in this embodiment for this electronic device will not be described in detail herein, and as long as those skilled in the art implement the device for implementing the method in this embodiment for this application, all fall within the scope of protection intended by this application.
As shown in fig. 4, fig. 4 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present application.
The present embodiment provides a computer readable storage medium 400 having stored thereon a computer program 411, which computer program 411 when executed by a processor realizes the steps of:
obtaining vulnerability information;
determining an AGG aggregation data table based on the vulnerability information;
sending the AGG aggregation data table to a third party cloud platform, and generating a vulnerability document through the third party cloud platform, wherein the third party cloud platform is a document online writing platform;
and sending the vulnerability document to a vulnerability database system.
In the foregoing embodiments, the descriptions of the embodiments are focused on, and for those portions of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Embodiments of the present application also provide a computer program product comprising computer software instructions that, when run on a processing device, cause the processing device to perform a flow in a vulnerability library creation method as in the corresponding embodiment of fig. 1.
The computer program product described above includes one or more computer instructions. When the above-described computer program instructions are loaded and executed on a computer, the processes or functions described in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, from one website, computer, server, or data center by wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer readable storage medium may be any available medium that can be stored by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a Solid State Disk (SSD)), or the like.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
In the several embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the above-described division of units is merely a logical function division, and there may be another division manner in actual implementation, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units described above, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution, in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the above-described method of the various embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In summary, the above embodiments are only for illustrating the technical solution of the present application, and are not limited thereto; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.
Claims (10)
1. The vulnerability library establishing method is characterized by comprising the following steps of:
obtaining vulnerability information;
determining an AGG aggregation data table based on the vulnerability information;
sending the AGG aggregation data table to a third party cloud platform, and generating a vulnerability document through the third party cloud platform, wherein the third party cloud platform is a document online writing platform;
sending the vulnerability document to a vulnerability library system through the third party cloud platform;
generating an online access address associated with the vulnerability document through the third party cloud platform, and sending the online access address to the vulnerability library system, wherein the online access address is used for accessing the vulnerability document online;
wherein the generating the vulnerability document by the third party cloud platform comprises:
transmitting a document creation format to the third party cloud platform;
and generating the vulnerability document based on the document creation format and the vulnerability information through the third party cloud platform.
2. The method of claim 1, wherein the determining an AGG aggregate data table based on the vulnerability information comprises:
analyzing the vulnerability information based on a target data format;
and storing the resolved vulnerability information into the AGG aggregation data table.
3. The method of claim 1, wherein the sending the AGG aggregate data table to a third party cloud platform, generating the vulnerability document by the third party cloud platform, comprises:
sending document creation request information to the third party cloud platform, wherein the document creation request information comprises a document creation format;
sending the target vulnerability information in the AGG aggregation data table to the third party cloud platform;
and generating a vulnerability document of the target vulnerability information through the third party cloud platform based on the target vulnerability information and the document creation format.
4. The method as recited in claim 1, further comprising:
and acquiring a return result of the vulnerability document sent by the third-party cloud platform, wherein the return result comprises access address information of the vulnerability document.
5. The method as recited in claim 4, further comprising:
determining an index type of the vulnerability document;
determining index information of vulnerability information associated with the vulnerability document based on the index type;
and establishing a vulnerability information index table according to the mapping relation between the index information and the access address information.
6. The method of claim 2, wherein storing the parsed vulnerability information to the AGG aggregate data table comprises:
acquiring a historical AGG aggregation data table;
based on the resolved vulnerability information, acquiring a CVE number of the vulnerability information;
and under the condition that the CVE number in the historical AGG aggregation data table comprises the CVE number of the vulnerability information, merging the analyzed vulnerability information into AGG aggregation data corresponding to the CVE number of the vulnerability information in the historical AGG aggregation data table, and acquiring an updated AGG aggregation data table.
7. The method as recited in claim 6, further comprising:
and storing the parsed vulnerability information into the historical AGG aggregation data table to acquire the updated AGG aggregation data table when the CVE number in the historical AGG aggregation data table does not comprise the CVE number of the vulnerability information or the CVE number does not exist in the vulnerability information.
8. A vulnerability database creation apparatus, comprising:
the acquisition module is used for acquiring vulnerability information;
the determining module is used for determining an AGG aggregation data table based on the vulnerability information;
the file generation module is used for sending the AGG aggregation data table to a third party cloud platform and generating a vulnerability file through the third party cloud platform, wherein the third party cloud platform is a file online writing platform;
the first sending module is used for sending the vulnerability document to a vulnerability library system through the third party cloud platform;
the second sending module is used for generating an online access address associated with the vulnerability document through the third-party cloud platform and sending the online access address to the vulnerability library system, wherein the online access address is used for accessing the vulnerability document online;
wherein the generating the vulnerability document by the third party cloud platform comprises:
transmitting a document creation format to the third party cloud platform;
and generating the vulnerability document based on the document creation format and the vulnerability information through the third party cloud platform.
9. An electronic device comprising a memory, a processor, wherein the processor is configured to implement the steps of the vulnerability library building method of any one of claims 1-7 when executing a computer program stored in the memory.
10. A computer-readable storage medium having stored thereon a computer program, characterized by: the computer program, when executed by a processor, implements the steps of the vulnerability library building method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211127096.9A CN115455475B (en) | 2022-09-16 | 2022-09-16 | Vulnerability library establishment method and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211127096.9A CN115455475B (en) | 2022-09-16 | 2022-09-16 | Vulnerability library establishment method and related equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115455475A CN115455475A (en) | 2022-12-09 |
| CN115455475B true CN115455475B (en) | 2023-07-18 |
Family
ID=84304296
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211127096.9A Active CN115455475B (en) | 2022-09-16 | 2022-09-16 | Vulnerability library establishment method and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115455475B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1940951A (en) * | 2005-09-22 | 2007-04-04 | 阿尔卡特公司 | Safety loophole information aggregation |
| CN106407813A (en) * | 2016-05-17 | 2017-02-15 | 北京智言金信信息技术有限公司 | Data normalization processing apparatus and method for heterogeneous vulnerability scanner |
| CN108021663A (en) * | 2017-12-04 | 2018-05-11 | 郑州云海信息技术有限公司 | A kind of method and device to cloud disk operation |
| CN114021156A (en) * | 2022-01-05 | 2022-02-08 | 北京华云安信息技术有限公司 | Method, device and equipment for organizing vulnerability automatic aggregation and storage medium |
-
2022
- 2022-09-16 CN CN202211127096.9A patent/CN115455475B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1940951A (en) * | 2005-09-22 | 2007-04-04 | 阿尔卡特公司 | Safety loophole information aggregation |
| CN106407813A (en) * | 2016-05-17 | 2017-02-15 | 北京智言金信信息技术有限公司 | Data normalization processing apparatus and method for heterogeneous vulnerability scanner |
| CN108021663A (en) * | 2017-12-04 | 2018-05-11 | 郑州云海信息技术有限公司 | A kind of method and device to cloud disk operation |
| CN114021156A (en) * | 2022-01-05 | 2022-02-08 | 北京华云安信息技术有限公司 | Method, device and equipment for organizing vulnerability automatic aggregation and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115455475A (en) | 2022-12-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230353592A1 (en) | Malware spread simulation and visualization for cloud security | |
| CN111522922B (en) | Log information query method and device, storage medium and computer equipment | |
| Ab Rahman et al. | Cloud incident handling and forensic‐by‐design: cloud storage as a case study | |
| US9727407B2 (en) | Log analytics for problem diagnosis | |
| Tien et al. | KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches | |
| CN113315742B (en) | Attack behavior detection method and device and attack detection equipment | |
| CN111104579A (en) | Identification method and device for public network assets and storage medium | |
| CN103095530A (en) | Method and system for sensitive information monitoring and leakage prevention based on front-end gateway | |
| CN115766258B (en) | Multi-stage attack trend prediction method, equipment and storage medium based on causal relationship graph | |
| CN112347165B (en) | Log processing method and device, server and computer readable storage medium | |
| US20180034780A1 (en) | Generation of asset data used in creating testing events | |
| US20120151036A1 (en) | Identifying stray assets in a computing enviroment and responsively taking resolution actions | |
| US10282239B2 (en) | Monitoring method | |
| CN111787030A (en) | Network security inspection method, device, equipment and storage medium | |
| CN110768950A (en) | Permeation instruction sending method and device, storage medium and electronic device | |
| CN106789301A (en) | A kind of method and device of the running log of generation WEB gateways | |
| CN115455475B (en) | Vulnerability library establishment method and related equipment | |
| CN111241547A (en) | Detection method, device and system for unauthorized vulnerability | |
| CN111368231B (en) | Method and device for testing heterogeneous redundancy architecture website | |
| US20220171670A1 (en) | Adaptive log analysis | |
| CN111552956B (en) | Role authority control method and device for background management | |
| CN111290870A (en) | Method and device for detecting abnormity | |
| CN114650152B (en) | Super computing center vulnerability detection method and system | |
| CN113037724B (en) | Method and device for detecting illegal access | |
| TWI726455B (en) | Penetration test case suggestion method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |