CN115801372A - Link tracking method and device - Google Patents

Link tracking method and device Download PDF

Info

Publication number
CN115801372A
CN115801372A CN202211399803.XA CN202211399803A CN115801372A CN 115801372 A CN115801372 A CN 115801372A CN 202211399803 A CN202211399803 A CN 202211399803A CN 115801372 A CN115801372 A CN 115801372A
Authority
CN
China
Prior art keywords
interface
link
target
log information
calling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211399803.XA
Other languages
Chinese (zh)
Inventor
白敏�
万文杰
汪列军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Technology Group Co Ltd
Secworld Information Technology Beijing Co Ltd
Original Assignee
Qianxin Technology Group Co Ltd
Secworld Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qianxin Technology Group Co Ltd, Secworld Information Technology Beijing Co Ltd filed Critical Qianxin Technology Group Co Ltd
Priority to CN202211399803.XA priority Critical patent/CN115801372A/en
Publication of CN115801372A publication Critical patent/CN115801372A/en
Pending legal-status Critical Current

Links

Images

Abstract

The application discloses a link tracking method and a device, relates to the technical field of network security analysis, and mainly aims to improve the efficiency of link tracking; the main technical scheme comprises: acquiring log information corresponding to a target interface in an interface calling link, wherein the interface calling link is used for threat analysis, and the log information is used for recording calling data which is generated when the corresponding target interface is called and is related to the threat analysis; and performing link tracking processing on an interface to be tracked in the target interface based on the call data recorded in the acquired log information.

Description

Link tracking method and device
Technical Field
The present application relates to the field of network security analysis technologies, and in particular, to a link tracking method and apparatus.
Background
With the increasing form of network security, threat analysis on cables has become one of the important tasks for security analysts. Currently, threat analysis is typically performed on threads using interface call links for threat analysis. The interface call link involves interfaces between various different services through which call-to-each other implements threat analysis. During threat analysis, when security analysis personnel obtain data with inaccurate analysis through a threat analysis link, link tracking needs to be carried out on the threat analysis link so as to accurately position which link an interface calls to cause a problem.
Conventional link tracing methods are generally: firstly, a safety analysis person is required to find an interface which needs to be analyzed currently through a positioning service code, then data returned by a request interface is simulated, and whether the returned data is abnormal or not is analyzed; if the analysis result is abnormal, determining the interface as an abnormal interface causing inaccurate analysis; if the analysis result is normal, the abnormal interfaces causing inaccurate analysis are traced back to the upstream of the link one by one according to the method until the abnormal interfaces are found. Therefore, the existing link tracking method needs safety analysis personnel to trace back abnormal interfaces which cause inaccurate analysis one by one to the link upstream, time and labor are consumed, and the efficiency is low.
Disclosure of Invention
In view of this, the present application provides a link tracking method and apparatus, and mainly aims to improve the efficiency of link tracking.
In order to achieve the above purpose, the present application mainly provides the following technical solutions:
in a first aspect, the present application provides a link tracing method, including:
acquiring log information corresponding to a target interface in an interface calling link, wherein the interface calling link is used for threat analysis, and the log information is used for recording calling data which is generated when the corresponding target interface is called and is related to the threat analysis;
and carrying out link tracking processing on an interface to be tracked in the target interface based on the call data recorded in the acquired log information.
In some embodiments, before performing link tracing processing on an interface to be traced in the target interface based on the call data recorded in the acquired log information, the method further includes: analyzing call data recorded in the acquired log information; and when the obtained log information is analyzed to have abnormal call data, determining a target interface corresponding to the log information for recording the abnormal call data as the interface to be tracked.
In some embodiments, the method further comprises: and when the obtained log information is analyzed to have abnormal call data, sending an abnormal prompt aiming at the interface to be traced based on the log information recording the abnormal call data.
In some embodiments, before performing link tracing processing on an interface to be traced in the target interface based on the call data recorded in the acquired log information, the method further includes: detecting whether a keyword is received; if so, searching whether target calling data corresponding to the keywords exist in the acquired log information; if the target call data is found, determining the target interface corresponding to the log information for recording the target call data as the interface to be tracked.
In some embodiments, before performing link tracing processing on an interface to be traced in the target interface based on the call data recorded in the acquired log information, the method further includes: detecting whether a link tracking instruction carrying an interface identifier is received; and if so, determining the interface corresponding to the interface identifier as the interface to be tracked.
In some embodiments, performing link tracing processing on an interface to be traced in the target interface based on the call data recorded in the acquired log information includes: determining a first interface based on the interface position in the interface calling link, wherein the first interface comprises at least one of the following interfaces: the target interface is positioned at the upstream of the interface to be tracked, and the target interface is positioned at the downstream of the interface to be tracked; and based on the calling relationship between the first interface and the interface to be tracked, displaying the calling data recorded in the log information of the first interface and the interface to be tracked in an associated manner.
In some embodiments, the method further comprises: judging whether the interface to be tracked is provided with a logic identifier, wherein the logic identifier indicates that a second interface exists in the interface calling link, the second interface and the interface to be tracked are downstream nodes of the same interface, and the second interface and the interface to be tracked are different logic branches corresponding to the same judging logic; if so, the calling data recorded in the log information of the interface to be tracked and the second interface is displayed in an associated mode while the calling data recorded in the log information of the first interface and the interface to be tracked is displayed in an associated mode.
In some embodiments, performing link tracing processing on an interface to be traced in the target interface based on call data recorded in the obtained log information includes: and displaying the call data recorded in the log information corresponding to the interface to be tracked.
In some embodiments, before obtaining log information corresponding to a target interface in an interface call link, the method further includes: acquiring buried point information corresponding to the target interface, wherein the buried point information is related to a service to which the target interface belongs and a threat analysis service type corresponding to the interface calling link; and setting a corresponding buried point at the target interface based on the buried point information, wherein the buried point is used for generating corresponding log information when the target interface is called.
In some embodiments, before obtaining the buried point information corresponding to the target interface, the method further includes: determining an interface with a plurality of downstream interfaces in the interface call link; and determining the determined interface and the downstream interface thereof as target interfaces.
In some embodiments, before obtaining the buried point information corresponding to the target interface, the method further includes: displaying an interface identifier corresponding to an interface included in the interface calling link through an interactive interface; and determining the interface corresponding to the selected interface identifier as a target interface.
In some embodiments, the buried point information includes threat analysis tags of multiple dimensions, and the log information generated by the buried point includes call data corresponding to the threat analysis tags of each dimension respectively.
In some embodiments, the method further comprises: determining a target link, wherein the target link and the interface calling link belong to interface calling links corresponding to different threat analysis service types in the same threat analysis scene; forming a knowledge base for the threat analysis scenario based on log information for their respective target interfaces of the target link and the interface call link.
In some embodiments, the method further comprises: sending detection information to the interfaces forming the interface calling link at a preset frequency; and if the normal state information aiming at the detection information and fed back by the interface is not received, determining that the interface which does not feed back the normal state information is abnormal.
In a second aspect, the present application provides a link tracing apparatus, including:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring log information corresponding to a target interface in an interface calling link, the interface calling link is used for threat analysis, and the log information is used for recording calling data which is generated when the corresponding target interface is called and is related to the threat analysis;
and the processing module is used for carrying out link tracking processing on the interface to be tracked in the target interface based on the call data recorded in the acquired log information.
In a third aspect, the present application provides a computer-readable storage medium, where the storage medium includes a stored program, and when the program runs, the apparatus on which the storage medium is located is controlled to execute the link tracing method according to the first aspect.
In a fourth aspect, the present application provides an electronic device comprising: a memory for storing a program; a processor, coupled to the memory, for executing the program to perform the link tracing method of the first aspect.
According to the link tracking method and device, when the interface calling link is used for threat analysis, the log information corresponding to the target interface is obtained, and the log information is used for recording calling data which are generated when the corresponding target interface is called and are related to the threat analysis. And then, based on the call data recorded in the acquired log information, performing link tracking processing on the interface to be tracked in the target interface. Therefore, when the target interface has the interface to be tracked, the calling data of the interface can be acquired for analysis without simulating the request interface again as in the prior art, and at this time, because the calling data related to the interface to be tracked already exists in the acquired log information, the link tracking processing can be directly performed on the interface to be tracked based on the calling data recorded in the acquired log information, so that the interface to be tracked can be quickly positioned and the calling condition of the interface to be tracked can be analyzed, and therefore, the efficiency of link tracking can be improved by directly using the log information to perform link tracking on the interface.
The above description is only an overview of the technical solutions of the present application, and the present application may be implemented in accordance with the content of the description so as to make the technical means of the present application more clearly understood, and the detailed description of the present application will be given below in order to make the above and other objects, features, and advantages of the present application more clearly understood.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart illustrating a link tracing method according to an embodiment of the present application;
FIG. 2 is a diagram illustrating a relationship between services involved in an interface call link according to an embodiment of the present application;
fig. 3 is a schematic structural diagram illustrating a link tracking apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram illustrating a link tracking apparatus according to another embodiment of the present application.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Currently, security analysts typically use interface call links for threat analysis to perform threat analysis on threads. The interface call link involves interfaces between various different services through which call-to-each-other threat analysis is implemented. During threat analysis, when security analysis personnel obtain inaccurate analysis data or abnormal data through a threat analysis link, link tracking needs to be carried out on the threat analysis link so as to accurately position which link the interface calls the link to cause a problem.
Conventional link tracing methods are generally: firstly, a safety analysis person is required to find an interface which needs to be analyzed currently through a positioning service code, then data returned by a request interface is simulated, and whether the returned data is abnormal or not is analyzed; if the analysis result is abnormal, determining the interface as an abnormal interface causing inaccurate analysis; if the analysis result is normal, abnormal interfaces which cause inaccurate analysis are traced back to the link upstream one by one according to the method until the abnormal interfaces are found. Therefore, the existing link tracking method needs safety analysis personnel to trace back abnormal interfaces causing inaccurate analysis one by one to the link upstream, time and labor are consumed, the abnormal interfaces in the link are difficult to be quickly positioned, and the link tracking efficiency is low.
In order to quickly locate an abnormal interface in an interface call link and improve link tracking efficiency, embodiments of the present application provide a link tracking method and apparatus. The link tracking method and device can obtain log information corresponding to a target interface in an interface calling link, and the log information is used for recording calling data which are generated when the corresponding target interface is called and are related to threat analysis. And when the interface to be tracked exists in the target interface, directly carrying out link tracking processing on the interface to be tracked based on the call data recorded in the acquired log information.
The link tracking method and device provided by the embodiment of the application are suitable for interface call links of various threat analysis service types in various threat analysis scenes. The following describes a method and an apparatus for tracking a link according to an embodiment of the present application.
As shown in fig. 1, an embodiment of the present application provides a link tracking method, which mainly includes the following steps:
101. and acquiring log information corresponding to a target interface in the interface calling link, wherein the interface calling link is used for threat analysis, and the log information is used for recording calling data which is generated when the corresponding target interface is called and is related to the threat analysis.
The interface call link is used for threat analysis and consists of interfaces relating to different services, which implement threat analysis through mutual calls of these interfaces. For example, the interface call link may perform threat analysis on any one IOC (Indicator of intrusion Indicator) Indicator.
The abnormity of any one interface in the interface calling link can cause the inaccuracy of threat analysis, so that the link tracking of the interface in the interface calling link is needed, when the interface is abnormal, the link tracking is carried out on the interface, the existing abnormity is analyzed and eliminated, and the accuracy and the efficiency of the threat analysis are ensured. It should be noted that the anomaly described herein includes at least one of the following: inaccurate analysis data, abnormal interface stability and abnormal service.
In order to quickly track the link of the interface in the threat analysis, before obtaining log information corresponding to a target interface in the interface calling link, the target interface in the interface calling link needs to be determined, and the target interface is an interface which needs to perform link tracking processing based on the log information. The following describes a method for determining a target interface, where the method for determining a target interface at least includes the following three methods:
first, all interfaces in the interface call link are determined to be target interfaces.
Considering that the threat analysis may be inaccurate due to the fact that any one of the interfaces in the interface calling link is abnormal, all the interfaces in the interface calling link are determined as target interfaces.
And secondly, determining an interface with a plurality of downstream interfaces in the interface calling link, and determining the determined interface and the downstream interface thereof as target interfaces.
The interface call link is generally composed of a plurality of interfaces, and it is considered that obtaining log information of all the interfaces of the interface call link occupies more CPU and memory. Therefore, in order to reduce the consumption of the cpu and the memory, only a part of the interfaces in the interface call link is determined as the target interface.
For an interface with multiple downstream interfaces in an interface call link, it is equivalent to that multiple asynchronous tasks exist downstream of the interface, and once an abnormal interface exists in the downstream interface, the difficulty in locating the abnormal interface is increased.
Thirdly, calling an interface identifier corresponding to the interface included in the link through the interactive interface display interface; and determining the interface corresponding to the selected interface identifier as a target interface.
In order to meet the tracking requirement of a security analysis personnel on an interface in an interface calling link, the determined authority of a target interface is handed to the security analysis personnel. In order to enable the safety analyst to more intuitively know the interface included in the interface calling link, the interface identifier corresponding to the interface included in the interface calling link is displayed through the interactive interface so as to be selected by the safety analyst. When the interface identifier is selected, it is indicated that the safety analyst has a link tracking requirement for the interface corresponding to the selected interface identifier, and therefore, the interface corresponding to the selected interface identifier is determined as a target interface.
After the target interface in the interface call link is determined, the following two settings may be performed on the target interface to obtain the log information corresponding to the target interface. Two setting methods of the target interface are respectively explained as follows:
first, a buried point is set for the target interface, and the buried point is used for generating corresponding log information when the target interface is called.
After the target interface is selected, the target interface needs to be subjected to embedding, so that log information is generated through the embedding when the target interface is called, and link tracking processing is carried out through the log information. The log information is used for recording calling data which are generated when the corresponding target interface is called and are related to threat analysis, the calling data describe the called condition of the target interface and are the basis for judging whether the target interface is abnormal or not, and meanwhile, the calling data are the basis for analyzing abnormal reasons by safety analysis personnel when the target interface is the abnormal interface.
The following describes a specific process for performing a site burying process on a target interface, where the process includes the following steps:
step one, acquiring buried point information corresponding to a target interface, wherein the buried point information is related to a threat analysis service type corresponding to a service and interface calling link to which the target interface belongs.
The interface call link is composed of interfaces relating to different services, the different service interfaces having different functions. In addition, the interfaces of different threat analysis service types call the links, and the included interfaces have different functions. Therefore, in order to collect log information on the target interface in a targeted manner, for each target interface, the embedded point information corresponding to the target interface needs to be related to the service to which the target interface belongs and the threat analysis service type corresponding to the interface call link. The service related to the interface of the interface call link and the corresponding threat analysis service type are not limited in this embodiment. For example, the service related to the interface of the interface call link includes at least one of the following: and the threat analysis business side interface service, the data fusion enrichment service and the data layer gateway service. The data fusion enrichment service is used for integrating multi-source data for data fusion processing, and provides a unified data processing and logic layer. The data layer network management service provides a data unified query service. The threat analysis service type corresponding to the interface calling link is any one of the following types: the system comprises a production link, a data summarizing link and a data normalizing link. For example, if the interface call link is a generation link and a certain user query parameter value = ciis-cn. And starting calling from an interface belonging to the interface service of the threat analysis service side, then calling an interface belonging to the data fusion enrichment service, and finally calling an interface belonging to the gateway service of the data layer.
Illustratively, as shown in fig. 2, fig. 2 illustrates the relationship between the services involved in the interface call link, and the interface in the interface call link involves the following three services: a threat analysis business side interface service 21, a data fusion enrichment service 22 and a data layer gateway service 23. The calling relationship among the interfaces involved in the three services is that the interface in the threat analysis business side interface service 21 calls the interface in the data fusion enrichment service 22, and the interface in the data fusion enrichment service 22 calls the interface in the data layer gateway service 23. And the interface calls the threat analysis service type corresponding to the link to be the production link. The embedded point information corresponding to the target interface belonging to the data fusion enrichment service 22 in the interface call link includes the following contents: api _ name: requesting the interface name and remote _ addr of the data layer gateway service: requested client IP, user: user name of request, uid: user ID, url of request: full URL of request, headers: header information of request, timeout: timeout time of request, data: body information of request, method: method of request, msg: error information of request, message: returned message information, visit _ time: start access interface time, cost _ time: access interface time consuming, status _ code: the interface returns a status code, ioc: the requested IOC content. The embedded point information corresponding to the target interface belonging to the data layer gateway service 23 in the interface call link includes the following contents: is _ whitelist: whether it is a white list, has _ result: whether the interface returns the result and the target: whether the attack is a directional attack or not, campaign: whether there is a family group, count: number of calculations, ioc _ category: type of IOC, malicious: and (5) final malicious values.
In order to enable the buried points correspondingly deployed when the target interface is called to generate log information including multi-dimensional calling data, the buried point information corresponding to the target interface includes threat analysis tags of multiple dimensions, so that when the buried points are set for the target interface based on the buried point information, the buried points include threat analysis tags of multiple dimensions, and the log information generated by the buried points correspondingly deployed when the target interface is called includes calling data corresponding to the threat analysis tags of each dimension. Therefore, when the link tracking is carried out on the target interface, the calling condition of the target interface can be analyzed through the multi-dimensional calling data. Illustratively, the content included in the embedded point information corresponding to the target interface belonging to the data fusion enrichment service 22 and the content included in the embedded point information corresponding to the target interface belonging to the data layer gateway service 23 are both threat analysis tags.
And step two, setting a corresponding buried point at the target interface based on the buried point information, wherein the buried point is used for generating corresponding log information when the target interface is called.
And when a corresponding buried point is set at the target interface based on the buried point information, setting the threat analysis tags of multiple dimensions included in the buried point information at the target interface so as to generate log information based on the threat analysis tags when the buried point is triggered. The buried point is triggered when the corresponding target interface is called. The log information includes call data corresponding to each threat analysis tag.
The target interface in the interface calling link is subjected to point burying, the target interface is substantially subjected to dyeing marking, and link tracking processing such as positioning and the like is carried out on the interface in the interface calling link based on log information obtained by the dyeing marking.
After the buried points are set for the target interfaces in the interface calling link, when the interface calling link is used for link analysis, after each target interface is called, the corresponding buried point can generate log information. In order to ensure the timeliness of link analysis, log information corresponding to a target interface is obtained after the log information is generated by a buried point corresponding to the target interface.
And secondly, deploying a monitoring module, wherein the monitoring module is used for acquiring calling data corresponding to a threat analysis label based on the threat analysis label set for the target interface when the monitoring target interface is called, and forming log information corresponding to the target interface.
The monitoring module is used, specific monitoring point positions do not need to be deployed in the interface calling link, and calling data corresponding to the threat analysis labels can be obtained based on the threat analysis labels set for the target interfaces as long as the monitoring module monitors that the called behaviors exist in the target interfaces, so that log information corresponding to the target interfaces is formed.
In order to enable the monitoring module to obtain log information including multi-dimensional call data when the target interface is called, the threat analysis tags set for the target interface are multi-dimensional threat analysis tags, and thus the log information generated by monitoring when the target interface is called includes call data corresponding to each of the multi-dimensional threat analysis tags.
After the log information of the target interface is acquired by the method, the same interface calls the log information corresponding to the target interface in the link, and the log information is collected uniformly. It should be noted that, in order to distinguish the corresponding relationship between the target interface and the log information, the log information has an interface identifier corresponding to the target interface corresponding to the log information.
102. And performing link tracking processing on the interface to be tracked in the target interface based on the call data recorded in the acquired log information.
The link tracing processing is performed on the interface to be traced in the target interface, and therefore, the interface to be traced needs to be determined before the link tracing processing is performed on the interface to be traced in the target interface based on the call data recorded in the acquired log information. The following describes a method for determining an interface to be traced, where the method for determining an interface to be traced includes the following steps:
analyzing call data recorded in the acquired log information; and when the obtained log information is analyzed to have abnormal call data, determining a target interface corresponding to the log information for recording the abnormal call data as an interface to be tracked.
In order to realize automatic link tracking of the abnormal interface, after the log information is acquired, the call data recorded in the acquired log information is analyzed to determine whether the acquired log information has abnormal call data. When the obtained log information is analyzed to have abnormal call data, it is indicated that a target interface corresponding to the log information recording the abnormal call data has an abnormality in the call process, and the target interface is determined as an interface to be tracked for the convenience of analyzing the target interface. When the obtained log information is analyzed to be free from abnormal calling data, the current called target interface in the interface calling link is free from abnormality, and therefore the interface to be tracked does not need to be determined.
The specific process of analyzing the call data recorded in the acquired log information may be: for each call data: determining a threat analysis label corresponding to the calling data; judging whether the calling data meet the data requirement corresponding to the threat analysis label; if so, determining that the calling data are normal calling data; and if not, determining that the calling data are abnormal calling data. It should be noted that, in this embodiment, specific contents of the data requirement are not limited, and for example, the data requirement may be a requirement of a numerical range, and may also be a requirement of a data format.
Further, the link tracking method further comprises the following steps: and when the obtained log information is analyzed to have abnormal call data, sending an abnormal prompt aiming at the interface to be traced based on the log information for recording the abnormal call data.
When the interface is abnormal, in order to enable a safety analysis worker to know the abnormal condition in time, when the abnormal call data exist in the obtained log information is analyzed, an abnormal prompt aiming at the interface to be tracked is sent out based on the log information for recording the abnormal call data. The specific prompting mode of the exception prompting is not limited in this embodiment. The abnormal prompt mode comprises the following two modes: firstly, displaying call data of log information records corresponding to an interface to be tracked in an abnormal display area of an interactive interface so as to be analyzed and used by a safety analyst; and secondly, sending an abnormal prompt to the security analyst in the form of a mail or a message, wherein the abnormal prompt carries call data of the log information record corresponding to the interface to be tracked so as to be analyzed and used by the security analyst.
Detecting whether a keyword is received or not; if so, searching whether the acquired log information has target calling data corresponding to the keywords; and if the target calling data are found, determining the target interface corresponding to the log information of the recorded target calling data as the interface to be tracked.
In order to realize the interface which needs to be queried and can be quickly positioned to the safety analysis personnel through the customized query condition, the safety analysis personnel can determine the interface to be tracked through keywords.
When a security analyst needs to track the link of an interface calling link according to a certain keyword, the keyword is input. The keyword may be at least one of: the fields involved by the threat analysis tag and the fields involved by the call data.
When the received keyword is detected, it indicates that the security analyst needs to perform link tracing processing on the interface related to the keyword, so as to search whether target call data corresponding to the keyword exists in the acquired log information. It should be noted that the target call data includes the following two types: one, the target call data includes a keyword; and the other one is that the threat analysis tag corresponding to the target call data comprises keywords. When the target call data is found, it is indicated that link tracking processing needs to be performed on the target interface corresponding to the log information of the recorded target call data, so that the target interface corresponding to the log information of the recorded target call data is determined as the interface to be tracked. When the target calling data is not found, the interface calling link is indicated to be free of an interface meeting the analysis requirement of a safety analyst, and therefore a prompt that the target calling data is not found is sent.
Detecting whether a link tracking instruction carrying an interface identifier is received; and if so, determining the interface corresponding to the interface identifier as the interface to be tracked.
In order to enable a security analyst to flexibly select an interface requiring link tracking based on the self-demand, the security analyst may determine the interface to be tracked by issuing a link tracking instruction carrying an interface identifier.
When a link tracking instruction carrying an interface identifier is detected, it indicates that a security analyst has a need to perform link tracking processing on an interface corresponding to the interface identifier, and therefore, the interface corresponding to the interface identifier is determined as the interface to be tracked. When the link tracking instruction carrying the interface identifier is not detected, it indicates that the security analyst does not have the need to determine the interface to be tracked through the link tracking instruction.
It should be noted that the three methods for determining the interface to be tracked may be used in combination or separately, and this embodiment is not limited in particular.
After the interface to be tracked is determined, link tracking processing needs to be performed on the interface to be tracked in the target interface based on the call data recorded in the acquired log information. The method for performing link tracing processing on the interface to be traced comprises the following steps:
the first specific process of performing link tracking processing on an interface to be tracked in a target interface based on call data recorded in acquired log information includes: determining a first interface based on the interface position in the interface calling link, wherein the first interface comprises at least one of the following interfaces: the target interface is positioned at the upstream of the interface to be tracked, and the target interface is positioned at the downstream of the interface to be tracked; and associating and displaying the calling data recorded in the log information of the first interface and the interface to be tracked based on the calling relationship of the first interface and the interface to be tracked.
For any interface in the interface calling link, the calling condition of the interface is influenced by the calling of the adjacent upstream interface, and the calling condition of the interface influences the calling of the adjacent downstream interface, so that in order to be able to correlate and analyze the interfaces in the interface calling link, facilitate context analysis and improve the accuracy of analysis, after the interface to be tracked is determined, the first interface related to the interface to be tracked needs to be determined based on the position of each interface in the interface calling link. The first interface is an interface adjacent to the interface to be traced and located upstream of the interface to be traced. Or, the first interface is adjacent to the interface to be traced and is located at the downstream of the interface to be traced.
After the first interface is determined, based on the calling relationship between the first interface and the interface to be tracked, the calling data recorded in the log information of the first interface and the interface to be tracked is displayed in an associated manner on the interactive interface, so that a security analyst can visually check the calling data of the interface to be tracked and the calling data of the first interface having the calling relationship with the interface to be tracked, and the service logic calling relationship between the interface to be tracked and the first interface is restored, so that the security analyst can perform context analysis on the displayed calling data, and the security analyst can conveniently and accurately find the problem of the interface calling link in threat analysis.
It should be noted that, even if the first interface has a condition of not being called, the service logic calling relationship between the interface to be traced and the first interface can be restored by the present application, and only the calling data recorded by the log information of the interface to be traced is shown during the display, and the first interface which is not called shows that the call is not executed.
Further, for more completely describing the analysis flow of the threat analysis, the link tracking method further includes the steps of: judging whether the interface to be tracked is provided with a logic identifier, wherein the logic identifier indicates that a second interface exists in an interface calling link, the second interface and the interface to be tracked are downstream nodes of the same interface, and the second interface and the interface to be tracked are different logic branches corresponding to the same judging logic; if so, the calling data recorded in the log information of the interface to be tracked and the second interface is displayed in an associated mode while the calling data recorded in the log information of the first interface and the interface to be tracked is displayed in an associated mode.
Complex service judgment logic exists in the interface calling link, namely, one interface has a plurality of downstream interfaces which are different logic branches corresponding to the same judgment logic. Illustratively, there are two downstream interfaces for one interface, where one downstream interface is the yes logical branch and the other downstream interface is the no logical branch.
Therefore, in order to restore the call logic more completely, it is further necessary to determine whether the interface to be traced is provided with a logic identifier, so as to determine whether the interface to be traced is a logic branch of the determination logic. The logical identifier is used to indicate that the corresponding interface is a logical branch.
After the interface to be tracked is judged to be provided with the logic identifier, the interface to be tracked is a logic branch of a judging logic, a second interface exists in the interface calling link, and the second interface and the interface to be tracked are downstream nodes of the same interface. After the second interface is determined, in order to facilitate complete restoration of the calling condition of the interface to be tracked, the calling data recorded in the log information of the interface to be tracked and the second interface are displayed in an associated manner while the calling data recorded in the log information of the first interface and the log information of the interface to be tracked are displayed in an associated manner.
It should be noted that, even if the second interface has a condition of not being called, the service logic calling relationship between the interface to be traced and the second interface can be restored by the present application, and only the calling data recorded by the log information of the interface to be traced is shown during the display, and the second interface which is not called is shown without executing the call.
Secondly, the specific process of performing link tracking processing on the interface to be tracked in the target interface based on the call data recorded in the acquired log information includes: and displaying the call data recorded in the log information corresponding to the interface to be tracked.
In order to quickly locate the interface to be tracked and enable the security analyst to clearly know the calling condition of the interface to be tracked, the calling data recorded in the log information corresponding to the interface to be tracked is displayed in the display window.
According to the method for carrying out link tracking processing on the interface to be tracked, the health state of the interface is visualized by calling the data calling mode of the interface in the link in threat analysis through the display interface, so that safety analysis personnel can conveniently carry out link tracking processing on the interface, analysis and troubleshooting positioning on the calling data are facilitated, and an abnormal interface is found.
According to the link tracking method provided by the embodiment of the application, when the interface calling link is used for threat analysis, the log information corresponding to the target interface is obtained, and the log information is used for recording calling data which is generated when the corresponding target interface is called and is related to the threat analysis. And then, based on the call data recorded in the acquired log information, performing link tracking processing on the interface to be tracked in the target interface. Therefore, in the scheme provided by the embodiment of the present application, the log information is used to record the call data related to threat analysis generated when the target interface is called, and therefore, when the interface to be tracked exists in the target interface, the call data of the interface can be acquired for analysis without re-simulating the request interface as in the prior art, and at this time, since the call data related to the interface to be tracked already exists in the acquired log information, the link tracking processing can be directly performed on the interface to be tracked based on the call data recorded in the acquired log information, so that the interface to be tracked can be quickly located and the call condition of the interface to be tracked can be analyzed, and therefore, the technical scheme of directly using the log information to perform link tracking on the interface in the embodiment of the present application can improve the efficiency of link tracking.
In some embodiments of the present application, the link tracing method further includes the steps of: determining a target link, wherein the target link and the interface calling link belong to interface calling links corresponding to different threat analysis service types in the same threat analysis scene; and forming a knowledge base aiming at the threat analysis scene based on the log information of the target link and the respective target interfaces of the interface calling links.
Interface calling links of different threat analysis service types exist in one threat analysis scene, and certain logic exists in the interface calling links in the same threat analysis scene, so that log information corresponding to target interfaces of the interface calling links in the same threat analysis scene can be summarized in order to better analyze the interface calling links in the same threat analysis scene.
In practical application, each interface calling link has not only its corresponding link identifier, but also its corresponding identifier of the threat analysis scenario. For example, the interface call link has its own link identifier "data normalization link" and also has its corresponding threat analysis scenario identifier "AA service data processing scenario". Therefore, when the target link is determined, the target link can be determined based on the threat analysis scene identification corresponding to the link.
And forming a knowledge base aiming at the threat analysis scene based on the log information of the target link and the target interface of the interface calling link. The knowledge base takes the interface calling link as a unit, and related displays the calling data recorded by the log information of each interface based on the calling relation of each interface in the interface calling link. In addition, the knowledge base sorts the interface calling links based on the execution sequence or the importance degree of the interface calling links in the scene.
Because the knowledge base comprises log information corresponding to the interfaces of all the interface calling links in the same threat analysis scene, context association can be carried out on the interface calling conditions in all the interface calling links, faults occurring in the interfaces can be clearly and visually analyzed through predefining different scenes in the threat analysis scene and combing production joint debugging definitions, problems can be conveniently and quickly located and solved, and therefore the efficiency of link tracking can be improved, and the stability of threat analysis production operation can also be improved.
In some embodiments of the present application, the link tracing method further includes the steps of: sending detection information to an interface forming an interface calling link at a preset frequency; and if the normal state information which is fed back by the interface and aims at the detection information is not received, determining that the interface which does not feed back the normal state information is abnormal.
In order to timely find the abnormality of the interface in the interface calling link, the keep-alive monitoring needs to be performed on the interface of the interface calling link. The specific execution logic of the keep-alive monitoring is as follows: for one interface in the interface calling link, sending detection information to the interface calling link at a preset frequency; if normal state information which is fed back by the interface and aims at the detection information is received, determining that the interface can be normally called; if the normal state information which is fed back by the interface and aims at the detection information is not received, the risk that the interface is abnormal and cannot be called is determined, so that an abnormal prompt can be sent to the interface at the moment, and a safety analyst can carry out abnormal elimination on the interface based on the abnormal prompt.
The preset frequency and the normal state information may be set based on a service requirement, which is not specifically limited in this embodiment. For example, for an interface in an interface call link, probe information is sent to the interface every 5 minutes; if the status code 200 fed back by the interface is not received, it indicates that the normal status information for the detection information fed back by the interface is not received; if the status code 200 fed back by the interface is received, it indicates that the normal status information for the probe information fed back by the interface is received.
In some embodiments of the present application, the link tracking method provided in this embodiment may be applied to a system including: the system comprises a client module, an agent module, a collection module, a storage module and an inquiry module. The client module can add the buried point information to the target interface of the interface call link through the API. The agent module is used for monitoring the log information generated by the buried point and sending the monitored log information to the collection module in batches. The agent module decouples the client module and the collection module, shielding the client module from the details of the routing and discovery collection module. The collection module receives the log information sent by the agent module and transmits the log information to the storage module. Wherein the collection modules can be designed as stateless components, so that any number of collection modules can be run simultaneously. The storage module is used for storing and processing the log information transmitted by the collection module. The storage module may be designed as a pluggable component that supports writing log information to databases such as cassandra, elastic search, etc. And the query module is used for extracting the log information related to the module to be tracked and displaying the log information through a target interface. The query modules may be designed as stateless components so that any number of query modules may be run simultaneously. In addition, a query module may be deployed behind a load balancer such as nginx to query log information usage.
Further, according to the above method embodiment, another embodiment of the present application further provides a link tracking apparatus, as shown in fig. 3, the apparatus includes:
an obtaining module 31, configured to obtain log information corresponding to a target interface in an interface call link, where the interface call link is used for threat analysis, and the log information is used to record call data related to threat analysis and generated when the corresponding target interface is called;
and the processing module 32 is configured to perform link tracing processing on an interface to be traced in the target interface based on the call data recorded in the acquired log information.
The link tracking device provided by the embodiment of the application acquires the log information corresponding to the target interface when the interface calling link is used for threat analysis, wherein the log information is used for recording calling data which is generated when the corresponding target interface is called and is related to the threat analysis. And then carrying out link tracking processing on the interface to be tracked in the target interface based on the call data recorded in the acquired log information. Therefore, in the scheme provided by the embodiment of the present application, the log information is used to record the call data related to threat analysis generated when the target interface is called, and therefore, when the interface to be tracked exists in the target interface, the call data of the interface can be acquired for analysis without re-simulating the request interface as in the prior art, and at this time, since the call data related to the interface to be tracked already exists in the acquired log information, the link tracking processing can be directly performed on the interface to be tracked based on the call data recorded in the acquired log information, so that the interface to be tracked can be quickly located and the call condition of the interface to be tracked can be analyzed, and therefore, the technical scheme of directly using the log information to perform link tracking on the interface in the embodiment of the present application can improve the efficiency of link tracking.
Optionally, as shown in fig. 4, the link tracking apparatus further includes:
a first determining module 33, configured to analyze the call data recorded in the acquired log information before the processing module 32 performs link tracing processing on the interface to be traced in the target interface based on the call data recorded in the acquired log information; and when the obtained log information is analyzed to have abnormal call data, determining a target interface corresponding to the log information for recording the abnormal call data as the interface to be tracked.
Optionally, as shown in fig. 4, the link tracking apparatus further includes:
and the prompting module 34 is configured to, when it is analyzed that the obtained log information includes abnormal call data, send an abnormal prompt for the interface to be traced based on the log information in which the abnormal call data is recorded.
Optionally, as shown in fig. 4, the link tracking apparatus further includes:
a second determining module 35, configured to detect whether a keyword is received before the processing module 32 performs link tracing processing on an interface to be traced in the target interface based on the call data recorded in the acquired log information; if so, searching whether target calling data corresponding to the keywords exist in the acquired log information; and if the target calling data is found, determining the target interface corresponding to the log information for recording the target calling data as the interface to be tracked.
Optionally, as shown in fig. 4, the link tracking apparatus further includes:
a third determining module 36, configured to detect whether a link tracing instruction with an interface identifier is received before the processing module 32 performs link tracing on the interface to be traced in the target interface based on the call data recorded in the obtained log information and before performing link tracing on the interface to be traced in the target interface based on the call data recorded in the obtained log information; and if so, determining the interface corresponding to the interface identifier as the interface to be tracked.
Optionally, as shown in fig. 4, the processing module 32 includes:
a first processing unit 321, configured to determine a first interface based on an interface location in the interface call link, where the first interface includes at least one of the following interfaces: the target interface is positioned at the upstream of the interface to be tracked, and the target interface is positioned at the downstream of the interface to be tracked; and based on the calling relationship between the first interface and the interface to be tracked, displaying the calling data recorded in the log information of the first interface and the interface to be tracked in an associated manner.
Optionally, as shown in fig. 4, the processing module 32 further includes:
a second processing unit 322, configured to determine whether the interface to be traced is provided with a logic identifier, where the logic identifier indicates that a second interface exists in the interface calling link, the second interface and the interface to be traced are both downstream nodes of the same interface, and the second interface and the interface to be traced are different logic branches corresponding to the same determination logic; if so, the calling data recorded in the log information of the interface to be tracked and the second interface is displayed in an associated mode while the calling data recorded in the log information of the first interface and the interface to be tracked is displayed in an associated mode.
Optionally, as shown in fig. 4, the processing module 32 includes:
and the display unit 323 is configured to display the call data recorded in the log information corresponding to the interface to be traced.
Optionally, as shown in fig. 4, the link tracking apparatus further includes:
a setting module 37, configured to obtain buried point information corresponding to a target interface before the obtaining module 31 obtains log information corresponding to the target interface in an interface call link, where the buried point information is related to a service to which the target interface belongs and a threat analysis service type corresponding to the interface call link; and setting a corresponding buried point at the target interface based on the buried point information, wherein the buried point is used for generating corresponding log information when the target interface is called.
Optionally, as shown in fig. 4, the link tracking apparatus further includes:
a fourth determining module 38, configured to determine, before the setting module 37 obtains the buried point information corresponding to the target interface, an interface in the interface call link that has a plurality of downstream interfaces; and determining the determined interface and the downstream interface thereof as the target interface.
Optionally, as shown in fig. 4, the link tracking apparatus further includes:
a fifth determining module 39, configured to display, through an interactive interface, an interface identifier corresponding to an interface included in the interface call link before the setting module 37 obtains the burial point information corresponding to the target interface; and determining the interface corresponding to the selected interface identifier as a target interface.
Optionally, the embedded point includes threat analysis tags of multiple dimensions, and log information generated by the embedded point information includes call data corresponding to the threat analysis tags of each dimension.
Optionally, as shown in fig. 4, the link tracking apparatus further includes:
the generating module 40 is configured to determine a target link, where the target link and the interface call link belong to interface call links corresponding to different threat analysis service types in the same threat analysis scenario; forming a knowledge base for the threat analysis scenario based on log information for their respective target interfaces of the target link and the interface call link.
Optionally, as shown in fig. 4, the link tracking apparatus further includes:
a sixth determining module 41, configured to send probe information to the interfaces forming the interface call link at a preset frequency; and if the normal state information aiming at the detection information and fed back by the interface is not received, determining that the interface which does not feed back the normal state information is abnormal.
In the link tracking device provided in the embodiment of the present application, the method used in the operation process of each functional module may be described in detail in a method corresponding to the link tracking method embodiment, and is not described herein again.
Further, according to the above embodiment, another embodiment of the present application further provides a computer-readable storage medium, where the storage medium includes a stored program, and when the program runs, the apparatus where the storage medium is located is controlled to execute the above link tracing method.
The beneficial effects of the computer-readable storage medium provided by the embodiment of the present application are substantially the same as those of the above-mentioned link tracking method, and are not described herein again.
Further, according to the above embodiment, another embodiment of the present application also provides an electronic device, including: a memory for storing a program; a processor, coupled to the memory, for executing the program to perform the above-mentioned link tracing method.
The beneficial effects of the electronic device provided by the embodiment of the present application are substantially the same as those of the above-mentioned link tracking method, and are not described herein again.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It will be appreciated that the relevant features of the method and apparatus described above may be referred to one another. In addition, "first", "second", and the like in the above embodiments are for distinguishing the embodiments, and do not represent merits of the embodiments.
It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system is apparent from the description above. In addition, this application is not directed to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the present application as described herein, and any descriptions of specific languages are provided above to disclose the best modes of the present application.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the application may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the application and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the present application may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components of the link tracking methods and apparatus according to embodiments of the present application. The present application may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present application may be stored on a computer readable medium or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the application, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The application may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means can be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.

Claims (17)

1. A method of link tracing, the method comprising:
acquiring log information corresponding to a target interface in an interface calling link, wherein the interface calling link is used for threat analysis, and the log information is used for recording calling data which is generated when the corresponding target interface is called and is related to the threat analysis;
and carrying out link tracking processing on an interface to be tracked in the target interface based on the call data recorded in the acquired log information.
2. The method according to claim 1, wherein before performing link tracing processing on an interface to be traced in the target interface based on the call data recorded in the acquired log information, the method further comprises:
analyzing call data recorded in the acquired log information;
and when the obtained log information is analyzed to have abnormal call data, determining a target interface corresponding to the log information for recording the abnormal call data as the interface to be tracked.
3. The method of claim 2, further comprising:
and when the obtained log information is analyzed to have abnormal calling data, sending an abnormal prompt aiming at the interface to be tracked based on the log information for recording the abnormal calling data.
4. The method according to claim 1, before performing link tracing processing on an interface to be traced in the target interface based on call data recorded in the acquired log information, the method further comprising:
detecting whether a keyword is received;
if so, searching whether target calling data corresponding to the keywords exist in the acquired log information;
and if the target calling data is found, determining the target interface corresponding to the log information for recording the target calling data as the interface to be tracked.
5. The method according to claim 1, wherein before performing link tracing processing on an interface to be traced in the target interface based on the call data recorded in the acquired log information, the method further comprises:
detecting whether a link tracking instruction carrying an interface identifier is received;
and if so, determining the interface corresponding to the interface identifier as the interface to be tracked.
6. The method according to claim 1, wherein performing link tracing processing on an interface to be traced in the target interface based on the call data recorded in the acquired log information includes:
determining a first interface based on the interface position in the interface calling link, wherein the first interface comprises at least one of the following interfaces: the target interface is positioned at the upstream of the interface to be tracked, and the target interface is positioned at the downstream of the interface to be tracked;
and associating and displaying the calling data recorded in the log information of the first interface and the interface to be tracked based on the calling relationship of the first interface and the interface to be tracked.
7. The method of claim 6, further comprising:
judging whether the interface to be tracked is provided with a logic identifier, wherein the logic identifier indicates that a second interface exists in the interface calling link, the second interface and the interface to be tracked are downstream nodes of the same interface, and the second interface and the interface to be tracked are different logic branches corresponding to the same judging logic;
if so, the calling data recorded in the log information of the interface to be tracked and the second interface is displayed in an associated mode while the calling data recorded in the log information of the first interface and the interface to be tracked is displayed in an associated mode.
8. The method according to claim 1, wherein performing link tracing processing on an interface to be traced in the target interface based on call data recorded in the acquired log information includes:
and displaying the call data recorded in the log information corresponding to the interface to be tracked.
9. The method according to any one of claims 1-8, wherein before obtaining log information corresponding to a target interface in an interface call link, the method further comprises:
acquiring buried point information corresponding to the target interface, wherein the buried point information is related to a service to which the target interface belongs and a threat analysis service type corresponding to the interface calling link;
and setting a corresponding buried point at the target interface based on the buried point information, wherein the buried point is used for generating corresponding log information when the target interface is called.
10. The method of claim 9, wherein before obtaining the corresponding buried point information of the target interface, the method further comprises:
determining an interface with a plurality of downstream interfaces in the interface call link;
and determining the determined interface and the downstream interface thereof as target interfaces.
11. The method of claim 9, wherein before obtaining the corresponding buried point information of the target interface, the method further comprises:
displaying an interface identifier corresponding to an interface included in the interface calling link through an interactive interface;
and determining the interface corresponding to the selected interface identifier as a target interface.
12. The method according to claim 9, wherein the buried point information includes threat analysis tags of multiple dimensions, and the log information generated by the buried point includes call data corresponding to the threat analysis tags of each dimension.
13. The method according to any one of claims 1-8, further comprising:
determining a target link, wherein the target link and the interface calling link belong to interface calling links corresponding to different threat analysis service types in the same threat analysis scene;
forming a knowledge base for the threat analysis scenario based on log information for their respective target interfaces of the target link and the interface call link.
14. The method according to any one of claims 1-8, further comprising:
sending detection information to the interfaces forming the interface calling link at a preset frequency;
and if the normal state information aiming at the detection information and fed back by the interface is not received, determining that the interface which does not feed back the normal state information is abnormal.
15. A link tracing apparatus, characterized in that the apparatus comprises:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring log information corresponding to a target interface in an interface calling link, the interface calling link is used for threat analysis, and the log information is used for recording calling data which is generated when the corresponding target interface is called and is related to the threat analysis;
and the processing module is used for carrying out link tracking processing on the interface to be tracked in the target interface based on the call data recorded in the acquired log information.
16. A computer-readable storage medium, comprising a stored program, wherein the program when executed controls an apparatus in which the storage medium is located to perform the link tracing method of any one of claims 1 to 14.
17. An electronic device, characterized in that the electronic device comprises:
a memory for storing a program;
a processor, coupled to the memory, for executing the program to perform the link tracing method of any one of claims 1 to 14.
CN202211399803.XA 2022-11-09 2022-11-09 Link tracking method and device Pending CN115801372A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211399803.XA CN115801372A (en) 2022-11-09 2022-11-09 Link tracking method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211399803.XA CN115801372A (en) 2022-11-09 2022-11-09 Link tracking method and device

Publications (1)

Publication Number Publication Date
CN115801372A true CN115801372A (en) 2023-03-14

Family

ID=85436420

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211399803.XA Pending CN115801372A (en) 2022-11-09 2022-11-09 Link tracking method and device

Country Status (1)

Country Link
CN (1) CN115801372A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116346473A (en) * 2023-03-29 2023-06-27 贝壳找房(北京)科技有限公司 Calling link identification method, equipment, storage medium and computer program product
CN116915463A (en) * 2023-07-17 2023-10-20 北京优特捷信息技术有限公司 Call chain data security analysis method, device, equipment and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116346473A (en) * 2023-03-29 2023-06-27 贝壳找房(北京)科技有限公司 Calling link identification method, equipment, storage medium and computer program product
CN116346473B (en) * 2023-03-29 2024-03-26 贝壳找房(北京)科技有限公司 Calling link identification method, equipment, storage medium and computer program product
CN116915463A (en) * 2023-07-17 2023-10-20 北京优特捷信息技术有限公司 Call chain data security analysis method, device, equipment and storage medium
CN116915463B (en) * 2023-07-17 2024-03-08 北京优特捷信息技术有限公司 Call chain data security analysis method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN107562620B (en) Automatic buried point setting method and device
CN115801372A (en) Link tracking method and device
CN110245035A (en) A kind of link trace method and device
US8448142B2 (en) Incremental runtime compliance validation of renderable objects
US20060015612A1 (en) Trace processing program, method and apparatus
US20110161486A1 (en) Detecting and monitoring server side states during web application scanning
CN112631913B (en) Method, device, equipment and storage medium for monitoring operation faults of application program
CN105391729A (en) Web loophole automatic mining method based on fuzzy test
CN111680068A (en) Verification method, device, equipment and storage medium
CN114139210B (en) Big data security threat processing method and system based on intelligent service
Jia et al. SMARTLOG: Place error log statement by deep understanding of log intention
CN105809942A (en) Data processing method and device for electricity information collection system
US11169896B2 (en) Information processing system
US20180143897A1 (en) Determining idle testing periods
CN112711496A (en) Log information full link tracking method and device, computer equipment and storage medium
CN106980572B (en) Online debugging method and system for distributed system
CN111913824A (en) Method for determining data link fault reason and related equipment
CN112181786B (en) Configuration method, device and equipment for inspection application
CN111538616A (en) Method, device and system for positioning abnormity and computer readable storage medium
CN114167181B (en) Method and system for monitoring local and allopatric line fault tracing
CN113190458A (en) Method and device for automatically analyzing buried point data, computer equipment and storage medium
CN111274143A (en) Buried point testing method, device, equipment and storage medium
CN116737514B (en) Automatic operation and maintenance method based on log and probe analysis
CN106991038A (en) Service monitoring method and device based on java collectors
Ramakrishna et al. A platform for end-to-end mobile application infrastructure analytics using system log correlation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination