CN115883628A - Method, device, equipment and storage medium for establishing asset mutual access relation - Google Patents
Method, device, equipment and storage medium for establishing asset mutual access relation Download PDFInfo
- Publication number
- CN115883628A CN115883628A CN202211519579.3A CN202211519579A CN115883628A CN 115883628 A CN115883628 A CN 115883628A CN 202211519579 A CN202211519579 A CN 202211519579A CN 115883628 A CN115883628 A CN 115883628A
- Authority
- CN
- China
- Prior art keywords
- access
- relationship
- assets
- relation
- initial flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000012797 qualification Methods 0.000 claims description 20
- 230000002159 abnormal effect Effects 0.000 claims description 4
- 238000012360 testing method Methods 0.000 description 9
- 238000011161 development Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 239000003795 chemical substances by application Substances 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005553 drilling Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method, a device, equipment and a storage medium for establishing an asset mutual access relationship, wherein the method comprises the following steps: acquiring access flow among all assets in a network environment; marking the assets by adopting preset tags, classifying the assets according to the classification relation of the tags and establishing an initial flow direction relation of access flow among different tags; and determining a target flow direction relation among the assets according to the matching degree between the initial flow direction relation and a preset access strategy, and establishing an asset access relation topological graph according to the target flow direction relation. The invention realizes the purpose of visually displaying the interrelation among the assets.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to a method and a device for establishing an asset mutual access relationship, electronic equipment and a storage medium.
Background
The development of the information era greatly improves the working efficiency and the life convenience of people, the communication on the information network is more and more frequent, and the more and more complex network environment and the more and more higher authority management cost follow the communication. The network administrator needs to know in real time which assets on its own network environment have access relationships to each other, whether these accesses are authorized to be allowed, and how quickly and efficiently the relationship should be handled for those that are not allowed.
At present, an IT information asset management system on the market is relatively independent and poor in openness, information data submitted by each party are stored in a database of the system, and therefore an information island can be formed, and information blocking and data cutoff are caused; the flow mechanisms of the systems are not perfect and uneven, a unified standard cannot be formed, the management of intelligent flows is lacked, the automation level is low, and the timeliness and the normalization of related work are restrained to a certain extent. In addition, most business systems are weak on two major functional modules of information publishing and statistical analysis, and further development of IT asset management work is severely restricted.
Disclosure of Invention
The invention aims to overcome the technical defects, provides a method and a device for establishing an asset mutual access relationship, electronic equipment and a storage medium, and solves the technical problem that the access relationship among different assets cannot be visually displayed in the prior art.
In order to solve the technical problems, the invention adopts the following technical scheme:
in a first aspect, the present invention provides a method for establishing an asset mutual access relationship, including:
acquiring access flow among all assets in a network environment;
marking the assets by adopting preset tags, classifying the assets according to the classification relation of the tags and establishing an initial flow direction relation of access flow among different tags;
and determining a target flow direction relation among the assets according to the matching degree between the initial flow direction relation and a preset access strategy, and establishing an asset access relation topological graph according to the target flow direction relation.
In some embodiments, the preset tags include a primary tag and a secondary tag, the category of the primary tag includes at least location, environment, application, and role, and the secondary tag belongs to the primary tag.
In some embodiments, classifying the asset according to the classification relationship of the tags and establishing an initial flow direction relationship of access traffic between different tags includes:
marking the assets by adopting each category corresponding to the primary label, and at least obtaining position information, environment information, application information and role information corresponding to each asset;
classifying the assets according to position information, environment information, application information and role information respectively to obtain a plurality of position type assets, environment type assets, application information type assets and role information type assets respectively;
determining a first initial flow relationship according to mutual access flow among a plurality of position type assets;
determining a second initial flow relationship according to the mutual access flow among the plurality of environment type assets;
determining a third initial flow relationship according to the mutual access flow among the plurality of application information type assets;
and determining a fourth initial flow relationship according to the mutual access flow among the plurality of role information type assets.
In some embodiments, the access policy includes rule direction, access eligibility, policy priority, local tag, remote tag, protocol, port, and remote mode.
In some embodiments, the determining the target flow direction relationship between the assets according to the matching degree between the initial flow direction relationship and a preset access policy includes:
comparing the first initial flow relationship, the second initial flow relationship, the third initial flow relationship and the fourth initial flow relationship with the access policy, and judging whether the traffic corresponding to the first initial flow relationship, the second initial flow relationship, the third initial flow relationship and the fourth initial flow relationship has the access qualification;
if the access qualification is met, marking the initial flow direction relation as a target flow direction relation;
and if the access qualification is not met, carrying out policy management on the initial flow direction relation.
In some embodiments, the policy managing the initial flow direction relationship includes:
judging whether the initial flow direction relationship is a normal access relationship;
if the access relation is normal, adding the access strategy to the flow corresponding to the initial flow relation;
and if the access policy is abnormal, deleting the access policy corresponding to the initial flow direction relationship.
In some embodiments, the access policy further comprises a statistical rule for determining a ratio of the normal access relation without access qualification to the initial flow relation of the access qualification of the macro-turtle.
In a second aspect, the present invention further provides an asset mutual access relationship establishing apparatus, including:
the acquisition module is used for acquiring access flow among all assets in a network environment;
the initial flow direction relation determining module is used for marking the assets by adopting preset tags, classifying the assets according to the classification relation of the tags and establishing an initial flow direction relation of access flow among different tags;
and the target flow direction relation determining module is used for determining the target flow direction relation among the assets according to the matching degree between the initial flow direction relation and a preset access strategy, and establishing an asset access relation topological graph according to the target flow direction relation.
In a third aspect, the present invention further provides an electronic device, including: a processor and a memory;
the memory has stored thereon a computer readable program executable by the processor;
the processor, when executing the computer readable program, implements the steps in the asset interrelationship establishment method as described above.
In a fourth aspect, the present invention also provides a computer-readable storage medium storing one or more programs, which are executable by one or more processors to implement the steps in the asset mutual access relationship establishment method as described above.
Compared with the prior art, the method, the device, the electronic equipment and the storage medium for establishing the asset mutual access relationship firstly acquire the access flow among all assets in the network environment; then, marking the assets by adopting preset tags, classifying the assets according to the classification relation of the tags and establishing an initial flow direction relation of access flow among different tags; finally, according to the matching degree between the initial flow direction relation and a preset access strategy, determining a target flow direction relation between the assets, and establishing an asset access relation topological graph according to the target flow direction relation; according to the invention, the flow direction relation between the assets is determined through the corresponding relation between the access flow and the access strategy, and further, the topological graph of the mutual access of the flow between the assets is visually established.
Drawings
FIG. 1 is a flow diagram of one embodiment of a method for establishing an asset interrelationship provided by the present invention;
FIG. 2 is a schematic diagram of an embodiment of a step S102 in the method for establishing an asset access relationship provided by the present invention;
FIG. 3 is a schematic diagram of an embodiment of an asset mutual access relationship establishment apparatus provided by the present invention;
fig. 4 is a schematic operating environment diagram of an embodiment of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
The method, the device, the equipment or the computer readable storage medium for establishing the mutual access relationship of the products can be used for asset resource management among various functional departments of the government, can also be used for asset resource management among enterprise main companies and branch companies, and can also be used for comprehensive management of resource assets among different cities. The method, apparatus, device or computer readable storage medium of the present invention may be integrated with the above system or may be relatively independent.
The embodiment provides a method for establishing an asset mutual access relationship, please refer to fig. 1, which includes the following steps:
s101, obtaining access flow among all assets in a network environment;
s102, marking the assets by adopting preset tags, classifying the assets according to the classification relation of the tags and establishing an initial flow direction relation of access flow among different tags;
s103, determining a target flow direction relation between the assets according to the matching degree between the initial flow direction relation and a preset access strategy, and establishing an asset access relation topological graph according to the target flow direction relation.
In the embodiment, access traffic between all assets in a network environment is acquired; then, marking the assets by adopting preset tags, classifying the assets according to the classification relation of the tags and establishing an initial flow direction relation of access flow among different tags; and finally, determining a target flow direction relation among the assets according to the matching degree between the initial flow direction relation and a preset access strategy, and establishing an asset access relation topological graph according to the target flow direction relation. The invention realizes the purpose of visually displaying the mutual access of the flow among the assets.
In step S101, acquiring access traffic between all assets in the network environment at least includes three ways, namely manual acquisition, online acquisition, and Agent (software or hardware entity capable of autonomous activity) acquisition. The manual collection mainly comprises the steps of analyzing and generating host related information through a configuration file of host equipment; the online collection is to log in a target device through a maintained ssh credential to execute a series of commands to collect device information and support periodic collection; agent collection is realized by pushing Agent software to equipment in advance, then the Agent is responsible for collecting information at regular time and reporting the information to a host for management, and the reporting frequency can be configured. Specifically, data flow information is extracted according to data between assets collected by the host, the flow information is analyzed, specific traces of access from the local device to the remote device are obtained and stored as flow data after being processed, and the flow data comprises a local ip, local position label information, local hierarchy information, a remote ip, remote label information, a remote port and a protocol.
In step S103, the asset access relationship topological graph defines that, when there is access traffic between a host at a certain location and a host at another location, an access relationship exists between the two locations, and at this time, the application topology shows an access relationship connection line from the location to the another location, and when the connection line is clicked, specific traffic details, including a local ip, a remote ip, a port, and a protocol, are shown. And clicking the position label to drill down, displaying the environment and the application label associated with the current position, drawing the environment and the application in real time when the mutual access relation exists between the environment and the application in the position label, and displaying the final role dimension label when drilling down, wherein the displayed access relation is the access relation between specific hosts (roles are deployed on the hosts).
In some embodiments, the preset tags include a primary tag and a secondary tag, the category of the primary tag includes at least location, environment, application, and role, and the secondary tag belongs to the primary tag.
In this embodiment, the location represents a geographic location where the asset is located or a location served by the asset, and specifically, the secondary tags corresponding to the location categories of the primary tags include locations of wuhan, beijing, shanghai, chongqing, and the like; the environment represents the environment of the asset, and specifically, the secondary label corresponding to the environment category comprises a development environment, a test environment and a production environment; the application represents an application service program to which the asset belongs; the role represents the role or function that the asset performs, and in particular, the role comprises a web server or a database server.
It should be noted that, when the assets are marked, four types of tags, namely, a position, an environment, an application and a role, need to be marked on each asset, and each asset only includes one secondary tag corresponding to each type of primary tag.
In some embodiments, referring to fig. 2, the establishing of the initial flow direction relationship includes:
s201, marking the assets by adopting each category corresponding to the primary label, and at least obtaining position information, environment information, application information and role information corresponding to each asset;
s202, classifying the assets according to position information, environment information, application information and role information respectively to obtain a plurality of position type assets, environment type assets, application information type assets and role information type assets respectively;
s203, determining a first initial flow direction relation according to mutual access flow among a plurality of position type assets;
s204, determining a second initial flow relation according to the mutual access flow among the plurality of environment type assets;
s205, determining a third initial flow relation according to mutual access flow among a plurality of application information type assets;
s206, determining a fourth initial flow relation according to the mutual access flow among the plurality of role information type assets.
In the embodiment, the assets are classified and managed according to the categories of the primary labels, wherein the number of the categories of the primary labels determines the categories of the assets. By carrying out classified management on the assets, a flow direction table of the flow among different assets is established according to the categories of the assets.
In some embodiments, the access policy includes a rule direction, an access qualification, a policy priority, a local tag, a remote tag, a protocol, a port, and a remote mode.
In this embodiment, the access policy is a security policy created according to an actual network security requirement, and is issued to the corresponding device. The security policy is a rule for protecting the network, which is configured in the system by an administrator to decide which traffic can pass through and which traffic should be blocked. The security policy comprises local ip, local port, far end ip, far end port and protocol of the flow.
Further, the rule direction represents an access path, and the access direction of the specified flow is local access far end or far end access local for local; the access qualification indicates whether the traffic is qualified for access, i.e., allowed or denied access; the strategy priority represents common or override, and the override priority is higher when two strategies conflict; the remote mode may select either the tag or the IP.
Further, one policy may generate two command lines for the local and remote, one for the outbound policy from local to remote for the local and one for the inbound policy from local to remote for the remote.
In some embodiments, the determining the target flow direction relationship between the assets according to the matching degree between the initial flow direction relationship and a preset access policy includes:
comparing the first initial flow direction relation, the second initial flow direction relation, the third initial flow direction relation and the fourth initial flow direction relation with the access policy;
judging whether the traffic corresponding to the first initial flow relationship, the second initial flow relationship, the third initial flow relationship and the fourth initial flow relationship has the access qualification;
if the access qualification is met, marking the initial flow relationship as a target flow relationship;
and if the initial flow relation does not have the access qualification, performing policy management on the initial flow relation.
In this embodiment, whether the traffic has the access qualification can be determined by querying the matching degree between the traffic and the access policy.
In a specific embodiment, the traffic is matched with the access policy, and the specific matching details are as follows:
1) Converting the flow into a quadruplet comprising a local ip, a remote ip, a protocol and a port;
example (c): local ip 1.1.1.1, far end ip 2.2.2.2, protocol tcp, port 80
Four-tuple: local ip 1.1.1.1, remote ip 2.2.2.2, protocol tcp, port 80
2) The policy correspondence is converted into a quadruple, which is divided into two cases:
a. the strategy local or remote mode is ip, and the strategy is directly converted into quadruplet;
example (c): local ip 1.1.1.1,1.1.1.2 remote ip 2.2.2.1,2.2.2.2, protocol tcp port 80 quadruplet: local ip 1.1.1.1, far end ip 2.2.2.1, protocol tcp, port 80
Local ip 1.1.1.1, remote ip 2.2.2.2, protocol tcp, port 80
Local ip 1.1.1.2, far end ip 2.2.2.1, protocol tcp, port 80
Local ip 1.1.1.2, remote ip 2.2.2.2, protocol tcp, port 80
b. Querying all host ip related to the strategy label in the system by using the label in the strategy local or remote mode, and then converting the host ip into a quadruple according to the mode a;
if all label classifications contained in the global policy, the label classification corresponding to the host should at least contain one (intersection), or the label classification is not configured (ANY), the policy is considered to be relevant to the host;
further, enumerating three scenarios all considers a policy to be relevant to the host, and three unrelated scenarios (tag classification < location > < application > is not configured as ANY)
In the case of the relevant scenario 1,
strategy: tag classification < environment >: < development > < test > tag classification < role >: < Web > < database >
A host computer: tag classification < environment >: < test >
Label classification < role >: < Web >
In the case of the relevant scene 2,
the strategy is as follows: tag classification < environment >: < development > < test > tag classification < role >: < Web > < database >
A host computer: tag classification < environment >: unconfigured (ANY) label classification < role >: < Web >
In the case of the relevant scene 3,
the strategy is as follows: tag classification < environment >: unconfigured (ANY) label classification < role >: < Web > < database >
The host computer: tag classification < environment >: < test >
Label classification < role >: < Web >
The non-relevant scene 1 is shown,
strategy: tag classification < environment >: < development > < test > tag classification < role >: < Web > < database >
The host computer: tag classification < environment >: < production >
Label classification < role >: < database >
The non-relevant scene 2 is shown,
strategy: tag classification < environment >: < development > < test > tag classification < role >: < Web > < database >
The host computer: tag classification < environment >: < production >
Label classification < role >: < Web >
The non-relevant scene 3 is shown,
strategy: tag classification < environment >: < test >
Label classification < role >: < database >
A host computer: tag classification < environment >: < test >
Label classification < role >: < Web >
3) The flow quadruplet is matched with the strategy quadruplet, if each element of the strategy quadruplet contains or is equal to the element corresponding to the flow quadruplet, the matching is successful, otherwise, if one element does not contain or is not equal to the element, the flow is not matched with the strategy.
Example (a):
flow quadruplets: local ip 1.1.1.1, far end ip 2.2.2.2, protocol tcp, port 80
Policy quadruplets: local ip 1.1.1.1,1.1.1.2, remote ip 2.2.2.1,2.2.2.2, protocol tcp, udp, ports 80, 90
In some embodiments, the policy managing the initial flow direction relationship includes:
judging whether the initial flow direction relationship is a normal access relationship;
if the access relation is normal, adding the access strategy to the flow corresponding to the initial flow relation;
and if the access relation is abnormal, deleting the access strategy corresponding to the initial flow relation.
In this embodiment, by performing policy management on the initial traffic without access qualification, the abnormal traffic in the system can be monitored in real time.
In some embodiments, the access policy further comprises a statistical rule for determining a ratio of the normal access relation without access qualification to the initial flow relation of the access qualification of the macro.
In the embodiment, according to all the security policy data of the device mutual access relation matching system, the traffic proportion which can be matched with the security policy and the traffic proportion which cannot be matched with the security policy are counted, the policy details on traffic matching can be quickly checked, and meanwhile, for the traffic which is not matched with the security policy, the generation and issuing of the policy are supported by one key according to different label dimensions.
Based on the above method for establishing an asset mutual access relationship, an apparatus 300 for establishing an asset mutual access relationship is further provided in the embodiments of the present invention, referring to fig. 3, the apparatus 300 for establishing an asset mutual access relationship includes an obtaining module 310, an initial flow direction relationship determining module 320, and a target flow direction relationship determining module 330.
An obtaining module 310, configured to obtain access traffic between all assets in a network environment;
an initial flow direction relationship determining module 320, configured to mark the asset with a preset tag, classify the asset according to the classification relationship of the tag, and establish an initial flow direction relationship of access traffic between different tags;
and the target flow direction relationship determining module 330 is configured to determine a target flow direction relationship between the assets according to the matching degree between the initial flow direction relationship and a preset access policy, and establish an asset access relationship topological graph according to the target flow direction relationship.
As shown in fig. 4, based on the above asset mutual access relationship establishing method, the present invention also provides an electronic device, which may be a mobile terminal, a desktop computer, a notebook, a palmtop computer, a server, or other computing devices. The electronic device includes a processor 410, a memory 420, and a display 430. Fig. 4 shows only some of the components of the electronic device, but it is to be understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead.
The storage 420 may in some embodiments be an internal storage unit of the electronic device, such as a hard disk or a memory of the electronic device. The memory 420 may also be an external storage device of the electronic device in other embodiments, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), etc. provided on the electronic device. Further, the memory 420 may also include both internal storage units and external storage devices of the electronic device. The memory 420 is used for storing application software installed in the electronic device and various data, such as program codes for installing the electronic device. The memory 420 may also be used to temporarily store data that has been output or is to be output. In one embodiment, the memory 420 stores an asset interrelationship setup procedure 440, and the asset interrelationship setup procedure 440 can be executed by the processor 410 to implement the asset interrelationship setup methods of the embodiments of the application.
The display 430 may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch panel, or the like in some embodiments. The display 430 is used to display information at the asset interrelationship building device and to display a visual user interface. The components 410-430 of the electronic device communicate with each other via a system bus.
Of course, it will be understood by those skilled in the art that all or part of the processes of the methods of the above embodiments may be implemented by a computer program instructing relevant hardware (such as a processor, a controller, etc.), and the program may be stored in a computer readable storage medium, and when executed, the program may include the processes of the above method embodiments. The storage medium may be a memory, a magnetic disk, an optical disk, etc.
The above-described embodiments of the present invention should not be construed as limiting the scope of the present invention. Any other corresponding changes and modifications made according to the technical idea of the present invention should be included in the protection scope of the claims of the present invention.
Claims (10)
1. An asset mutual access relationship establishing method is characterized by comprising the following steps:
acquiring access flow among all assets in a network environment;
marking the assets by adopting preset tags, classifying the assets according to the classification relation of the tags and establishing an initial flow direction relation of access flow among different tags;
and determining a target flow direction relation among the assets according to the matching degree between the initial flow direction relation and a preset access strategy, and establishing an asset access relation topological graph according to the target flow direction relation.
2. The method for establishing the asset mutual access relationship according to claim 1, wherein the preset tags include a primary tag and a secondary tag, the category of the primary tag at least includes a location, an environment, an application and a role, and the secondary tag belongs to the primary tag.
3. The method for establishing the asset mutual access relation according to the claim 2, wherein the step of classifying the assets according to the classification relation of the tags and establishing the initial flow direction relation of the access traffic among different tags comprises the following steps:
marking the assets by adopting each category corresponding to the primary label, and at least obtaining position information, environment information, application information and role information corresponding to each asset;
classifying the assets according to position information, environment information, application information and role information respectively to obtain a plurality of position type assets, environment type assets, application information type assets and role information type assets respectively;
determining a first initial flow relationship according to mutual access flow among a plurality of position type assets;
determining a second initial flow relationship according to the mutual access flow among the plurality of environment type assets;
determining a third initial flow relationship according to the mutual access flow among the plurality of application information type assets;
and determining a fourth initial flow relationship according to the mutual access flow among the plurality of role information type assets.
4. The asset interrelationship building method of claim 3, wherein said access policies include rule direction, access qualifications, policy priority, local tag, remote tag, protocol, port, and remote mode.
5. The method for establishing the asset mutual access relationship according to claim 4, wherein the determining the target flow direction relationship between the assets according to the matching degree between the initial flow direction relationship and a preset access policy comprises:
comparing the first initial flow relationship, the second initial flow relationship, the third initial flow relationship and the fourth initial flow relationship with the access policy, and judging whether the traffic corresponding to the first initial flow relationship, the second initial flow relationship, the third initial flow relationship and the fourth initial flow relationship has the access qualification;
if the access qualification is met, marking the initial flow relationship as a target flow relationship;
and if the initial flow relation does not have the access qualification, performing policy management on the initial flow relation.
6. The asset mutual access relationship establishment method according to claim 5, wherein said policy managing said initial flow direction relationship comprises:
judging whether the initial flow direction relationship is a normal access relationship;
if the access relation is normal, adding the access strategy to the flow corresponding to the initial flow relation;
and if the access policy is abnormal, deleting the access policy corresponding to the initial flow direction relationship.
7. The asset mutual access relationship establishment method according to claim 6, wherein the access policy further comprises a statistical rule for determining a ratio of the normal access relationship without access qualification to the initial flow relationship of the access qualification of the macro-turtle.
8. An asset mutual access relationship establishing apparatus, comprising:
the acquisition module is used for acquiring access flow among all assets in a network environment;
the initial flow direction relation determining module is used for marking the assets by adopting preset tags, classifying the assets according to the classification relation of the tags and establishing an initial flow direction relation of access flow among different tags;
and the target flow direction relation determining module is used for determining the target flow direction relation among the assets according to the matching degree between the initial flow direction relation and a preset access strategy, and establishing an asset access relation topological graph according to the target flow direction relation.
9. An electronic device, comprising: a processor and a memory;
the memory has stored thereon a computer readable program executable by the processor;
the processor, when executing the computer readable program, implements the steps in the asset interrelationship establishment method as claimed in claims 1-7.
10. A computer readable storage medium, storing one or more programs, the one or more programs being executable by one or more processors for performing the steps of the asset interrelationship establishment method of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211519579.3A CN115883628A (en) | 2022-11-30 | 2022-11-30 | Method, device, equipment and storage medium for establishing asset mutual access relation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211519579.3A CN115883628A (en) | 2022-11-30 | 2022-11-30 | Method, device, equipment and storage medium for establishing asset mutual access relation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115883628A true CN115883628A (en) | 2023-03-31 |
Family
ID=85764889
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211519579.3A Pending CN115883628A (en) | 2022-11-30 | 2022-11-30 | Method, device, equipment and storage medium for establishing asset mutual access relation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115883628A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109995736A (en) * | 2017-12-31 | 2019-07-09 | 中国移动通信集团四川有限公司 | Detection threatens method, apparatus, equipment and the storage medium of attack |
| CN111800408A (en) * | 2020-06-30 | 2020-10-20 | 深信服科技股份有限公司 | Policy configuration device, security policy configuration method of terminal, and readable storage medium |
| US20200336513A1 (en) * | 2019-04-16 | 2020-10-22 | FireMon, LLC | Network security and management system |
| CN112235253A (en) * | 2020-09-22 | 2021-01-15 | 杭州安恒信息技术股份有限公司 | Data asset combing method and device, computer equipment and storage medium |
| CN112565287A (en) * | 2020-12-18 | 2021-03-26 | 深信服科技股份有限公司 | Asset exposure surface determining method and device, firewall and storage medium |
| CN113703915A (en) * | 2021-08-17 | 2021-11-26 | 深信服科技股份有限公司 | Access relation visualization method and device, electronic equipment and storage medium |
-
2022
- 2022-11-30 CN CN202211519579.3A patent/CN115883628A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109995736A (en) * | 2017-12-31 | 2019-07-09 | 中国移动通信集团四川有限公司 | Detection threatens method, apparatus, equipment and the storage medium of attack |
| US20200336513A1 (en) * | 2019-04-16 | 2020-10-22 | FireMon, LLC | Network security and management system |
| CN111800408A (en) * | 2020-06-30 | 2020-10-20 | 深信服科技股份有限公司 | Policy configuration device, security policy configuration method of terminal, and readable storage medium |
| CN112235253A (en) * | 2020-09-22 | 2021-01-15 | 杭州安恒信息技术股份有限公司 | Data asset combing method and device, computer equipment and storage medium |
| CN112565287A (en) * | 2020-12-18 | 2021-03-26 | 深信服科技股份有限公司 | Asset exposure surface determining method and device, firewall and storage medium |
| CN113703915A (en) * | 2021-08-17 | 2021-11-26 | 深信服科技股份有限公司 | Access relation visualization method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107330034B (en) | Log analysis method and device, computer equipment and storage medium | |
| CN103729905B (en) | Graphical cruising inspection system and method for inspecting | |
| US20180137288A1 (en) | System and method for modeling security threats to prioritize threat remediation scheduling | |
| US10706377B2 (en) | Communication data analysis and processing system and method | |
| CN112491602B (en) | Behavior data monitoring method and device, computer equipment and medium | |
| JP2014112400A (en) | Method and apparatus for generating configuration rules for computing entities within computing environment by using association rule mining | |
| US10664498B2 (en) | Interconnected graph structured database for identifying and remediating conflicts in resource deployment | |
| CN203849768U (en) | Graphical inspection system | |
| WO2021159834A1 (en) | Abnormal information processing node analysis method and apparatus, medium and electronic device | |
| CN103944763A (en) | Network-assistant management system and method of electrical power system | |
| CN114639183A (en) | Intelligent inspection method, system, computer equipment and medium based on element | |
| CN113965497B (en) | Server abnormity identification method and device, computer equipment and readable storage medium | |
| CN111858722A (en) | Big data application system and method based on Internet of things | |
| CN106470203A (en) | Information getting method and device | |
| CN107609654A (en) | Management method, managing device and the terminal device of taiwan area | |
| CN113904910A (en) | Intelligent asset discovery method and device based on operation and maintenance system | |
| CN112702709A (en) | Radio monitoring facility intelligent operation and maintenance system based on distributed mobile terminal | |
| CN103078768B (en) | Based on WEB service system emulation method for supervising and the system of BHO technology | |
| CN110471912B (en) | Employee attribute information verification method and device and terminal equipment | |
| US20150278739A1 (en) | Measuring utilisation of physical locations | |
| CN115883628A (en) | Method, device, equipment and storage medium for establishing asset mutual access relation | |
| CN112751976B (en) | Agent association method, system, equipment and storage medium based on authentication log | |
| CN116340442A (en) | Network space map generation method, device, equipment and storage medium | |
| CN113032654A (en) | Exposed surface-based social organization identification method and system in network space | |
| CN116886452B (en) | Method and system for judging host computer collapse |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |