CN116663886A - Information security event combing method and device - Google Patents
Information security event combing method and device Download PDFInfo
- Publication number
- CN116663886A CN116663886A CN202310447738.1A CN202310447738A CN116663886A CN 116663886 A CN116663886 A CN 116663886A CN 202310447738 A CN202310447738 A CN 202310447738A CN 116663886 A CN116663886 A CN 116663886A
- Authority
- CN
- China
- Prior art keywords
- information
- event
- result
- information security
- sorting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000009960 carding Methods 0.000 claims abstract description 28
- 238000012163 sequencing technique Methods 0.000 claims abstract description 26
- 238000000605 extraction Methods 0.000 claims abstract description 13
- 230000003370 grooming effect Effects 0.000 claims description 10
- 239000011159 matrix material Substances 0.000 claims description 8
- 238000013075 data extraction Methods 0.000 abstract description 9
- 238000004321 preservation Methods 0.000 abstract description 2
- 238000012545 processing Methods 0.000 description 16
- 238000004891 communication Methods 0.000 description 13
- 230000006870 function Effects 0.000 description 6
- 230000008878 coupling Effects 0.000 description 4
- 238000010168 coupling process Methods 0.000 description 4
- 238000005859 coupling reaction Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000005236 sound signal Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0631—Resource planning, allocation, distributing or scheduling for enterprises or organisations
- G06Q10/06316—Sequencing of tasks or work
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/26—Government or public services
- G06Q50/265—Personal security, identity or safety
Landscapes
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Engineering & Computer Science (AREA)
- Strategic Management (AREA)
- Economics (AREA)
- Tourism & Hospitality (AREA)
- Entrepreneurship & Innovation (AREA)
- General Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Marketing (AREA)
- Theoretical Computer Science (AREA)
- Development Economics (AREA)
- Educational Administration (AREA)
- Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Game Theory and Decision Science (AREA)
- Operations Research (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Primary Health Care (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application discloses an information security event combing method and device. Wherein the method comprises the following steps: acquiring original information security event information; extracting the original information security event information according to the time parameter, the event parameter and the result parameter to generate event information to be combed; sequencing the event information to be combed according to a preset priority rule to obtain sequencing event information; and inputting the ordering event information into a carding template to obtain an information security event carding result. The application solves the technical problems that the prior art for the management of the information security events only carries out manual extraction and record preservation through a simple data extraction method, the extraction, the sequencing and the identification by utilizing the original or basic elements of the information security events can not be realized, and the efficiency and the quality of the information security event report are reduced.
Description
Technical Field
The application relates to the field of data processing, in particular to an information security event combing method and device.
Background
Along with the continuous development of intelligent science and technology, intelligent equipment is increasingly used in life, work and study of people, and the quality of life of people is improved and the learning and working efficiency of people is increased by using intelligent science and technology means.
At present, as the national importance of information security occurrence and prevention is increased, when an information security event occurs in an information system, event elements and event related data are often extracted and recorded and reported according to the information security event data when the information security event data are manually judged, but the information security event is manually extracted and recorded and stored only by a simple data extraction method in the prior art, so that the extraction, sequencing and identification of the original or basic elements of the information security event cannot be realized, and the efficiency and the reporting quality of the information security event are reduced.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The embodiment of the application provides an information security event combing method and device, which at least solve the technical problems that the original or basic elements of the information security event cannot be used for extraction, sequencing and identification, and the efficiency and the reporting quality of the information security event are reduced because the information security event is manually extracted and recorded and stored only by a simple data extraction method in the prior art.
According to an aspect of the embodiment of the present application, there is provided an information security event combing method, including: acquiring original information security event information; extracting the original information security event information according to the time parameter, the event parameter and the result parameter to generate event information to be combed; sequencing the event information to be combed according to a preset priority rule to obtain sequencing event information; and inputting the ordering event information into a carding template to obtain an information security event carding result.
Optionally, the event information to be combed includes: time information, event data information, result data information.
Optionally, the sorting the event information to be combed according to a preset priority rule, and obtaining the sorted event information includes: obtaining a sequencing reference parameter of the preset priority rule, wherein the sequencing reference parameter comprises: time parameters and result parameters; sorting the event information to be combed according to the sorting reference parameters to obtain a sorting result; and generating the ordering event information according to the ordering result.
Optionally, after the step of inputting the sorting event information into the carding template to obtain an information security event carding result, the method further includes: and transmitting the information security event combing result to an information security reporting matrix for reporting.
According to another aspect of the embodiment of the present application, there is also provided an information security event grooming device, including: the acquisition module is used for acquiring the original information security event information; the extraction module is used for extracting the original information security event information according to the time parameter, the event parameter and the result parameter to generate event information to be combed; the sorting module is used for sorting the event information to be combed according to a preset priority rule to obtain sorting event information; and the input module is used for inputting the sorting event information into the carding template to obtain an information security event carding result.
Optionally, the event information to be combed includes: time information, event data information, result data information.
Optionally, the sorting module includes: an obtaining unit, configured to obtain a ranking reference parameter of the preset priority rule, where the ranking reference parameter includes: time parameters and result parameters; the sorting unit is used for sorting the event information to be combed according to the sorting reference parameters to obtain a sorting result; and the generating unit is used for generating the ordering event information according to the ordering result.
Optionally, the apparatus further includes: and the reporting module is used for transmitting the information security event combing result to an information security reporting matrix for reporting.
According to another aspect of the embodiment of the present application, there is further provided a nonvolatile storage medium, where the nonvolatile storage medium includes a stored program, and when the program runs, the program controls a device in which the nonvolatile storage medium is located to execute an information security event grooming method.
According to another aspect of the embodiment of the present application, there is also provided an electronic device including a processor and a memory; the memory stores computer readable instructions, and the processor is configured to execute the computer readable instructions, where the computer readable instructions execute an information security event grooming method when executed.
In the embodiment of the application, the original information security event information is acquired; extracting the original information security event according to the time parameter, the event parameter and the result parameter to generate event information to be combed; sequencing the event information to be combed according to a preset priority rule to obtain sequencing event information; the sorting event information is input into a carding template to obtain an information security event carding result, so that the technical problems that the information security event is only artificially extracted and recorded and saved by a simple data extraction method in the prior art, the original or basic elements of the information security event cannot be used for extraction, sorting and identification, and the efficiency and the quality of reporting the information security event are reduced are solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
FIG. 1 is a flow chart of a method of information security event grooming in accordance with an embodiment of the present application;
FIG. 2 is a block diagram of an information security event grooming device in accordance with an embodiment of the present application;
fig. 3 is a block diagram of a terminal device for performing the method according to the application according to an embodiment of the application;
fig. 4 is a memory unit for holding or carrying program code for implementing a method according to the application, according to an embodiment of the application.
Detailed Description
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In accordance with an embodiment of the present application, there is provided a method embodiment of an information security event grooming method, it being noted that the steps illustrated in the flowchart of the figures may be performed in a computer system, such as a set of computer executable instructions, and that although a logical sequence is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in a different order than that illustrated herein.
Example 1
FIG. 1 is a flow chart of a method for information security event mining according to an embodiment of the present application, as shown in FIG. 1, the method comprising the steps of:
step S102, the original information security event information is acquired.
Specifically, in order to solve the technical problems that in the prior art, the information and the data of the original information security event are collected, the specific content of the information security event is received through an information generation platform and an information reporting end, and the subsequent information security event data extraction and data combing are performed through the description data of the specific information security event, wherein the information security event is manually extracted, sequenced and identified only through a simple data extraction method, and the original or basic elements of the information security event cannot be utilized to extract, sort and identify, so that the reporting efficiency and reporting quality of the information security event are reduced.
Step S104, extracting the original information security event information according to the time parameter, the event parameter and the result parameter, and generating event information to be combed.
Specifically, the information security event information obtained by the embodiment of the application is only the original event description data when the information security event occurs, and the description may be a section of description or a table or a technical parameter array, so that in order to comb and report the key elements of the information security event, the time parameter, the event parameter and the result parameter in the information security event need to be identified and extracted to obtain an extraction result, and the extraction result covers the basic key event elements of the information security event, namely, the extracted basic key event elements can form a subsequent event comb data source.
Optionally, the event information to be combed includes: time information, event data information, result data information.
Step S106, sorting the event information to be combed according to a preset priority rule to obtain sorting event information.
Optionally, the sorting the event information to be combed according to a preset priority rule, and obtaining the sorted event information includes: obtaining a sequencing reference parameter of the preset priority rule, wherein the sequencing reference parameter comprises: time parameters and result parameters; sorting the event information to be combed according to the sorting reference parameters to obtain a sorting result; and generating the ordering event information according to the ordering result.
Step S108, inputting the sorting event information into a carding template to obtain an information security event carding result.
Optionally, after the step of inputting the sorting event information into the carding template to obtain an information security event carding result, the method further includes: and transmitting the information security event combing result to an information security reporting matrix for reporting.
By the embodiment, the technical problems that the prior art for the management of the information security events only carries out manual extraction and record preservation through a simple data extraction method, the extraction, sequencing and identification by using the original or basic elements of the information security events cannot be realized, and the efficiency and the quality of reporting the information security events are reduced are solved.
Example two
Fig. 2 is a block diagram of an information security event comb device according to an embodiment of the present application, and as shown in fig. 2, the device includes:
the acquiring module 20 is configured to acquire the original information security event information.
Specifically, in order to solve the technical problems that in the prior art, the information and the data of the original information security event are collected, the specific content of the information security event is received through an information generation platform and an information reporting end, and the subsequent information security event data extraction and data combing are performed through the description data of the specific information security event, wherein the information security event is manually extracted, sequenced and identified only through a simple data extraction method, and the original or basic elements of the information security event cannot be utilized to extract, sort and identify, so that the reporting efficiency and reporting quality of the information security event are reduced.
The extracting module 22 is configured to extract the original information security event information according to the time parameter, the event parameter and the result parameter, and generate event information to be combed.
Specifically, the information security event information obtained by the embodiment of the application is only the original event description data when the information security event occurs, and the description may be a section of description or a table or a technical parameter array, so that in order to comb and report the key elements of the information security event, the time parameter, the event parameter and the result parameter in the information security event need to be identified and extracted to obtain an extraction result, and the extraction result covers the basic key event elements of the information security event, namely, the extracted basic key event elements can form a subsequent event comb data source.
Optionally, the event information to be combed includes: time information, event data information, result data information.
The sorting module 24 is configured to sort the event information to be combed according to a preset priority rule, so as to obtain sorted event information.
Optionally, the sorting module includes: an obtaining unit, configured to obtain a ranking reference parameter of the preset priority rule, where the ranking reference parameter includes: time parameters and result parameters; the sorting unit is used for sorting the event information to be combed according to the sorting reference parameters to obtain a sorting result; and the generating unit is used for generating the ordering event information according to the ordering result.
And the input module 26 is used for inputting the sorting event information into a carding template to obtain an information security event carding result.
Optionally, the apparatus further includes: and the reporting module is used for transmitting the information security event combing result to an information security reporting matrix for reporting.
According to another aspect of the embodiment of the present application, there is further provided a nonvolatile storage medium, where the nonvolatile storage medium includes a stored program, and when the program runs, the program controls a device in which the nonvolatile storage medium is located to execute an information security event grooming method.
Specifically, the method comprises the following steps: acquiring original information security event information; extracting the original information security event information according to the time parameter, the event parameter and the result parameter to generate event information to be combed; sequencing the event information to be combed according to a preset priority rule to obtain sequencing event information; and inputting the ordering event information into a carding template to obtain an information security event carding result. Optionally, the event information to be combed includes: time information, event data information, result data information. Optionally, the sorting the event information to be combed according to a preset priority rule, and obtaining the sorted event information includes: obtaining a sequencing reference parameter of the preset priority rule, wherein the sequencing reference parameter comprises: time parameters and result parameters; sorting the event information to be combed according to the sorting reference parameters to obtain a sorting result; and generating the ordering event information according to the ordering result. Optionally, after the step of inputting the sorting event information into the carding template to obtain an information security event carding result, the method further includes: and transmitting the information security event combing result to an information security reporting matrix for reporting.
According to another aspect of the embodiment of the present application, there is also provided an electronic device including a processor and a memory; the memory stores computer readable instructions, and the processor is configured to execute the computer readable instructions, where the computer readable instructions execute an information security event grooming method when executed.
Specifically, the method comprises the following steps: acquiring original information security event information; extracting the original information security event information according to the time parameter, the event parameter and the result parameter to generate event information to be combed; sequencing the event information to be combed according to a preset priority rule to obtain sequencing event information; and inputting the ordering event information into a carding template to obtain an information security event carding result. Optionally, the event information to be combed includes: time information, event data information, result data information. Optionally, the sorting the event information to be combed according to a preset priority rule, and obtaining the sorted event information includes: obtaining a sequencing reference parameter of the preset priority rule, wherein the sequencing reference parameter comprises: time parameters and result parameters; sorting the event information to be combed according to the sorting reference parameters to obtain a sorting result; and generating the ordering event information according to the ordering result. Optionally, after the step of inputting the sorting event information into the carding template to obtain an information security event carding result, the method further includes: and transmitting the information security event combing result to an information security reporting matrix for reporting.
The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed technology may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, for example, may be a logic function division, and may be implemented in another manner, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, fig. 3 is a schematic hardware structure of a terminal device according to an embodiment of the present application. As shown in fig. 3, the terminal device may include an input device 30, a processor 31, an output device 32, a memory 33, and at least one communication bus 34. The communication bus 34 is used to enable communication connections between the elements. The memory 33 may comprise a high-speed RAM memory or may further comprise a non-volatile memory NVM, such as at least one magnetic disk memory, in which various programs may be stored for performing various processing functions and implementing the method steps of the present embodiment.
Alternatively, the processor 31 may be implemented as, for example, a central processing unit (Central Processing Unit, abbreviated as CPU), an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), a Digital Signal Processing Device (DSPD), a Programmable Logic Device (PLD), a Field Programmable Gate Array (FPGA), a controller, a microcontroller, a microprocessor, or other electronic components, and the processor 31 is coupled to the input device 30 and the output device 32 through wired or wireless connections.
Alternatively, the input device 30 may include a variety of input devices, for example, may include at least one of a user-oriented user interface, a device-oriented device interface, a programmable interface of software, a camera, and a sensor. Optionally, the device interface facing the device may be a wired interface for data transmission between devices, or may be a hardware insertion interface (such as a USB interface, a serial port, etc.) for data transmission between devices; alternatively, the user-oriented user interface may be, for example, a user-oriented control key, a voice input device for receiving voice input, and a touch-sensitive device (e.g., a touch screen, a touch pad, etc. having touch-sensitive functionality) for receiving user touch input by a user; optionally, the programmable interface of the software may be, for example, an entry for a user to edit or modify a program, for example, an input pin interface or an input interface of a chip, etc.; optionally, the transceiver may be a radio frequency transceiver chip, a baseband processing chip, a transceiver antenna, etc. with a communication function. An audio input device such as a microphone may receive voice data. The output device 32 may include a display, audio, or the like.
In this embodiment, the processor of the terminal device may include functions for executing each module of the data processing apparatus in each device, and specific functions and technical effects may be referred to the above embodiments and are not described herein again.
Fig. 4 is a schematic hardware structure of a terminal device according to another embodiment of the present application. Fig. 4 is a specific embodiment of the implementation of fig. 3. As shown in fig. 4, the terminal device of the present embodiment includes a processor 41 and a memory 42.
The processor 41 executes the computer program code stored in the memory 42 to implement the methods of the above-described embodiments.
The memory 42 is configured to store various types of data to support operation at the terminal device. Examples of such data include instructions for any application or method operating on the terminal device, such as messages, pictures, video, etc. The memory 42 may include a random access memory (random access memory, simply referred to as RAM) and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory.
Optionally, a processor 41 is provided in the processing assembly 40. The terminal device may further include: a communication component 43, a power supply component 44, a multimedia component 45, an audio component 46, an input/output interface 47 and/or a sensor component 48. The components and the like specifically included in the terminal device are set according to actual requirements, which are not limited in this embodiment.
The processing component 40 generally controls the overall operation of the terminal device. The processing component 40 may include one or more processors 41 to execute instructions to perform all or part of the steps of the methods described above. Further, the processing component 40 may include one or more modules that facilitate interactions between the processing component 40 and other components. For example, processing component 40 may include a multimedia module to facilitate interaction between multimedia component 45 and processing component 40.
The power supply assembly 44 provides power to the various components of the terminal device. Power supply components 44 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for terminal devices.
The multimedia component 45 comprises a display screen between the terminal device and the user providing an output interface. In some embodiments, the display screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the display screen includes a touch panel, the display screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or slide action, but also the duration and pressure associated with the touch or slide operation.
The audio component 46 is configured to output and/or input audio signals. For example, the audio component 46 includes a Microphone (MIC) configured to receive external audio signals when the terminal device is in an operational mode, such as a speech recognition mode. The received audio signals may be further stored in the memory 42 or transmitted via the communication component 43. In some embodiments, audio assembly 46 further includes a speaker for outputting audio signals.
The input/output interface 47 provides an interface between the processing assembly 40 and peripheral interface modules, which may be click wheels, buttons, etc. These buttons may include, but are not limited to: volume button, start button and lock button.
The sensor assembly 48 includes one or more sensors for providing status assessment of various aspects for the terminal device. For example, the sensor assembly 48 may detect the open/closed state of the terminal device, the relative positioning of the assembly, the presence or absence of user contact with the terminal device. The sensor assembly 48 may include a proximity sensor configured to detect the presence of nearby objects in the absence of any physical contact, including detecting the distance between the user and the terminal device. In some embodiments, the sensor assembly 48 may also include a camera or the like.
The communication component 43 is configured to facilitate communication between the terminal device and other devices in a wired or wireless manner. The terminal device may access a wireless network based on a communication standard, such as WiFi,2G or 3G, or a combination thereof. In one embodiment, the terminal device may include a SIM card slot, where the SIM card slot is used to insert a SIM card, so that the terminal device may log into a GPRS network, and establish communication with a server through the internet.
From the above, it will be appreciated that the communication component 43, the audio component 46, and the input/output interface 47, the sensor component 48 referred to in the embodiment of fig. 4 may be implemented as an input device in the embodiment of fig. 3.
In the several embodiments provided in the present application, it should be understood that the disclosed technology may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, for example, may be a logic function division, and may be implemented in another manner, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely a preferred embodiment of the present application and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present application, which are intended to be comprehended within the scope of the present application.
Claims (10)
1. An information security event grooming method, comprising:
acquiring original information security event information;
extracting the original information security event information according to the time parameter, the event parameter and the result parameter to generate event information to be combed;
sequencing the event information to be combed according to a preset priority rule to obtain sequencing event information;
and inputting the ordering event information into a carding template to obtain an information security event carding result.
2. The method of claim 1, wherein the event information to be combed comprises: time information, event data information, result data information.
3. The method of claim 1, wherein the sorting the event information to be combed according to a preset priority rule, to obtain sorted event information includes:
obtaining a sequencing reference parameter of the preset priority rule, wherein the sequencing reference parameter comprises: time parameters and result parameters;
sorting the event information to be combed according to the sorting reference parameters to obtain a sorting result;
and generating the ordering event information according to the ordering result.
4. The method of claim 1, wherein after said entering said sort event information into a comb template resulting in an information security event comb result, the method further comprises:
and transmitting the information security event combing result to an information security reporting matrix for reporting.
5. An information security event grooming device, comprising:
the acquisition module is used for acquiring the original information security event information;
the extraction module is used for extracting the original information security event information according to the time parameter, the event parameter and the result parameter to generate event information to be combed;
the sorting module is used for sorting the event information to be combed according to a preset priority rule to obtain sorting event information;
and the input module is used for inputting the sorting event information into the carding template to obtain an information security event carding result.
6. The apparatus of claim 5, wherein the event information to be combed comprises: time information, event data information, result data information.
7. The apparatus of claim 5, wherein the ranking module comprises:
an obtaining unit, configured to obtain a ranking reference parameter of the preset priority rule, where the ranking reference parameter includes: time parameters and result parameters;
the sorting unit is used for sorting the event information to be combed according to the sorting reference parameters to obtain a sorting result;
and the generating unit is used for generating the ordering event information according to the ordering result.
8. The apparatus of claim 5, wherein the apparatus further comprises:
and the reporting module is used for transmitting the information security event combing result to an information security reporting matrix for reporting.
9. A non-volatile storage medium, characterized in that the non-volatile storage medium comprises a stored program, wherein the program, when run, controls a device in which the non-volatile storage medium is located to perform the method of any one of claims 1 to 4.
10. An electronic device comprising a processor and a memory; the memory has stored therein computer readable instructions for executing the processor, wherein the computer readable instructions when executed perform the method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310447738.1A CN116663886A (en) | 2023-04-24 | 2023-04-24 | Information security event combing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310447738.1A CN116663886A (en) | 2023-04-24 | 2023-04-24 | Information security event combing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116663886A true CN116663886A (en) | 2023-08-29 |
Family
ID=87712613
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310447738.1A Pending CN116663886A (en) | 2023-04-24 | 2023-04-24 | Information security event combing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116663886A (en) |
-
2023
- 2023-04-24 CN CN202310447738.1A patent/CN116663886A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115426525B (en) | High-speed dynamic frame linkage image splitting method and device | |
| CN116614453A (en) | Image transmission bandwidth selection method and device based on cloud interconnection | |
| CN116595069A (en) | Big data-based filtering display method and system | |
| CN115600898A (en) | Employee behavior risk analysis method and device based on qualitative and quantitative comprehensive analysis | |
| CN116663886A (en) | Information security event combing method and device | |
| CN115345808B (en) | Picture generation method and device based on multi-element information acquisition | |
| CN116506423A (en) | Information security data reporting method and device | |
| CN116228593B (en) | Image perfecting method and device based on hierarchical antialiasing | |
| CN115695267B (en) | Data interface-oriented testing and verifying method and device | |
| CN116431392A (en) | Important data separation method and device | |
| CN115511735B (en) | Snow field gray scale picture optimization method and device | |
| CN116774929A (en) | Data storage method and system based on big data | |
| CN115460389B (en) | Image white balance area optimization method and device | |
| CN116723298B (en) | Method and device for improving transmission efficiency of camera end | |
| CN116468883B (en) | High-precision image data volume fog recognition method and device | |
| CN116302041B (en) | Optimization method and device for light field camera interface module | |
| CN115914819B (en) | Picture capturing method and device based on orthogonal decomposition algorithm | |
| CN116579965B (en) | Multi-image fusion method and device | |
| CN116402935B (en) | Image synthesis method and device based on ray tracing algorithm | |
| CN116389915B (en) | Method and device for reducing flicker of light field camera | |
| CN115145950A (en) | Method for docking big data application interface involved in complaint | |
| CN117896625A (en) | Picture imaging method and device based on low-altitude high-resolution analysis | |
| CN115563154A (en) | Big data analysis method and device | |
| CN117911870A (en) | Emergency safety prediction method based on hundred million-level image acquisition means | |
| CN116466905A (en) | OpenHarmony-based window split-screen operation interaction method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |