CN117193871A - Scenario execution method and device and computer equipment - Google Patents

Scenario execution method and device and computer equipment Download PDF

Info

Publication number
CN117193871A
CN117193871A CN202311120808.9A CN202311120808A CN117193871A CN 117193871 A CN117193871 A CN 117193871A CN 202311120808 A CN202311120808 A CN 202311120808A CN 117193871 A CN117193871 A CN 117193871A
Authority
CN
China
Prior art keywords
scenario
real
parameter
script
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311120808.9A
Other languages
Chinese (zh)
Inventor
毛岚
龙文洁
刘晓晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Anheng Information Security Technology Co Ltd
Original Assignee
Hangzhou Anheng Information Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Anheng Information Security Technology Co Ltd filed Critical Hangzhou Anheng Information Security Technology Co Ltd
Priority to CN202311120808.9A priority Critical patent/CN117193871A/en
Publication of CN117193871A publication Critical patent/CN117193871A/en
Pending legal-status Critical Current

Links

Landscapes

  • Stored Programmes (AREA)

Abstract

The application provides a scenario execution method, a scenario execution device and computer equipment, wherein a scenario parameter knowledge base is constructed based on historical log data of an SOAR system; acquiring real-time script parameters according to the SOAR system; and determining and executing the real-time script based on the real-time script parameters and the script parameter knowledge base. According to the scenario execution method, the real-time scenario is accurately determined and executed based on the real-time scenario parameters acquired by the SOAR system and the preset scenario parameter knowledge base, and the scenario is accurately determined and executed, so that normal scenario operation is realized, and the risk of server resource consumption is reduced.

Description

Scenario execution method and device and computer equipment
Technical Field
The present application relates to the field of script execution, and in particular, to a scenario execution method, apparatus, and computer device.
Background
Today's network environments are becoming more and more complex, the awareness of network security is also becoming more and more prevalent, and the SOAR can implement automated security orchestration to handle related network security events.
When the SOAR performs security arrangement, except the linkage of the security equipment, the call of the script which is not separated from the script is arranged to realize the disposable task or the repeated system task. In the prior art, if the Linux command line is used for executing and receiving the data as the input parameters, the length of the received dynamic parameters is too long, when the SOAR transmits the parameters through the script circulation parameters, data of tens of megabytes and hundreds of megabytes are sometimes transmitted as the parameters, and the Argument list too long system error occurs, so that the script cannot be normally determined, even normal script operation cannot be realized, and the risk of server resource consumption is greatly increased.
Disclosure of Invention
Based on the foregoing, it is necessary to provide a scenario execution method, apparatus and computer device for the above technical problems.
In a first aspect, the present application provides a scenario execution method, where the method includes:
acquiring historical log data of an SOAR system, and constructing a scenario parameter knowledge base based on the historical data;
acquiring real-time script parameters according to the SOAR system;
and determining and executing the real-time script based on the real-time script parameters and the script parameter knowledge base.
In one embodiment, the obtaining the history log data in the SOAR system and constructing the scenario parameter knowledge base based on the history data includes:
acquiring historical log data of an SOAR system; the history log data comprises parameter information and history scenario corresponding to the parameter information;
extracting all parameter information and historical scripts of corresponding parameters in the historical log data; the parameter information comprises a parameter length, a parameter type and a parameter value;
and constructing a scenario parameter knowledge base according to all the parameter information and the history scenario of the corresponding parameters.
In one embodiment, the extracting the history scenario of all parameter information and corresponding parameters in the history log data includes:
determining log data without length error report from the history log data;
and extracting all parameter information and historical scripts of corresponding parameters from the log data without length error reporting.
In one embodiment, the acquiring real-time script parameters according to the SOAR system includes:
acquiring safety triggering information input by a user;
and acquiring real-time script parameters based on the safety trigger information and the SOAR system.
In one embodiment, the determining the real-time scenario based on the real-time scenario parameters and the scenario parameter knowledge base includes:
matching the real-time script parameters with the parameter information in the script parameter knowledge base;
determining target parameter information matched with the real-time script parameters;
and taking the historical script corresponding to the target parameter information as a real-time script.
In one embodiment, the determining and executing the real-time scenario includes:
determining whether the real-time scenario is normative;
if so, analyzing the real-time scenario into a real-time scenario with a target format; the target format comprises an AST grammar tree format;
and executing the real-time scenario in the target format based on the built-in function.
In one embodiment, the built-in function comprises an exec function.
In a second aspect, the present application further provides a scenario execution apparatus, where the apparatus includes:
the construction module is used for acquiring historical log data of the SOAR system and constructing a scenario parameter knowledge base based on the historical data;
the acquisition module is used for acquiring real-time script parameters according to the SOAR system;
and the execution module is used for determining and executing the real-time script based on the real-time script parameters and the script parameter knowledge base.
In a third aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:
acquiring historical log data of an SOAR system, and constructing a scenario parameter knowledge base based on the historical data;
acquiring real-time script parameters according to the SOAR system;
and determining and executing the real-time script based on the real-time script parameters and the script parameter knowledge base.
In a fourth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
acquiring historical log data of an SOAR system, and constructing a scenario parameter knowledge base based on the historical data;
acquiring real-time script parameters according to the SOAR system;
and determining and executing the real-time script based on the real-time script parameters and the script parameter knowledge base.
The scenario execution method, the scenario execution device and the computer equipment are used for acquiring the history log data of the SOAR system and constructing a scenario parameter knowledge base based on the history log data; acquiring real-time script parameters according to the SOAR system; and determining and executing the real-time script based on the real-time script parameters and the script parameter knowledge base. According to the scenario execution method, the real-time scenario is accurately determined and executed based on the real-time scenario parameters acquired by the SOAR system and the preset scenario parameter knowledge base, and the scenario is accurately determined and executed, so that normal scenario operation is realized, and the risk of server resource consumption is reduced.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments or the conventional techniques of the present application, the drawings required for the descriptions of the embodiments or the conventional techniques will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to the drawings without inventive effort for those skilled in the art.
FIG. 1 is an application environment diagram of a scenario execution method in one embodiment;
FIG. 2 is a flow chart of a scenario execution method according to an embodiment of the present application;
FIG. 3 is a flow chart illustrating a specific implementation process of a scenario execution method according to an embodiment of the present application;
fig. 4 is a block diagram of a scenario execution apparatus according to an embodiment of the present application;
fig. 5 is an internal structural diagram of a computer device in one embodiment of the application.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
SOAR: security Orchestration, automation and Response (SOAR) security orchestration and automated response. A large number of security events require the intervention of security analysts, and are costly to operate, requiring less money for the enterprise to do more. Plus the analysis time of security analysts, is often wasted on some low-level or insignificant event analysis. The traditional safety response executing process has long response time, more manual intervention and difficult quantitative evaluation of the related processing process. In order to solve the above problems, the SOAR has emerged, mainly comprising an orchestration, automation, and a rational KPI evaluation system.
The registry: and storing configuration information and network information registered by the micro service system, and providing a service discovery function.
Script engine: and executing the system service of the built-in Python script.
Gateway: when the http request calls the script engine, the component goes through the component to make the distribution request.
Ailpha: and the safety analysis platform is used for processing the big data log and acquiring the safety log after safety analysis.
In the prior art, when the SOAR safely composes complicated scripts, scripts are often needed to be matched to judge the next treatment action or treatment direction, and the number of the scripts is slowly increased to be difficult to manage; when the Python script executes a file through a command line (namely, executing in a mode of 'Python file name args parameters'), if the length of the incoming args parameter is too large (the parameter size of tens of megabytes or hundreds of megabytes), the system error of linux can be caused, and the script running error can cause the safety script to fail to achieve the expected effect.
The embodiment of the application provides a scenario execution method which can be applied to an application environment shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. The data storage system may store data that the server 104 needs to process. The data storage system may be integrated on the server 104 or may be located on a cloud or other network server. The user makes current behaviors on the terminal 102, the terminal 102 transmits current behavior data to the server 104, the server 104 acquires historical log data of the system, and a scenario parameter knowledge base is constructed based on the historical data; acquiring real-time script parameters according to the system; and determining and executing the real-time script based on the real-time script parameters and the script parameter knowledge base. The terminal 102 may be, but not limited to, various intelligent automobiles, personal computers, notebook computers, smart phones, tablet computers, internet of things devices and portable wearable devices, and the internet of things devices may be intelligent sound boxes, intelligent televisions, intelligent air conditioners, intelligent vehicle-mounted devices and the like. The portable wearable device can be a smart watch, a smart bracelet, a headset, an intelligent vehicle-mounted control device and the like. The server 104 may be implemented as a stand-alone server or as a server cluster of multiple servers.
In one embodiment, as shown in fig. 2, a scenario execution method is provided, where the method is applied to a terminal to illustrate the scenario execution method, it is understood that the method may also be applied to a server, and may also be applied to a system including the terminal and the server, and implemented through interaction between the terminal and the server. In this embodiment, the method includes the steps of:
step S201, historical log data of the SOAR system is obtained, and a scenario parameter knowledge base is constructed based on the historical data.
Specifically, the history log data refers to history parameter data of the user's SOAR system or the SOAR system stored in the cloud SOAR system, wherein the history parameter data comprises parameter data related to scenario execution, and a scenario parameter knowledge base is built based on the history parameter data.
Specifically, the scenario parameter knowledge base comprises all parameter information in the history log data and history scenarios of corresponding parameters; the parameter information includes a parameter length, a parameter type, and a parameter value.
Specifically, after the historical parameter data is primarily screened based on the user requirement, a scenario parameter knowledge base is constructed based on the screened historical parameter data, and screening conditions can be determined according to actual requirements, which are not listed here.
Step S202, acquiring real-time script parameters according to the SOAR system.
Specifically, after the SOAR system receives the manual/automatic safety information, the SOAR system triggers starting, and at the same time, the real-time script parameters are acquired based on the received safety information.
It can be understood that the manual/automatic security information often includes a user's selection requirement for the scenario, and thus, the real-time script parameter information obtained based on the manual/automatic security information analysis also includes a user's selection requirement for the scenario.
And step S203, determining and executing the real-time script based on the real-time script parameters and the script parameter knowledge base.
Specifically, the real-time script parameters are matched with the parameter data in the script parameter knowledge base, and after the matching is completed, the real-time script is further determined and the script is correspondingly executed.
In the scenario execution method, a scenario parameter knowledge base is constructed by acquiring historical log data of an SOAR system and based on the historical data; acquiring real-time script parameters according to the SOAR system; and determining and executing the real-time script based on the real-time script parameters and the script parameter knowledge base. Real-time script parameters acquired based on the SOAR system and a preset script parameter knowledge base accurately determine and execute the real-time script, so that the fault of script execution error caused by overlong script parameters or transmission parameters is effectively avoided.
In one embodiment, the obtaining historical log data in the SOAR system and building a scenario parameter knowledge base based on the historical data includes:
acquiring historical log data of an SOAR system; the history log data comprises parameter information and history scenario corresponding to the parameter information;
extracting all parameter information and historical scripts of corresponding parameters in the historical log data; the parameter information comprises a parameter length, a parameter type and a parameter value;
and constructing a scenario parameter knowledge base according to all the parameter information and the history scenario of the corresponding parameters.
Specifically, the history log data refers to history parameter data stored in the user system or the cloud system, wherein the history parameter data includes parameter data associated with scenario execution, and therefore, the history log data includes parameter information and a history scenario corresponding to the parameter information.
Specifically, since the parameter information in the history log data includes a lot, parameter information in which characteristics are clear, such as a parameter length, a parameter type, a parameter value, and the like, can be selected; illustratively, after extracting the parameter length, if there is a further length screening condition, further screening may be performed based on the extracted parameter length; after extracting the parameter types, if further category screening conditions exist, further screening can be performed based on the extracted parameter types; after extracting the parameter values, if further parameter value screening conditions are present, further screening may be performed based on the extracted parameter values.
Specifically, all the parameter information has corresponding scripts, so that a script parameter knowledge base can be constructed according to all the parameter information and the historical scripts of the corresponding parameters.
In the above embodiment, the scenario parameter knowledge base is accurately constructed according to the parameter information in the history log data and the history scenario corresponding to the parameter information.
In one embodiment, the extracting the history scenario of all parameter information and corresponding parameters in the history log data includes:
determining log data without length error report from the history log data;
and extracting all parameter information and historical scripts of corresponding parameters from the log data without length error reporting.
Specifically, when the parameter length is too long, the condition that the SOAR system is stuck often occurs, so that the script operation errors cause that the safety scenario cannot achieve the expected effect, therefore, the log data without length error report is determined from the history log data, and then the scenario parameter knowledge base is constructed based on the log data without length error report, so that the scenario parameter knowledge base ensuring complete safety is obtained.
In the above embodiment, log data without length error report is determined from the history log data, so that further screening and construction of the scenario parameter knowledge base are realized, and the data in the knowledge base are ensured to be the parameter data without length error report and the corresponding scenario.
In one embodiment, the acquiring real-time script parameters according to the SOAR system includes:
acquiring safety triggering information input by a user;
and acquiring real-time script parameters based on the safety trigger information and the SOAR system.
Specifically, the user inputs the safety trigger information to start the SOAR system, and after the start, the SOAR system can perform the determination of the subsequent operation step based on the subsequent instruction of the user or based on the instruction information contained in the safety trigger information of the user.
Specifically, because a script interface exists in the SOAR system, the real-time script parameters can be acquired by means of the script interface, wherein the real-time script parameters include relevant request parameters of the Python script, and the relevant request parameters of the Python script include: script source program, parameters required for script execution, and the like.
It can be appreciated that the format of the real-time script parameters corresponds to the matching of the data format of the script parameter knowledge base.
In the above embodiment, based on the instruction information included in the security trigger information input by the user, the corresponding real-time script parameter can be accurately acquired, and the user requirement can be accurately grasped in real time.
In one embodiment, the determining the real-time scenario based on the real-time scenario parameters and the scenario parameter knowledge base includes:
matching the real-time script parameters with the parameter information in the script parameter knowledge base;
determining target parameter information matched with the real-time script parameters;
and taking the historical script corresponding to the target parameter information as a real-time script.
Specifically, because the scenario parameter knowledge base is determined based on the history log data, when the real-time scenario parameter is matched with the parameter information in the scenario parameter knowledge base, the corresponding history scenario can be accurately determined as the real-time scenario based on the matched target parameter information.
It can be understood that the scenario parameter knowledge base may also be a result of further performing condition screening on the most original parameter information, that is, the parameter information included in the scenario parameter knowledge base may also be a result of performing specific definition based on certain conditions, so that the real-time script parameter is matched with the parameter information in the scenario parameter knowledge base, and corresponding screening may also be implemented, that is, only the real-time script parameter meeting the screening condition is executed on the corresponding scenario.
In the embodiment, the real-time script parameters are matched with the parameter information in the script parameter knowledge base, and the execution script is accurately determined based on the matching result, so that the accuracy and the safety are improved.
In one embodiment, the determining and executing the real-time scenario includes:
determining whether the real-time scenario is normative;
if so, analyzing the real-time scenario into a real-time scenario with a target format; the target format comprises an AST grammar tree format;
and executing the real-time scenario in the target format based on the built-in function.
Specifically, an Abstract Syntax Tree (AST) or syntax tree is a tree representation of an abstract syntax structure of source code written in a programming language. Each node of the tree represents a construct that occurs in the source code. The grammar is "abstract" in that it does not represent every detail that appears in the real grammar, but rather is only structural, content-related details. For example, grouping brackets is implicit in the tree structure, and a syntax structure similar to an if-condition-then expression may be represented by a single node with three branches. This distinguishes abstract syntax trees from conventionally specified parse trees, which are typically built by an electrical parser during source code conversion and compilation, after which additional information is added to the AST by subsequent processing (e.g., context analysis). Abstract syntax trees are also used for program analysis and program conversion systems.
It can be understood that the real-time script is further analyzed into the real-time script in the AST grammar tree format, so that system error caused by overlong parameter length can be avoided due to the simplicity and abstraction of the grammar tree format.
In the embodiment, the real-time script is further analyzed into the real-time script in an AST grammar tree format, so that the stability and the safety in the script execution process are improved.
In one embodiment, the built-in function comprises an exec function.
Specifically, in Linux, exec refers to a set of functions, 6 in total, respectively:
#include<unistd.h>
extern char**environ;
int execl(const char*path,const char*arg,...);
int execlp(const char*file,const char*arg,...);
int execle(const char*path,const char*arg,...,char*const envp[]);
int execv(const char*path,char*const argv[]);
int execvp(const char*file,char*const argv[]);
int execve(const char*path,char*const argv[],char*const envp[]);
of which only exeve is a true system call, and others are library functions that are wrapped on this basis.
In one embodiment, referring to fig. 3, fig. 3 is a flow chart illustrating a specific implementation procedure of a scenario execution method, where the specific implementation procedure of a scenario execution method is as follows:
1. the SOAR manual/safety information is triggered, and the script is arranged;
2. executing the script flow to the Python script, and acquiring related information to judge the flow direction of the next step;
and judging that the next flow direction is continuously returned to the script main flow to continuously execute the script according to the script result.
3. The SOAR obtains the address of the SOAR system of the application from the registration center through a calling gateway, and calls the process interface of the application in a rpc/http mode by entering script content and request;
the gateway requests the execution script interface of the application to transmit relevant request parameters (script source program, script execution needed entry) of the Python script.
4. The process receives script content and requests to enter parameters, and the independent thread is used for executing the compiling execution of the script to obtain an execution result;
the method comprises the steps that request parameters transmitted by a gateway are received, and the standardization of a Python script source program is checked (namely, a Python third party package provided by the method is used for standardizing script content writing); after verification is passed, the main process starts an independent thread to execute the Python script program through the thread pool.
5. The result is returned to the SOAR and then is fed into the scenario, and the scenario flow uses the result as a basis for judging the next step to execute the next action.
The above usage step script will have the same flow for a plurality of times.
The method comprises the steps of analyzing Python source program content into an AST grammar tree format through a built-in function ast.parameter (); the method utilizes the built-in function exec to dynamically execute the compiled AST grammar, and utilizes the form of local variable to transmit parameters required by script execution; and when the parameter size and the parameter value exceed the extreme values of the parameter knowledge base, automatically interrupting the script. When the parameter value is lack of province, automatically recommending the average value of the parameter to the script.
Exemplary implementation code is as follows:
the exec_ct= { "param": code_param } # script execution required parameter code_param is put into the local variable dictionary.
init_ast=ast.
exec (init_ast, "< ast >", "exec"), exec_subject, # dynamically executes a compiler.
After exec function is executed, namely script is executed, outputting a result required by the SOAR script, and putting the result into a local variable dictionary; and analyzing the executed variable dictionary through a built-in function eval to obtain final result content.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides a scenario execution device for realizing the scenario execution method. The implementation of the solution provided by the apparatus is similar to the implementation described in the above method, so the specific limitation in the embodiment of one or more scenario execution apparatus provided below may refer to the limitation of the scenario execution method hereinabove, and will not be described herein.
In one embodiment, as shown in fig. 4, there is provided a scenario execution apparatus, including: a construction module 410, an acquisition module 420, and an execution module 430, wherein:
the construction module 410 is configured to obtain historical log data of the SOAR system, and construct a scenario parameter knowledge base based on the historical data.
The construction module 410 is further configured to obtain historical log data of the SOAR system; the history log data comprises parameter information and history scenario corresponding to the parameter information;
extracting all parameter information and historical scripts of corresponding parameters in the historical log data; the parameter information comprises a parameter length, a parameter type and a parameter value;
and constructing a scenario parameter knowledge base according to all the parameter information and the history scenario of the corresponding parameters.
The construction module 410 is further configured to determine log data without length error from the history log data;
and extracting all parameter information and historical scripts of corresponding parameters from the log data without length error reporting.
The construction module 410 is further configured to match the real-time script parameter with parameter information in the scenario parameter knowledge base;
determining target parameter information matched with the real-time script parameters;
and taking the historical script corresponding to the target parameter information as a real-time script.
The obtaining module 420 is configured to obtain real-time script parameters according to the SOAR system.
The obtaining module 420 is further configured to obtain security trigger information input by a user; and acquiring real-time script parameters based on the safety trigger information and the SOAR system.
And the execution module 430 is configured to determine and execute a real-time scenario based on the real-time scenario parameters and the scenario parameter knowledge base.
An execution module 430, further configured to determine whether the real-time scenario is canonical;
if so, analyzing the real-time scenario into a real-time scenario with a target format; the target format comprises an AST grammar tree format;
and executing the real-time scenario in the target format based on the built-in function.
The built-in function includes exec function.
The above-described individual modules in the scenario execution apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a terminal, and the internal structure of which may be as shown in fig. 5. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program, when executed by a processor, implements an apparatus for evaluating dynamic consistency of a battery. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the structure shown in FIG. 5 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, a computer device is provided, including a memory and a processor, where the memory stores a computer program, and the processor implements a scenario execution method according to any one of the foregoing embodiments when executing the computer program, and illustratively includes the following steps:
acquiring historical log data of an SOAR system, and constructing a scenario parameter knowledge base based on the historical data;
acquiring real-time script parameters according to the SOAR system;
and determining and executing the real-time script based on the real-time script parameters and the script parameter knowledge base.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, the computer program being executed by a processor to perform a scenario execution method according to any one of the above embodiments, exemplarily comprising the steps of:
acquiring historical log data of an SOAR system, and constructing a scenario parameter knowledge base based on the historical data;
acquiring real-time script parameters according to the SOAR system;
and determining and executing the real-time script based on the real-time script parameters and the script parameter knowledge base.
The user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims (10)

1. A scenario execution method, comprising:
acquiring historical log data of an SOAR system, and constructing a scenario parameter knowledge base based on the historical data;
acquiring real-time script parameters according to the SOAR system;
and determining and executing the real-time script based on the real-time script parameters and the script parameter knowledge base.
2. The scenario execution method according to claim 1, wherein the obtaining history log data in the SOAR system and constructing a scenario parameter knowledge base based on the history data comprises:
acquiring historical log data of an SOAR system; the history log data comprises parameter information and history scenario corresponding to the parameter information;
extracting all parameter information and historical scripts of corresponding parameters in the historical log data; the parameter information comprises a parameter length, a parameter type and a parameter value;
and constructing a scenario parameter knowledge base according to all the parameter information and the history scenario of the corresponding parameters.
3. The scenario execution method according to claim 2, wherein the extracting all parameter information in the history log data and the history scenario of the corresponding parameter includes:
determining log data without length error report from the history log data;
and extracting all parameter information and historical scripts of corresponding parameters from the log data without length error reporting.
4. The scenario execution method according to claim 1, wherein the acquiring real-time script parameters according to the SOAR system comprises:
acquiring safety triggering information input by a user;
and acquiring real-time script parameters based on the safety trigger information and the SOAR system.
5. The scenario execution method according to claim 2, wherein the determining a real-time scenario based on the real-time script parameters and the scenario parameter knowledge base comprises:
matching the real-time script parameters with the parameter information in the script parameter knowledge base;
determining target parameter information matched with the real-time script parameters;
and taking the historical script corresponding to the target parameter information as a real-time script.
6. The scenario execution method according to claim 1, wherein the determining and executing of the real-time scenario comprises:
determining whether the real-time scenario is normative;
if so, analyzing the real-time scenario into a real-time scenario with a target format; the target format comprises an AST grammar tree format;
and executing the real-time scenario in the target format based on the built-in function.
7. The scenario execution method according to claim 6, wherein the built-in function comprises an exec function.
8. A scenario execution apparatus, the apparatus comprising:
the construction module is used for acquiring historical log data of the SOAR system and constructing a scenario parameter knowledge base based on the historical data;
the acquisition module is used for acquiring real-time script parameters according to the SOAR system;
and the execution module is used for determining and executing the real-time script based on the real-time script parameters and the script parameter knowledge base.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 7.
CN202311120808.9A 2023-08-31 2023-08-31 Scenario execution method and device and computer equipment Pending CN117193871A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311120808.9A CN117193871A (en) 2023-08-31 2023-08-31 Scenario execution method and device and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311120808.9A CN117193871A (en) 2023-08-31 2023-08-31 Scenario execution method and device and computer equipment

Publications (1)

Publication Number Publication Date
CN117193871A true CN117193871A (en) 2023-12-08

Family

ID=88984356

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311120808.9A Pending CN117193871A (en) 2023-08-31 2023-08-31 Scenario execution method and device and computer equipment

Country Status (1)

Country Link
CN (1) CN117193871A (en)

Similar Documents

Publication Publication Date Title
CN111625452B (en) Flow playback method and system
US9053231B2 (en) Systems and methods for analyzing operations in a multi-tenant database system environment
US8832658B2 (en) Verification framework for business objects
CN112580914A (en) Method and device for realizing enterprise-level data middling platform system for collecting multi-source data
US10831565B2 (en) Fault tolerant adapter system to consume database as a service
US11665247B2 (en) Resource discovery agent computing device, software application, and method
CN111831542B (en) API application debugging method and device and storage medium
CN110944048A (en) Service logic configuration method and device
CN111897724A (en) Automatic testing method and device suitable for cloud platform
CN114356631A (en) Fault positioning method and device, computer equipment and storage medium
CN114238134A (en) Test result display method, device, equipment and storage medium
CN112650688A (en) Automated regression testing method, associated device and computer program product
US11561886B2 (en) Open data protocol performance test automation intelligence (OPT-AI)
US20240086165A1 (en) Systems and methods for building and deploying machine learning applications
CN112559525A (en) Data checking system, method, device and server
CN115712571A (en) Interactive service test device, interactive service test device, computer equipment and storage medium
CN117193871A (en) Scenario execution method and device and computer equipment
CN113986768A (en) Application stability testing method, device, equipment and medium
CN114371884A (en) Method, device, equipment and storage medium for processing Flink calculation task
CN114281549A (en) Data processing method and device
US10698749B1 (en) System and a method for automated resolution of configuration item issues
CN113656314A (en) Pressure test processing method and device
CN113032256A (en) Automatic test method, device, computer system and readable storage medium
CN115373696B (en) Low code configuration method, system, equipment and storage medium for software resource generation
US20240160558A1 (en) Automatic testing of interrelated components of a software application

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination