[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN115514670A - Data capturing method and device, electronic equipment and storage medium - Google Patents

Data capturing method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN115514670A
CN115514670A CN202211036945.XA CN202211036945A CN115514670A CN 115514670 A CN115514670 A CN 115514670A CN 202211036945 A CN202211036945 A CN 202211036945A CN 115514670 A CN115514670 A CN 115514670A
Authority
CN
China
Prior art keywords
task
capturing
capture
agent program
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211036945.XA
Other languages
Chinese (zh)
Other versions
CN115514670B (en
Inventor
陈蔚然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCB Finetech Co Ltd
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202211036945.XA priority Critical patent/CN115514670B/en
Publication of CN115514670A publication Critical patent/CN115514670A/en
Application granted granted Critical
Publication of CN115514670B publication Critical patent/CN115514670B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The disclosure provides a data capturing method which can be applied to the technical field of information security. The data capturing method comprises the following steps: acquiring a capturing task for capturing target data, wherein the capturing task comprises capturing equipment information and capturing parameter information; according to the capture equipment information and the capture parameter information, splitting the capture task into at least one capture subtask, wherein the capture subtask comprises the capture equipment information and capture subtasks corresponding to the capture subtasks; acquiring agent program information corresponding to the capturing equipment according to the capturing equipment information contained in the capturing subtask; generating an arrangement task corresponding to the capturing subtask according to the agent program information and the capturing subparameter; and under the condition that the agent program belongs to the resident process, triggering the agent program to execute the arrangement task according to a task triggering mode corresponding to the agent program so as to capture the target data. The disclosure also provides a data capture device, equipment and a storage medium.

Description

Data capturing method and device, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of information security, and more particularly, to a data capture method, apparatus, device, medium, and program product.
Background
In computer networks, troubleshooting network problems requires monitoring, capturing, and analyzing network traffic. In the related art, when performing network packet capturing on an application process deployed on a host, the application process generally needs to log in the corresponding host and use a root authority to run a packet capturing tool to perform message capturing.
In carrying out the inventive concept of the present disclosure, the inventors found that at least the following problems exist in the related art: the use of the packet grabbing method needs to use root authority, so that the risk of data leakage is high.
Disclosure of Invention
In view of the foregoing, the present disclosure provides a data capture method, apparatus, device, medium, and program product.
According to an aspect of the present disclosure, there is provided a data capturing method including:
acquiring a capturing task for capturing target data, wherein the capturing task comprises capturing equipment information and capturing parameter information;
according to the capture device information and the capture parameter information, splitting the capture task into at least one capture subtask, wherein the capture subtask includes the capture device information and capture subtasks corresponding to the capture subtask;
acquiring agent program information corresponding to the capturing equipment according to the capturing equipment information contained in the capturing subtask;
generating an arrangement task corresponding to the capturing subtask according to the agent program information and the capturing subtask; and
and triggering the agent program to execute the arrangement task according to a task triggering mode corresponding to the agent program under the condition that the agent program belongs to a resident process so as to capture the target data.
According to an embodiment of the present disclosure, the task triggering manner includes one of: the triggering mode of the task configuration file and the triggering mode of the command line tool.
According to an embodiment of the present disclosure, the task triggering manner corresponding to the agent includes a triggering manner of the task configuration file;
wherein the triggering the agent to execute the orchestration task comprises:
and under the condition that the agent program monitors that the target folder contains the task configuration file corresponding to the arrangement task, acquiring task information according to the task configuration file so that the agent program can execute the arrangement task according to the task information.
According to an embodiment of the present disclosure, the task triggering manner corresponding to the agent program includes a triggering manner of the command line tool;
wherein the triggering the agent program to execute the scheduling task includes:
transmitting task information corresponding to the orchestration task to the agent program using the command line control tool if it is determined that the command line control tool exists, so that the agent program can execute the arranging task according to the task information.
According to an embodiment of the present disclosure, the data capturing method further includes:
under the condition that the agent program does not belong to a resident process, acquiring an agent program configuration file corresponding to the agent program from a software library so as to operate the agent program according to the agent program configuration file;
and sending the arranging task to the agent program so as to facilitate the agent program to execute the arranging task.
According to an embodiment of the present disclosure, the data capturing method further includes:
before the agent program information corresponding to the capturing device is obtained, the capturing subtask is sent to a message middleware;
acquiring the capturing subtask when the task executor monitors that the message middleware receives the capturing subtask;
and analyzing the capturing device information and the capturing sub-parameters contained in the capturing subtask.
According to an embodiment of the present disclosure, the data capturing method further includes:
the task executor receives a data packet capture file sent by the agent program, wherein the data packet capture file comprises the target data;
sending the data packet capture file to a data storage module;
and analyzing the data packet capture file to generate a file in a webpage format.
According to an embodiment of the present disclosure, the data capturing method further includes:
the data storage module acquires a data packet capture file from an intermediate storage medium, wherein the data packet capture file is sent to the intermediate storage medium by the agent program and comprises the target data;
and analyzing the data packet capture file to generate a file in a webpage format.
Another aspect of the present disclosure provides a data capturing apparatus including:
the device comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a capture task for capturing target data, and the capture task comprises capture device information and capture parameter information;
a splitting module, configured to split the capturing task into at least one capturing subtask according to the capturing device information and the capturing parameter information, where the capturing subtask includes the capturing device information and a capturing subtask corresponding to the capturing subtask;
a second obtaining module, configured to obtain, according to the capture device information included in the capture subtask, agent information corresponding to a capture device;
a first generating module, configured to generate an arrangement task corresponding to the capture subtask according to the agent information and the capture subtask; and
and the triggering module is used for triggering the agent program to execute the arranging task according to a task triggering mode corresponding to the agent program under the condition that the agent program belongs to a resident process so as to capture the target data.
Another aspect of the present disclosure provides an electronic device including: one or more processors; a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the data capture method.
Another aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described data capture method.
Another aspect of the disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the data capture method described above.
According to the embodiment of the present disclosure, since the target data capturing task of acquiring the information including the capturing device information and the capturing parameter information is adopted; then, according to the capture equipment information and the capture parameter information, splitting the capture task into at least one capture subtask, wherein the capture subtask comprises the capture equipment information and capture subtasks corresponding to the capture subtasks; then acquiring agent program information corresponding to the capturing device according to the capturing device information contained in the capturing subtask; generating an arranging task according to the agent program information and the capturing sub-parameters; and then under the condition that the agent program belongs to a resident process, triggering the agent program to execute the arrangement task according to a task triggering mode corresponding to the agent program so as to be convenient for capturing the target data, so that the technical problem of higher data leakage risk caused by using root permission during data capturing is at least partially solved, the capturing task is performed by using the agent program, the packet capturing permission is used without using the root permission, the minimum opening principle of the permission and the network is followed, and the technical effect of reducing the data leakage risk is achieved.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which proceeds with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario diagram of a data capture method, apparatus, device, medium and program product according to embodiments of the disclosure;
FIG. 2 schematically shows a flow diagram of a data capture method according to an embodiment of the disclosure;
FIG. 3 schematically illustrates a flow chart of an agent triggering method according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow diagram of an agent triggering method according to another embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow diagram of an agent triggering method according to yet another embodiment of the present disclosure;
FIG. 6 schematically shows a flow diagram of a data capture method according to another embodiment of the present disclosure;
FIG. 7 schematically illustrates a TCP/IP protocol suite diagram, in accordance with an embodiment of the present disclosure;
FIG. 8 schematically illustrates a block diagram of a data capture device according to an embodiment of the present disclosure; and
FIG. 9 schematically shows a block diagram of an electronic device suitable for implementing a data capture method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "A, B and at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include, but not be limited to, systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
In a computer network, thousands of network problems may be generated every day, from simple inter-host process communication to complex router configuration, and especially in the development of technologies such as cloud computing, cloud native, network isolation technology, software defined network and the like, the complexity of network problem troubleshooting is increased more and more. Therefore, monitoring, capturing and analyzing network traffic is a necessary means for troubleshooting network problems at present.
In the related art, when performing network packet capturing on an application process deployed on a host, the application process generally needs to log in the corresponding host and use a root authority to run a packet capturing tool to perform message capturing. For example, logging in a corresponding linux host, running tcpdump by using root authority, calling a libpcap library by the tcpdump to perform message interception, and outputting a pcap format file.
The Tcpdump is a network data acquisition and analysis tool, and can completely intercept data packets transmitted in the network to provide analysis.
The packet capture mechanism of the libpcap is to add a bypass process in a data link layer, when a data packet reaches a network interface, the libpcap firstly obtains a copy of the data packet from a link layer driver by using a created Socket, and then sends the data packet to a BPF filter by a Tap function. The BPF filter matches the data packets one by one according to the filter rules defined by the user, if the matching is successful, the data packets are put into a kernel buffer area and transmitted to a user buffer area, and if the matching is failed, the data packets are directly discarded. If no filtering rules are set, all packets are placed in the kernel buffer and passed to the user layer buffer. The processing of the network protocol stack of the system is not interfered, the sent and received data packets are filtered and buffered through a linux inner core, and finally, the data packets are directly transmitted to an upper application program.
In carrying out the inventive concept of the present disclosure, the inventors found that at least the following problems exist in the related art: by using the packet capturing method, operation and maintenance personnel are required to apply for the bastion machine authority and the system root authority of the relevant host, and the risk of data leakage exists in some industries with higher network security requirements.
In view of the above, the present disclosure aims at the above technical problems, and by acquiring a capture task including capture device information and capture parameter information, and executing the capture task by using an agent program deployed on a capture device, only the packet capturing authority of the capture device needs to be used at this time, and a root authority does not need to be used, so that the minimum open principle of the authority and the network is followed, and the risk of data leakage is reduced.
Specifically, an embodiment of the present disclosure provides a data capturing method, including: acquiring a capturing task for capturing target data, wherein the capturing task comprises capturing equipment information and capturing parameter information; splitting the capturing task into at least one capturing subtask according to the capturing device information and the capturing parameter information, wherein the capturing subtask includes the capturing device information and capturing subtasks corresponding to the capturing subtasks; acquiring agent program information corresponding to the capturing device according to the capturing device information contained in the capturing subtask; generating an arrangement task corresponding to the capturing subtask according to the agent program information and the capturing subtask; and under the condition that the agent program belongs to a resident process, triggering the agent program to execute the arrangement task according to a task triggering mode corresponding to the agent program so as to capture the target data.
It should be noted that the data capture method and apparatus provided by the embodiments of the present disclosure may be used in the field of information security. The data capture method and device provided by the embodiment of the disclosure can also be used in any fields except the field of information security, such as the field of finance. The application fields of the data capturing method and the data capturing device provided by the embodiment of the disclosure are not limited.
In the technical scheme of the disclosure, before the personal information of the user is acquired or collected, the authorization or the consent of the user is acquired.
In the technical scheme of the disclosure, the data acquisition, collection, storage, use, processing, transmission, provision, disclosure, application and other processing are all in accordance with the regulations of relevant laws and regulations, necessary security measures are taken, and the public order and good custom are not violated.
Fig. 1 schematically illustrates an application scenario diagram of a data capture method, apparatus, device, medium, and program product according to embodiments of the present disclosure.
As shown in fig. 1, the application scenario 100 according to this embodiment may include a network, a terminal device, and a server. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the data capture method provided by the embodiment of the present disclosure may be generally executed by the server 105. Accordingly, the data capture device provided by the embodiments of the present disclosure may be generally disposed in the server 105. The data capturing method provided by the embodiments of the present disclosure may also be performed by a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the data capturing apparatus provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Alternatively, the data capture method provided by the embodiment of the present disclosure may also be executed by the terminal device 101, 102, or 103, or may also be executed by another terminal device different from the terminal device 101, 102, or 103. Accordingly, the data capturing apparatus provided by the embodiment of the present disclosure may also be disposed in the terminal device 101, 102, or 103, or in another terminal device different from the terminal device 101, 102, or 103.
For example, the capture task may be originally stored in any of the terminal devices 101, 102, or 103 (e.g., the terminal device 101, but not limited thereto), or stored on an external storage device and may be imported into the terminal device 101. Then, the terminal device 101 may locally perform the data capturing method provided by the embodiment of the present disclosure, or send the capturing task to another terminal device, a server, or a server cluster, and perform the data capturing method provided by the embodiment of the present disclosure by another terminal device, a server, or a server cluster that receives the capturing task.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for an implementation.
The data capture method of the disclosed embodiment will be described in detail below with reference to fig. 2 to 7 based on the scenario described in fig. 1.
FIG. 2 schematically shows a flow diagram of a data capture method according to an embodiment of the disclosure.
As shown in fig. 2, the data capturing method of this embodiment includes operations S210 to S250, and the data capturing method may be performed by a server.
In operation S210, a capture task for capturing target data is acquired, wherein the capture task includes capture device information and capture parameter information.
According to an embodiment of the present disclosure, the capture device information may include any information that enables device differentiation. For example, the capture device information may include capture device identification information, such as device name, device model, device number, device IP, and the like.
According to embodiments of the present disclosure, the capture parameter information may include any information related to the capture task. The capture parameter information may include, for example, timing task information, capture rule information, capture data storage information. The timing task information may include, for example, an acquisition start time, an acquisition interval time, an acquisition frequency, and the like. The capture rule information may include, for example, a capture termination rule and a store packet rotation rule. Specifically, for example, the capturing termination rule includes stopping the capturing task after capturing 1000 packets, and for example, the capturing termination rule includes stopping the capturing task after capturing for 1 hour. Storing a package rotation rule, namely generating a new file rule, wherein the storing of the package rotation rule comprises the steps of generating a new file after 1000 packages are captured; if the captured packet reaches 10kb, a new file is generated, and if the captured packet reaches 10 minutes, a new file is generated. Capturing data storage information may include, for example, storing filename prefix information, packet storage format, packet storage location. Specifically, the packet storage format may include a pcap format or a pcap-ng format, for example.
According to an embodiment of the present disclosure, the capture device information and the capture parameter information may be configured by the user through a configuration page.
In operation S220, the capture task is split into at least one capture subtask according to the capture device information and the capture parameter information, where the capture subtask includes the capture device information and capture subtasks corresponding to the capture subtask.
According to embodiments of the present disclosure, a capture subtask may include a single executable task unit. For example, the capturing task includes, for the capturing device a, capturing for 5 minutes every 1 hour, and capturing for 10 times in total, the capturing task is split into 10 capturing subtasks, and the 10 capturing subtasks are sequentially executed according to corresponding time points.
In operation S230, agent information corresponding to the capture device is acquired according to the capture device information included in the capture subtask.
According to the embodiment of the disclosure, the host account number, the password and the agent program information can be acquired from the bastion machine module according to the capturing device information.
According to an embodiment of the present disclosure, the agent information may include, for example, an agent type and a trigger mode of the agent. Agent types may include, for example, resident processes and non-resident processes. The triggering modes of the agent program can comprise the triggering mode of a task configuration file and the triggering mode of a command line tool.
In operation S240, an orchestration task corresponding to the capture subtask is generated according to the agent information and the capture subtask.
According to the embodiment of the disclosure, different agents correspond to different arrangement tasks, and the arrangement tasks corresponding to the agents are generated according to the obtained agent information, so that the agents can execute the arrangement tasks.
According to an embodiment of the present disclosure, the orchestration task may be an available layout orchestration task. playbooks are an available configuration, deployment, and orchestration language, and can be described as a scheme that requires a remote host to execute commands, or a set of commands that an internet program runs. The ansable is an automatic operation and maintenance tool and can realize functions of batch system configuration, batch program deployment, batch operation commands and the like.
In operation S250, in the case that the agent program belongs to a resident process, the agent program is triggered to execute the orchestration task according to a task trigger manner corresponding to the agent program, so as to capture the target data.
According to an embodiment of the present disclosure, the task triggering manner includes one of: the triggering mode of the task configuration file and the triggering mode of the command line tool.
According to the embodiment of the present disclosure, since the target data capturing task of acquiring the information including the capturing device information and the capturing parameter information is adopted; then, according to the capture equipment information and the capture parameter information, splitting the capture task into at least one capture subtask, wherein the capture subtask comprises the capture equipment information and capture subtasks corresponding to the capture subtasks; then acquiring agent program information corresponding to the capturing device according to the capturing device information contained in the capturing subtask; generating an arranging task according to the agent program information and the capturing sub-parameters; and then under the condition that the agent program belongs to the resident process, triggering the agent program to execute the arrangement task according to a task triggering mode corresponding to the agent program so as to capture the technical means of the target data, at least partially overcoming the technical problem of higher data leakage risk caused by using root permission during data capture, and further achieving the technical effects of using the agent program to execute the capture task, using the packet capturing permission without using the root permission, following the minimum opening principle of the permission and the network and reducing the data leakage risk.
According to an embodiment of the present disclosure, the task triggering manner corresponding to the agent includes a triggering manner of the task configuration file; wherein the triggering the agent program to execute the scheduling task includes: and under the condition that the agent program monitors that the target folder contains the task configuration file corresponding to the arrangement task, acquiring task information according to the task configuration file so that the agent program can execute the arrangement task according to the task information.
According to the embodiment of the disclosure, when the task trigger mode corresponding to the agent program is the trigger mode of the task configuration file, the task configuration file corresponding to the arrangement task is stored in the target folder. Monitoring a target folder by an agent program, and analyzing a task configuration file under the condition that the target folder contains the task configuration file by the agent program, so as to obtain task information; and then the agent program executes the arrangement task according to the task information and feeds back a task result and a data packet capturing file.
Fig. 3 schematically shows a flow chart of an agent triggering method according to an embodiment of the present disclosure.
As shown in fig. 3, this embodiment includes operations S301 to S306.
In operation S301, an agent is started.
In operation S302, a task profile corresponding to an orchestration task is stored to a target folder.
In operation S303, the agent monitors the target folder and acquires the task configuration file from the target folder.
In operation S304, the agent program parses the task configuration file to obtain task information.
In operation S305, the agent executes the orchestration task according to the task information, resulting in a packet capture file corresponding to the orchestration task.
In operation S306, the task result and the packet capture file are fed back to the data capture system.
According to an embodiment of the present disclosure, the task triggering manner corresponding to the agent program includes a triggering manner of the command line tool; wherein the triggering the agent to execute the orchestration task comprises: and if the command line control tool is determined to exist, sending task information corresponding to the arrangement task to the agent program by using the command line control tool so that the agent program can execute the arrangement task according to the task information.
According to an embodiment of the present disclosure, in the event that it is determined that no command line control tools exist, the command line control tools are downloaded from the software library.
According to an embodiment of the present disclosure, the sending task information corresponding to the orchestration task to the agent by using the command line control tool includes: the command line control tool communicates with unix domain sockets or tcp ports monitored by the agent program, and sends task information corresponding to the scheduling task to the agent program; and then the agent program executes the scheduling task according to the task information and feeds back a task result and a data packet capturing file.
According to embodiments of the present disclosure, a unix domain socket is a data communication endpoint for performing inter-process data exchanges on the same host operating system. A TCP port is a port that serves TCP protocol communications.
According to embodiments of the present disclosure, the command line control tool may employ an agentctl.
Fig. 4 schematically shows a flow chart of an agent triggering method according to another embodiment of the present disclosure.
As shown in fig. 4, this embodiment includes operations S401 to S406.
In operation S401, an agent is started.
In operation S402, it is determined whether a command line execution tool exists. In the case where the command line execution tool exists, operation S404 is performed; in the case where there is no command line execution tool, operation S403 is performed.
In operation S403, a command line execution tool is downloaded from the software library, and then operation S404 is performed.
In operation S404, the command line control tool communicates with the unix domain socket or tcp port monitored by the agent, and sends task information corresponding to the scheduling task to the agent.
In operation S405, the agent executes the orchestration task according to the task information, and obtains a packet capture file corresponding to the orchestration task.
In operation S406, the task result and the packet capture file are fed back to the data capture system.
According to an embodiment of the present disclosure, the data capturing method further includes: under the condition that the agent program does not belong to a resident process, acquiring an agent program configuration file corresponding to the agent program from a software library so as to operate the agent program according to the agent program configuration file; and sending the arranging task to the agent program so as to facilitate the agent program to execute the arranging task.
According to the embodiment of the disclosure, the agent program provides two versions of the resident process and the non-resident process, and the agent program can be selected according to the actual situation of the host machine, so that the agent program is more flexible to use.
Fig. 5 schematically illustrates a flow chart of an agent triggering method according to still another embodiment of the present disclosure.
As shown in fig. 5, this embodiment includes operations S501 to S506.
In operation S501, an agent profile corresponding to an agent is downloaded from a software library.
In operation S502, the agent is run according to the agent profile.
In operation S503, a task profile corresponding to the orchestration task is transmitted to the agent.
In operation S504, the agent executes the orchestration task according to the task configuration file, and obtains a packet capture file corresponding to the orchestration task.
In operation S505, the task result and the packet capture file are fed back to the data capture system.
In operation S506, the agent configuration file and the packet capture file are cleared.
According to an embodiment of the present disclosure, the data capturing method further includes: before the agent program information corresponding to the capturing device is obtained, the capturing subtask is sent to a message middleware; acquiring the capturing subtask when the task executor monitors that the message middleware receives the capturing subtask; and analyzing the capturing device information and the capturing sub-parameters contained in the capturing sub-task.
According to an embodiment of the present disclosure, the task executor may include a plurality.
FIG. 6 schematically shows a flow diagram of a data capture method according to another embodiment of the disclosure.
As shown in fig. 6, the data capturing method of this embodiment includes operations S601 to S609.
In operation S601, the user configures the capture device information and the capture parameter information through the configuration page, and obtains a capture task for capturing target data.
In operation S602, the capture task is stored in the target database.
In operation S603, the task scheduling center module obtains the capture task from the target database, and splits the capture task into at least one capture subtask according to the capture device information and the capture parameter information, where the capture subtask includes the capture device information and the capture subtask corresponding to the capture subtask.
In operation S604, the capture subtask is transmitted to the message middleware.
In operation S605, the task executor acquires a capture subtask from the message middleware.
In operation S606, the capturing device information and the capturing sub-parameter information included in the capturing sub-task are parsed.
In operation S607, an agent type corresponding to the capture device is acquired from the bastion machine based on the capture device information.
In operation S608, an orchestration task corresponding to the agent type is generated according to the capture subparameter.
In operation S609, the agent is triggered to execute the orchestration task according to a task trigger manner corresponding to the agent, so as to capture the target data.
According to an embodiment of the present disclosure, the data capturing method further includes: the task executor receives a data packet capture file sent by the agent program, wherein the data packet capture file comprises the target data; sending the data packet capture file to a data storage module; and analyzing the data packet capture file to generate a file in a webpage format.
According to the embodiment of the disclosure, the agent program transmits the data packet capture file back to the task executor, and the task executor uploads the data packet capture file to the data storage module, so that data analysis is facilitated.
According to an embodiment of the present disclosure, the data capturing method further includes: the data storage module acquires a data packet capture file from an intermediate storage medium, wherein the data packet capture file is sent to the intermediate storage medium by the agent program and comprises the target data; and analyzing the data packet capture file to generate a file in a webpage format.
According to an embodiment of the present disclosure, the intermediate Storage medium may include, for example, a Simple Storage Service (S3), an ariloc Object Storage Service (OSS), or a Cloud Object Storage Service (COS).
According to the embodiment of the disclosure, the agent program sends the data packet capture file to the intermediate storage medium, and the data storage module acquires the data packet capture file from the intermediate storage module.
According to the embodiment of the disclosure, the data packet capturing file adopts the pcap format, the pcap format file is analyzed hierarchically according to the characteristics of the TCP/IP protocol to obtain the webpage format file, and each protocol is analyzed and interpreted in a webpage mode, which is beneficial to reducing the analysis cost.
According to the embodiment of the disclosure, the hierarchical parsing of the pcap format file comprises: judging the protocol type corresponding to the pcap format file according to the TCP/IP protocol family; and analyzing the pcap format file according to the protocol type.
According to embodiments of the present disclosure, the protocol types may include an ethernet protocol, an IP protocol, an ARP/RARP protocol, an ICMP protocol, a TCP protocol, a UDP protocol, a DNS protocol, an HTTP/HTTPs protocol, an FTP protocol, an SMTP protocol, a TELNET, and the like.
FIG. 7 schematically shows a TCP/IP protocol suite diagram in accordance with an embodiment of the disclosure.
As shown in fig. 7, the TCP/IP protocol suite 700 includes a link layer 710, a network layer 720, a transport layer 730, and an application layer 740.
Link layer 710 is used to handle the physical interface details with the cable (or any other transmission medium). Ethernet protocol resolution may be implemented at the link layer 710.
The network layer 720 is used to handle packet activity in the network, such as packet routing. Resolution of IP protocol, ARP/RARP protocol, ICMP protocol may be implemented at network layer 720.
The transport layer 730 is used to provide end-to-end communication for applications on two hosts. The transport layer 730 can implement parsing of TCP protocol and UDP protocol.
The application layer 740 is used to handle specific application details. Resolution of DNS protocol, HTTP/HTTPs protocol, FTP protocol, SMTP protocol, TELNET protocol may be implemented at the application layer 740.
It should be noted that, unless explicitly stated that there is an execution sequence between different operations or there is an execution sequence between different operations in technical implementation, the execution sequence between multiple operations may not be sequential, or multiple operations may be executed simultaneously in the flowchart in this disclosure.
Based on the data capturing method, the disclosure also provides a data capturing device. The apparatus will be described in detail below with reference to fig. 8.
Fig. 8 schematically shows a block diagram of a data capture device according to an embodiment of the present disclosure.
As shown in fig. 8, the data capturing apparatus 800 of this embodiment includes a first obtaining module 810, a splitting module 820, a second obtaining module 830, a first generating module 840, and a triggering module 850.
The first obtaining module 810 is configured to obtain a capture task for capturing target data, where the capture task includes capture device information and capture parameter information. In an embodiment, the first obtaining module 810 may be configured to perform the operation S210 described above, which is not described herein again.
The splitting module 820 is configured to split the capturing task into at least one capturing subtask according to the capturing device information and the capturing parameter information, where the capturing subtask includes the capturing device information and a capturing subtask corresponding to the capturing subtask. In an embodiment, the splitting module 820 may be configured to perform the operation S220 described above, which is not described herein again.
The second obtaining module 830 is configured to obtain agent information corresponding to the capturing device according to the capturing device information included in the capturing subtask. In an embodiment, the second obtaining module 830 may be configured to perform the operation S230 described above, and is not described herein again.
The first generating module 840 is configured to generate an orchestration task corresponding to the capture subtask according to the agent information and the capture subparameter. In an embodiment, the first generating module 840 may be configured to perform the operation S240 described above, which is not described herein again.
The triggering module 850 is configured to, when the agent program belongs to the resident process, trigger the agent program to execute the scheduling task according to a task triggering manner corresponding to the agent program, so as to capture the target data. In an embodiment, the triggering module 850 may be configured to perform the operation S250 described above, which is not described herein again.
According to an embodiment of the present disclosure, the task triggering manner includes one of: the triggering mode of the task configuration file and the triggering mode of the command line tool.
According to an embodiment of the present disclosure, the task triggering manner corresponding to the agent includes a triggering manner of the task configuration file.
According to an embodiment of the present disclosure, the trigger module includes: an acquisition unit.
And the acquiring unit is used for acquiring task information according to the task configuration file under the condition that the agent program monitors that the target folder contains the task configuration file corresponding to the arrangement task, so that the agent program can execute the arrangement task according to the task information.
According to an embodiment of the present disclosure, the task triggering manner corresponding to the agent includes a triggering manner of the command line tool.
According to an embodiment of the present disclosure, the trigger module includes: and a sending unit.
And a sending unit, configured to send, by using a command line control tool, task information corresponding to the orchestration task to the agent program so that the agent program executes the orchestration task according to the task information, if it is determined that the command line control tool exists.
According to an embodiment of the present disclosure, the data capturing apparatus further includes: the device comprises a third acquisition module and a first sending module.
And a third obtaining module, configured to obtain, from a software library, an agent configuration file corresponding to the agent program when the agent program does not belong to a resident process, so as to run the agent program according to the agent configuration file.
And the first sending module is used for sending the scheduling task to the agent program so as to facilitate the agent program to execute the scheduling task.
According to an embodiment of the present disclosure, the data capturing apparatus further includes: the device comprises a second sending module, a fourth obtaining module and an analyzing module.
And a second sending module, configured to send the capture subtask to a message middleware before the agent information corresponding to the capture device is obtained.
A fourth obtaining module, configured to obtain the capture subtask when the task executor monitors that the message middleware receives the capture subtask;
and the analysis module is used for analyzing the capturing equipment information and the capturing sub-parameters contained in the capturing sub-task.
According to an embodiment of the present disclosure, the data capturing apparatus further includes: the device comprises a receiving module, a third sending module and a second generating module.
And the receiving module is used for receiving a data packet capturing file sent by the agent program by the task executor, wherein the data packet capturing file comprises the target data.
And the third sending module is used for sending the data packet capturing file to the data storage module.
And the second generation module is used for analyzing the data packet capturing file to generate a file in a webpage format.
According to an embodiment of the present disclosure, the data capturing apparatus further includes: a fifth obtaining module and a third generating module.
A fifth obtaining module, configured to obtain, by the data storage module, a packet capture file from an intermediate storage medium, where the packet capture file is sent to the intermediate storage medium by the agent program, and the packet capture file includes the target data.
And the third generation module is used for analyzing the data packet capturing file to generate a file in a webpage format.
Any of the modules, units, or at least part of the functionality of any of them according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules and units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, units according to the embodiments of the present disclosure may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by any other reasonable means of hardware or firmware by integrating or packaging the circuits, or in any one of three implementations of software, hardware and firmware, or in any suitable combination of any of them. Alternatively, one or more of the modules, units according to embodiments of the present disclosure may be implemented at least partly as computer program modules, which, when executed, may perform the respective functions.
According to an embodiment of the present disclosure, any plurality of the first obtaining module 810, the splitting module 820, the second obtaining module 830, the first generating module 840, and the triggering module 850 may be combined and implemented in one module, or any one of them may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the first obtaining module 810, the splitting module 820, the second obtaining module 830, the first generating module 840 and the triggering module 850 may be at least partially implemented as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware and firmware, or implemented by a suitable combination of any several of them. Alternatively, at least one of the first obtaining module 810, the splitting module 820, the second obtaining module 830, the first generating module 840 and the triggering module 850 may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
It should be noted that the data capture device part in the embodiment of the present disclosure corresponds to the data capture method part in the embodiment of the present disclosure, and the description of the data capture device part specifically refers to the data capture method part, which is not described herein again.
FIG. 9 schematically shows a block diagram of an electronic device suitable for implementing a data capture method according to an embodiment of the present disclosure.
As shown in fig. 9, an electronic apparatus 900 according to an embodiment of the present disclosure includes a processor 901 which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM) 902 or a program loaded from a storage portion 908 into a Random Access Memory (RAM) 903. Processor 901 can include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or related chipset(s) and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), and/or the like. The processor 901 may also include on-board memory for caching purposes. The processor 901 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 903, various programs and data necessary for the operation of the electronic apparatus 900 are stored. The processor 901, the ROM 902, and the RAM 903 are connected to each other through a bus 904. The processor 901 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 902 and/or the RAM 903. Note that the programs may also be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
Electronic device 900 may also include input/output (I/O) interface 905, input/output (I/O) interface 905 also connected to bus 904, according to an embodiment of the present disclosure. The electronic device 900 may also include one or more of the following components connected to the I/O interface 905: an input portion 906 including a keyboard, a mouse, and the like; an output portion 907 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 908 including a hard disk and the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as necessary. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 910 as necessary, so that a computer program read out therefrom is mounted into the storage section 908 as necessary.
The present disclosure also provides a computer-readable storage medium, which may be embodied in the device/apparatus/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement a method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 902 and/or the RAM 903 described above and/or one or more memories other than the ROM 902 and the RAM 903.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated in the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the data capturing method provided by the embodiment of the disclosure.
The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 901. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of a signal on a network medium, and downloaded and installed through the communication section 909 and/or installed from the removable medium 911. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 909, and/or installed from the removable medium 911. The computer program, when executed by the processor 901, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the disclosure, and these alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (12)

1. A method of data capture, comprising:
acquiring a capturing task for capturing target data, wherein the capturing task comprises capturing equipment information and capturing parameter information;
according to the capturing device information and the capturing parameter information, splitting the capturing task into at least one capturing subtask, wherein the capturing subtask comprises the capturing device information and capturing subtasks corresponding to the capturing subtasks;
acquiring agent program information corresponding to the capturing device according to the capturing device information contained in the capturing subtask;
generating an arrangement task corresponding to the capturing subtask according to the agent program information and the capturing subparameter; and
and under the condition that the agent program belongs to a resident process, triggering the agent program to execute the arrangement task according to a task triggering mode corresponding to the agent program so as to capture the target data.
2. The method of claim 1, wherein the task triggering manner comprises one of: the triggering mode of the task configuration file and the triggering mode of the command line tool.
3. The method according to claim 2, wherein the task trigger mode corresponding to the agent program comprises a trigger mode of the task configuration file;
wherein the triggering the agent to execute the orchestration task comprises:
and under the condition that the agent program monitors that a target folder contains a task configuration file corresponding to the arrangement task, acquiring task information according to the task configuration file so that the agent program can execute the arrangement task according to the task information.
4. The method of claim 2, wherein the task trigger mode corresponding to the agent comprises a trigger mode of the command line tool;
wherein the triggering the agent to execute the orchestration task comprises:
and under the condition that a command line control tool is determined to exist, sending task information corresponding to the arranging task to the agent program by using the command line control tool so that the agent program can execute the arranging task according to the task information.
5. The method of claim 1, further comprising:
under the condition that the agent program does not belong to a resident process, acquiring an agent program configuration file corresponding to the agent program from a software library so as to operate the agent program according to the agent program configuration file;
and sending the arranging task to the agent program so as to facilitate the agent program to execute the arranging task.
6. The method of claim 1, further comprising:
before the agent program information corresponding to the capturing device is obtained, the capturing subtask is sent to a message middleware;
acquiring the capturing subtask under the condition that the task executor monitors that the message middleware receives the capturing subtask;
and analyzing the capturing device information and the capturing sub-parameters contained in the capturing sub-task.
7. The method of claim 6, further comprising:
the task executor receives a data packet capture file sent by the agent program, wherein the data packet capture file contains the target data;
sending the data packet capture file to a data storage module;
capturing the data packet the file is analyzed, and the file is analyzed, and generating a file in a webpage format.
8. The method of claim 6, further comprising:
the data storage module acquires a data packet capture file from an intermediate storage medium, wherein the data packet capture file is sent to the intermediate storage medium by the agent program and contains the target data;
and analyzing the data packet capturing file to generate a file in a webpage format.
9. A data capture device, comprising:
the device comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a capture task for capturing target data, and the capture task comprises capture device information and capture parameter information;
the acquisition module is used for acquiring the acquisition equipment information and the acquisition parameter information of the acquisition task, and acquiring the acquisition equipment information and the acquisition parameter information of the acquisition task;
the second acquisition module is used for acquiring agent program information corresponding to the capture equipment according to the capture equipment information contained in the capture subtask;
the first generation module is used for generating an arrangement task corresponding to the capturing subtask according to the agent program information and the capturing subparameter; and
and the triggering module is used for triggering the agent program to execute the arrangement task according to a task triggering mode corresponding to the agent program under the condition that the agent program belongs to a resident process so as to capture the target data.
10. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-8.
11. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any one of claims 1 to 8.
12. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 8.
CN202211036945.XA 2022-08-26 2022-08-26 Data capturing method, device, electronic equipment and storage medium Active CN115514670B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211036945.XA CN115514670B (en) 2022-08-26 2022-08-26 Data capturing method, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211036945.XA CN115514670B (en) 2022-08-26 2022-08-26 Data capturing method, device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115514670A true CN115514670A (en) 2022-12-23
CN115514670B CN115514670B (en) 2023-06-16

Family

ID=84502504

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211036945.XA Active CN115514670B (en) 2022-08-26 2022-08-26 Data capturing method, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115514670B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850182B1 (en) * 2012-09-28 2014-09-30 Shoretel, Inc. Data capture for secure protocols
CN112698929A (en) * 2020-12-14 2021-04-23 联想(北京)有限公司 Information acquisition method and device
CN114416378A (en) * 2022-01-29 2022-04-29 建信金融科技有限责任公司 Data processing method and device, electronic equipment and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850182B1 (en) * 2012-09-28 2014-09-30 Shoretel, Inc. Data capture for secure protocols
CN112698929A (en) * 2020-12-14 2021-04-23 联想(北京)有限公司 Information acquisition method and device
CN114416378A (en) * 2022-01-29 2022-04-29 建信金融科技有限责任公司 Data processing method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN115514670B (en) 2023-06-16

Similar Documents

Publication Publication Date Title
US11381617B2 (en) Failure recovery for cloud-based services
US11343281B2 (en) Enhanced web application security communication protocol
EP3531670B1 (en) Proxy application supporting multiple collaboration channels
CN111131320B (en) Asset identification method, device, system and medium
CN111327451A (en) System for identifying and assisting in the creation and implementation of network service configurations using Hidden Markov Models (HMMs)
US10063429B2 (en) Systems and methods for optimizing computer network operations
EP3641221B1 (en) Identifying computing devices in a managed network that are involved in blockchain-based mining
US20220247761A1 (en) Dynamic routing of access request streams in a unified policy enforcement system
US20080162690A1 (en) Application Management System
US20220247785A1 (en) Unified system for detecting policy enforcement issues in a cloud-based environment
US11805033B2 (en) Monitoring of IoT simulated user experience
US20120311611A1 (en) Extendable event processing through services
CN108664316A (en) A kind of method and apparatus for the interface message obtaining API
US20220027456A1 (en) Rasp-based implementation using a security manager
WO2022165061A1 (en) Unified policy enforcement management in the cloud
CN115514670B (en) Data capturing method, device, electronic equipment and storage medium
US8931087B1 (en) Reconfigurable virtualized remote computer security system
CN101409647A (en) Method for monitoring and analyzing user router flux
EP4104414B1 (en) End user security manager
US10216926B2 (en) Isolation of untrusted code in operating system without isolation capability
CN114285805A (en) QUIC message filtering method, system, equipment and medium
CN115525362B (en) Parameter changing method and device based on kernel parameter adjusting platform of operating system
US20230300141A1 (en) Network security management method and computer device
Neves MESH MICROSERVICES ON KUBERNETES

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant