licc/dt_automate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化攻击事件存储,从昨日16点到今日现在时间

Browse Source
This commit is contained in:
李超 2025-02-27 14:07:58 +08:00
parent 3a82defb40
commit 9259f33d65
3 changed files with 172 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

179
attack_event/fw.go
View File

@ -6,6 +6,7 @@ import (
"dt_automate/tool"
"encoding/json"
"log"
"math"
"net/url"
"strconv"
"time"
@ -15,6 +16,8 @@ import (
)
var cookieStr string
var Counts int //存储总条数
var err error
// 传入cookie
func Fw_event(cookieStr string) {
@ -38,44 +41,126 @@ func Fw_event(cookieStr string) {
sheet.Cell("E1").SetString("源IP")
sheet.Cell("F1").SetString("目的IP")
sheet.Cell("G1").SetString("目的端口")
sheet.Cell("H1").SetString("攻击类型")
sheet.Cell("I1").SetString("应用协议")
sheet.Cell("J1").SetString("域名host")
sheet.Cell("H1").SetString("威胁名称")
sheet.Cell("I1").SetString("攻击类别")
sheet.Cell("J1").SetString("攻击子类别")
sheet.Cell("K1").SetString("应用协议")
sheet.Cell("L1").SetString("域名host")
//当前时间
EndTime := time.Unix(tool.Timestamp("second"), 0).Format("2006-01-02T15:04:05")
//今天0点
StartTime := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Format("2006-01-02T15:04:05")
//昨天23点59分59秒
EndTime_1 := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Add(-1 * time.Second).Format("2006-01-02T15:04:05")
StartTime_1 := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Add(-8 * time.Hour).Format("2006-01-02T15:04:05")
// log.Println(EndTime_1)
// log.Println(StartTime_1)
// 构建 x-www-form-urlencoded 格式的请求体
//今天0点到现在的攻击事件
values := url.Values{}
values.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime+"</StartTime><EndTime>"+EndTime+"</EndTime></TimeFilter><PageNo>1</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{&#34;SrcZoneName&#34;:&#34;Untrust&#34;,&#34;DestZoneName&#34;:&#34;Trust&#34;}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
values.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
//昨天下午16点到晚上23点59分59秒的攻击事件
values_1 := url.Values{}
values_1.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime_1+"</StartTime><EndTime>"+EndTime_1+"</EndTime></TimeFilter><PageNo>1</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{&#34;SrcZoneName&#34;:&#34;Untrust&#34;,&#34;DestZoneName&#34;:&#34;Trust&#34;}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
values_1.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
header := map[string]string{
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
"referer": "https://11.2.68.146/wnm/frame/index.php",
"cookie": cookieStr,
}
body := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values.Encode()))
//先查询昨天的事件
body := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values_1.Encode()))
var bodys Person
json.Unmarshal(body, &bodys)
for v, k := range bodys.LogPaging {
// fmt.Printf("序号:%d,攻击时间:[%s],安全域:%s-%s##攻击源IP%s#目的源IP%s:%s,攻击类型:%s,应用协议:%s,请求域名:%s\n", v, a["Time"], a["SrcZoneName"], a["DestZoneName"], a["SrcIPAddr"], a["DestIPAddr"], strconv.FormatFloat(a["DestPort"].(float64), 'f', 0, 64), a["ThreatName"], a["Application"], a["HttpHost"])
sheet.Cell("A" + strconv.Itoa(v+1)).SetString(strconv.Itoa(v)) // 第一列 (A1)
sheet.Cell("B" + strconv.Itoa(v+1)).SetString(k.Time)
sheet.Cell("C" + strconv.Itoa(v+1)).SetString(k.SrcZoneName)
sheet.Cell("D" + strconv.Itoa(v+1)).SetString(a["DestZoneName"].(string))
sheet.Cell("E" + strconv.Itoa(v+1)).SetString(a["SrcIPAddr"].(string))
sheet.Cell("F" + strconv.Itoa(v+1)).SetString(a["DestIPAddr"].(string))
sheet.Cell("G" + strconv.Itoa(v+1)).SetString(strconv.FormatFloat(a["DestPort"].(float64), 'f', 0, 64))
sheet.Cell("H" + strconv.Itoa(v+1)).SetString(a["ThreatName"].(string))
sheet.Cell("I" + strconv.Itoa(v+1)).SetString(a["Application"].(string))
sheet.Cell("J" + strconv.Itoa(v+1)).SetString(a["HttpHost"].(string))
Counts, err = strconv.Atoi(bodys.LogPaging[0].TotalCounts)
if err != nil {
log.Println(err)
}
// bodys := Person{
// LogPaging: []LogPaging{
// {
// TotalCounts: "899",
// },
// },
// }
//存储昨日攻击事件
if bodys.LogPaging[0].TotalCounts > "200" {
a, err := strconv.ParseFloat(bodys.LogPaging[0].TotalCounts, 64)
if err != nil {
log.Println(err)
}
log.Println(a)
totalPages := int(math.Floor(float64(a))/float64(200) + 1)
log.Println(totalPages)
for i := 1; i < totalPages+1; i++ {
values_1 := url.Values{}
values_1.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime_1+"</StartTime><EndTime>"+EndTime_1+"</EndTime></TimeFilter><PageNo>"+strconv.Itoa(i)+"</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{&#34;SrcZoneName&#34;:&#34;Untrust&#34;,&#34;DestZoneName&#34;:&#34;Trust&#34;}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
values_1.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
body := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values_1.Encode()))
var bodys Person
json.Unmarshal(body, &bodys)
log.Println(values_1, i)
}
for v, k := range bodys.LogPaging {
sheet.Cell("A" + strconv.Itoa(v+1)).SetString(strconv.Itoa(v)) // 第一列 (A1)
sheet.Cell("B" + strconv.Itoa(v+1)).SetString(k.OutputJSON.Time)
sheet.Cell("C" + strconv.Itoa(v+1)).SetString(k.OutputJSON.SrcZoneName)
sheet.Cell("D" + strconv.Itoa(v+1)).SetString(k.OutputJSON.DestZoneName)
sheet.Cell("E" + strconv.Itoa(v+1)).SetString(k.OutputJSON.SrcIPAddr)
sheet.Cell("F" + strconv.Itoa(v+1)).SetString(k.OutputJSON.DestIPAddr)
sheet.Cell("G" + strconv.Itoa(v+1)).SetString(k.OutputJSON.DestPort)
sheet.Cell("H" + strconv.Itoa(v+1)).SetString(k.OutputJSON.ThreatName)
sheet.Cell("I" + strconv.Itoa(v+1)).SetString(k.OutputJSON.MethodNameCN)
sheet.Cell("J" + strconv.Itoa(v+1)).SetString(k.OutputJSON.MethodSubNameCN)
sheet.Cell("K" + strconv.Itoa(v+1)).SetString(k.OutputJSON.Application)
sheet.Cell("L" + strconv.Itoa(v+1)).SetString(k.OutputJSON.HttpHost)
}
}
//存储今日攻击事件
body_1 := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values_1.Encode()))
var bodys_1 Person
json.Unmarshal(body, &body_1)
if bodys_1.LogPaging[0].TotalCounts > "200" {
a, err := strconv.ParseFloat(bodys_1.LogPaging[0].TotalCounts, 64)
if err != nil {
log.Println(err)
}
log.Println(a)
totalPages := int(math.Floor(float64(a))/float64(200) + 1)
log.Println(totalPages)
for i := 1; i < totalPages+1; i++ {
values_1 := url.Values{}
values_1.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime+"</StartTime><EndTime>"+EndTime+"</EndTime></TimeFilter><PageNo>"+strconv.Itoa(i)+"</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{&#34;SrcZoneName&#34;:&#34;Untrust&#34;,&#34;DestZoneName&#34;:&#34;Trust&#34;}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
values_1.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
body := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values.Encode()))
var bodys Person
json.Unmarshal(body, &bodys)
log.Println(values_1, i)
}
for v, k := range bodys.LogPaging {
sheet.Cell("A" + strconv.Itoa(v+Counts)).SetString(strconv.Itoa(v)) // 第一列 (A1)
sheet.Cell("B" + strconv.Itoa(v+Counts)).SetString(k.OutputJSON.Time)
sheet.Cell("C" + strconv.Itoa(v+Counts)).SetString(k.OutputJSON.SrcZoneName)
sheet.Cell("D" + strconv.Itoa(v+Counts)).SetString(k.OutputJSON.DestZoneName)
sheet.Cell("E" + strconv.Itoa(v+Counts)).SetString(k.OutputJSON.SrcIPAddr)
sheet.Cell("F" + strconv.Itoa(v+Counts)).SetString(k.OutputJSON.DestIPAddr)
sheet.Cell("G" + strconv.Itoa(v+Counts)).SetString(k.OutputJSON.DestPort)
sheet.Cell("H" + strconv.Itoa(v+Counts)).SetString(k.OutputJSON.ThreatName)
sheet.Cell("I" + strconv.Itoa(v+Counts)).SetString(k.OutputJSON.MethodNameCN)
sheet.Cell("J" + strconv.Itoa(v+Counts)).SetString(k.OutputJSON.MethodSubNameCN)
sheet.Cell("K" + strconv.Itoa(v+Counts)).SetString(k.OutputJSON.Application)
sheet.Cell("L" + strconv.Itoa(v+Counts)).SetString(k.OutputJSON.HttpHost)
}
}
// 保存修改后的 Excel 文件
if err := ss.Validate(); err != nil {
log.Fatalf("验证文件时出错: %s", err)
}
if err := ss.SaveToFile("防火墙安全事件.xlsx"); err != nil {
log.Fatalf("保存文件时出错: %s", err)
}
@ -86,6 +171,62 @@ type Person struct {
LogPaging []LogPaging `json:"logpaging"`
}
type LogPaging struct {
Time string `json:"time"`
SrcZoneName string `json"srczonename"`
LogType string `json:"logtype"` //日志ID
ID string `json:"id"`
UserID string `json:"userid"`
PageNo string `json:"pageno"` //页数
CountPerPage string `json:"countperpage"` //每页计数
TotalCounts string `json:"totalcounts"` //总条数
InputJSON InputJSON `json:"inputjson"` //输入参数
OutputJSON OutputJSON `json:"outputjson"` //输出参数
TimeFilter TimeFilter `json:"timefilter"` //本次查询时间区间
}
type InputJSON struct {
SrcZoneName string `json:"srczonename"` //源安全域
DestZoneName string `json:"destzonename"` //目的安全域
}
type OutputJSON struct {
SrcPort string `json:"srcport"` //源端口
DestPort string `json:"destport"` //目的端口
Action string `json:"Action"`
AttackCount string `json:"attackcount"` //攻击计数
SrcVrfIndex string `json:"srcvrfindex"`
ThreatID string `json:"threatid"`
Severity string `json:"severity"`
HddInfo string `json:"hddinfo"`
Application string `json:"application"` //应用协议
ThreatName string `json:"threatname"` //威胁名称
SrcRegion string `json:"srcregion"` //源区域
DestRegion string `json:"destregion"` //目的区域
ThreatType string `json:"threattype"` //威胁类型 {入侵防御}
Time string `json:"time"` //时间
ContextName string `json:"contextname"` //上下文名称
Policy string `json:"policy"` //策略
Protocol string `json:"protocol"` //传输协议
SrcIPAddr string `json:"srcipaddr"` //源IP
User string `json:"user"` //用户
DestIPAddr string `json:"destipaddr"` //目的IP
SrcZoneName string `json:"srczonename"` //源安全域
DestZoneName string `json:"destzonename"` //目的安全域
CVE string `json:"cve"` //漏洞披露
MSB string `json:"msb"`
BID string `json:"bid"`
RealIP string `json:"realip"`
CapturePktName string `json:"capturepktname"`
HttpHost string `json:"httphost"` //host头
HttpFirstLine string `json:"httpfirstline"` //请求路径
Payload string `json:"payload"` //请求数据
MethodName string `json:"methodname"` //方法名称
MethodNameCN string `json:"methodnamecn"` //方法名称中国(攻击类别)
MethodSubName string `json:"methodsubname"` //方法子名称
MethodSubNameCN string `json:"methodsubnamecn"` //方法子名称中国(具体攻击形式)
LoginUserName string `json:"loginusername"`
LoginPassword string `json:"loginpassword"`
}
type TimeFilter struct {
StartTime string `json:"starttime"`
EndTime string `json:"endtime"`
}

3
main.go
View File

@ -1,6 +1,7 @@
package main
import (
attackevent "dt_automate/attack_event"
"dt_automate/tool"
"flag"
"fmt"
@ -101,7 +102,7 @@ func main() {
// wps.ZWW_SYS_Word() //运维平台word文档生成
// //安全巡检文档生成
// wps.SAFET_Word() //安全巡检文档生成
// attackevent.Fw_event("cookie") //防火墙安全事件表生成
attackevent.Fw_event("cookie") //防火墙安全事件表生成
}
} else {
log.Println("没有授权")

20
vendor/github.com/Esword618/unioffice/spreadsheet/workbook.go generated vendored
View File

@ -289,17 +289,17 @@ func (wb *Workbook) Save(w io.Writer) error {
if !license.GetLicenseKey().IsLicensed() && flag.Lookup("test.v") == nil {
//fmt.Println("Unlicensed version of UniOffice")
//fmt.Println("- Get a license on https://unidoc.io")
for _, sheet := range wb.Sheets() {
row1 := sheet.Row(1)
row1.SetHeight(50)
a1 := row1.Cell("A")
// for _, sheet := range wb.Sheets() {
// // row1 := sheet.Row(1)
// // row1.SetHeight(50)
// // a1 := row1.Cell("A")
//rt := a1.SetRichTextString()
//run := rt.AddRun()
//run.SetText("Unlicensed version of UniOffice - Get a license on https://unidoc.io")
//run.SetBold(true)
//run.SetColor(color.Red)
}
// //rt := a1.SetRichTextString()
// //run := rt.AddRun()
// //run.SetText("Unlicensed version of UniOffice - Get a license on https://unidoc.io")
// //run.SetBold(true)
// //run.SetColor(color.Red)
// }
}
z := zip.NewWriter(w)