327 lines
20 KiB
Go
327 lines
20 KiB
Go
package attackevent
|
||
|
||
import (
|
||
"bytes"
|
||
"dt_automate/conn"
|
||
"dt_automate/tool"
|
||
"encoding/json"
|
||
"log"
|
||
"math"
|
||
"net/url"
|
||
"strconv"
|
||
"time"
|
||
|
||
"github.com/Esword618/unioffice/schema/soo/sml"
|
||
"github.com/Esword618/unioffice/spreadsheet"
|
||
)
|
||
|
||
// var cookieStr string
|
||
|
||
// var Counts int //存储总条数
|
||
// var err error
|
||
|
||
// 传入cookie
|
||
func Fw_event(cookieStr string) {
|
||
ss := spreadsheet.New()
|
||
sheet := ss.AddSheet()
|
||
// sheet.SetFrozen(true, false)
|
||
v := sheet.InitialView()
|
||
v.SetState(sml.ST_PaneStateFrozen)
|
||
v.SetXSplit(0) //冻结列
|
||
v.SetYSplit(1) //冻结行
|
||
|
||
// v.SetTopLeft("B2")
|
||
// // 获取第一个工作表
|
||
// sheet, err := ss.GetSheet("Sheet2")
|
||
// if err != nil {
|
||
// log.Println(err)
|
||
// }
|
||
sheet.Cell("A1").SetString("序号")
|
||
sheet.Cell("B1").SetString("攻击时间")
|
||
sheet.Cell("C1").SetString("源安全域")
|
||
sheet.Cell("D1").SetString("目的安全域")
|
||
sheet.Cell("E1").SetString("源IP")
|
||
sheet.Cell("F1").SetString("目的IP")
|
||
sheet.Cell("G1").SetString("目的端口")
|
||
sheet.Cell("H1").SetString("威胁名称")
|
||
sheet.Cell("I1").SetString("攻击类别")
|
||
sheet.Cell("J1").SetString("攻击子类别")
|
||
sheet.Cell("K1").SetString("应用协议")
|
||
sheet.Cell("L1").SetString("CVE")
|
||
sheet.Cell("M1").SetString("域名(host)")
|
||
sheet.Cell("N1").SetString("请求路径")
|
||
sheet.Cell("O1").SetString("参数")
|
||
sheet.Cell("P1").SetString("源ip地区")
|
||
log.Println("生成表格表头标题")
|
||
//当前时间
|
||
EndTime := time.Unix(tool.Timestamp("second"), 0).Format("2006-01-02T15:04:05")
|
||
//今天0点
|
||
StartTime := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Format("2006-01-02T15:04:05")
|
||
//昨天23点59分59秒
|
||
EndTime_1 := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Add(-1 * time.Second).Format("2006-01-02T15:04:05")
|
||
StartTime_1 := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Add(-8 * time.Hour).Format("2006-01-02T15:04:05")
|
||
// log.Println(EndTime_1)
|
||
// log.Println(StartTime_1)
|
||
// 构建 x-www-form-urlencoded 格式的请求体
|
||
//今天0点到现在的攻击事件
|
||
values := url.Values{}
|
||
values.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime+"</StartTime><EndTime>"+EndTime+"</EndTime></TimeFilter><PageNo>1</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{"SrcZoneName":"Untrust","DestZoneName":"Trust"}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
|
||
values.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
|
||
//昨天下午16点到晚上23点59分59秒的攻击事件
|
||
values_1 := url.Values{}
|
||
values_1.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime_1+"</StartTime><EndTime>"+EndTime_1+"</EndTime></TimeFilter><PageNo>1</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{"SrcZoneName":"Untrust","DestZoneName":"Trust"}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
|
||
values_1.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
|
||
header := map[string]string{
|
||
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
|
||
"referer": "https://11.2.68.146/wnm/frame/index.php",
|
||
"cookie": cookieStr,
|
||
}
|
||
//先查询昨天的事件
|
||
yesterday := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values_1.Encode()))
|
||
// log.Println(string(body))
|
||
// log.Println(yesterday)
|
||
|
||
var Con int //插入总数
|
||
//存储昨日攻击事件
|
||
num, _ := strconv.Atoi(Date_v(yesterday).NTOP.LogPaging[0].TotalCounts)
|
||
if num > 200 {
|
||
a, err := strconv.ParseFloat(Date_v(yesterday).NTOP.LogPaging[0].TotalCounts, 64)
|
||
if err != nil {
|
||
log.Println(err)
|
||
}
|
||
log.Println("昨日查询到总条数:", a)
|
||
totalPages := int(math.Floor(float64(a))/float64(200) + 1)
|
||
log.Println(totalPages)
|
||
for i := 1; i < totalPages+1; i++ {
|
||
values_1 := url.Values{}
|
||
values_1.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime_1+"</StartTime><EndTime>"+EndTime_1+"</EndTime></TimeFilter><PageNo>"+strconv.Itoa(i)+"</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{"SrcZoneName":"Untrust","DestZoneName":"Trust"}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
|
||
values_1.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
|
||
yesterday := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values_1.Encode()))
|
||
log.Println(values_1, i)
|
||
for v, k := range Date_v(yesterday).NTOP.LogPaging {
|
||
Con = v + 2
|
||
// IP := conn.DT_GET("http://ip-api.com/json/"+k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string)+"?lang=zh-CN", nil, nil)
|
||
sheet.Cell("A" + strconv.Itoa(Con)).SetString(strconv.Itoa(Con)) // 第一列 (A1)
|
||
sheet.Cell("B" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["Time"].(string))
|
||
sheet.Cell("C" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["SrcZoneName"].(string))
|
||
sheet.Cell("D" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["DestZoneName"].(string))
|
||
sheet.Cell("E" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||
sheet.Cell("F" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["DestIPAddr"].(string))
|
||
sheet.Cell("G" + strconv.Itoa(Con)).SetString(strconv.FormatFloat(k.OutputJSON.(map[string]interface{})["DestPort"].(float64), 'f', -1, 64))
|
||
sheet.Cell("H" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["ThreatName"].(string))
|
||
sheet.Cell("I" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["MethodNameCN"].(string))
|
||
sheet.Cell("J" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["MethodSubNameCN"].(string))
|
||
sheet.Cell("K" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["Application"].(string))
|
||
sheet.Cell("L" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["CVE"].(string))
|
||
sheet.Cell("M" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["HttpHost"].(string))
|
||
sheet.Cell("N" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["HttpFirstLine"].(string))
|
||
sheet.Cell("O" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["Payload"].(string))
|
||
// sheet.Cell("P" + strconv.Itoa(Con)).SetString(Date_get(IP).(map[string]interface{})["country"].(string) + "." + Date_get(IP).(map[string]interface{})["city"].(string) + "/" + Date_get(IP).(map[string]interface{})["isp"].(string))
|
||
log.Println("开始插入昨日数据:", Con, k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||
}
|
||
}
|
||
|
||
} else {
|
||
for v, k := range Date_v(yesterday).NTOP.LogPaging {
|
||
Con = v + 2
|
||
// IP := conn.DT_GET("http://ip-api.com/json/"+k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string)+"?lang=zh-CN", nil, nil)
|
||
sheet.Cell("A" + strconv.Itoa(Con)).SetString(strconv.Itoa(Con)) // 第一列 (A1)
|
||
sheet.Cell("B" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["Time"].(string))
|
||
sheet.Cell("C" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["SrcZoneName"].(string))
|
||
sheet.Cell("D" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["DestZoneName"].(string))
|
||
sheet.Cell("E" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||
sheet.Cell("F" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["DestIPAddr"].(string))
|
||
sheet.Cell("G" + strconv.Itoa(Con)).SetString(strconv.FormatFloat(k.OutputJSON.(map[string]interface{})["DestPort"].(float64), 'f', -1, 64))
|
||
sheet.Cell("H" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["ThreatName"].(string))
|
||
sheet.Cell("I" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["MethodNameCN"].(string))
|
||
sheet.Cell("J" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["MethodSubNameCN"].(string))
|
||
sheet.Cell("K" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["Application"].(string))
|
||
sheet.Cell("L" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["CVE"].(string))
|
||
sheet.Cell("M" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["HttpHost"].(string))
|
||
sheet.Cell("N" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["HttpFirstLine"].(string))
|
||
sheet.Cell("O" + strconv.Itoa(Con)).SetString(k.OutputJSON.(map[string]interface{})["Payload"].(string))
|
||
// sheet.Cell("P" + strconv.Itoa(Con)).SetString(Date_get(IP).(map[string]interface{})["country"].(string) + "." + Date_get(IP).(map[string]interface{})["city"].(string) + "/" + Date_get(IP).(map[string]interface{})["isp"].(string))
|
||
log.Println("开始插入昨日数据:", Con, k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||
}
|
||
}
|
||
Con = Con + 1
|
||
//存储今日攻击事件
|
||
today := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values.Encode()))
|
||
num_1, _ := strconv.Atoi(Date_v(today).NTOP.LogPaging[0].TotalCounts)
|
||
if num_1 > 200 {
|
||
a, err := strconv.ParseFloat(Date_v(today).NTOP.LogPaging[0].TotalCounts, 64)
|
||
if err != nil {
|
||
log.Println(err)
|
||
}
|
||
log.Println("今日查询到总条数:", a)
|
||
totalPages := int(math.Floor(float64(a))/float64(200) + 1)
|
||
log.Println(totalPages)
|
||
for i := 1; i < totalPages+1; i++ {
|
||
values_1 := url.Values{}
|
||
values_1.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime+"</StartTime><EndTime>"+EndTime+"</EndTime></TimeFilter><PageNo>"+strconv.Itoa(i)+"</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{"SrcZoneName":"Untrust","DestZoneName":"Trust"}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
|
||
values_1.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
|
||
today := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values.Encode()))
|
||
log.Println(values_1, i)
|
||
for v, k := range Date_v(today).NTOP.LogPaging {
|
||
// IP := conn.DT_GET("http://ip-api.com/json/"+k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string)+"?lang=zh-CN", nil, nil)
|
||
sheet.Cell("A" + strconv.Itoa(Con+v)).SetString(strconv.Itoa(Con + v)) // 第一列 (A1)
|
||
sheet.Cell("B" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["Time"].(string))
|
||
sheet.Cell("C" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["SrcZoneName"].(string))
|
||
sheet.Cell("D" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["DestZoneName"].(string))
|
||
sheet.Cell("E" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||
sheet.Cell("F" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["DestIPAddr"].(string))
|
||
sheet.Cell("G" + strconv.Itoa(Con+v)).SetString(strconv.FormatFloat(k.OutputJSON.(map[string]interface{})["DestPort"].(float64), 'f', -1, 64))
|
||
sheet.Cell("H" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["ThreatName"].(string))
|
||
sheet.Cell("I" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["MethodNameCN"].(string))
|
||
sheet.Cell("J" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["MethodSubNameCN"].(string))
|
||
sheet.Cell("K" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["Application"].(string))
|
||
sheet.Cell("L" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["CVE"].(string))
|
||
sheet.Cell("M" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["HttpHost"].(string))
|
||
sheet.Cell("N" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["HttpFirstLine"].(string))
|
||
sheet.Cell("O" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["Payload"].(string))
|
||
// sheet.Cell("P" + strconv.Itoa(Con+v)).SetString(Date_get(IP).(map[string]interface{})["country"].(string) + "." + Date_get(IP).(map[string]interface{})["city"].(string) + "/" + Date_get(IP).(map[string]interface{})["isp"].(string))
|
||
log.Println("开始插入今日数据:", v+Con, k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||
}
|
||
// log.Println(Date_v(JsonStr).NTOP.LogPaging)
|
||
}
|
||
} else {
|
||
for v, k := range Date_v(today).NTOP.LogPaging {
|
||
// IP := conn.DT_GET("http://ip-api.com/json/"+k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string)+"?lang=zh-CN", nil, nil)
|
||
sheet.Cell("A" + strconv.Itoa(Con+v)).SetString(strconv.Itoa(Con + v)) // 第一列 (A1)
|
||
sheet.Cell("B" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["Time"].(string))
|
||
sheet.Cell("C" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["SrcZoneName"].(string))
|
||
sheet.Cell("D" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["DestZoneName"].(string))
|
||
sheet.Cell("E" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||
sheet.Cell("F" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["DestIPAddr"].(string))
|
||
sheet.Cell("G" + strconv.Itoa(Con+v)).SetString(strconv.FormatFloat(k.OutputJSON.(map[string]interface{})["DestPort"].(float64), 'f', -1, 64))
|
||
sheet.Cell("H" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["ThreatName"].(string))
|
||
sheet.Cell("I" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["MethodNameCN"].(string))
|
||
sheet.Cell("J" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["MethodSubNameCN"].(string))
|
||
sheet.Cell("K" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["Application"].(string))
|
||
sheet.Cell("L" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["CVE"].(string))
|
||
sheet.Cell("M" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["HttpHost"].(string))
|
||
sheet.Cell("N" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["HttpFirstLine"].(string))
|
||
sheet.Cell("O" + strconv.Itoa(Con+v)).SetString(k.OutputJSON.(map[string]interface{})["Payload"].(string))
|
||
// sheet.Cell("P" + strconv.Itoa(Con+v)).SetString(Date_get(IP).(map[string]interface{})["country"].(string) + "." + Date_get(IP).(map[string]interface{})["city"].(string) + "/" + Date_get(IP).(map[string]interface{})["isp"].(string))
|
||
log.Println("开始插入今日数据:", v+Con, k.OutputJSON.(map[string]interface{})["SrcIPAddr"].(string))
|
||
}
|
||
// log.Println(Date_v(JsonStr).NTOP.LogPaging)
|
||
}
|
||
|
||
// 保存修改后的 Excel 文件
|
||
|
||
if err := ss.Validate(); err != nil {
|
||
log.Fatalf("验证文件时出错: %s", err)
|
||
}
|
||
|
||
if err := ss.SaveToFile("防火墙安全事件" + time.Unix(tool.Timestamp("second"), 0).Format("20060102") + ".xlsx"); err != nil {
|
||
log.Fatalf("保存文件时出错: %s", err)
|
||
}
|
||
}
|
||
func Date_get(jsonSter string) interface{} {
|
||
var jsonstr interface{}
|
||
err := json.Unmarshal([]byte(jsonSter), &jsonstr)
|
||
if err != nil {
|
||
log.Fatalf("JSON 解析失败: %v", err)
|
||
}
|
||
return jsonstr
|
||
}
|
||
|
||
func Date_v(jsonStr string) *Person {
|
||
var person Person
|
||
err := json.Unmarshal([]byte(jsonStr), &person)
|
||
if err != nil {
|
||
log.Fatalf("JSON 解析失败: %v", err)
|
||
}
|
||
// 手动解析 InputJSON 和 OutputJSON 字段
|
||
for i := range person.NTOP.LogPaging {
|
||
logPaging := &person.NTOP.LogPaging[i]
|
||
|
||
// 解析 InputJSON
|
||
var inputJSON map[string]interface{}
|
||
err := json.Unmarshal([]byte(logPaging.InputJSON.(string)), &inputJSON)
|
||
if err != nil {
|
||
log.Fatalf("解析 InputJSON 失败: %v", err)
|
||
}
|
||
logPaging.InputJSON = inputJSON // 更新为解析后的数据
|
||
|
||
// 解析 OutputJSON
|
||
var outputJSON map[string]interface{}
|
||
err = json.Unmarshal([]byte(logPaging.OutputJSON.(string)), &outputJSON)
|
||
if err != nil {
|
||
log.Fatalf("解析 OutputJSON 失败: %v", err)
|
||
}
|
||
logPaging.OutputJSON = outputJSON // 更新为解析后的数据
|
||
}
|
||
// 输出结果
|
||
// log.Printf("解析结果: %+v\n", person.NTOP.LogPaging[4].OutputJSON.(map[string]interface{})["SrcPort"])
|
||
return &person
|
||
}
|
||
|
||
type Person struct {
|
||
NTOP NTOP `json:"NTOP"`
|
||
}
|
||
type NTOP struct {
|
||
LogPaging []LogPaging `json:"LogPaging"`
|
||
}
|
||
type LogPaging struct {
|
||
LogType string `json:"LogType"` //日志ID
|
||
ID string `json:"ID"`
|
||
UserID string `json:"UserID"`
|
||
PageNo string `json:"PageNo"` //页数
|
||
CountPerPage string `json:"CountPerPage"` //每页计数
|
||
TotalCounts string `json:"TotalCounts"` //总条数
|
||
InputJSON interface{} `json:"InputJSON"` //输入参数
|
||
OutputJSON interface{} `json:"OutputJSON"` //输出参数
|
||
TimeFilter TimeFilter `json:"TimeFilter"` //本次查询时间区间
|
||
}
|
||
|
||
type InputJSON struct {
|
||
SrcZoneName string `json:"SrcZoneName"` //源安全域
|
||
DestZoneName string `json:"DestZoneName"` //目的安全域
|
||
}
|
||
|
||
type OutputJSON struct {
|
||
SrcPort string `json:"SrcPort"` //源端口
|
||
DestPort string `json:"DestPort"` //目的端口
|
||
Action string `json:"Action"`
|
||
AttackCount string `json:"AttackCount"` //攻击计数
|
||
SrcVrfIndex string `json:"SrcVrfIndex"`
|
||
ThreatID string `json:"ThreatID"`
|
||
Severity string `json:"Severity"`
|
||
HddInfo string `json:"HddInfo"`
|
||
Application string `json:"Application"` //应用协议
|
||
ThreatName string `json:"ThreatName"` //威胁名称
|
||
SrcRegion string `json:"SrcRegion"` //源区域
|
||
DestRegion string `json:"DestRegion"` //目的区域
|
||
ThreatType string `json:"ThreatType"` //威胁类型 {入侵防御}
|
||
Time string `json:"Time"` //时间
|
||
ContextName string `json:"ContextName"` //上下文名称
|
||
Policy string `json:"Policy"` //策略
|
||
Protocol string `json:"Protocol"` //传输协议
|
||
SrcIPAddr string `json:"SrcIPAddr"` //源IP
|
||
User string `json:"User"` //用户
|
||
DestIPAddr string `json:"DestIPAddr"` //目的IP
|
||
SrcZoneName string `json:"SrcZoneName"` //源安全域
|
||
DestZoneName string `json:"DestZoneName"` //目的安全域
|
||
CVE string `json:"CVE"` //漏洞披露
|
||
MSB string `json:"MSB"`
|
||
BID string `json:"BID"`
|
||
RealIP string `json:"RealIP"`
|
||
CapturePktName string `json:"CapturePktName"`
|
||
HttpHost string `json:"HttpHost"` //host头
|
||
HttpFirstLine string `json:"HttpFirstLine"` //请求路径
|
||
Payload string `json:"Payload"` //请求数据
|
||
MethodName string `json:"MethodName"` //方法名称
|
||
MethodNameCN string `json:"MethodNameCN"` //方法名称中国(攻击类别)
|
||
MethodSubName string `json:"MethodSubName"` //方法子名称
|
||
MethodSubNameCN string `json:"MethodSubNameCN"` //方法子名称中国(具体攻击形式)
|
||
LoginUserName string `json:"LoginUserName"`
|
||
LoginPassword string `json:"LoginPassword"`
|
||
}
|
||
|
||
type TimeFilter struct {
|
||
StartTime string `json:"StartTime"`
|
||
EndTime string `json:"EndTime"`
|
||
}
|