Processing device and method of edr-based message queue

A message queue and processing device technology, applied in the field of network security, can solve the problems of unable to ensure orderly sending of log information, unable to accurately match target objects, etc.

Active Publication Date: 2022-01-21
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in the case of a large amount of log information, when the log information is sent in batches, it is impossible to ensure that the log information is sent in an orderly manner, and it cannot accurately match the corresponding target object

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Processing device and method of edr-based message queue
  • Processing device and method of edr-based message queue
  • Processing device and method of edr-based message queue

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0039] figure 1 and figure 2 It is a schematic diagram of an EDR-based message queue processing device provided in Embodiment 1 of the present invention.

[0040] refer to figure 1 and figure 2 , the device is applied on a server, and the device includes a processing module 1, a matching module 2 and a process 3, wherein the processing module 1 includes an engine;

[0041] The processing module 1 is used to receive the log information sent by the terminal detection and response EDR client, and send the log information to the engine;

[0042] Here, after receiving the log information sent by the responding EDR client, the processing module 1 can determine which EDR client sends it according to the ID of the EDR client.

[0043] The engine is used to obtain the time information of receiving the log information according to the log information, and associate the identifier ID of the EDR client in the log information, the time information and the ID of the engine to obtain t...

Embodiment 2

[0064] image 3 It is a flow chart of the processing method of the EDR-based message queue provided by Embodiment 2 of the present invention.

[0065] refer to image 3 , applied on the server, the method includes the following steps:

[0066] Step S101, the receiving terminal detects and responds to the log information sent by the EDR client, and sends the log information to the engine;

[0067] Step S102, the engine obtains the time information of receiving the log information according to the log information, and associates the identifier ID of the EDR client in the log information, the time information and the ID of the engine to obtain the associated ID;

[0068] Step S103, look up the corresponding process ID according to the association ID, and send the association ID to the corresponding process according to the process ID.

[0069] Further, the method also includes the following steps:

[0070] Step S201, analyzing the associated ID to obtain the ID of the EDR cli...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a processing device and method for an EDR-based message queue, including a processing module, a matching module and a process, wherein the processing module includes an engine; the processing module is used for receiving terminal detection and responding to log information sent by an EDR client, and The log information is sent to the engine; the engine is used to obtain the time information of receiving the log information according to the log information, and correlates the identifier ID of the EDR client in the log information, the time information and the ID of the engine to obtain the association ID, and The association ID is sent to the matching module; the matching module is used to find the corresponding process ID according to the association ID, and send the association ID to the corresponding process according to the process ID, which can ensure the orderly sending of log information and improve the accuracy of log information sending.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an EDR-based message queue processing device and method. Background technique [0002] With the rapid development of EDR (Endpoint Detection and Response, terminal detection and response) clients, it is very important to analyze and process log information. [0003] When the EDR client detects a threat, it will generate log information such as login protection, virus detection and killing, process protection, website vulnerability protection, blackmail protection, and website backdoor detection and killing. If the EDR client directly processes the above log information, the efficiency is too low, and the throughput cannot reach the speed of log information generation. Once the amount of log information is too large, it will cause vicious events such as service downtime. Using message queues such as Kafka, log information can be taken out of the message queue and proces...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L47/62
CPCH04L63/1425H04L47/62
Inventor 孟希杰范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap