Security event processing method and system, medium and computer equipment

A security event and processor technology, applied in the field of network security, can solve the problems of inability to deal with large-scale security incident scenarios, low processing efficiency, slow automatic response to large-scale security incidents, etc.

Active Publication Date: 2020-10-27
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF6 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the problems existing in the prior art, the embodiment of the present application provides a method, device, medium and computer equipment for handling security incidents, which are used to solve the existing In some technologies, when th

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security event processing method and system, medium and computer equipment
  • Security event processing method and system, medium and computer equipment
  • Security event processing method and system, medium and computer equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0048] This embodiment provides a method for handling security events, such as figure 1 and figure 2 As shown, the methods include:

[0049] S210. Receive at least one security event sent by the monitoring device;

[0050]refer to figure 1 In this application, at least one security event reported by the upstream monitoring device can be received through the Remote Procedure Call Protocol (RPC, Remote Procedure Call Protocol) service. After receiving at least one security event, the security event is not processed immediately, but the security event Stored in the preset event queue. Among them, the RPC service is a service framework based on the RPC protocol, and is a multi-threaded service model. Upstream monitoring equipment can include specific hardware monitoring equipment, and can also include monitoring equipment such as firewalls; security incidents can include but are not limited to the following: network attacks, virus intrusion, virus extortion, and mining viruse...

Embodiment 2

[0100] This embodiment provides a device for processing security events, please refer to Figure 4 , the device includes: a receiving module 41, a search module 42, a creation module 43 and an execution module 44; wherein;

[0101] A receiving module 41, configured to receive at least one security event sent by the monitoring device;

[0102] A search module 42, configured to search for a script corresponding to the at least one security event, where the script is a file for responding to the security event;

[0103] Create module 43, be used for creating corresponding subprocess for each described script, call corresponding script entry function based on each described subprocess, to be able to load the script corresponding to each described security event; Execute each script in parallel , call the preset interface to create at least one sub-thread for each sub-process of the script, and return to the main thread of the interface;

[0104] The execution module 44 is config...

Embodiment 3

[0152] This embodiment provides a computer device, such as Figure 5 As shown, it includes a memory 410, a processor 420, and a computer program 411 stored on the memory 410 and operable on the processor 420. When the processor 420 executes the computer program 411, the following steps are implemented:

[0153] receiving at least one security event sent by the monitoring device;

[0154] Find a script corresponding to the at least one security event, where the script is a file for responding to the security event;

[0155] Create a corresponding sub-process for each of the scripts, and call the corresponding script entry function based on each of the sub-processes, so as to be able to load the script corresponding to each of the security events;

[0156] When each script is executed in parallel, call a preset interface to create at least one sub-thread for each sub-process of the script, and return to the main thread of the interface;

[0157] Each action function in the cor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a security event processing method and system, a medium and computer equipment, and the method comprises the steps: receiving at least one security event transmitted by monitoring equipment, and searching for a script corresponding to the at least one security event; creating a corresponding sub-process for each script, and calling a corresponding script entry function basedon each sub-process; calling an interface to create at least one sub-thread for the sub-process of each script, and return to the main thread of the interface; and executing each action function in the corresponding script in parallel based on the at least one sub-thread. In the process of responding to the security event, different scripts can be executed in parallel through the corresponding sub-processes; when the script is executed, since the interface returns to the main thread after creating the current sub-thread, the action functions in the sub-threads can be executed in parallel, theautomatic response to large-scale security events is satisfied, and the response efficiency to the security events is improved.

Description

technical field [0001] The present application belongs to the technical field of network security, and in particular relates to a method, device, medium and computer equipment for processing security events. Background technique [0002] In the Internet field, various security risks may occur during the operation of a system, which are collectively referred to as security incidents, such as: network attacks, virus intrusions, mining, etc. In order to ensure the safe operation of the system, the system will be monitored, alarmed, responded and restored to solve various security risks and achieve security protection. [0003] In the prior art, security protection is generally achieved by pre-programming scripts based on the concept of Security Orchestration, Automation and Response (SOAR, Security Orchestration, Automation and Response). The core concept of SOAR is to collect security threats and intelligence data from different data sources, analyze and classify incidents, a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06F9/50
CPCH04L63/1441H04L63/20G06F9/5027G06F2209/5018
Inventor 阮博男刘文懋赵粤征浦明郭兰杰
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap