An asset management method and device, electronic equipment and storage medium
By using data merging and matching and automatic credential reasoning technology, the problem of numerous manual operations and high error rates in the asset management process has been solved, achieving an efficient and accurate asset management process.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- DIGITAL GUANGDONG NETWORK CONSTR CO LTD
- Filing Date
- 2026-04-28
- Publication Date
- 2026-06-19
AI Technical Summary
Existing technologies involve multiple independent manual operation steps in the process of asset management and voucher binding, resulting in long processing times, a high probability of errors, and a lack of automated linkage.
By acquiring asset attribute lists and initial password lists, and employing data merging and matching, as well as automatic credential reasoning and binding techniques based on multidimensional attribute data, asset records are automatically matched and bound using preset associated field priority sequences and predefined credential reasoning rules, thus achieving asset management.
It improved the efficiency and accuracy of asset management, reduced the probability of errors in manual operations, and achieved automated linkage.
Smart Images
Figure CN122243648A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of computer operation and maintenance technology, and in particular to an asset management method, apparatus, electronic device and storage medium. Background Technology
[0002] In the field of enterprise IT (Information Technology) operations and maintenance management, the operations and maintenance audit gateway, acting as an intermediary device between operations and maintenance personnel and target assets, needs to maintain a list of accessible assets and bind corresponding access credentials to each asset in the list. The completeness of the asset list and the correctness of the credential binding are two prerequisites for successful operations and maintenance access—assets not under management cannot be selected, and unbound credentials prevent login.
[0003] Currently, the industry mainly adopts the following solutions when handling asset management and credential binding for operation and maintenance gateways:
[0004] 1. Manual management and manual binding modes
[0005] After registering the asset in the configuration management database, the administrator needs to log in to the management backend of the operation and maintenance audit gateway separately to manually create an asset entry (filling in information such as IP address, port, and protocol type). Then, under that asset, the administrator must manually select or enter the corresponding privileged account and password. Asset registration and gateway management are two completely independent operations, performed manually in different systems.
[0006] 2. Spreadsheet Batch Import Mode
[0007] Administrators compile asset lists using spreadsheets, which contain basic information about each asset and its corresponding credential identifier. These spreadsheets are then imported in batches into the operations and maintenance audit gateway. This method reduces the workload of performing each operation individually, but the compilation of the spreadsheet content still relies on manual copying from the configuration management database, and the selection of credentials also relies on manual judgment and filling in each row of the spreadsheet.
[0008] 3. Artificial transcription patterns of the initial codon
[0009] When hardware devices are delivered, suppliers typically provide a list containing the IP address and initial password for each device. Administrators need to enter each password from this list into the password management system (or configure it directly to the operations and maintenance audit gateway), completing the transcription of the initial passwords from paper to the system. In scenarios involving large-volume device deliveries, this transcription process is time-consuming and prone to mismatches.
[0010] In the process of implementing this solution, the inventors discovered the following defects in the existing technology:
[0011] The existing solution involves multiple independent manual operation steps, which lack automated linkage, resulting in long asset management time and a high probability of errors. Summary of the Invention
[0012] This invention provides an asset management method, apparatus, electronic device, and storage medium to improve the efficiency and accuracy of asset management.
[0013] According to one aspect of the present invention, an asset management method is provided, the method comprising:
[0014] Obtain the list of asset attributes and the list of initial asset passwords corresponding to the current asset management event, wherein the current asset management event is an asset addition type;
[0015] The asset attribute list and the asset initial password list are matched according to a preset priority sequence of associated fields to obtain each asset record; each asset record includes successfully matched asset attribute data, asset initial password and first credential identifier; the first credential identifier indicates the storage location of the asset initial password in the current asset record;
[0016] The predefined credential reasoning rules are matched with the asset attribute data in the current asset record to obtain a second credential identifier that matches the current asset record, and the second credential identifier is bound to the current asset record; the second credential identifier represents the identity of the initial asset password used when performing operation and maintenance access to the current asset, and the second credential identifier and the first credential identifier indicate the same or different initial asset password;
[0017] The current asset record is pushed to the asset repository to achieve asset management.
[0018] According to another aspect of the present invention, an asset management device is provided, the device comprising:
[0019] The data acquisition module is used to acquire the asset attribute list and asset initial password list corresponding to the current asset management event, wherein the current asset management event is an asset addition type;
[0020] The asset record acquisition module is used to match the asset attribute list and the asset initial password list according to a preset priority sequence of associated fields to acquire each asset record; each asset record includes successfully matched asset attribute data, asset initial password and first credential identifier; the first credential identifier indicates the storage location of the asset initial password in the current asset record;
[0021] The credential binding module is used to match predefined credential reasoning rules with asset attribute data in the current asset record, obtain a second credential identifier that matches the current asset record, and bind the second credential identifier to the current asset record; the second credential identifier represents the identity of the initial asset password used when performing operation and maintenance access to the current asset, and the second credential identifier and the first credential identifier indicate the same or different initial asset password;
[0022] The asset record push module is used to push the current asset record to the asset database to achieve asset management.
[0023] According to another aspect of the present invention, an electronic device is provided, the electronic device comprising:
[0024] At least one processor; and
[0025] A memory communicatively connected to the at least one processor; wherein,
[0026] The memory stores a computer program that can be executed by the at least one processor, the computer program being executed by the at least one processor to enable the at least one processor to perform the asset management method according to any embodiment of the present invention.
[0027] According to another aspect of the present invention, a computer-readable storage medium is provided, the computer-readable storage medium storing computer instructions for causing a processor to execute and implement the asset management method according to any embodiment of the present invention.
[0028] The technical solution of this invention obtains an asset attribute list and an asset initial password list corresponding to the current asset management event, wherein the current asset management event is an asset addition type; matches the asset attribute list and the asset initial password list according to a preset priority sequence of associated fields to obtain each asset record; each asset record includes successfully matched asset attribute data, asset initial password, and a first credential identifier; the first credential identifier indicates the storage location of the asset initial password in the current asset record; matches the predefined credential reasoning rules with the asset attribute data in the current asset record to obtain a second credential identifier that matches the current asset record, and binds the second credential identifier to the current asset record; the second credential identifier indicates the identity of the asset initial password used when accessing the current asset for maintenance, and the second credential identifier and the first credential identifier indicate the same or different asset initial password; pushes the current asset record to the asset database to achieve asset management. This solution uses data merging and matching, and automatic credential reasoning and binding based on multi-dimensional asset attribute data to solve the problem of multiple independent manual operation steps in the prior art, which lack automated linkage between these steps, resulting in long asset management time and high error probability, thus improving the efficiency and accuracy of asset management.
[0029] It should be understood that the description in this section is not intended to identify key or essential features of the embodiments of the present invention, nor is it intended to limit the scope of the invention. Other features of the invention will become readily apparent from the following description. Attached Figure Description
[0030] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0031] Figure 1a A flowchart of an asset management method provided in an embodiment of the present invention;
[0032] Figure 1b This is a schematic diagram of the architecture of an asset management system provided in an embodiment of the present invention;
[0033] Figure 1c This is a schematic diagram of a dual-channel data merging and matching process provided in an embodiment of the present invention;
[0034] Figure 1d This embodiment provides a complete flowchart of the asset listing process;
[0035] Figure 1e This embodiment provides a flowchart for the linkage of asset attribute changes;
[0036] Figure 1f This embodiment provides a flowchart for the linkage process of asset deletion (removal from shelves);
[0037] Figure 2 This is a schematic diagram of an asset management device provided in an embodiment of the present invention;
[0038] Figure 3 This is a schematic diagram of the structure of an electronic device that implements the asset management method of this invention. Detailed Implementation
[0039] To enable those skilled in the art to better understand the present invention, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort should fall within the scope of protection of the present invention.
[0040] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this invention are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of the invention described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.
[0041] Figure 1a This is a flowchart of an asset management method provided by an embodiment of the present invention. This embodiment is applicable to the situation of asset management. The method can be executed by an asset management device, which can be implemented in hardware and / or software. The asset management device can be configured in a server that integrates an asset management system.
[0042] The architecture of the asset management system in this embodiment can be as follows: Figure 1b As shown, it may include: a configuration management database, an ITSM work order system, an asset credential vault, and an operation and maintenance audit gateway. The operation and maintenance audit gateway may include an event receiving layer, a merging matching engine, a password database writing module, a credential inference engine, a gateway asset push interface, and an asset database.
[0043] Based on the aforementioned asset management system, such as Figure 1a As shown, the asset custody method includes:
[0044] S110. Obtain the asset attribute list and asset initial password list corresponding to the current asset management event, wherein the current asset management event is an asset addition type.
[0045] The current asset management event can refer to an asset management event initiated by the asset management system administrator. The asset attribute list can refer to a document containing detailed attribute data for each asset. The asset initial password list can refer to a document containing the initial password for each asset. Asset attribute data can include basic asset connection information (such as IP (Internet Protocol) address, management port, access protocol type, etc.), asset identifiers (such as device serial number, asset number, hostname, MAC (Media Access Control) address, etc.), asset category information (such as operating system type, region, business system, network partition, etc.), and asset status information (such as online, offline, listed, delisted, etc.), etc. The asset's region can be used to identify which physical or logical management area the asset is deployed in; for example, by physical data center, it can be divided into Area A, Area B, disaster recovery data center, etc., or by security area, it can be divided into Internet area, government extranet area, etc. The asset addition type can refer to the listing and management of newly added assets.
[0046] This embodiment can obtain the corresponding list of newly added asset attributes and the list of initial asset passwords based on the current asset addition event.
[0047] In one optional implementation, obtaining the asset attribute list and initial asset password list corresponding to the current asset management event may include:
[0048] At a first time point, an asset attribute list is obtained; at a second time point, an initial asset password list is obtained. If the first time point is earlier than the second time point, the asset attribute list is stored in a temporary queue, and a first temporary record is generated. When the initial asset password list is obtained at the second time point, an operation is triggered to match the asset attribute list and the initial asset password list according to a preset priority sequence of related fields. The first temporary record includes asset attribute data, the first time point, and the source identifier of the first list. If the second time point is earlier than the first time point, the initial asset password list is stored in a temporary queue, and a second temporary record is generated. When the asset attribute list is obtained at the first time point, an operation is triggered to match the asset attribute list and the initial asset password list according to a preset priority sequence of related fields. The second temporary record includes initial asset password data, the second time point, and the source identifier of the second list.
[0049] The first list source identifier can be used to identify the source of the asset attribute list (such as the source path), and the second list source identifier can be used to identify the source of the asset initial password list.
[0050] In this embodiment, during the process of adding new assets, an asset addition event can be generated through the ITSM work order system, and two independent data events will be generated upon completion.
[0051] refer to Figure 1c The first event can be issued by the configuration management database. After the current asset management event is generated, the data in the asset attribute list can be written to the configuration management database through the asset management process. The configuration management database then generates an asset addition event, which carries the complete attribute metadata of the newly added asset. The second event can be issued directly by the ITSM work order system. The work order includes a list of initial passwords for the newly added assets, which is transmitted to the asset management system as an independent data stream. Each record in this initial password list can contain an asset identification field (such as IP address, device serial number, or asset number, depending on the list format provided by the vendor) and the initial password for that asset. The two data streams can arrive at the asset management system independently, and the order of arrival is uncertain.
[0052] The first data stream to arrive can enter a temporary queue to wait. The temporary queue record includes the data content (asset attribute data or initial asset password), arrival time (first time point or second time point), and source identifier (first list source identifier or second list source identifier). When the second data stream arrives at the asset management system, the merging matching engine is immediately triggered, attempting to associate and match the newly arrived data with the record in the temporary queue using the merging matching engine.
[0053] This embodiment allows setting a timeout threshold for data in the temporary queue. If a temporary record fails to complete data matching within the timeout threshold, the asset management system can mark the temporary record as timed out and generate an alarm notification, allowing the administrator to intervene and investigate the cause (e.g., the password list was not submitted with the work order or the configuration management database failed to write).
[0054] S120. Match the asset attribute list and the asset initial password list according to the preset priority sequence of associated fields to obtain each asset record; each asset record includes the successfully matched asset attribute data, the asset initial password and the first credential identifier; the first credential identifier indicates the storage location of the asset initial password in the current asset record.
[0055] The preset associated field priority sequence can be a field sequence containing information about each preset associated field and its priority. An asset record can refer to the result of a successful match between asset attribute data and the initial asset password. The first credential identifier can be obtained after writing the initial asset password into the asset credential vault; the first credential identifier can indicate the storage location of the initial asset password within the asset credential vault.
[0056] In this embodiment, the asset attribute list and the asset initial password list can be matched according to a preset priority sequence of associated fields. The successfully matched asset attribute data and asset initial passwords are merged into an asset record. Then, the password library writing module extracts the asset initial password from this record and writes it into the asset vault through the standard interface exposed by the asset vault. During the writing process, the password library writing module specifies the storage path and access policy for the asset initial password. The storage path is usually organized according to asset grouping rules (e.g., hierarchical by region and operating system type). After successful writing, the asset vault returns a unique reference identifier for the asset initial password. The password library writing module can use this unique reference identifier as the first credential identifier and write the first credential identifier into the corresponding asset record.
[0057] It should be noted that after the initial password for an asset is written to the asset credential vault, subsequent password rotation strategies (such as periodic automatic replacement), access auditing, and password strength verification are all managed independently by the vault's built-in mechanisms. This asset management system does not intervene in or perceive subsequent changes to the password content. The asset record always stores the credential identifier, not the password itself; therefore, password rotation does not affect the binding relationships already established in this asset management system.
[0058] In cases where password writing fails (e.g., the asset credential vault service is temporarily unavailable or there is a storage path conflict), the password database writing module can mark the failed password as "password pending writing" and add it to the retry queue. It will retry at preset time intervals until successful or the maximum number of retries is reached, at which point an alarm will be generated. Before the password writing is complete, the asset will not proceed to the subsequent credential reasoning and gateway push stages, ensuring that all assets pushed to the operations and maintenance gateway have valid credential identifiers.
[0059] In one optional implementation, matching the asset attribute list and the initial asset password list according to a preset priority sequence of associated fields to obtain each asset record may include:
[0060] Based on the preset priority sequence of associated fields, the current preset associated field is determined; the asset attribute list is queried based on the current preset associated field to obtain the first result, and the asset initial password list is queried based on the current preset associated field to obtain the second result; if the quantity of the first result and the second result is both 1, the second result is written to the asset credential vault to obtain the first credential identifier, and the first result, the second result, and the first credential identifier are combined to obtain an asset record; if the quantity of the first result and the second result is inconsistent and both are not empty, the preset associated field with the next priority is determined as the current preset associated field, and the operation of querying the asset attribute list and the asset initial password list based on the current preset associated field is returned until the quantity of the first result and the second result is both 1, resulting in an asset record; if the quantity of the first result and the second result corresponding to each preset associated field is inconsistent and both are not empty, a first alarm message is generated to instruct the administrator to handle it.
[0061] Based on the above optional implementation method, if there are empty results in both the first and second results corresponding to all preset associated fields, a second alarm message is generated to instruct the administrator to handle it.
[0062] In this embodiment, the merging matching engine can attempt matching sequentially according to the priority sequence of associated fields. The highest priority associated field is selected, and it is checked whether this field exists simultaneously in both the asset attribute list and the asset initial password list, and is not empty. If so, the value of this field is used for matching. If the field is missing or empty in either data source, it is skipped, and the next priority associated field is tried, and so on, until a usable associated field is found or all associated fields are unavailable. This embodiment can process the matching results in a tiered manner, see reference... Figure 1c The matching results can include three cases: Exact match (1:1, i.e., the number of first and second results is 1), the association key uniquely matches a corresponding record in both data streams, and the merging matching engine can merge the two data streams into a complete asset record, including the complete set of asset attribute data and the initial asset password, which is then processed by the subsequent password database writing module; Multiple matches (1:N, equivalent to the number of first and second results corresponding to all preset association fields being inconsistent and all not empty), the association key matches multiple records, and the correspondence between asset attribute data and initial asset password cannot be uniquely determined, the merging matching engine can suspend this group of records and generate a first alarm message, instructing the administrator to manually confirm the correct correspondence before manually triggering the merging; Zero match (0, equivalent to the presence of empty results in both the first and second results corresponding to all preset association fields), since no unique corresponding record is found in either data stream, the merging matching engine can put this record into an isolated queue, waiting for subsequent supplementary data to arrive before retrying the matching, or generate a second alarm message after a timeout, instructing the administrator to intervene.
[0063] In this embodiment, since the identification fields shared by the asset attribute list and the initial asset password list may differ between different enterprises and different batches of asset and equipment delivery, the asset management system supports administrators in pre-setting a priority sequence of associated fields. Associated fields can include, but are not limited to, any field that may exist simultaneously in both sets of data and possesses uniqueness, such as asset serial number, IP address, asset number, hostname, and MAC address. Administrators can arrange these pre-set associated fields according to their matching reliability from highest to lowest, forming a priority sequence of associated fields, based on the enterprise's actual data specifications.
[0064] It should be noted that during the matching process of two sets of data, when a single field cannot uniquely determine the correspondence between the two sets of data, the asset management system in this embodiment can also support configuring combined associated fields, that is, using the combined value of multiple fields as the matching basis. For example, in a scenario where there are multiple asset devices of the same model within the same network segment, using only the IP address range may not be able to distinguish them, but the combination of IP address and port number can uniquely identify them.
[0065] S130. Match the predefined credential reasoning rules with the asset attribute data in the current asset record to obtain the second credential identifier that matches the current asset record, and bind the second credential identifier to the current asset record; the second credential identifier represents the identity of the initial asset password used when performing maintenance access to the current asset, and the second credential identifier and the first credential identifier indicate the same or different initial asset password.
[0066] Among them, the predefined credential reasoning rules can be used to reason about which set of credentials in the asset credential vault should be used for the corresponding asset during operation and maintenance based on asset attribute data. The current asset record can refer to a record among the various asset records obtained based on the S120 operation.
[0067] In this embodiment, manual credential allocation experience can be pre-formulated into executable logical expressions. Each predefined credential reasoning rule can consist of three elements: a conditional expression, a first credential identifier, and a priority value. The conditional expression performs logical judgments based on the asset's multi-dimensional attribute data, supporting operators such as equal to, not equal to, contain, regular expression matching, greater than, and less than. It can support combining multiple conditions into composite conditions using logical AND and logical OR, and can also support nested combinations to express more complex judgment logic. For example, "belonging to region A, operating system type Linux, and hostname containing 'db'" can be expressed as three conditions combined using logical AND. The priority value is used to determine the priority of the credential reasoning rule. When the same asset simultaneously satisfies multiple credential reasoning rules, the asset management system can sort all successfully matched rules from highest to lowest priority and select the first rule after sorting as the final result. This process is deterministic: the same asset metadata and the same rule base will inevitably produce the same binding result.
[0068] In one optional implementation, matching predefined credential reasoning rules with asset attribute data in the current asset record to obtain a second credential identifier matching the current asset record may include:
[0069] The asset attribute data in the current asset record is processed according to a preset data structure to obtain the current attribute dictionary. Each predefined credential reasoning rule is matched against the current attribute dictionary. If the conditional expression in the current credential reasoning rule is true, the current credential reasoning rule is determined to be a successful match with the current attribute dictionary. After all credential reasoning rules have been processed, candidate credential reasoning rules are obtained, and each candidate credential reasoning rule is a successfully matched predefined credential reasoning rule. Based on the priority value in each candidate credential reasoning rule, the target credential reasoning rule is determined from the candidate credential reasoning rules, and the target credential reasoning rule is the candidate credential reasoning rule with the highest priority value. The first credential identifier in the target credential reasoning rule is used as the second credential identifier for matching the current asset record.
[0070] In this embodiment, one record can be selected from all asset records as the current asset record. The credential reasoning engine can then extract asset attribute data from this current asset record, construct an attribute dictionary according to a preset data structure, and then traverse all enabled credential reasoning rules, matching the condition expressions of each credential reasoning rule with the attribute dictionary one by one. For each credential reasoning rule, the engine can determine whether each condition is true according to the operators and logical combinations defined in the condition expression. If all conditions are true, it means that the rule has successfully matched the current asset record.
[0071] After traversing all credential reasoning rules, all credential reasoning rules that successfully match the current asset record are obtained, i.e., candidate credential reasoning rules. These candidate credential reasoning rules are then sorted from highest to lowest priority value, and the first rule in the sorted list is selected as the final target credential reasoning rule. The second credential identifier corresponding to this target credential reasoning rule can then be written into the credential binding field of the current asset record.
[0072] For example, suppose a cloud platform's vault already has multiple pre-defined sets of credentials (e.g., DBA-specific, Linux-wide, Windows-wide), and the predefined credential inference rules are as follows:
[0073] 1. The region is the government extranet and the hostname contains "DB". It is bound to the DBA-only domain and has a priority value of 100. 2. The region is the government extranet and the operating system is Linux. It is bound to the Linux general domain and has a priority value of 50.
[0074] A new asset has arrived, and its asset attribute data includes: Region = Government Extranet Zone, Operating System = Linux, Hostname = db-master-01. The purpose of building the attribute dictionary is to organize these attributes into a key-value structure that can be queried programmatically (equivalent to an attribute dictionary), as follows:
[0075] {
[0076] Region: Government External Network Zone
[0077] Operating System: Linux
[0078] Hostname: "db-master-01"
[0079] }
[0080] Then the credential reasoning engine uses this dictionary to match each rule:
[0081] Rule 1: Region = Government Extranet Zone, Hostname contains "db" → Match successful, priority value is 100;
[0082] Rule 2: Region = Government Extranet Zone, Operating System = Linux → Match successful, priority value is 50;
[0083] Both Rule 1 and Rule 2 are candidate credential reasoning rules. Ultimately, Rule 1 is selected and bound to the DBA only, meaning that Rule 1 is the target credential reasoning rule.
[0084] The first credential identifier in this embodiment and the second credential identifier derived in this step may point to the same credential record, or they may be different. In most scenarios, they are consistent, but in some scenarios they may be different. For example, after the initial delivery password of a database server is written into the asset credential vault, the credential inference rule determines that the server should use the DBA-specific credential set (which may be a high-strength password that has been pre-created in the vault and has been hardened with security), rather than the initial password at the time of delivery.
[0085] Based on the above optional implementation methods, the asset management method of this embodiment further includes, when all credential reasoning rules have been processed and no candidate credential reasoning rules exist, marking the current asset corresponding to the current asset record as a credential pending matching state to suspend pushing to the asset database, and generating a third alarm message to instruct the administrator to handle the anomaly.
[0086] In this embodiment, if no rule matches successfully after traversing all credential reasoning rules, the current asset can be marked as pending credential matching and a third alarm message can be generated, prompting the administrator to check whether there are any coverage blind spots in the rule base or whether there are any abnormal values in the asset attribute data. This current asset will not be pushed to the operation and maintenance audit gateway, thus avoiding the push of an asset that cannot be logged into.
[0087] Optionally, after using the first credential identifier in the target credential inference rule as the second credential identifier for matching the current asset record, the method may further include: generating a matching log for auditing; wherein the matching log includes at least one of the following: asset attribute data involved in the matching, the total number of predefined credential inference rules involved in the matching, a rule list for each candidate credential inference rule, a priority value for each candidate credential inference rule, and the rule identifier of the target credential inference rule and the second credential identifier.
[0088] The credential reasoning engine in this embodiment can synchronously generate a matching log during execution. This log may include: asset attribute data participating in the matching (equivalent to a summary of the asset attribute data input to the credential reasoning engine), the total number of predefined credential reasoning rules participating in the matching (equivalent to the total number of rules traversed), a rule list for each candidate credential reasoning rule (equivalent to a list of successfully matched rules) and their respective priority values, the rule identifier of the target credential reasoning rule, and the second credential identifier. This matching log can be used for post-event auditing, such as tracing which rule was used to determine the credential binding of any asset.
[0089] S140. Push the current asset record to the asset database to achieve asset management.
[0090] In this embodiment, the current asset record can be pushed to the operation and maintenance audit gateway. After receiving the push, the operation and maintenance audit gateway can write the current asset record into its own asset database. The asset corresponding to the current asset record can then enter a state where it can be selected and accessed by operation and maintenance personnel.
[0091] Optionally, the asset management method of this embodiment may further include: if the current asset record fails to be pushed, re-pushing the current asset record according to a preset retry strategy; if the number of retries reaches a preset retry threshold and the current asset record fails to be pushed, marking the current asset record as pending push status and generating a fourth alarm message to instruct the administrator to handle it.
[0092] In this embodiment, the push of asset records may fail due to network interruptions or temporary unavailability of the operation and maintenance audit gateway service. For records whose push fails, the asset management system can add them to a retry queue and retry the push at preset time intervals. The preset retry strategy in this embodiment can adopt a backoff incremental mechanism, that is, the time interval between each retry is gradually extended. This setting can avoid generating a large number of invalid requests when the operation and maintenance audit gateway is continuously unavailable. If it still fails after reaching the maximum number of retries, the asset management system can generate a fourth alarm message to notify the administrator, and mark the record as "push pending". When the gateway is restored to availability, the administrator can manually trigger a full reconciliation, that is, compare all asset records in this asset management system with the asset records already written to the asset database, push missing records and correct inconsistent fields.
[0093] Figure 1d This embodiment provides a full-link flowchart for asset listing. The administrator of the asset management system completes an ITSM work order; the configuration management database writes an asset attribute data list; the ITSM transmits an initial asset password list; the asset attribute data and initial asset passwords are matched and merged based on preset association fields; the initial passwords are written to the password database; the credential reasoning engine binds a second credential identifier based on credential reasoning rules to obtain the final asset record; the asset record is pushed; if the push is successful, the asset becomes accessible; if the push fails, it can be added to the retry queue; if the push consistently fails, an alarm can be generated to instruct the administrator to perform a full reconciliation.
[0094] When the current asset management event is a change in asset attributes, the asset management method in this embodiment may further include:
[0095] Based on the current asset management event, determine the asset object that needs to be changed and the asset attribute data after the change. The asset attribute data after the change includes the changed data. If the changed data involves a conditional expression in a predefined credential reasoning rule, match the predefined credential reasoning rule with the asset attribute data after the change to obtain the current second credential identifier. If the current second credential identifier is different from the historical second credential identifier corresponding to the asset object that needs to be changed, update the historical second credential identifier to the current second credential identifier and update the matching log corresponding to the asset object that needs to be changed. Send a first instruction to the asset database to instruct the asset database to update the asset record corresponding to the asset object that needs to be changed.
[0096] Figure 1e This embodiment provides a flowchart for the linkage of asset attribute changes. When the attribute data of an asset in the configuration management database changes (e.g., IP address change, region adjustment, operating system upgrade, etc.), the asset management system can perform two operations:
[0097] The first step is to determine whether the changed attribute data involves the conditional expression in the credential reasoning rule. If so, the credential reasoning rule matching is re-executed using the changed attribute data; otherwise, no action is required. If the result of the re-reasoning differs from the currently bound reasoning result, the binding result (i.e., the bound second credential identifier) can be updated accordingly and the change log recorded; otherwise, it remains unchanged.
[0098] The second step is to send an update instruction to the operation and maintenance audit gateway after the asset attribute data has been changed. Upon receiving the instruction, the gateway updates the corresponding asset record in its own asset database.
[0099] The above two operations ensure that changes to asset attributes in the configuration management database can be automatically propagated to the credential binding relationship and asset library without the need for manual updates.
[0100] In this embodiment, when asset attributes change, the credential identifier binding and gateway record are automatically updated accordingly. Changes to asset attributes in the configuration management database automatically trigger credential re-inference and gateway asset information synchronization updates. These two operations are completed in conjunction with the system, eliminating the risk of updating only part of the system while neglecting others.
[0101] When the current asset management event is of the asset deletion type, the asset management method of this embodiment may further include: determining the asset object to be deleted based on the current asset management time; and sending a second instruction to the asset database to instruct the asset database to delete the asset record corresponding to the asset object to be deleted.
[0102] Figure 1fThis embodiment provides a flowchart for an asset deletion (removal from shelves) linkage process. When an asset is deleted or marked as removed from shelves in the configuration management database, the asset management system can execute the following linkage operations in sequence after receiving the asset deletion event:
[0103] The system determines whether an active maintenance session exists for the asset to be deleted in the maintenance audit gateway. If it does, it can be handled according to preset policies: such as waiting for the session to end naturally before deletion, immediately notifying the gateway to terminate the relevant session before deletion, or marking it as pending deletion and prohibiting the creation of new sessions. If it does not exist, an asset deletion command can be sent to the maintenance audit gateway, instructing the gateway to remove the asset record from the asset library. The asset will no longer appear in the accessible list of maintenance personnel. If it does not exist, the binding relationship between the asset and the second credential identifier can be removed, and the entry can be removed from the asset record. This embodiment can also record a cleanup log. It should be noted that the asset credentials themselves are not affected in the asset credential vault, because the same set of credentials may be referenced by other assets.
[0104] In this embodiment, asset removal can be linked to cleanup, eliminating residual assets. The asset deletion event triggers linked operations such as gateway asset removal and credential reference unbinding, eliminating the need for administrators to manually clean up in each system separately.
[0105] The technical solution of this embodiment obtains the asset attribute list and asset initial password list corresponding to the current asset management event, wherein the current asset management event is an asset addition type; matches the asset attribute list and asset initial password list according to a preset priority sequence of associated fields to obtain each asset record; each asset record includes successfully matched asset attribute data, asset initial password, and a first credential identifier; the first credential identifier indicates the storage location of the asset initial password in the current asset record; matches the predefined credential reasoning rules with the asset attribute data in the current asset record to obtain a second credential identifier that matches the current asset record, and binds the second credential identifier to the current asset record; the second credential identifier indicates the identity of the asset initial password used when accessing the current asset for maintenance, and the second credential identifier and the first credential identifier indicate the same or different asset initial password; pushes the current asset record to the asset database to realize asset management. By adopting the technical means of data merging and matching, and automatic credential reasoning and binding based on multi-dimensional asset attribute data, this solution solves the problem that existing technologies have multiple independent manual operation links, and these links lack automated linkage, resulting in long asset management time and high error probability, thus improving the efficiency and accuracy of asset management.
[0106] Figure 2 This is a schematic diagram of an asset management device provided in an embodiment of the present invention. Figure 2As shown, the device includes: a data acquisition module 210, an asset record acquisition module 220, a credential binding module 230, and an asset record push module 240. Wherein:
[0107] The data acquisition module 210 is used to acquire the asset attribute list and asset initial password list corresponding to the current asset management event, wherein the current asset management event is an asset addition type;
[0108] The asset record acquisition module 220 is used to match the asset attribute list and the asset initial password list according to a preset priority sequence of associated fields to acquire each asset record; each asset record includes successfully matched asset attribute data, asset initial password and first credential identifier; the first credential identifier indicates the storage location of the asset initial password in the current asset record;
[0109] Credential binding module 230 is used to match predefined credential reasoning rules with asset attribute data in the current asset record, obtain a second credential identifier that matches the current asset record, and bind the second credential identifier to the current asset record; the second credential identifier represents the identity of the initial asset password used when accessing the current asset for maintenance, and the second credential identifier and the first credential identifier indicate the same or different initial asset password;
[0110] The asset record push module 240 is used to push the current asset record to the asset database to achieve asset management.
[0111] The technical solution of this invention obtains an asset attribute list and an asset initial password list corresponding to the current asset management event, wherein the current asset management event is an asset addition type; matches the asset attribute list and the asset initial password list according to a preset priority sequence of associated fields to obtain each asset record; each asset record includes successfully matched asset attribute data, asset initial password, and a first credential identifier; the first credential identifier indicates the storage location of the asset initial password in the current asset record; matches the predefined credential reasoning rules with the asset attribute data in the current asset record to obtain a second credential identifier that matches the current asset record, and binds the second credential identifier to the current asset record; the second credential identifier indicates the identity of the asset initial password used when accessing the current asset for maintenance, and the second credential identifier and the first credential identifier indicate the same or different asset initial password; pushes the current asset record to the asset database to achieve asset management. This solution uses data merging and matching, and automatic credential reasoning and binding based on multi-dimensional asset attribute data to solve the problem of multiple independent manual operation steps in the prior art, which lack automated linkage between these steps, resulting in long asset management time and high error probability, thus improving the efficiency and accuracy of asset management.
[0112] Optionally, the data acquisition module 210 can be used for:
[0113] Obtain the asset attribute list at the first time point, and obtain the asset initial password list at the second time point;
[0114] If the first time point is earlier than the second time point, the asset attribute list is stored in a temporary queue and a first temporary record is generated. When the initial password list of assets is obtained at the second time point, an operation is triggered to match the asset attribute list and the initial password list of assets according to a preset priority sequence of associated fields. The first temporary record includes asset attribute data, the first time point, and the source identifier of the first list.
[0115] If the second time point is earlier than the first time point, the initial password list of assets is stored in the temporary queue and a second temporary record is generated. When the asset attribute list is obtained at the first time point, an operation is triggered to match the asset attribute list and the initial password list of assets according to a preset priority sequence of related fields. The second temporary record includes the initial password data of assets, the second time point, and the source identifier of the second list.
[0116] Optional, the asset record acquisition module 220 can be used for:
[0117] The current preset associated field is determined based on the preset associated field priority sequence;
[0118] The first result is obtained by querying the asset attribute list based on the current preset association field, and the second result is obtained by querying the asset initial password list based on the current preset association field.
[0119] If the quantity of the first result and the second result are both 1, the second result is written into the asset vault to obtain the first credential identifier. The first result, the second result and the first credential identifier are combined to obtain an asset record.
[0120] If the number of the first result and the second result are inconsistent and both are not empty, then the next priority preset association field is determined as the current preset association field, and the operation of querying the asset attribute list and the asset initial password list based on the current preset association field is returned until the number of the first result and the second result are both 1, and an asset record is obtained.
[0121] If the number of the first result and the second result corresponding to each preset associated field are inconsistent and both are not empty, a first alarm message is generated to instruct the administrator to handle it.
[0122] Optionally, the asset management device further includes a first alarm processing module, used for:
[0123] If both the first and second results corresponding to all preset associated fields contain empty results, a second alarm message is generated to instruct the administrator to handle the situation.
[0124] Optionally, the predefined credential reasoning rule includes a conditional expression, the first credential identifier, and a priority value;
[0125] Credential binding module 230 can be used for:
[0126] The asset attribute data in the current asset record is processed according to a preset data structure to obtain the current attribute dictionary;
[0127] The predefined credential reasoning rules are matched one by one with the current attribute dictionary;
[0128] If the conditional expression in the current credential reasoning rule is true, it is determined that the current credential reasoning rule and the current attribute dictionary are successfully matched.
[0129] After all credential reasoning rules have been processed, each candidate credential reasoning rule is obtained, and each candidate credential reasoning rule is a predefined credential reasoning rule that has been successfully matched.
[0130] Based on the priority values in each of the candidate credential reasoning rules, a target credential reasoning rule is determined from each of the candidate credential reasoning rules, wherein the target credential reasoning rule is the candidate credential reasoning rule with the highest priority value;
[0131] The first credential identifier in the target credential inference rule is used as the second credential identifier to match the current asset record.
[0132] Optionally, the asset management device further includes a second alarm processing module, used for:
[0133] If all credential reasoning rules have been processed and the candidate credential reasoning rules do not exist, the current asset corresponding to the current asset record is marked as a credential pending matching state to suspend the push to the asset database, and a third alarm message is generated to instruct the administrator to handle the anomaly.
[0134] Optionally, the asset management device further includes a matching log generation module, used to: after using the first credential identifier in the target credential inference rule as the second credential identifier for matching the current asset record:
[0135] Generate matching logs for auditing purposes;
[0136] The matching log includes at least one of the following: asset attribute data participating in the matching, the total number of predefined credential reasoning rules participating in the matching, a rule list for each candidate credential reasoning rule, a priority value for each candidate credential reasoning rule, a rule identifier for the target credential reasoning rule, and a second credential identifier.
[0137] Optionally, if the current asset management event is an asset attribute change type, then the asset management device further includes an asset change processing module, used for:
[0138] Based on the current asset management event, determine the asset objects that need to be changed and the asset attribute data after the change, wherein the asset attribute data after the change includes the changed data;
[0139] When the changed data involves a conditional expression in the predefined credential reasoning rule, the predefined credential reasoning rule is matched with the changed asset attribute data to obtain the current second credential identifier;
[0140] If the current second credential identifier is different from the historical second credential identifier corresponding to the asset object that needs to be changed, the historical second credential identifier is updated to the current second credential identifier, and the matching log corresponding to the asset object that needs to be changed is updated.
[0141] Send a first instruction to the asset database to instruct the asset database to update the asset record corresponding to the asset object that needs to be changed.
[0142] Optionally, if the current asset management event is an asset deletion type, then the asset management device further includes an asset deletion processing module, used for:
[0143] The asset objects to be deleted are determined based on the current asset management time.
[0144] A second instruction is sent to the asset database to instruct the asset database to delete the asset record corresponding to the asset object to be deleted.
[0145] Optionally, the asset management device further includes a retry push recording module, used for:
[0146] If the current asset record fails to be pushed, the current asset record will be pushed again according to the preset retry strategy;
[0147] If the number of retries reaches the preset retry threshold and the current asset record fails to be pushed, the current asset record will be marked as pending push status, and a fourth alarm message will be generated to instruct the administrator to handle it.
[0148] The asset management device provided in this embodiment of the invention can execute the asset management method provided in any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the method.
[0149] Figure 3 A schematic diagram of an electronic device 300 that can be used to implement embodiments of the present invention is shown. The electronic device is intended to represent various forms of digital computers or various forms of mobile devices. The components shown herein, their connections and relationships, and their functions are merely illustrative and are not intended to limit the implementation of the invention described and / or claimed herein.
[0150] like Figure 3 As shown, the electronic device 300 includes at least one processor 301 and a memory, such as a read-only memory (ROM) 302 or a random access memory (RAM) 303, communicatively connected to the at least one processor 301. The memory stores computer programs executable by the at least one processor. The processor 301 can perform various appropriate actions and processes based on the computer program stored in the ROM 302 or loaded into the RAM 303 from storage unit 308. The RAM 303 can also store various programs and data required for the operation of the electronic device 300. The processor 301, ROM 302, and RAM 303 are interconnected via a bus 304. An input / output (I / O) interface 305 is also connected to the bus 304.
[0151] Multiple components in electronic device 300 are connected to I / O interface 305, including: input unit 306, such as keyboard, mouse, etc.; output unit 307, such as various types of displays, speakers, etc.; storage unit 308, such as disk, optical disk, etc.; and communication unit 309, such as network card, modem, wireless transceiver, etc. Communication unit 309 allows electronic device 300 to exchange information / data with other devices through computer networks such as the Internet and / or various telecommunications networks.
[0152] Processor 301 can be a variety of general-purpose and / or special-purpose processing components with processing and computing capabilities. Some examples of processor 301 include, but are not limited to, a central processing unit (CPU), a graphics processing unit (GPU), various special-purpose artificial intelligence (AI) computing chips, various processors running machine learning model algorithms, a digital signal processor (DSP), and any suitable processor, controller, microcontroller, etc. Processor 301 performs the various methods and processes described above, such as asset management methods.
[0153] In some embodiments, the asset management method may be implemented as a computer program tangibly contained in a computer-readable storage medium, such as storage unit 308. In some embodiments, part or all of the computer program may be loaded and / or mounted on electronic device 300 via ROM 302 and / or communication unit 309. When the computer program is loaded into RAM 303 and executed by processor 301, one or more steps of the asset management method described above may be performed. Alternatively, in other embodiments, processor 301 may be configured to perform the asset management method by any other suitable means (e.g., by means of firmware).
[0154] Various embodiments of the systems and techniques described above herein can be implemented in digital electronic circuit systems, integrated circuit systems, field-programmable gate arrays (FPGAs), application-specific integrated circuits (ASICs), application-specific standard products (ASSPs), systems-on-a-chip (SoCs), payload-programmable logic devices (CPLDs), computer hardware, firmware, software, and / or combinations thereof. These various embodiments may include implementations in one or more computer programs that can be executed and / or interpreted on a programmable system including at least one programmable processor, which may be a dedicated or general-purpose programmable processor, capable of receiving data and instructions from a storage system, at least one input device, and at least one output device, and transmitting data and instructions to the storage system, the at least one input device, and the at least one output device.
[0155] Computer programs used to implement the methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing device, such that when executed by the processor, the computer programs cause the functions / operations specified in the flowcharts and / or block diagrams to be performed. The computer programs may be executed entirely on a machine, partially on a machine, or as a standalone software package, partially on a machine and partially on a remote machine, or entirely on a remote machine or server.
[0156] In the context of this invention, a computer-readable storage medium can be a tangible medium that may contain or store a computer program for use by or in conjunction with an instruction execution system, apparatus, or device. A computer-readable storage medium may include, but is not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, apparatus, or devices, or any suitable combination thereof. Alternatively, a computer-readable storage medium may be a machine-readable signal medium. More specific examples of machine-readable storage media include electrical connections based on one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fibers, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination thereof.
[0157] To provide interaction with a user, the systems and techniques described herein can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to the user; and a keyboard and pointing device (e.g., a mouse or trackball) through which the user provides input to the electronic device. Other types of devices can also be used to provide interaction with the user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form (including sound input, voice input, or tactile input).
[0158] The systems and technologies described herein can be implemented in computing systems that include backend components (e.g., as data servers), or middleware components (e.g., application servers), or frontend components (e.g., user computers with graphical user interfaces or web browsers through which users can interact with implementations of the systems and technologies described herein), or any combination of such backend, middleware, or frontend components. The components of the system can be interconnected via digital data communication of any form or medium (e.g., communication networks). Examples of communication networks include local area networks (LANs), wide area networks (WANs), blockchain networks, and the Internet.
[0159] A computing system can include clients and servers. Clients and servers are generally located far apart and typically interact through communication networks. The client-server relationship is created by computer programs running on the respective computers and having a client-server relationship with each other. The server can be a cloud server, also known as a cloud computing server or cloud host, which is a hosting product within the cloud computing service system to address the shortcomings of traditional physical hosts and VPS services, such as high management difficulty and weak business scalability.
[0160] It should be understood that the various forms of processes shown above can be used, with steps reordered, added, or deleted. For example, the steps described in this invention can be executed in parallel, sequentially, or in different orders, as long as the desired result of the technical solution of this invention can be achieved, and this is not limited herein.
[0161] The specific embodiments described above do not constitute a limitation on the scope of protection of this invention. Those skilled in the art should understand that various modifications, combinations, sub-combinations, and substitutions can be made according to design requirements and other factors. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of this invention should be included within the scope of protection of this invention.
Claims
1. A method for asset management, characterized in that, include: Obtain the list of asset attributes and the list of initial asset passwords corresponding to the current asset management event, wherein the current asset management event is an asset addition type; The asset attribute list and the asset initial password list are matched according to a preset priority sequence of associated fields to obtain each asset record; each asset record includes successfully matched asset attribute data, asset initial password and first credential identifier; the first credential identifier indicates the storage location of the asset initial password in the current asset record; The predefined credential reasoning rules are matched with the asset attribute data in the current asset record to obtain a second credential identifier that matches the current asset record, and the second credential identifier is bound to the current asset record; the second credential identifier represents the identity of the initial asset password used when performing operation and maintenance access to the current asset, and the second credential identifier and the first credential identifier indicate the same or different initial asset password; The current asset record is pushed to the asset repository to achieve asset management.
2. The method according to claim 1, characterized in that, Retrieve the list of asset attributes and the list of initial asset passwords corresponding to the current asset management event, including: Obtain the asset attribute list at the first time point, and obtain the asset initial password list at the second time point; If the first time point is earlier than the second time point, the asset attribute list is stored in a temporary queue and a first temporary record is generated. When the initial password list of assets is obtained at the second time point, an operation is triggered to match the asset attribute list and the initial password list of assets according to a preset priority sequence of associated fields. The first temporary record includes asset attribute data, the first time point, and the source identifier of the first list. If the second time point is earlier than the first time point, the initial password list of assets is stored in the temporary queue and a second temporary record is generated. When the asset attribute list is obtained at the first time point, an operation is triggered to match the asset attribute list and the initial password list of assets according to a preset priority sequence of related fields. The second temporary record includes the initial password data of assets, the second time point, and the source identifier of the second list.
3. The method according to claim 1, characterized in that, The asset attribute list and the asset initial password list are matched according to a preset priority sequence of associated fields to obtain each asset record, including: The current preset associated field is determined based on the preset associated field priority sequence; The first result is obtained by querying the asset attribute list based on the current preset association field, and the second result is obtained by querying the asset initial password list based on the current preset association field. If the quantity of the first result and the second result are both 1, the second result is written into the asset vault to obtain the first credential identifier. The first result, the second result and the first credential identifier are combined to obtain an asset record. If the number of the first result and the second result are inconsistent and both are not empty, then the next priority preset association field is determined as the current preset association field, and the operation of querying the asset attribute list and the asset initial password list based on the current preset association field is returned until the number of the first result and the second result are both 1, and an asset record is obtained. If the number of the first result and the second result corresponding to each preset associated field are inconsistent and both are not empty, a first alarm message is generated to instruct the administrator to handle it.
4. The method according to claim 3, characterized in that, Also includes: If both the first and second results corresponding to all preset associated fields contain empty results, a second alarm message is generated to instruct the administrator to handle the situation.
5. The method according to claim 1, characterized in that, The predefined credential reasoning rule includes a conditional expression, the first credential identifier, and a priority value; Matching predefined credential reasoning rules with asset attribute data in the current asset record to obtain a second credential identifier that matches the current asset record includes: The asset attribute data in the current asset record is processed according to a preset data structure to obtain the current attribute dictionary; The predefined credential reasoning rules are matched one by one with the current attribute dictionary; If the conditional expression in the current credential reasoning rule is true, it is determined that the current credential reasoning rule and the current attribute dictionary are successfully matched. After all credential reasoning rules have been processed, each candidate credential reasoning rule is obtained, and each candidate credential reasoning rule is a predefined credential reasoning rule that has been successfully matched. Based on the priority values in each of the candidate credential reasoning rules, a target credential reasoning rule is determined from each of the candidate credential reasoning rules, wherein the target credential reasoning rule is the candidate credential reasoning rule with the highest priority value; The first credential identifier in the target credential inference rule is used as the second credential identifier to match the current asset record.
6. The method according to claim 5, characterized in that, Also includes: If all credential reasoning rules have been processed and the candidate credential reasoning rules do not exist, the current asset corresponding to the current asset record is marked as a credential pending matching state to suspend the push to the asset database, and a third alarm message is generated to instruct the administrator to handle the anomaly. After using the first credential identifier in the target credential inference rule as the second credential identifier for matching the current asset record, the method further includes: Generate matching logs for auditing purposes; The matching log includes at least one of the following: asset attribute data participating in the matching, the total number of predefined credential reasoning rules participating in the matching, a rule list for each candidate credential reasoning rule, a priority value for each candidate credential reasoning rule, a rule identifier for the target credential reasoning rule, and a second credential identifier.
7. The method according to claim 5, wherein the current asset management event is an asset attribute change type, characterized in that, Also includes: Based on the current asset management event, determine the asset objects that need to be changed and the asset attribute data after the change, wherein the asset attribute data after the change includes the changed data; When the changed data involves a conditional expression in the predefined credential reasoning rule, the predefined credential reasoning rule is matched with the changed asset attribute data to obtain the current second credential identifier; If the current second credential identifier is different from the historical second credential identifier corresponding to the asset object that needs to be changed, the historical second credential identifier is updated to the current second credential identifier, and the matching log corresponding to the asset object that needs to be changed is updated. Send a first instruction to the asset database to instruct the asset database to update the asset record corresponding to the asset object that needs to be changed.
8. The method according to claim 1, wherein the current asset management event is an asset deletion type, characterized in that, Also includes: The asset objects to be deleted are determined based on the current asset management time. A second instruction is sent to the asset database to instruct the asset database to delete the asset record corresponding to the asset object to be deleted.
9. The method according to claim 1, characterized in that, Also includes: If the current asset record fails to be pushed, the current asset record will be pushed again according to the preset retry strategy; If the number of retries reaches the preset retry threshold and the current asset record fails to be pushed, the current asset record will be marked as pending push status, and a fourth alarm message will be generated to instruct the administrator to handle it.
10. An asset management device, characterized in that, include: The data acquisition module is used to acquire the asset attribute list and asset initial password list corresponding to the current asset management event, wherein the current asset management event is an asset addition type; The asset record acquisition module is used to match the asset attribute list and the asset initial password list according to a preset priority sequence of associated fields to acquire each asset record; each asset record includes successfully matched asset attribute data, asset initial password and first credential identifier; the first credential identifier indicates the storage location of the asset initial password in the current asset record; The credential binding module is used to match predefined credential reasoning rules with asset attribute data in the current asset record, obtain a second credential identifier that matches the current asset record, and bind the second credential identifier to the current asset record; the second credential identifier represents the identity of the initial asset password used when performing operation and maintenance access to the current asset, and the second credential identifier and the first credential identifier indicate the same or different initial asset password; The asset record push module is used to push the current asset record to the asset database to achieve asset management.
11. An electronic device, characterized in that, The electronic device includes: At least one processor; and A memory communicatively connected to the at least one processor; wherein, The memory stores a computer program that can be executed by the at least one processor, the computer program being executed by the at least one processor to enable the at least one processor to perform an asset management method according to any one of claims 1-9.
12. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer instructions that, when executed by a processor, implement an asset management method according to any one of claims 1-9.