A network security war-time guarantee task-based process tracking method and system
By employing a process tracing method that receives task creation instructions, monitors and repairs abnormal data, and monitors external interference to generate decision reports, the problem of time-consuming and labor-intensive data aggregation in critical protection tasks has been solved. This method enables rapid tracking and summarizing of the task process, thereby improving efficiency.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- PETROCHINA CO LTD
- Filing Date
- 2025-01-10
- Publication Date
- 2026-07-14
AI Technical Summary
In existing critical support missions, mission managers need to collect and organize data from various functional modules of the system, which is time-consuming and labor-intensive, and makes it impossible to quickly track and summarize wartime support missions.
A process tracking method based on wartime cybersecurity support missions is adopted, which includes receiving mission creation instructions, monitoring mission content, identifying abnormal data, repairing abnormal data, monitoring external interference, generating decision reports, and summarizing the mission process.
It enables rapid tracking and summarization of wartime support tasks, supports full-process traceability, reduces manual operations, and improves efficiency.
Smart Images

Figure CN122394814A_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of wartime cybersecurity support technology, and relates to a process tracking method and system based on wartime cybersecurity support tasks. Background Technology
[0002] In the existing process of handling critical security missions, it has been found that mission managers inspect the network security status of the mission area at the beginning of the mission; during the execution of the mission, they need to monitor network security changes in the mission area in real time; and after the mission is completed, mission personnel also need to summarize the mission and output a mission report for archiving. In the previous implementation of critical security missions, the system supporting the mission could meet the needs of mission managers at each stage, but mission managers needed to summarize and extract effective information from various functional modules of the system for analysis and judgment; at the end of the mission, mission personnel needed to manually summarize and fill in the data extracted from each stage and write a mission summary report for archiving. This is very time-consuming and labor-intensive, and cannot quickly track and summarize wartime support missions. Summary of the Invention
[0003] The purpose of this invention is to solve the problems in the prior art and provide a process tracking method and system based on wartime network security support missions.
[0004] To achieve the above objectives, the present invention employs the following technical solution: This invention proposes a process tracking method for wartime cybersecurity support missions, comprising: Receive task creation instructions and create the corresponding task content; Monitor the task content to determine if there is any abnormal data. If so, issue an alarm and repair the abnormal data. Monitor external interference encountered during task execution and display it in real time; Based on the interference information presented, security data is detected, and a decision report is generated. Summarize the task process and obtain a summary report.
[0005] Preferably, the creation of the corresponding task content specifically includes: creating a task name, detecting task data within a specified time period, obtaining network segment isolation information within a specified time period, and exercise task information.
[0006] Preferably, the step of monitoring the task content to determine whether there is abnormal data specifically involves: View vulnerability data, weak passwords, configuration verification data, and alarm data within the scope of the task; Based on the vulnerability data examined, the vulnerability type, severity, and scope of impact are obtained, and then the vulnerability data is patched. Based on the detected weak password information, the current weak password is compared with historical data. If an account suddenly has a weak password problem, the current weak password is considered an abnormal signal. Based on the detected configuration verification data, a known good configuration baseline is established. The current configuration is compared with the configuration baseline. If there are any discrepancies with the baseline, the configuration verification data is considered to contain abnormal data. If the detected alarm data differs in type and frequency from historical alarm data, the current alarm data is considered an abnormal signal.
[0007] Preferably, the abnormal data repair includes: repairing vulnerability data, specifically: prioritizing repair tasks based on the acquired vulnerability type, severity, and scope of impact, and performing a complete data backup before repair; repairing known vulnerabilities based on security patches and updates, or modifying or deleting the code that caused the vulnerability; rerunning the security scan to confirm that the vulnerability has been repaired; and testing the repaired data to ensure the accuracy and integrity of the data.
[0008] Preferably, the abnormal data repair further includes: repairing abnormal weak password information, specifically: processing the abnormal weak password information into strong passwords, regularly changing passwords and increasing password complexity; encrypting password storage, using a hash algorithm to salt the passwords; and limiting the number of password attempts.
[0009] Preferably, the abnormal data repair further includes: repairing abnormal configuration verification data, specifically: determining repair priorities based on the severity and scope of impact of the abnormal configuration; backing up the current configuration; determining the root cause of the abnormal configuration based on fault tree analysis; modifying the configuration, updating software, and upgrading hardware to complete the abnormal data repair.
[0010] Preferably, the repair of abnormal data further includes: repairing abnormal alarm data, specifically: analyzing abnormal alarms based on fault diagnosis tools to obtain the cause of the fault, and then determining the repair time, repair steps and required resources; executing repair operations according to the repair plan to ensure that all steps are correct; and after the repair is completed, verifying whether the system has returned to normal operation and whether the abnormal alarms have been correctly repaired.
[0011] Preferably, the external interference encountered during the execution of the monitoring task specifically includes: deploying security measures during the task execution process, and monitoring attack sources, threats, and assets. The security deployment refers to the current operational status of the mission, including duty information, security equipment deployment information, and response and handling information; The attack source monitoring involves statistically analyzing the IP address, network segment, attack time, and number of attacks to inform user decision-making. The threat monitoring displays the number of threat attacks from two perspectives: the highest frequency and the most successful attacks, to assist personnel in making decisions. The asset monitoring involves counting the number of compromised assets and the number of asset-related attack alerts.
[0012] This invention proposes a process tracking system for wartime cybersecurity support missions, comprising: A creation module is used to receive task creation instructions and create corresponding task content. The judgment module is used to monitor the task content, determine whether there is abnormal data, and if so, issue an alarm and repair the abnormal data. The monitoring module is used to monitor external interference encountered during task execution and display it in real time. The detection module is used to detect security data based on the displayed interference information, and then generate a decision report; The summary module is used to summarize the task process and obtain a summary report.
[0013] A terminal device includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the steps of a process tracing method based on a wartime cybersecurity assurance mission.
[0014] Compared with the prior art, the present invention has the following beneficial effects: This invention proposes a process tracking method for wartime cybersecurity support missions. The method involves creating corresponding task content through task creation instructions; monitoring the task content to determine the presence of abnormal data; monitoring external interference encountered during task execution and displaying this information in real time; detecting security data based on the displayed interference information and generating a decision report; and summarizing the task process to obtain a summary report. This invention enables rapid tracking of wartime support mission processes, supports full-process tracing of historical critical support missions, retains critical support missions based on their initial settings, and allows for timely task summaries.
[0015] This invention proposes a process tracking system for wartime cybersecurity support missions. By dividing the system into a creation module, a judgment module, a monitoring module, a detection module, and a summary module, and obtaining a summary report, it achieves process tracking for wartime cybersecurity support missions. The modular approach ensures that each module is independent, facilitating unified management of all modules. Attached Figure Description
[0016] To more clearly illustrate the technical solutions of the embodiments of the present invention, the accompanying drawings used in the embodiments will be briefly introduced below. It should be understood that the following drawings only show some embodiments of the present invention and should not be regarded as a limitation on the scope. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.
[0017] Figure 1 This is a flowchart illustrating the process tracking method for wartime cybersecurity support missions according to the present invention.
[0018] Figure 2 A schematic diagram of the critical protection task execution process.
[0019] Figure 3 This is a diagram of the interface for managing major security tasks.
[0020] Figure 4 A schematic diagram for a newly established major guarantee task.
[0021] Figure 5 This is a schematic diagram of the pre-battle self-check defense interface.
[0022] Figure 6 This is a schematic diagram of the wartime detection and handling interface.
[0023] Figure 7 This is a diagram of a post-war summary report.
[0024] Figure 8 This is a schematic diagram of the process tracking system for wartime cybersecurity support missions according to the present invention.
[0025] Figure 9 This is a schematic diagram of the structure of an electronic device according to the present invention. Detailed Implementation
[0026] To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. The components of the embodiments of the present invention described and shown in the accompanying drawings can generally be arranged and designed in various different configurations.
[0027] Therefore, the following detailed description of the embodiments of the invention provided in the accompanying drawings is not intended to limit the scope of the claimed invention, but merely to illustrate selected embodiments of the invention. All other embodiments obtained by those skilled in the art based on the embodiments of the invention without inventive effort are within the scope of protection of the invention.
[0028] It should be noted that similar labels and letters in the following figures indicate similar items. Therefore, once an item is defined in one figure, it does not need to be further defined and explained in subsequent figures.
[0029] In the description of the embodiments of the present invention, it should be noted that if terms such as "upper," "lower," "horizontal," or "inner" indicate the orientation or positional relationship based on the orientation or positional relationship shown in the accompanying drawings, or the orientation or positional relationship commonly used when the product of the invention is in use, they are only for the convenience of describing the present invention and simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, or be constructed and operated in a specific orientation, and therefore should not be construed as a limitation of the present invention. Furthermore, terms such as "first" and "second" are only used to distinguish descriptions and should not be construed as indicating or implying relative importance.
[0030] Furthermore, the use of the term "horizontal" does not imply that the component must be absolutely horizontal, but rather that it can be slightly tilted. For example, "horizontal" simply means that its direction is more horizontal than "vertical," and does not mean that the structure must be completely horizontal, but can be slightly tilted.
[0031] In the description of the embodiments of the present invention, it should also be noted that, unless otherwise explicitly specified and limited, the terms "set," "install," "connect," and "link" should be interpreted broadly. For example, they can refer to a fixed connection, a detachable connection, or an integral connection; they can refer to a mechanical connection or an electrical connection; they can refer to a direct connection or an indirect connection through an intermediate medium; and they can refer to the internal connection of two components. Those skilled in the art can understand the specific meaning of the above terms in the present invention according to the specific circumstances.
[0032] The present invention will now be described in further detail with reference to the accompanying drawings: See Figure 1 This invention discloses a process tracking method for wartime cybersecurity support missions, comprising: S1: Receive the task creation instruction and create the corresponding task content; Create task names, detect task data within a specified time period; obtain network segment isolation information and exercise task information within the specified time period.
[0033] S2: Monitor the task content to determine if there is any abnormal data. If so, issue an alarm and repair the abnormal data. Monitor the task content to determine if there is any abnormal data, specifically: View vulnerability data, weak passwords, configuration verification data, and alarm data within the scope of the task; Based on the vulnerability data examined, the vulnerability type, severity, and scope of impact are obtained, and then the vulnerability data is patched. Based on the detected weak password information, the current weak password is compared with historical data. If an account suddenly has a weak password problem, the current weak password is considered an abnormal signal. Based on the detected configuration verification data, a known good configuration baseline is established. The current configuration is compared with the configuration baseline. If there are any discrepancies with the baseline, the configuration verification data is considered to contain abnormal data. If the detected alarm data differs in type and frequency from historical alarm data, the current alarm data is considered an abnormal signal.
[0034] Repairing abnormal data includes: repairing vulnerable data, specifically: prioritizing repair tasks based on the type, severity, and scope of the vulnerabilities obtained, and performing a complete backup of the data before repair; repairing known vulnerabilities based on security patches and updates, or modifying or deleting code that may lead to vulnerabilities; rerunning security scans to confirm that vulnerabilities have been repaired; and testing the repaired data to ensure its accuracy and integrity.
[0035] Repairing abnormal data also includes: repairing abnormal weak password information, specifically: processing abnormal weak password information into strong passwords, regularly changing passwords and increasing password complexity; encrypting password storage, using hash algorithms to salt passwords; and limiting the number of password attempts.
[0036] Repairing abnormal data also includes repairing abnormal configuration verification data, specifically: determining repair priorities based on the severity and scope of the abnormal configuration; backing up the current configuration; determining the root cause of the abnormal configuration based on fault tree analysis; modifying the configuration, updating software, and upgrading hardware to complete the repair of abnormal data.
[0037] Repairing abnormal data also includes repairing abnormal alarm data. Specifically, this involves analyzing abnormal alarms using troubleshooting tools to identify the cause of the fault, and then determining the repair time, repair steps, and required resources. The repair operation is then performed according to the repair plan to ensure that all steps are correct. After the repair is completed, the system is verified to have returned to normal operation and that the abnormal alarms have been correctly repaired.
[0038] S3: Monitor external interference encountered during task execution and display it in real time; During the mission execution, security deployments are carried out, and attack source monitoring, threat monitoring, and asset monitoring are performed. The security deployment refers to the current operational status of the mission, including duty information, security equipment deployment information, and response and handling information; The attack source monitoring involves statistically analyzing the IP address, network segment, attack time, and number of attacks to inform user decision-making. The threat monitoring displays the number of threat attacks from two perspectives: the highest frequency and the most successful attacks, to assist personnel in making decisions. The asset monitoring involves counting the number of compromised assets and the number of asset-related attack alerts.
[0039] S4: Based on the displayed interference information, detect the security data and then generate a decision report; S5: Summarize the task process and obtain a summary report.
[0040] Specifically, this invention discloses a process tracking method for wartime cybersecurity support missions, including: mission creation, pre-war self-inspection and defense, wartime detection and handling, and post-war summary report.
[0041] like Figure 2 As shown in the task creation section, task creation includes five core parts: Task Name Setting: Specify the name of this critical protection task, which can independently represent this task; Preparation phase settings: This corresponds to the pre-war self-inspection and defense phase. All task data generated during this period belongs to the pre-war self-inspection and defense phase and can be visualized during this phase. Combat Phase Settings: Corresponds to wartime detection and handling. Task data generated during this time period belongs to the wartime detection and handling phase and can be viewed on the wartime dashboard. Task network segment settings: The network segment corresponds to the business part division. Through network segment isolation, it is indicated that the current critical protection task is carried out within the range; Security deployment settings: including basic configuration of critical security tasks such as drill personnel, shifts, security equipment, and number of responses, and detailed division of tasks.
[0042] The pre-battle self-check defense mainly involves summarizing and reviewing security data within the mission scope based on the time set during the mission preparation phase. This includes checking for vulnerabilities, weak passwords, configuration verification, and alarm data. The mission content is monitored to determine if there is any abnormal data. If so, an alarm is triggered, and the abnormal data is repaired.
[0043] The wartime detection and handling mainly involves displaying and viewing security data during the mission execution period based on the time set during the wartime phase of the mission, including security deployment, attack source monitoring, threat monitoring, and asset monitoring; The security deployment refers to the current operational status of the mission, including duty information, security equipment deployment information, and response and handling information; The attack source monitoring involves statistically analyzing the IP address, network segment, attack time, and number of attacks to inform user decision-making. The threat monitoring displays the number of threat attacks from two perspectives: the highest frequency and the most successful attacks, to assist personnel in making decisions. The asset monitoring system counts the number of compromised assets and the number of asset-related attack alerts, reflecting the current asset security status.
[0044] The post-war summary report is generated automatically by the system after the completion of the critical protection mission, using data from pre-war self-inspection and defense and wartime detection and handling. The report is then available for download by the user. It analyzes network security data within the scope of the mission in three phases: pre-war, wartime, and post-war, and provides basic analysis.
[0045] See Figure 3 The critical protection mission management page allows users to view, create, edit, and delete critical protection missions, and provides access to pre-war, wartime, and post-war pages; see also Figure 4 A new page for critical protection tasks has been added, allowing users to initiate critical protection tasks with a single click after filling in the parameters. The preparation phase corresponds to pre-battle defense self-checks, while the actual battle phase corresponds to wartime detection and handling. The monitored asset network segments represent the scope of business data in the pre-battle, wartime, and post-battle phases. (See also...) Figure 5 The pre-battle self-assessment and defense page displays business data during the preparation phase, including vulnerabilities, weak passwords, configuration checks, and alerts; see also Figure 6 The wartime detection and response page displays operational data during the operational phase, including security deployment, attack source monitoring, threat monitoring, and asset monitoring; see also Figure 7 The post-battle summary report is available for download after the critical protection mission is completed. It displays relevant business data in stages before, during, and after the battle, facilitating the final reporting by mission personnel.
[0046] Example 2 This invention discloses a process tracking system for wartime cybersecurity support missions. See [link to relevant documentation]. Figure 8 ,include: A creation module is used to receive task creation instructions and create corresponding task content. The judgment module is used to monitor the task content, determine whether there is abnormal data, and if so, issue an alarm and repair the abnormal data. The monitoring module is used to monitor external interference encountered during task execution and display it in real time. The detection module is used to detect security data based on the displayed interference information, and then generate a decision report; The summary module is used to summarize the task process and obtain a summary report.
[0047] Example 3 Please see Figure 9 As shown, the present invention also provides an electronic device 100 for a process tracking method based on wartime network security support missions; the electronic device 100 includes a memory 101, at least one processor 102, a computer program 103 stored in the memory 101 and executable on the at least one processor 102, and at least one communication bus 104.
[0048] The memory 101 can be used to store the computer program 103. The processor 102 implements the process tracking method steps of the network security wartime support mission described in Embodiment 1 by running or executing the computer program stored in the memory 101 and calling the data stored in the memory 101. The memory 101 may mainly include a program storage area and a data storage area. The program storage area may store the operating system, at least one application program required for a function (such as sound playback function, image playback function, etc.), etc.; the data storage area may store data created according to the use of the electronic device 100 (such as audio data), etc. In addition, the memory 101 may include non-volatile memory, such as hard disk, memory, plug-in hard disk, smart media card (SMC), secure digital (SD) card, flash card, at least one disk storage device, flash memory device, or other non-volatile solid-state storage device.
[0049] The at least one processor 102 may be a Central Processing Unit (CPU), or other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The processor 102 may be a microprocessor or any conventional processor. The processor 102 is the control center of the electronic device 100, connecting various parts of the electronic device 100 via various interfaces and lines.
[0050] The memory 101 in the electronic device 100 stores multiple instructions to implement a process tracking method based on wartime network security support missions, and the processor 102 can execute the multiple instructions to achieve the following: Receive task creation instructions and create the corresponding task content; Monitor the task content to determine if there is any abnormal data. If so, issue an alarm and repair the abnormal data. Monitor external interference encountered during task execution and display it in real time; Based on the interference information presented, security data is detected, and a decision report is generated. Summarize the task process and obtain a summary report.
[0051] Example 4 If the modules / units integrated in the electronic device 100 are implemented as software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, all or part of the processes in the methods of the above embodiments can also be implemented by a computer program instructing related hardware. The computer program can be stored in a computer-readable storage medium, and when executed by a processor, it can implement the steps of the various method embodiments described above. The computer program includes computer program code, which can be in the form of source code, object code, executable files, or certain intermediate forms. The computer-readable medium can include: any entity or device capable of carrying the computer program code, a recording medium, a USB flash drive, a portable hard drive, a magnetic disk, an optical disk, a computer memory, and a read-only memory (ROM).
[0052] Those skilled in the art will understand that embodiments of the present invention can be provided as methods, systems, or computer program products. Therefore, the present invention can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention can take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
[0053] This invention is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart illustrations and / or block diagrams. Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.
[0054] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.
[0055] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.
[0056] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit it. Although the present invention has been described in detail with reference to the above embodiments, those skilled in the art should understand that modifications or equivalent substitutions can still be made to the specific implementation of the present invention. Any modifications or equivalent substitutions that do not depart from the spirit and scope of the present invention should be covered within the scope of protection of the claims of the present invention.
Claims
1. A process tracking method for wartime cybersecurity support missions, characterized in that, include: Receive task creation instructions and create the corresponding task content; Monitor the task content to determine if there is any abnormal data. If so, issue an alarm and repair the abnormal data. Monitor external interference encountered during task execution and display it in real time; Based on the interference information presented, security data is detected, and a decision report is generated accordingly. Summarize the task process and obtain a summary report.
2. The process tracking method for wartime cybersecurity support missions according to claim 1, characterized in that, The creation of the corresponding task content specifically includes: creating a task name, detecting task data within a specified time period, obtaining network segment isolation information within a specified time period, and exercise task information.
3. The process tracking method for wartime cybersecurity support missions according to claim 1, characterized in that, The monitoring of task content to determine whether there is abnormal data specifically includes: View vulnerability data, weak passwords, configuration verification data, and alarm data within the scope of the task; Based on the vulnerability data examined, the vulnerability type, severity, and scope of impact are obtained, and then the vulnerability data is patched. Based on the detected weak password information, the current weak password is compared with historical data. If an account suddenly has a weak password problem, the current weak password is considered an abnormal signal. Based on the detected configuration verification data, a known good configuration baseline is established. The current configuration is compared with the configuration baseline. If there are any discrepancies with the baseline, the configuration verification data is considered to contain abnormal data. If the detected alarm data differs in type and frequency from historical alarm data, the current alarm data is considered an abnormal signal.
4. The process tracking method for wartime cybersecurity support missions according to claim 1, characterized in that, The process of repairing abnormal data includes: repairing vulnerable data, specifically: prioritizing repair tasks based on the type, severity, and scope of the vulnerabilities obtained, and performing a complete backup of the data before repair; repairing known vulnerabilities based on security patches and updates, or modifying or deleting the code that caused the vulnerabilities; rerunning the security scan to confirm that the vulnerabilities have been repaired; and testing the repaired data to ensure its accuracy and integrity.
5. The process tracking method for wartime cybersecurity support missions according to claim 4, characterized in that, The repair of abnormal data also includes: repairing abnormal weak password information, specifically: processing abnormal weak password information into strong passwords, regularly changing passwords and increasing password complexity; encrypting password storage, using hash algorithms to salt passwords; and limiting the number of password attempts.
6. The process tracking method for wartime cybersecurity support missions according to claim 4, characterized in that, The repair of abnormal data also includes: repairing abnormal configuration verification data, specifically: determining repair priorities based on the severity and scope of impact of the abnormal configuration; backing up the current configuration; determining the root cause of the abnormal configuration based on fault tree analysis; modifying the configuration, updating software, and upgrading hardware to complete the repair of abnormal data.
7. The process tracking method for wartime cybersecurity support missions according to claim 4, characterized in that, The repair of abnormal data also includes: repairing abnormal alarm data, specifically: analyzing abnormal alarms based on fault diagnosis tools to obtain the cause of the fault, and then determining the repair time, repair steps and required resources; executing repair operations according to the repair plan to ensure that all steps are correct; and after the repair is completed, verifying whether the system has returned to normal operation and whether the abnormal alarms have been correctly repaired.
8. The process tracking method for wartime cybersecurity support missions according to claim 1, characterized in that, The external interference encountered during the execution of the monitoring task specifically includes: security deployment during task execution, and monitoring of attack sources, threats, and assets. The security deployment refers to the current operational status of the mission, including duty information, security equipment deployment information, and response and handling information; The attack source monitoring involves statistically analyzing the IP address, network segment, attack time, and number of attacks to inform user decision-making. The threat monitoring displays the number of threat attacks from two perspectives: the highest frequency and the most successful attacks, to assist personnel in making decisions. The asset monitoring involves counting the number of compromised assets and the number of asset-related attack alerts.
9. A process tracking system for wartime cybersecurity support missions, characterized in that, include: The creation module is used to receive task creation instructions and create the corresponding task content; The judgment module is used to monitor the task content, determine whether there is abnormal data, and if so, issue an alarm and repair the abnormal data. The monitoring module is used to monitor external interference encountered during task execution and display the results in real time. The detection module is used to detect security data based on the displayed interference information, and then generate a decision report; The summary module is used to summarize the task process and obtain a summary report.
10. A terminal device, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that, When the processor executes the computer program, it implements the steps of the process tracing method based on wartime cybersecurity support missions as described in any one of claims 1 to 8.