CN111027056A - Method, device and storage medium for graphically displaying security threat event - Google Patents
Method, device and storage medium for graphically displaying security threat event Download PDFInfo
- Publication number
- CN111027056A CN111027056A CN201910095207.4A CN201910095207A CN111027056A CN 111027056 A CN111027056 A CN 111027056A CN 201910095207 A CN201910095207 A CN 201910095207A CN 111027056 A CN111027056 A CN 111027056A
- Authority
- CN
- China
- Prior art keywords
- event
- searchable
- security
- events
- summary information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
The embodiment of the invention discloses a method, a device and a storage medium for graphically displaying a security threat event, relates to the technical field of network security, and can effectively improve the efficiency of identifying a potential security threat event. The method comprises the following steps: acquiring data to be processed; generating a searchable event with a timestamp based on the data to be processed; the searchable event includes information related to computer security or network security; extracting at least one field value from the searchable event based on a preset pattern; screening related field values by using preset criteria, and extracting searchable events containing the related field values to generate a security event group; and displaying the security event group based on a graphical interface.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method, a device and a storage medium for graphically displaying security threat events.
Background
Currently, the security management system is a main business product of many information security enterprises, and among them, the more popular product includes a Security Information and Event Management (SIEM) system, which can provide a computing environment and can implement computing activities generated by real-time analysis of security-related events. The SIEM system may also provide a range of analytical tool functions including trend analysis, event recognition and alarms.
Even though most enterprises implement SIEM systems, the amount of data that needs to be processed is increasing with the increase in various security events. How to exclude event data without correlation from such a large amount of security event data and how to highlight important security event data worth attention from such a large amount of security event data are the problems to be solved urgently.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an apparatus, and a storage medium for graphically displaying security threat events, where the security threat events with correlation are aggregated and displayed by using a graphical interface, and meanwhile, a user may handle the relevant events according to summary information of searchable events, thereby improving efficiency of identifying and filtering events with potential security threats.
In a first aspect, an embodiment of the present invention provides a method for graphically displaying a security threat event, including:
acquiring data to be processed;
generating a searchable event with a timestamp based on the data to be processed; the searchable event includes information related to computer security or network security;
extracting at least one field value from the searchable event based on a preset pattern;
screening related field values by using preset criteria, and extracting searchable events containing the related field values to generate a security event group;
and displaying the security event group based on a graphical interface.
According to a specific implementation manner of the embodiment of the present invention, the preset pattern is a data structure for extracting a specific field value from a searchable event.
According to a specific implementation manner of the embodiment of the present invention, the preset criterion includes: the length of the field value meets a preset threshold; the field value includes the source address associated with the known security threat.
According to a specific implementation manner of the embodiment of the present invention, the displaying the security event group based on the graphical interface includes:
displaying summary information of each searchable event of a security event group based on a graphical interface;
performing treatment operation by using the graphic control based on the abstract information;
wherein, the summary information at least comprises: number of current searchable events, brief description of at least one field.
According to a specific implementation manner of the embodiment of the present invention, the performing, by using the graphical control, a handling operation based on the summary information includes: clicking a white list control to add the searchable event to a white list; clicking a blacklist control to add the searchable event to a blacklist; clicking a modification control to modify the summary information of the searchable event; or clicking a deletion control to delete the summary information of the searchable events.
In a second aspect, an embodiment of the present invention provides an apparatus for graphically displaying a security threat event, including:
the data acquisition module is used for acquiring data to be processed;
the searchable event generation module is used for generating a searchable event with a time stamp based on the data to be processed; the searchable event includes information related to computer security or network security;
a field value extraction module for extracting at least one field value from the searchable event based on a preset pattern;
the security event group generating module is used for screening related field values by using preset standards, extracting searchable events containing the related field values and generating a security event group;
and the graphical interface display module is used for displaying the security event group based on the graphical interface.
According to a specific implementation manner of the embodiment of the present invention, the preset pattern is a data structure for extracting a specific field value from a searchable event.
According to a specific implementation manner of the embodiment of the present invention, the preset criterion includes: the length of the field value meets a preset threshold; the field value includes the source address associated with the known security threat.
According to a specific implementation manner of the embodiment of the present invention, the graphical interface display module is specifically configured to:
displaying summary information of each searchable event of a security event group based on a graphical interface;
performing treatment operation by using the graphic control based on the abstract information;
wherein, the summary information at least comprises: number of current searchable events, brief description of at least one field.
According to a specific implementation manner of the embodiment of the present invention, the performing, by using the graphical control, a handling operation based on the summary information includes: clicking a white list control to add the searchable event to a white list; clicking a blacklist control to add the searchable event to a blacklist; clicking a modification control to modify the summary information of the searchable event; or clicking a deletion control to delete the summary information of the searchable events.
In a third aspect, an embodiment of the present invention provides an electronic device, where the electronic device includes: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes the program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing the method of any one of the foregoing implementation modes.
In a fourth aspect, embodiments of the present invention also provide a computer-readable storage medium storing one or more programs, the one or more programs being executable by one or more processors to implement a method as described in any of the preceding implementations.
The embodiment of the invention provides a method, a device and a storage medium for graphically displaying security threat events, wherein data to be processed is processed to generate a searchable event with a timestamp, and at least one field value is extracted from the searchable event based on a preset mode; meanwhile, screening field values meeting preset standards, and generating a security event group for the searchable events containing the relevant field values; and finally, the security event group is subjected to aggregation display by using a graphical interface, so that the user can conveniently analyze and dispose. By utilizing the technical scheme of the embodiment of the invention, the related searchable events are displayed in a gathering manner, and meanwhile, the user can quickly find potential security threat events based on the display result, so that the efficiency of identifying and disposing the security threat events is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow diagram of one embodiment of a method for graphically presenting security threat events, in accordance with the present invention;
FIG. 2 is a flow diagram of yet another embodiment of a method of graphically presenting a security threat event in accordance with the present invention;
FIG. 3 is a schematic diagram illustrating an embodiment of an apparatus for graphically displaying a security threat event;
fig. 4 is a schematic structural diagram of an embodiment of an electronic device according to the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In a first aspect, an embodiment of the present invention provides a method for graphically displaying security threat events, which is capable of displaying security threat events with relevance in an aggregated manner, so as to effectively improve efficiency of identifying and handling security threat events.
FIG. 1 is a flowchart of an embodiment of a method for graphically displaying security threat events, comprising:
s101: and acquiring data to be processed. Wherein the data to be processed includes but is not limited to: machine data, unstructured data, and/or weblogs, among other information security-related data.
S102: generating a time-stamped searchable event based on the data to be processed. The searchable event is at least one, and specifically comprises information related to computer security or network security. Wherein the timestamp may be used as an index for a search, wherein the searchable events may be stored in a database in the form of, but not limited to, a time series.
Wherein the computer security or network security related information includes but is not limited to: network information, access control information, or endpoint information. The network information at least includes: HTTP proxy string, network traffic related data, resource locator, number of bytes per request, domain name, or source address. The access control information includes at least: login, logout information, or access failure information. The endpoint information includes at least: malware infection related information, system configuration information, or system state information, etc.
S103: at least one field value is extracted from the searchable event based on a preset pattern.
Wherein the preset pattern is a data structure for extracting a specific field value from a searchable event.
S104: and screening related field values by using preset criteria, and extracting searchable events containing the related field values to generate a security event group.
Wherein the preset criterion may be that the preset criterion is generated based on one or more field values including one or more fields indicating potential security threats. And the searchable events containing these field values are a set of associated security threat events. Specifically, the preset criteria include, but are not limited to: the length of the field value meets a preset threshold; the field value includes the source address associated with the known security threat.
S105: and displaying the security event group based on a graphical interface. Wherein the graphical interface may be in the form of a web page comprising at least the following interactive elements: radio buttons, drop down menus, interactive elements, selectable controls that may be selected and/or activated.
In the embodiment, the data to be processed is divided into the searchable events with the timestamps, the searchable events containing the field values meeting the preset standard are generated into the security event group, the aggregation analysis of the security threat events with the association relation is completed, meanwhile, the graphical interface is utilized to intensively display each security event of the security event group, and the analysis and the management of security analysts are facilitated. The efficiency of mining the potential security threat events is improved, and the cost of analyzing the security threat events is reduced.
FIG. 2 is a flowchart of another embodiment of a method for graphically displaying security threat events, comprising:
s201: and acquiring data to be processed. Wherein the data to be processed includes but is not limited to: machine data, unstructured data, and/or weblogs, among other information security-related data.
S202: generating a time-stamped searchable event based on the data to be processed. The searchable event includes information related to computer security or network security.
S203: at least one field value is extracted from the searchable event based on a preset pattern.
Wherein the preset pattern is a data structure for extracting a specific field value from a searchable event.
S204: and screening related field values by using preset criteria, and extracting searchable events containing the related field values to generate a security event group.
Wherein the preset criterion may be that the preset criterion is generated based on one or more field values including one or more fields indicating potential security threats. The searchable events containing these field values are a set of related security events. The preset criteria include, but are not limited to: the length of the field value meets a preset threshold; the field value includes the source address associated with the known security threat.
S205: summary information for each searchable event of a security event group is presented based on a graphical interface. Wherein, the summary information at least comprises: number of current searchable events, brief description of at least one field.
S206: and performing treatment operation by utilizing the graphic control based on the summary information. Wherein the treatment operation comprises: clicking a white list control to add the searchable event to a white list; clicking a blacklist control to add the searchable event to a blacklist; clicking a modification control to modify the summary information of the searchable event; or clicking a deletion control to delete the summary information of the searchable events.
Wherein the graphical interface may be in the form of a web page comprising at least the following interactive elements: radio buttons, drop down menus, interactive elements, selectable controls that may be selected and/or activated.
According to the method, the information safety related data to be processed are divided into the searchable events with the time stamps, one or more field values meeting the standards are located in the searchable events based on the preset standard search, the safety event group is generated by the related searchable events and displayed by using the graphical interface, the displayed content at least comprises the abstract information of each searchable event, safety analysis personnel can handle the related events based on the abstract information, the purpose of locating potential safety threat events is finally achieved, and the cost of analyzing the network safety threat events is reduced.
In a second aspect, an embodiment of the present invention provides an apparatus for graphically displaying a security threat event, which is capable of performing aggregate display on related searchable events, so as to improve efficiency of identifying the security threat event.
Fig. 3 is a schematic structural diagram of an embodiment of an apparatus for graphically displaying a security threat event according to the present invention, where the apparatus of the embodiment may include:
a data obtaining module 301, configured to obtain data to be processed;
a searchable event generation module 302, configured to generate a searchable event with a timestamp based on the data to be processed; the searchable event includes information related to computer security or network security;
a field value extraction module 303 for extracting at least one field value from the searchable event based on a preset pattern;
a security event group generating module 304, configured to filter related field values by using preset criteria, extract searchable events including the related field values, and generate a security event group;
a graphical interface display module 305, configured to display the security event group based on a graphical interface.
Preferably, the preset pattern is a data structure for extracting a specific field value from a searchable event.
Preferably, the preset criteria include: the length of the field value meets a preset threshold; the field value includes the source address associated with the known security threat.
Preferably, the graphical interface display module is specifically configured to:
displaying summary information of each searchable event of a security event group based on a graphical interface;
performing treatment operation by using the graphic control based on the abstract information;
wherein, the summary information at least comprises: number of current searchable events, brief description of at least one field.
Preferably, the performing a treatment operation with a graphical control based on summary information comprises: clicking a white list control to add the searchable event to a white list; clicking a blacklist control to add the searchable event to a blacklist; clicking a modification control to modify the summary information of the searchable event; or clicking a deletion control to delete the summary information of the searchable events.
According to the embodiment, the data to be processed are divided into the searchable events with the timestamps, the searchable events containing the preset standard field values are generated into the security event group, the aggregation analysis of the security events with the incidence relation is completed, meanwhile, the graphic interface is utilized to intensively display all the security events of the security event group, and the analysis and the management of security analysts are facilitated. The efficiency of mining the potential security threat events is improved, and the cost of analyzing the network security threat events is reduced.
In a third aspect, an embodiment of the present invention further provides an electronic device, which can effectively improve the efficiency of identifying and handling a security threat event.
Fig. 4 is a schematic structural diagram of an embodiment of an electronic device of the present invention, where the electronic device may include: the device comprises a shell 41, a processor 42, a memory 43, a circuit board 44 and a power circuit 45, wherein the circuit board 44 is arranged inside a space enclosed by the shell 41, and the processor 42 and the memory 43 are arranged on the circuit board 44; a power supply circuit 45 for supplying power to each circuit or device of the electronic apparatus; the memory 43 is used for storing executable program code; the processor 42 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 43, for executing the method described in any of the foregoing embodiments.
The specific execution process of the above steps by the processor 42 and the steps further executed by the processor 42 by running the executable program code may refer to the description of the embodiment shown in fig. 1-2 of the present invention, and are not described herein again.
The electronic device exists in a variety of forms, including but not limited to:
(1) a mobile communication device: such devices are characterized by mobile communications capabilities and are primarily targeted at providing voice, data communications. Such terminals include: smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) Ultra mobile personal computer device: the equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include: PDA, MID, and UMPC devices, etc., such as ipads.
(3) A portable entertainment device: such devices can display and play multimedia content. This type of device comprises: audio, video players (e.g., ipods), handheld game consoles, electronic books, and smart toys and portable car navigation devices.
(4) A server: the device for providing the computing service comprises a processor, a hard disk, a memory, a system bus and the like, and the server is similar to a general computer architecture, but has higher requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like because of the need of providing high-reliability service.
(5) And other electronic equipment with data interaction function.
In a fourth aspect, embodiments of the present invention also provide a computer-readable storage medium storing one or more programs, the one or more programs being executable by one or more processors to implement a method as described in any of the preceding implementations.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments.
In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (12)
1. A method for graphically presenting a security threat event, comprising:
acquiring data to be processed;
generating a searchable event with a timestamp based on the data to be processed; the searchable event includes information related to computer security or network security;
extracting at least one field value from the searchable event based on a preset pattern;
screening related field values by using preset criteria, and extracting searchable events containing the related field values to generate a security event group;
and displaying the security event group based on a graphical interface.
2. The method of claim 1, wherein the preset pattern is a data structure for extracting a specific field value from a searchable event.
3. The method of claim 1, wherein the preset criteria include: the length of the field value meets a preset threshold; the field value includes the source address associated with the known security threat.
4. The method of claim 1, wherein said exposing the set of security events based on a graphical interface comprises:
displaying summary information of each searchable event of a security event group based on a graphical interface;
performing treatment operation by using the graphic control based on the abstract information;
wherein, the summary information at least comprises: number of current searchable events, brief description of at least one field.
5. The method of claim 4, wherein the utilizing a graphical control for handling operations based on summary information comprises: clicking a white list control to add the searchable event to a white list; clicking a blacklist control to add the searchable event to a blacklist; clicking a modification control to modify the summary information of the searchable event; or clicking a deletion control to delete the summary information of the searchable events.
6. An apparatus for graphically presenting a security threat event, comprising:
the data acquisition module is used for acquiring data to be processed;
the searchable event generation module is used for generating a searchable event with a time stamp based on the data to be processed; the searchable event includes information related to computer security or network security;
a field value extraction module for extracting at least one field value from the searchable event based on a preset pattern;
the security event group generating module is used for screening related field values by using preset standards, extracting searchable events containing the related field values and generating a security event group;
and the graphical interface display module is used for displaying the security event group based on the graphical interface.
7. The apparatus of claim 6, wherein the preset pattern is a data structure for extracting a specific field value from a searchable event.
8. The apparatus of claim 6, wherein the preset criteria comprise: the length of the field value meets a preset threshold; the field value includes the source address associated with the known security threat.
9. The apparatus of claim 6, wherein the graphical interface presentation module is specifically configured to:
displaying summary information of each searchable event of a security event group based on a graphical interface;
performing treatment operation by using the graphic control based on the abstract information;
wherein, the summary information at least comprises: number of current searchable events, brief description of at least one field.
10. The apparatus of claim 9, wherein the utilizing a graphical control for handling operations based on summary information comprises: clicking a white list control to add the searchable event to a white list; clicking a blacklist control to add the searchable event to a blacklist; clicking a modification control to modify the summary information of the searchable event; or clicking a deletion control to delete the summary information of the searchable events.
11. An electronic device, characterized in that the electronic device comprises: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory for performing the method of any of the preceding claims.
12. A computer readable storage medium, characterized in that the computer readable storage medium stores one or more programs which are executable by one or more processors to implement the method of any preceding claim.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910095207.4A CN111027056A (en) | 2019-01-31 | 2019-01-31 | Method, device and storage medium for graphically displaying security threat event |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910095207.4A CN111027056A (en) | 2019-01-31 | 2019-01-31 | Method, device and storage medium for graphically displaying security threat event |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111027056A true CN111027056A (en) | 2020-04-17 |
Family
ID=70203467
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910095207.4A Withdrawn CN111027056A (en) | 2019-01-31 | 2019-01-31 | Method, device and storage medium for graphically displaying security threat event |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111027056A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112491925A (en) * | 2020-12-10 | 2021-03-12 | 北京冠程科技有限公司 | Method, system and electronic equipment for acquiring network security event according to time node |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130318604A1 (en) * | 2013-07-31 | 2013-11-28 | Splunk Inc. | Blacklisting and whitelisting of security-related events |
| CN105659245A (en) * | 2013-11-06 | 2016-06-08 | 迈克菲公司 | Context-aware network forensics |
| CN107430535A (en) * | 2015-01-30 | 2017-12-01 | 阿诺马力公司 | Room and time efficiency threat detection |
| CN108875364A (en) * | 2017-12-29 | 2018-11-23 | 北京安天网络安全技术有限公司 | Menace determination method, device, electronic equipment and the storage medium of unknown file |
-
2019
- 2019-01-31 CN CN201910095207.4A patent/CN111027056A/en not_active Withdrawn
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130318604A1 (en) * | 2013-07-31 | 2013-11-28 | Splunk Inc. | Blacklisting and whitelisting of security-related events |
| CN105659245A (en) * | 2013-11-06 | 2016-06-08 | 迈克菲公司 | Context-aware network forensics |
| CN107430535A (en) * | 2015-01-30 | 2017-12-01 | 阿诺马力公司 | Room and time efficiency threat detection |
| CN108875364A (en) * | 2017-12-29 | 2018-11-23 | 北京安天网络安全技术有限公司 | Menace determination method, device, electronic equipment and the storage medium of unknown file |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112491925A (en) * | 2020-12-10 | 2021-03-12 | 北京冠程科技有限公司 | Method, system and electronic equipment for acquiring network security event according to time node |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111030986B (en) | Attack organization traceability analysis method and device and storage medium | |
| CN110245069B (en) | Page version testing method and device and page display method and device | |
| CN111401416A (en) | Abnormal website identification method and device and abnormal countermeasure identification method | |
| CN112394908A (en) | Method and device for automatically generating embedded point page, computer equipment and storage medium | |
| US11689547B2 (en) | Information analysis system, information analysis method, and recording medium | |
| CN111090615A (en) | Method and device for analyzing and processing mixed assets, electronic equipment and storage medium | |
| CN105930527A (en) | Searching method and device | |
| CN105045928A (en) | To-be-cleaned data display method and device and electronic equipment | |
| CN106844550B (en) | A method and device for recommending operation of a virtualization platform | |
| CN110659493A (en) | Method and device for generating threat alarm mode, electronic equipment and storage medium | |
| CN108153891A (en) | Active time statistical method of surfing the Internet and device | |
| CN105872731A (en) | Data processing method and device | |
| CN105809471A (en) | Method and device for acquiring user attribute and electronic equipment | |
| CN111581518A (en) | Information pushing method and device | |
| CN111435326B (en) | A method and device for analyzing crash logs | |
| CN111030974A (en) | APT attack event detection method, device and storage medium | |
| US9154515B1 (en) | Systems and methods identifying and reacting to potentially malicious activity | |
| CN111027056A (en) | Method, device and storage medium for graphically displaying security threat event | |
| CN111027065A (en) | Lesovirus identification method and device, electronic equipment and storage medium | |
| CN115048533A (en) | Knowledge graph construction method and device, electronic equipment and readable storage medium | |
| CN111610902A (en) | Data processing method, apparatus and terminal equipment | |
| CN112905935A (en) | Page recording method, page recording animation generation method, equipment and storage medium | |
| CN111030977A (en) | Attack event tracking method and device and storage medium | |
| CN111160738A (en) | Event processing method and device, storage medium and electronic device | |
| CN107180073B (en) | POI recommendation method, device, equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road) Applicant after: Antan Technology Group Co.,Ltd. Address before: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Applicant before: Harbin Antian Science and Technology Group Co.,Ltd. |
|
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20200417 |