[go: up one dir, main page]

CN112416909A - Cloud database auditing method and device and server - Google Patents

Cloud database auditing method and device and server Download PDF

Info

Publication number
CN112416909A
CN112416909A CN202011459765.3A CN202011459765A CN112416909A CN 112416909 A CN112416909 A CN 112416909A CN 202011459765 A CN202011459765 A CN 202011459765A CN 112416909 A CN112416909 A CN 112416909A
Authority
CN
China
Prior art keywords
audit
content
sql
record
log
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011459765.3A
Other languages
Chinese (zh)
Other versions
CN112416909B (en
Inventor
袁广宏
官文兵
刘永波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Ankki Technology Co ltd
Original Assignee
Shenzhen Ankki Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Ankki Technology Co ltd filed Critical Shenzhen Ankki Technology Co ltd
Priority to CN202011459765.3A priority Critical patent/CN112416909B/en
Publication of CN112416909A publication Critical patent/CN112416909A/en
Application granted granted Critical
Publication of CN112416909B publication Critical patent/CN112416909B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to the field of database auditing and discloses a cloud database auditing method, a cloud database auditing device and a cloud database auditing server. The method comprises the following steps: acquiring an SQL audit log; acquiring the content of the protected object configuration information; screening the contents of the SQL audit log and the configuration information of the protected object to obtain an audit record; the audit records are subjected to regulation matching to obtain new audit records; and inserting the new audit record into a database of an audit system, so that the audit of the database on the cloud can be realized, and the safety of the data in the database on the cloud is ensured.

Description

一种云上数据库审计方法、装置和服务器A cloud database auditing method, device and server

技术领域technical field

本发明涉及数据库审计领域,特别是涉及一种云上数据库审计方法、装置和服务器。The invention relates to the field of database auditing, in particular to a cloud database auditing method, device and server.

背景技术Background technique

数据库审计(简称DBAudit)能够实时记录网络上的数据库活动,对数据库操作进行细粒度审计的合规性管理,对数据库遭受到的风险行为进行告警,对攻击行为进行阻断。它通过对用户访问数据库行为的记录、分析和汇报,用来帮助用户事后生成合规报告、事故追根溯源,同时加强内外部数据库网络行为记录,提高数据资产安全。Database auditing (DBAudit for short) can record database activities on the network in real time, perform fine-grained audit compliance management on database operations, alert on risky behaviors suffered by the database, and block attack behaviors. It records, analyzes and reports the user's access to the database to help users generate compliance reports afterwards and trace the source of accidents.

传统数据库审计的架构,可以直接采用端口镜像或者插件引流的方式,将我们想要的得到的流量过滤到审计设备上,但是云上数据库对此做出了限制,我们无法通过以上的方式直接获取流量,从而无法对云上数据库进行审计。The architecture of traditional database auditing can directly use port mirroring or plug-in diversion to filter the traffic we want to the audit device, but the cloud database has restrictions on this, and we cannot directly obtain it through the above methods. traffic, so the database on the cloud cannot be audited.

发明内容SUMMARY OF THE INVENTION

基于此,有必要针对上述技术问题,提供一种云上数据库审计方法、装置和服务器,能够实现对云上数据库的审计,从而保证云上数据库中数据的安全。Based on this, it is necessary to provide a method, device and server for auditing a database on the cloud in view of the above technical problems, which can implement auditing of the database on the cloud, thereby ensuring the security of the data in the database on the cloud.

第一方面,本发明实施例提供了一种云上数据库审计方法,所述方法包括:In a first aspect, an embodiment of the present invention provides a method for auditing a database on the cloud, and the method includes:

获取SQL审计日志;Get SQL audit log;

获取保护对象配置信息的内容;Obtain the content of the configuration information of the protected object;

对所述SQL审计日志和所述保护对象配置信息的内容进行筛选,获得审计记录;Screening the content of the SQL audit log and the protection object configuration information to obtain audit records;

对所述审计记录进行规制匹配,获得新的审计记录;Perform regulatory matching on the audit records to obtain new audit records;

将所述新的审计记录插入审计系统的数据库。The new audit record is inserted into the database of the audit system.

在一些实施例中,所述获取SQL审计日志,包括:In some embodiments, the obtaining the SQL audit log includes:

显示配置页面;display the configuration page;

获取基于所述配置页面输入的注册信息;Obtain the registration information entered based on the configuration page;

根据所述注册信息调用API接口,获得SQL审计日志。Call the API interface according to the registration information to obtain the SQL audit log.

在一些实施例中,所述对所述SQL审计日志和所述保护对象配置信息的内容进行筛选,获得审计记录,包括:In some embodiments, the filtering of the content of the SQL audit log and the configuration information of the protection object to obtain an audit record includes:

基于相同的字段和/或IP地址,将所述SQL审计日志的内容与审计系统中保护对象配置的内容进行结合,获得审计记录。Based on the same field and/or IP address, the content of the SQL audit log is combined with the content of the protection object configuration in the audit system to obtain an audit record.

在一些实施例中,所述基于IP地址,将所述SQL审计日志的内容与审计系统中保护对象配置的内容进行结合,获得审计记录之前,所述方法还包括:In some embodiments, based on the IP address, the content of the SQL audit log is combined with the content of the protection object configuration in the audit system, and before the audit record is obtained, the method further includes:

对所述SQL审计日志内容的字段进行字符分割,获取主机地址字段。Character segmentation is performed on the fields of the SQL audit log content to obtain the host address field.

在一些实施例中,所述基于IP地址,将所述SQL审计日志的内容与审计系统中保护对象配置的内容进行结合,获得审计记录,包括:In some embodiments, based on the IP address, the content of the SQL audit log is combined with the content of the protection object configuration in the audit system to obtain an audit record, including:

将所述主机地址字段与IP地址进行比对;comparing the host address field with the IP address;

若所述主机地址字段与IP地址一致,则将所述SQL审计日志的内容和保护对象配置的内容进行结合,获得审计记录。If the host address field is consistent with the IP address, the content of the SQL audit log and the content of the protection object configuration are combined to obtain an audit record.

在一些实施例中,所述基于相同的字段,将所述SQL审计日志的内容与审计系统中保护对象配置的内容进行结合,获得审计记录,包括:In some embodiments, based on the same field, the content of the SQL audit log is combined with the content of the protection object configuration in the audit system to obtain the audit record, including:

将所述SQL审计日志内容的字段与保护对象配置的内容的字段进行比对;Compare the fields of the SQL audit log content with the fields of the content configured by the protection object;

若一致,则将所述SQL审计日志的字段对应的内容与审计系统中保护对象配置的字段对应的内容进行结合,获得审计记录。If they are consistent, the content corresponding to the field of the SQL audit log is combined with the content corresponding to the field configured in the protection object in the audit system to obtain an audit record.

在一些实施例中,所述对所述审计记录进行规制匹配,获得新的审计记录,包括:In some embodiments, performing regulation matching on the audit record to obtain a new audit record includes:

将所述审计记录与规则引擎调用的规则进行匹配,以填充所述审计记录中的字段,获得新的审计记录。Matching the audit record with the rules invoked by the rule engine to fill the fields in the audit record to obtain a new audit record.

第二方面,本发明实施例还提供了一种云上数据库审计装置,包括:In a second aspect, an embodiment of the present invention also provides an apparatus for auditing a database on the cloud, including:

第一获取模块,用于获取SQL审计日志;The first obtaining module is used to obtain the SQL audit log;

第二获取模块,用于获取保护对象配置信息的内容;The second acquisition module is used to acquire the content of the configuration information of the protected object;

筛选模块,用于对所述SQL审计日志和所述保护对象配置信息的内容进行筛选,获得审计记录;a screening module, used for screening the content of the SQL audit log and the configuration information of the protection object to obtain audit records;

匹配模块,用于对所述审计记录进行规制匹配,获得新的审计记录;a matching module, configured to perform regulation matching on the audit records to obtain new audit records;

插入模块,用于将所述新的审计记录插入审计系统的数据库。The inserting module is used for inserting the new audit record into the database of the audit system.

第三方面,本发明实施例还提供了一种服务器,包括:In a third aspect, an embodiment of the present invention further provides a server, including:

至少一个处理器;以及,at least one processor; and,

与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein,

所述存储器存储有可被所述至少一个处理器执行的指令,所述指令the memory stores instructions executable by the at least one processor, the instructions

被所述至少一个处理器执行,以使所述至少一个处理器能够执行上述云上数据库审计方法。is executed by the at least one processor, so that the at least one processor can execute the above-mentioned method for auditing a database on the cloud.

第四方面,本发明实施例还提供了一种非易失性计算机可读存储介质,所述计算机可读存储介质存储有计算机可执行指令,当所述计算机可执行指令被处理器所执行时,使所述处理器执行上述云上数据库审计方法。In a fourth aspect, an embodiment of the present invention further provides a non-volatile computer-readable storage medium, where the computer-readable storage medium stores computer-executable instructions, when the computer-executable instructions are executed by a processor , causing the processor to execute the above cloud database auditing method.

与现有技术相比,本发明的有益效果是:区别于现有技术的情况,本发明实施例中的云上数据库审计方法、装置和服务器,通过采用SQL洞察的方式将日志分离出来,然后将SQL审计日志结合保护对象配置信息的内容进行筛选,生成符合审计设备的审计记录,然后通过后台程序对审计记录进行规则匹配,获得新的审计记录,最后将新的审计记录插库,由此能够实现对云上数据库的审计,从而保证云上数据库中数据的安全。Compared with the prior art, the beneficial effects of the present invention are: different from the prior art, the cloud database auditing method, device and server in the embodiments of the present invention separate logs by using SQL insight, and then Filter the SQL audit log in combination with the content of the configuration information of the protection object to generate audit records that conform to the audit equipment, then use the background program to match the audit records to the rules to obtain new audit records, and finally insert the new audit records into the database. It can audit the database on the cloud, so as to ensure the security of the data in the database on the cloud.

附图说明Description of drawings

一个或多个实施例通过与之对应的附图中的图片进行示例性说明,这些示例性说明并不构成对实施例的限定,附图中具有相同参考数字标号的元件表示为类似的元件,除非有特别申明,附图中的图不构成比例限制。One or more embodiments are exemplified by the pictures in the corresponding drawings, and these exemplifications do not constitute limitations of the embodiments, and elements with the same reference numerals in the drawings are denoted as similar elements, Unless otherwise stated, the figures in the accompanying drawings do not constitute a scale limitation.

图1是本发明服务器的硬件结构示意图;Fig. 1 is the hardware structure schematic diagram of the server of the present invention;

图2是本发明一个实施例中云上数据库审计方法的流程示意图;2 is a schematic flowchart of a method for auditing a database on the cloud in an embodiment of the present invention;

图3是本发明一个实施例中云上数据库审计装置的结构框图。FIG. 3 is a structural block diagram of an apparatus for auditing a database on the cloud in an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments These are some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

需要说明的是,如果不冲突,本发明实施例中的各个特征可以相互结合,均在本发明的保护范围之内。另外,虽然在装置示意图中进行了功能模块划分,在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于装置中的模块划分,或流程图中的顺序执行所示出或描述的步骤。再者,本发明所采用的“第一”、“第二”、“第三”等字样并不对数据和执行次序进行限定,仅是对功能和作用基本相同的相同项或相似项进行区分。It should be noted that, if there is no conflict, various features in the embodiments of the present invention can be combined with each other, which are all within the protection scope of the present invention. In addition, although the functional modules are divided in the schematic diagram of the device, and the logical sequence is shown in the flowchart, in some cases, the modules in the device may be divided differently, or the sequence shown in the flowchart may be performed. or the described steps. Furthermore, the words "first", "second" and "third" used in the present invention do not limit the data and execution order, but only distinguish the same or similar items with basically the same function and effect.

本发明实施例提供了一种服务器,请参阅图1所示,图1为本发明实施例提供的一种服务器的硬件结构图,其中,所述服务器100可以是任何类型,具备运算能力的设备,例如:审计服务器。An embodiment of the present invention provides a server. Please refer to FIG. 1 . FIG. 1 is a hardware structure diagram of a server provided by an embodiment of the present invention. The server 100 may be any type of device with computing capability. , eg: Audit server.

具体地,如图1所示,所述服务器100包括一个或者多个处理器102以及存储器104。图1中以一个处理器102为例。处理器102和存储器104可以通过总线或者其他方式连接,图1中以通过总线连接为例。Specifically, as shown in FIG. 1 , the server 100 includes one or more processors 102 and a memory 104 . A processor 102 is taken as an example in FIG. 1 . The processor 102 and the memory 104 may be connected through a bus or in other ways, and the connection through a bus is taken as an example in FIG. 1 .

存储器104作为一种非易失性计算机可读存储介质,可用于存储非易失性软件程序、非易失性计算机可执行程序以及模块,如本发明实施例中的云上数据库审计方法对应的程序、指令以及模块。处理器102通过运行存储在存储器104中的非易失性软件程序、指令以及模块,从而执行服务器的各种功能应用以及数据处理,即实现下述实施例中的云上数据库审计方法。The memory 104, as a non-volatile computer-readable storage medium, can be used to store non-volatile software programs, non-volatile computer-executable programs and modules, such as those corresponding to the cloud database auditing method in the embodiment of the present invention. Programs, Instructions, and Modules. The processor 102 executes various functional applications and data processing of the server by running the non-volatile software programs, instructions and modules stored in the memory 104, ie, implements the cloud database auditing method in the following embodiments.

存储器104可以包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需要的应用程序;存储数据区可存储根据云上数据库审计装置使用所创建的数据等。此外,存储器104可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他非易失性固态存储器件。在一些实施例中,存储器104可选包括相对于处理器102远程设置的存储器,这些远程存储器可以通过网络连接至云上数据库审计装置。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 104 may include a stored program area and a stored data area, wherein the stored program area may store an operating system and an application program required by at least one function; the stored data area may store data created according to the use of the cloud database auditing device, and the like. Additionally, memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the memory 104 may optionally include memory located remotely from the processor 102, and these remote memories may be connected to the database auditing device on the cloud through a network. Examples of such networks include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.

如图2所示,本发明实施例提供了一种云上数据库审计方法,所述方法由服务器执行,所述方法包括:As shown in FIG. 2, an embodiment of the present invention provides a method for auditing a database on the cloud. The method is executed by a server, and the method includes:

步骤202,获取SQL审计日志。Step 202, acquiring the SQL audit log.

在本发明实施例中,SQL审计日志存储于云上数据库,SQL审计日志也可以理解为SQL洞察日志,SQL审计日志里面记录了对数据库的所有操作。具体地,服务器获取云上数据库中的SQL审计日志。In the embodiment of the present invention, the SQL audit log is stored in a database on the cloud, and the SQL audit log can also be understood as a SQL insight log, and all operations on the database are recorded in the SQL audit log. Specifically, the server obtains the SQL audit log in the database on the cloud.

在其中一些实施例中,作为步骤202的一种实现方式,包括:显示配置页面;获取基于所述配置页面输入的注册信息;根据所述注册信息调用API接口,获得SQL审计日志。In some of the embodiments, as an implementation manner of step 202, it includes: displaying a configuration page; obtaining registration information input based on the configuration page; calling an API interface according to the registration information to obtain a SQL audit log.

在本发明实施例中,若想要获取到SQL审计日志,需事先进行注册,注册信息为参数信息,包括但不限于秘钥ID、秘钥签名串、签名结果串、时间戳等,其中,秘钥ID类似于账户,秘钥签名串类似于密码,结果签名串类似于验证码。具体地,通过配置界面注册数据库洞察日志,然后会生成SDK代码,从而产生SQL审计日志,然后通过注册信息即参数信息调用API接口,从而获取到云上数据库中的SQL审计日志。In this embodiment of the present invention, if you want to obtain the SQL audit log, you need to register in advance, and the registration information is parameter information, including but not limited to key ID, key signature string, signature result string, timestamp, etc., where, The key ID is similar to an account, the key signature string is similar to a password, and the resulting signature string is similar to a verification code. Specifically, register the database insight log through the configuration interface, and then generate the SDK code to generate the SQL audit log, and then call the API interface through the registration information, that is, the parameter information, so as to obtain the SQL audit log in the database on the cloud.

步骤204,获取保护对象配置信息的内容。Step 204: Obtain the content of the configuration information of the protected object.

在本发明实施例中,保护对象配置信息存储于审计系统中,保护对象配置信息的内容包括但不限于保护对象的原始IP地址、保护对象的策略、保护对象的规则、端口以及数据库版本号等。具体地,服务器从审计系统获取保护对象配置信息的内容。In the embodiment of the present invention, the configuration information of the protection object is stored in the audit system, and the content of the configuration information of the protection object includes but is not limited to the original IP address of the protection object, the policy of the protection object, the rules of the protection object, the port and the database version number, etc. . Specifically, the server obtains the content of the configuration information of the protection object from the auditing system.

步骤206,对所述SQL审计日志和所述保护对象配置信息的内容进行筛选,获得审计记录。Step 206: Screen the contents of the SQL audit log and the configuration information of the protection object to obtain audit records.

在本发明实施例中,审计记录为符合审计设备的记录,审计记录是通过对所述SQL审计日志和所述保护对象配置信息的内容进行筛选得到的,但经过筛选得到的审计记录是不完整的审计记录文件,还需后续对所述审计记录进行处理。In the embodiment of the present invention, the audit record is a record conforming to the audit equipment, and the audit record is obtained by screening the contents of the SQL audit log and the configuration information of the protection object, but the audit record obtained after screening is incomplete the audit record file, and the audit record needs to be processed subsequently.

在其中一些实施例中,作为步骤206的一种实现方式,包括:基于相同的字段和/或IP地址,将所述SQL审计日志的内容与审计系统中保护对象配置的内容进行结合,获得审计记录。In some of the embodiments, as an implementation manner of step 206, it includes: based on the same field and/or IP address, combining the content of the SQL audit log with the content of the protection object configuration in the audit system to obtain the audit Record.

在本发明实施例中,审计记录的获得方式可以有多种,包括但不限于基于相同的字段和/或IP地址。其中,基于IP地址获得审计记录,将所述主机地址字段与IP地址进行比对;若所述主机地址字段与IP地址一致,则将所述SQL审计日志的内容和保护对象配置的内容进行结合,获得审计记录。具体地,服务器通过参数信息调用API接口后,会产生返回某种格式的返回内容,某种格式例如可以为jsson格式或者xml格式等,返回内容里包含SQL审计日志的内容的字段,然后利用字符串分割函数对SQL审计日志的内容的字段进行字符串分割,提取主机地址字段,然后将所述主机地址字段与保护对象的原IP地址进行比对,如果所述主机地址字段与保护对象的原IP地址相同,则将所述SQL审计日志的内容和保护对象配置的内容进行结合,组成一条审计记录。In this embodiment of the present invention, the audit records may be obtained in various manners, including but not limited to being based on the same fields and/or IP addresses. Wherein, the audit record is obtained based on the IP address, and the host address field is compared with the IP address; if the host address field is consistent with the IP address, the content of the SQL audit log and the content of the protection object configuration are combined , to obtain audit records. Specifically, after the server calls the API interface through the parameter information, it will return the return content in a certain format, for example, a certain format can be jsson format or xml format, etc., the returned content contains the field of the SQL audit log content, and then use the character The string segmentation function performs string segmentation on the fields of the content of the SQL audit log, extracts the host address field, and then compares the host address field with the original IP address of the protection object. If the IP addresses are the same, the content of the SQL audit log and the content of the protection object configuration are combined to form an audit record.

另外,基于相同的字段获得审计记录,将所述SQL审计日志内容的字段与保护对象配置的内容的字段进行比对;若一致,则将所述SQL审计日志的字段对应的内容与审计系统中保护对象配置的字段对应的内容进行结合,获得审计记录。具体地,服务器通过参数信息调用API接口后,会产生返回某种格式的返回内容,某种格式例如可以为jsson格式或者xml格式等,返回内容里包含SQL审计日志的内容的字段,通过相同的字段,将SQL审计日志的字段对应的内容与审计系统中保护对象配置的字段对应的内容结合起来,形成一条适用于数据库审计服务器的审计记录。In addition, an audit record is obtained based on the same field, and the field of the SQL audit log content is compared with the field of the content configured by the protection object; if they are consistent, the content corresponding to the field of the SQL audit log is compared with that in the audit system. The contents corresponding to the fields configured in the protection object are combined to obtain audit records. Specifically, after the server calls the API interface through the parameter information, it will return the return content in a certain format, for example, a certain format can be jsson format or xml format, etc., the returned content contains the fields of the SQL audit log content, through the same Field, the content corresponding to the field of the SQL audit log is combined with the content corresponding to the field of the protection object configuration in the audit system to form an audit record suitable for the database audit server.

步骤208,对所述审计记录进行规制匹配,获得新的审计记录。Step 208, performing regulation matching on the audit records to obtain new audit records.

在本发明实施例中,新的审计记录为完整的审计记录文件,新的审计记录包括原IP地址、原端口、操作语句、客户端主体信息、发生时间等,其中,客户端主体信息包括但不限于数据库名称、数据库访问工具、数据库账号等。具体地,当获得审计记录后,需要对审计记录进行规制匹配,才能够获得一条符合审计系统的审计记录。In the embodiment of the present invention, the new audit record is a complete audit record file, and the new audit record includes the original IP address, original port, operation statement, client subject information, occurrence time, etc., wherein the client subject information includes but Not limited to database name, database access tool, database account, etc. Specifically, after obtaining the audit record, it is necessary to perform regulation matching on the audit record, so that an audit record that conforms to the audit system can be obtained.

在其中一些实施例中,作为步骤208的一种实现方式,包括:将所述审计记录与规则引擎调用的规则进行匹配,以填充所述审计记录中的字段,获得新的审计记录。In some of the embodiments, as an implementation manner of step 208, the method includes: matching the audit record with the rules invoked by the rule engine to fill in the fields in the audit record to obtain a new audit record.

在本发明实施例中,新的审计记录必须为完整的审计记录,规则引擎调用的规则包括但不限于关键字、操作类型、规则生效时间以及规则白名单等。具体地,服务器将获得的审计记录与规则引擎调用的规则进行匹配,匹配的主要目的是再次填充所述审计记录,因为事先筛选得到的审计记录是不完整的,因此需要通过规则引擎对审计记录的某些字段进行判断,确定所述字段是否缺失一些内容,若存在缺失,则通过规则引擎调用规则对所述审计记录缺失的内容填充新的字段,以生成符合审计系统下的审计记录。示例性的,审计记录缺失关键字,则通过规则引擎调用关键字对审计记录进行填充,从而生成符合审计系统下的审计记录。In this embodiment of the present invention, the new audit record must be a complete audit record, and the rules invoked by the rule engine include but are not limited to keywords, operation types, rule effective time, and rule whitelists. Specifically, the server matches the obtained audit records with the rules invoked by the rule engine. The main purpose of matching is to refill the audit records. Because the audit records obtained by screening in advance are incomplete, it is necessary to pass the rules engine to the audit records. Some fields of the audit record are judged to determine whether the field is missing some content. If there is a missing content, the rule engine invokes the rules to fill the missing content of the audit record with a new field to generate an audit record that conforms to the audit system. Exemplarily, if the audit record lacks a keyword, the rule engine invokes the keyword to fill in the audit record, thereby generating an audit record conforming to the audit system.

步骤210,将所述新的审计记录插入审计系统的数据库。Step 210, inserting the new audit record into the database of the audit system.

服务器将所述新的审计记录进行入库处理。The server performs storage processing on the new audit record.

在本发明实施例中,通过采用SQL洞察的方式将日志分离出来,然后将SQL审计日志结合保护对象配置信息的内容进行筛选,生成符合审计设备的审计记录,然后通过后台程序对审计记录进行规则匹配,获得新的审计记录,最后将新的审计记录插库,由此能够实现对云上数据库的审计,从而保证云上数据库中数据的安全。In the embodiment of the present invention, the log is separated by adopting SQL insight, and then the SQL audit log is filtered in combination with the content of the configuration information of the protection object to generate an audit record conforming to the audit equipment, and then the background program is used to make rules for the audit record. Match, obtain new audit records, and finally insert the new audit records into the database, so as to realize the audit of the database on the cloud, thereby ensuring the security of the data in the database on the cloud.

需要说明的是,在上述各个实施例中,上述各步骤之间并不必然存在一定的先后顺序,本领域普通技术人员,根据本发明实施例的描述可以理解,不同实施例中,上述各步骤可以有不同的执行顺序,亦即,可以并行执行,亦可以交换执行等等。It should be noted that, in the above embodiments, the above steps do not necessarily exist in a certain order. Those of ordinary skill in the art can understand from the description of the embodiments of the present invention that in different embodiments, the above steps There may be different execution orders, that is, parallel execution, alternate execution, and so on.

相应的,本发明实施例还提供了一种云上数据库审计装置300,如他3所示,包括:Correspondingly, an embodiment of the present invention also provides an apparatus 300 for auditing a database on the cloud, as shown in FIG. 3 , including:

第一获取模块302,用于获取SQL审计日志;The first obtaining module 302 is used to obtain the SQL audit log;

第二获取模块304,用于获取保护对象配置信息的内容;A second obtaining module 304, configured to obtain the content of the configuration information of the protected object;

筛选模块306,用于对所述SQL审计日志和所述保护对象配置信息的内容进行筛选,获得审计记录;A screening module 306, configured to screen the contents of the SQL audit log and the configuration information of the protection object to obtain audit records;

匹配模块308,用于对所述审计记录进行规制匹配,获得新的审计记录;a matching module 308, configured to perform regulation matching on the audit record to obtain a new audit record;

插入模块310,用于将所述新的审计记录插入审计系统的数据库。The inserting module 310 is used for inserting the new audit record into the database of the audit system.

本发明实施例提供的云上数据库审计装置,通过第一获取模块获取SQL审计日志,然后通过第二获取模块获取保护对象配置信息的内容,接着通过筛选模块对所述SQL审计日志和所述保护对象配置信息的内容进行筛选,获得审计记录,进一步地,通过匹配模块对所述审计记录进行规制匹配,获得新的审计记录,最后通过插入模块将所述新的审计记录插入审计系统的数据库,由此能够实现对云上数据库的审计,从而保证云上数据库中数据的安全。In the cloud database auditing device provided by the embodiment of the present invention, the SQL audit log is acquired through the first acquisition module, the content of the configuration information of the protection object is acquired through the second acquisition module, and then the SQL audit log and the protection object are acquired through the screening module. The content of the object configuration information is screened to obtain audit records, and further, the audit records are regulated and matched through the matching module to obtain new audit records, and finally the new audit records are inserted into the database of the audit system through the insert module, In this way, the auditing of the database on the cloud can be realized, thereby ensuring the security of the data in the database on the cloud.

可选的,在装置的其他实施例中,请参照图3所示,装置300还包括:Optionally, in other embodiments of the apparatus, please refer to FIG. 3 , the apparatus 300 further includes:

分割模块312,用于对所述SQL审计日志内容的字段进行字符分割,获取主机地址字段。The segmentation module 312 is configured to perform character segmentation on the fields of the SQL audit log content to obtain the host address field.

可选的,在装置的其他实施例中,第一获取模块302具体用于:Optionally, in other embodiments of the apparatus, the first obtaining module 302 is specifically configured to:

显示配置页面;display the configuration page;

获取基于所述配置页面输入的注册信息;Obtain the registration information entered based on the configuration page;

根据所述注册信息调用API接口,获得SQL审计日志。Call the API interface according to the registration information to obtain the SQL audit log.

可选的,在装置的其他实施例中,筛选模块306具体用于:Optionally, in other embodiments of the apparatus, the screening module 306 is specifically configured to:

基于相同的字段和/或IP地址,将所述SQL审计日志的内容与审计系统中保护对象配置的内容进行结合,获得审计记录。Based on the same field and/or IP address, the content of the SQL audit log is combined with the content of the protection object configuration in the audit system to obtain an audit record.

将所述主机地址字段与IP地址进行比对;comparing the host address field with the IP address;

若所述主机地址字段与IP地址一致,则将所述SQL审计日志的内容和保护对象配置的内容进行结合,获得审计记录。If the host address field is consistent with the IP address, the content of the SQL audit log and the content of the protection object configuration are combined to obtain an audit record.

将所述SQL审计日志内容的字段与保护对象配置的内容的字段进行比对;Compare the fields of the SQL audit log content with the fields of the content configured by the protection object;

若一致,则将所述SQL审计日志的字段对应的内容与审计系统中保护对象配置的字段对应的内容进行结合,获得审计记录。If they are consistent, the content corresponding to the field of the SQL audit log is combined with the content corresponding to the field configured in the protection object in the audit system to obtain an audit record.

可选的,在装置的其他实施例中,匹配模块308具体用于:Optionally, in other embodiments of the apparatus, the matching module 308 is specifically configured to:

将所述审计记录与规则引擎调用的规则进行匹配,以填充所述审计记录中的字段,获得新的审计记录。Matching the audit record with the rules invoked by the rule engine to fill the fields in the audit record to obtain a new audit record.

需要说明的是,上述云上数据库审计装置可执行本发明实施例提供的云上数据库审计方法,具备执行方法应用的功能模块和有益效果,未在本发明云上数据库审计装置实施例中详尽描述的技术细节,可参考本发明实施例提供的云上数据库审计方法。It should be noted that the above-mentioned cloud database auditing apparatus can execute the cloud database auditing method provided by the embodiments of the present invention, and has functional modules and beneficial effects for executing the method application, which are not described in detail in the embodiments of the cloud database auditing apparatus of the present invention. For technical details, refer to the cloud database auditing method provided by the embodiment of the present invention.

本发明实施例还提供了一种非易失性计算机可读存储介质,所述计算机可读存储介质存储有计算机可执行指令,该计算机可执行指令被一个或者多个处理器执行时,可使得上述一个或者多个处理器可执行上述任意方法实施例中的云上数据库审计方法。Embodiments of the present invention further provide a non-volatile computer-readable storage medium, where the computer-readable storage medium stores computer-executable instructions, and when the computer-executable instructions are executed by one or more processors, can cause The above-mentioned one or more processors can execute the method for auditing a database on the cloud in any of the above-mentioned method embodiments.

本发明实施例的服务器以多种形式存在,包括但不限于:The server of the embodiment of the present invention exists in various forms, including but not limited to:

(1)塔式服务器(1) Tower server

一般的塔式服务器机箱和我们常用的PC机箱差不多,而大型的塔式机箱就要粗大很多,总的来说外形尺寸没有固定标准。The general tower server case is similar to our commonly used PC case, and the large tower case is much thicker. In general, there is no fixed standard for the external dimensions.

(2)机架式服务器(2) Rack server

机架式服务器是由于满足企业的密集部署,形成的以19英寸机架作为标准宽度的服务器类型,高度则从1U到数U。将服务器放置到机架上,并不仅仅有利于日常的维护及管理,也可能避免意想不到的故障。首先,放置服务器不占用过多空间。机架服务器整齐地排放在机架中,不会浪费空间。其次,连接线等也能够整齐地收放到机架里。电源线和LAN线等全都能在机柜中布好线,可以减少堆积在地面上的连接线,从而防止脚踢掉电线等事故的发生。规定的尺寸是服务器的宽(48.26cm=19英寸)与高(4.445cm的倍数)。由于宽为19英寸,所以有时也将满足这一规定的机架称为“19英寸机架”。Rack-mounted servers are a type of server with a standard width of 19-inch racks, and the height ranges from 1U to several U, due to the dense deployment of enterprises. Placing servers on racks is not only beneficial for routine maintenance and management, but may also avoid unexpected failures. First, place the server without taking up too much space. Rack servers are neatly arranged in the rack without wasting space. Secondly, cables, etc. can also be neatly stored in the rack. All power cables and LAN cables can be routed in the cabinet, which can reduce the number of connection cables accumulated on the ground, thereby preventing accidents such as kicking off the cables. The specified dimensions are the width (48.26cm=19 inches) and height (multiples of 4.445cm) of the server. Racks that meet this requirement are sometimes referred to as "19-inch racks" because they are 19 inches wide.

(3)刀片式服务器(3) Blade server

刀片服务器是一种HAHD(High Availability High Density,高可用高密度)的低成本服务器平台,是专门为特殊应用行业和高密度计算机环境设计的,其中每一块“刀片”实际上就是一块系统母板,类似于一个个独立的服务器。在这种模式下,每一个母板运行自己的系统,服务于指定的不同用户群,相互之间没有关联。不过可以使用系统软件将这些母板集合成一个服务器集群。在集群模式下,所有的母板可以连接起来提供高速的网络环境,可以共享资源,为相同的用户群服务。Blade server is a low-cost server platform of HAHD (High Availability High Density, High Availability High Density), which is specially designed for special application industries and high-density computer environments. Each "blade" is actually a system motherboard. , similar to an independent server. In this mode, each motherboard runs its own system, serving different user groups specified, and is not related to each other. However, these motherboards can be aggregated into a server cluster using system software. In cluster mode, all motherboards can be connected to provide a high-speed network environment, and can share resources to serve the same user group.

(4)云服务器(4) Cloud server

云服务器(Elastic Compute Service,ECS)是一种简单高效、安全可靠、处理能力可弹性伸缩的计算服务。其管理方式比物理服务器更简单高效,用户无需提前购买硬件,即可迅速创建或释放任意多台云服务器。云服务器的分布式存储用于将大量服务器整合为一台超级计算机,提供大量的数据存储和处理服务。分布式文件系统、分布式数据库允许访问共同存储资源,实现应用数据文件的IO共享。虚拟机可以突破单个物理机的限制,动态的资源调整与分配消除服务器及存储设备的单点故障,实现高可用性。A cloud server (Elastic Compute Service, ECS) is a simple, efficient, safe and reliable computing service with scalable processing capabilities. Its management method is simpler and more efficient than physical servers, and users can quickly create or release any number of cloud servers without purchasing hardware in advance. The distributed storage of cloud servers is used to integrate a large number of servers into a supercomputer, providing a large amount of data storage and processing services. Distributed file systems and distributed databases allow access to common storage resources and realize IO sharing of application data files. The virtual machine can break through the limitation of a single physical machine, and the dynamic resource adjustment and allocation can eliminate the single point of failure of servers and storage devices, and achieve high availability.

以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。The device embodiments described above are only illustrative, wherein the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed over multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment.

通过以上的实施方式的描述,本领域普通技术人员可以清楚地了解到各实施方式可借助软件加通用硬件平台的方式来实现,当然也可以通过硬件。本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读From the description of the above embodiments, those of ordinary skill in the art can clearly understand that each embodiment can be implemented by means of software plus a general hardware platform, and certainly can also be implemented by hardware. Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be completed by instructing the relevant hardware through a computer program, and the program can be stored in a computer-readable storage medium, and the program is During execution, it may include the processes of the embodiments of the above-mentioned methods. Wherein, the storage medium can be a magnetic disk, an optical disk, a read-only

存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random AccessMemory,RAM)等。Storage memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) and so on.

最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;在本发明的思路下,以上实施例或者不同实施例中的技术特征之间也可以进行组合,步骤可以以任意顺序实现,并存在如上所述的本发明的不同方面的许多其它变化,为了简明,它们没有在细节中提供;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, but not to limit them; under the idea of the present invention, the technical features in the above embodiments or different embodiments can also be combined, The steps may be carried out in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity; although the invention has been The skilled person should understand that it is still possible to modify the technical solutions recorded in the foregoing embodiments, or to perform equivalent replacements on some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the implementation of the present invention. scope of technical solutions.

Claims (10)

1.一种云上数据库审计方法,其特征在于,所述方法包括:1. A cloud database auditing method, wherein the method comprises: 获取SQL审计日志;Get SQL audit log; 获取保护对象配置信息的内容;Obtain the content of the configuration information of the protected object; 对所述SQL审计日志和所述保护对象配置信息的内容进行筛选,获得审计记录;Screening the content of the SQL audit log and the protection object configuration information to obtain audit records; 对所述审计记录进行规制匹配,获得新的审计记录;Perform regulatory matching on the audit records to obtain new audit records; 将所述新的审计记录插入审计系统的数据库。The new audit record is inserted into the database of the audit system. 2.根据权利要求1所述的方法,其特征在于,所述获取SQL审计日志,包括:2. method according to claim 1, is characterized in that, described obtaining SQL audit log, comprises: 显示配置页面;display the configuration page; 获取基于所述配置页面输入的注册信息;Obtain the registration information entered based on the configuration page; 根据所述注册信息调用API接口,获得SQL审计日志。Call the API interface according to the registration information to obtain the SQL audit log. 3.根据权利要求1或2所述的方法,其特征在于,所述对所述SQL审计日志和所述保护对象配置信息的内容进行筛选,获得审计记录,包括:3. The method according to claim 1 or 2, wherein the filtering of the content of the SQL audit log and the protection object configuration information to obtain an audit record, comprising: 基于相同的字段和/或IP地址,将所述SQL审计日志的内容与审计系统中保护对象配置的内容进行结合,获得审计记录。Based on the same field and/or IP address, the content of the SQL audit log is combined with the content of the protection object configuration in the audit system to obtain an audit record. 4.根据权利要求3所述的方法,其特征在于,所述基于IP地址,将所述SQL审计日志的内容与审计系统中保护对象配置的内容进行结合,获得审计记录之前,所述方法还包括:4. The method according to claim 3, wherein, based on the IP address, the content of the SQL audit log is combined with the content of the protection object configuration in the audit system, before obtaining the audit record, the method also include: 对所述SQL审计日志内容的字段进行字符分割,获取主机地址字段。Character segmentation is performed on the fields of the SQL audit log content to obtain the host address field. 5.根据权利要求4所述的方法,其特征在于,所述基于IP地址,将所述SQL审计日志的内容与审计系统中保护对象配置的内容进行结合,获得审计记录,包括:5. The method according to claim 4, wherein, based on the IP address, the content of the SQL audit log is combined with the content of the protection object configuration in the audit system to obtain an audit record, comprising: 将所述主机地址字段与IP地址进行比对;comparing the host address field with the IP address; 若所述主机地址字段与IP地址一致,则将所述SQL审计日志的内容和保护对象配置的内容进行结合,获得审计记录。If the host address field is consistent with the IP address, the content of the SQL audit log and the content of the protection object configuration are combined to obtain an audit record. 6.根据权利要求3所述的方法,其特征在于,所述基于相同的字段,将所述SQL审计日志的内容与审计系统中保护对象配置的内容进行结合,获得审计记录,包括:6. The method according to claim 3, wherein, based on the same field, the content of the SQL audit log is combined with the content of the protection object configuration in the audit system to obtain an audit record, comprising: 将所述SQL审计日志内容的字段与保护对象配置的内容的字段进行比对;Compare the fields of the SQL audit log content with the fields of the content configured by the protection object; 若一致,则将所述SQL审计日志的字段对应的内容与审计系统中保护对象配置的字段对应的内容进行结合,获得审计记录。If they are consistent, the content corresponding to the field of the SQL audit log is combined with the content corresponding to the field configured in the protection object in the audit system to obtain an audit record. 7.根据权利要求1所述的方法,其特征在于,所述对所述审计记录进行规制匹配,获得新的审计记录,包括:7. The method according to claim 1, wherein, performing regulation matching on the audit record to obtain a new audit record, comprising: 将所述审计记录与规则引擎调用的规则进行匹配,以填充所述审计记录中的字段,获得新的审计记录。Matching the audit record with the rules invoked by the rule engine to fill the fields in the audit record to obtain a new audit record. 8.一种云上数据库审计装置,其特征在于,包括:8. A database auditing device on the cloud, comprising: 第一获取模块,用于获取SQL审计日志;The first obtaining module is used to obtain the SQL audit log; 第二获取模块,用于获取保护对象配置信息的内容;The second acquisition module is used to acquire the content of the configuration information of the protected object; 筛选模块,用于对所述SQL审计日志和所述保护对象配置信息的内容进行筛选,获得审计记录;a screening module, used for screening the content of the SQL audit log and the configuration information of the protection object to obtain audit records; 匹配模块,用于对所述审计记录进行规制匹配,获得新的审计记录;a matching module, configured to perform regulation matching on the audit records to obtain new audit records; 插入模块,用于将所述新的审计记录插入审计系统的数据库。The inserting module is used for inserting the new audit record into the database of the audit system. 9.一种服务器,其特征在于,包括:9. A server, characterized in that, comprising: 至少一个处理器;以及,at least one processor; and, 与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein, 所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行权利要求1-7任一项所述的方法。The memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform the execution of any of claims 1-7 method. 10.一种非易失性计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机可执行指令,当所述计算机可执行指令被处理器所执行时,使所述处理器执行如权利要求1-7任一项所述的方法。10. A non-volatile computer-readable storage medium, wherein the computer-readable storage medium stores computer-executable instructions that, when executed by a processor, cause the processing The controller performs the method of any one of claims 1-7.
CN202011459765.3A 2020-12-11 2020-12-11 A cloud database audit method, device and server Active CN112416909B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011459765.3A CN112416909B (en) 2020-12-11 2020-12-11 A cloud database audit method, device and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011459765.3A CN112416909B (en) 2020-12-11 2020-12-11 A cloud database audit method, device and server

Publications (2)

Publication Number Publication Date
CN112416909A true CN112416909A (en) 2021-02-26
CN112416909B CN112416909B (en) 2024-11-26

Family

ID=74775671

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011459765.3A Active CN112416909B (en) 2020-12-11 2020-12-11 A cloud database audit method, device and server

Country Status (1)

Country Link
CN (1) CN112416909B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114443739A (en) * 2022-04-08 2022-05-06 北京华顺信安科技有限公司 Method and device for extracting product version number

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101075256A (en) * 2007-06-08 2007-11-21 北京神舟航天软件技术有限公司 System and method for real-time auditing and analyzing database
CN103329129A (en) * 2011-01-12 2013-09-25 国际商业机器公司 Multi-tenant audit awareness in support of cloud environments
CN103428177A (en) * 2012-05-18 2013-12-04 中兴通讯股份有限公司 Configuration and generation method and device for cloud environment audit logs and/or security events
CN106815125A (en) * 2015-12-02 2017-06-09 阿里巴巴集团控股有限公司 A kind of log audit method and platform
CN107908651A (en) * 2017-10-12 2018-04-13 北京人大金仓信息技术股份有限公司 A kind of auditing method of distributed type assemblies
CN108011925A (en) * 2017-11-01 2018-05-08 北京神州绿盟信息安全科技股份有限公司 A kind of operating audit system and method
CN109325044A (en) * 2018-09-20 2019-02-12 快云信息科技有限公司 A kind of the audit log processing method and relevant apparatus of database
WO2019067997A1 (en) * 2017-09-30 2019-04-04 Oracle International Corporation Autonomous multitenant database cloud service framework
CN109582539A (en) * 2018-12-03 2019-04-05 上海热璞网络科技有限公司 A kind of database audit method and system
CN109729147A (en) * 2018-11-28 2019-05-07 国云科技股份有限公司 Multi-tenant supporting auditing system in cloud environment and implementation method
CN110134653A (en) * 2019-05-17 2019-08-16 杭州安恒信息技术股份有限公司 A method and system for using logs to assist database auditing
CN110619227A (en) * 2019-09-12 2019-12-27 北京浪潮数据技术有限公司 Audit log management method, device, equipment and readable storage medium
CN111177779A (en) * 2019-12-24 2020-05-19 深圳昂楷科技有限公司 Database auditing method, device thereof, electronic equipment and computer storage medium
CN111740868A (en) * 2020-07-07 2020-10-02 腾讯科技(深圳)有限公司 Alarm data processing method and device and storage medium
CN111988295A (en) * 2020-08-11 2020-11-24 程星星 Database auditing method and device, WEB server, database auditing system and storage medium

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101075256A (en) * 2007-06-08 2007-11-21 北京神舟航天软件技术有限公司 System and method for real-time auditing and analyzing database
CN103329129A (en) * 2011-01-12 2013-09-25 国际商业机器公司 Multi-tenant audit awareness in support of cloud environments
CN103428177A (en) * 2012-05-18 2013-12-04 中兴通讯股份有限公司 Configuration and generation method and device for cloud environment audit logs and/or security events
CN106815125A (en) * 2015-12-02 2017-06-09 阿里巴巴集团控股有限公司 A kind of log audit method and platform
WO2019067997A1 (en) * 2017-09-30 2019-04-04 Oracle International Corporation Autonomous multitenant database cloud service framework
CN107908651A (en) * 2017-10-12 2018-04-13 北京人大金仓信息技术股份有限公司 A kind of auditing method of distributed type assemblies
CN108011925A (en) * 2017-11-01 2018-05-08 北京神州绿盟信息安全科技股份有限公司 A kind of operating audit system and method
CN109325044A (en) * 2018-09-20 2019-02-12 快云信息科技有限公司 A kind of the audit log processing method and relevant apparatus of database
CN109729147A (en) * 2018-11-28 2019-05-07 国云科技股份有限公司 Multi-tenant supporting auditing system in cloud environment and implementation method
CN109582539A (en) * 2018-12-03 2019-04-05 上海热璞网络科技有限公司 A kind of database audit method and system
CN110134653A (en) * 2019-05-17 2019-08-16 杭州安恒信息技术股份有限公司 A method and system for using logs to assist database auditing
CN110619227A (en) * 2019-09-12 2019-12-27 北京浪潮数据技术有限公司 Audit log management method, device, equipment and readable storage medium
CN111177779A (en) * 2019-12-24 2020-05-19 深圳昂楷科技有限公司 Database auditing method, device thereof, electronic equipment and computer storage medium
CN111740868A (en) * 2020-07-07 2020-10-02 腾讯科技(深圳)有限公司 Alarm data processing method and device and storage medium
CN111988295A (en) * 2020-08-11 2020-11-24 程星星 Database auditing method and device, WEB server, database auditing system and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
安鹏: "基于云架构的统一审计平台设计与实现", 中国优秀硕士学位论文全文数据库 (信息科技辑), pages 138 - 573 *
赵维佺 等: "面向多类型数据库的安全审计系统设计", 网络安全技术与应用, pages 41 - 45 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114443739A (en) * 2022-04-08 2022-05-06 北京华顺信安科技有限公司 Method and device for extracting product version number

Also Published As

Publication number Publication date
CN112416909B (en) 2024-11-26

Similar Documents

Publication Publication Date Title
US11863580B2 (en) Modeling application dependencies to identify operational risk
Khan et al. Cloud log forensics: Foundations, state of the art, and future directions
KR102264288B1 (en) Systems and methods for monitoring cloud-based operating system events and data access
US10264025B2 (en) Security policy generation for virtualization, bare-metal server, and cloud computing environments
US9501345B1 (en) Method and system for creating enriched log data
EP3876122B1 (en) System, method and computer readable medium for identifying missing organizational security detection system rules
US20180027006A1 (en) System and method for securing an enterprise computing environment
US20180137306A1 (en) Container update system
CN113489713B (en) Network attack detection method, device, equipment and storage medium
CN116601630A (en) Generating defensive target database attacks through dynamic honey database responses
US9720999B2 (en) Meta-directory control and evaluation of events
US11449579B2 (en) File-based software application discovery
CN114124414B (en) Method and device for generating honey service, method for capturing attack behavior data, computer equipment and storage medium
US12438902B2 (en) Event-driven monitoring of resources in a cloud computing environment
US20250085871A1 (en) Systems, methods and computer readable media for software defined storage security protection
CN119895782A (en) System and method for generating standardized event logs for cloud detection and response in a multi-tier cloud environment
US20250265049A1 (en) Systems, Methods, And Devices for Automatic Application Programming Interface Model Generation Based on Network Traffic
US20230252147A1 (en) System and method for cloud-based operating system event and data access monitoring
CN112416909A (en) Cloud database auditing method and device and server
US20210274021A1 (en) Securing internal services in a distributed environment
US20090222876A1 (en) Positive multi-subsystems security monitoring (pms-sm)
WO2022046225A1 (en) Automated code analysis tool
US10572805B2 (en) Service modeling and execution
CN112433878A (en) Method and device for recovering data in damaged relational database
Haar et al. Securing orchestrated containers with bsi module sys. 1.6

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant