diff --git a/.flocks/flockshub/index.json b/.flocks/flockshub/index.json index 1316944dd..1d4147397 100644 --- a/.flocks/flockshub/index.json +++ b/.flocks/flockshub/index.json @@ -14544,6 +14544,73 @@ "trust": "community", "riskLevel": "medium", "manifestPath": "plugins/skills/Anthropic-Cybersecurity-Skills/validating-backup-integrity-for-recovery/manifest.json" + }, + { + "id": "chaitin_muyun_api_v3", + "type": "device", + "name": "Chaitin Muyun", + "description": "Chaitin Muyun host security platform JSON-RPC API 3.0 integration.", + "version": "3.0", + "category": "integration", + "tags": [ + "edr", + "hids", + "vulnerability", + "integration" + ], + "useCases": [ + "integration", + "incident-response", + "vulnerability-management" + ], + "trust": "official", + "riskLevel": "low", + "manifestPath": "plugins/tools/device/chaitin_muyun_api_v3/manifest.json", + "descriptionCn": "长亭牧云主机安全平台 API 3.0 接入。" + }, + { + "id": "chaitin_safeline_waf_v1_0_0", + "type": "device", + "name": "Chaitin SafeLine WAF", + "description": "Chaitin SafeLine WAF OpenAPI integration.", + "version": "1.0.0", + "category": "integration", + "tags": [ + "waf", + "web-security", + "integration" + ], + "useCases": [ + "integration", + "threat-detection", + "log-analysis" + ], + "trust": "official", + "riskLevel": "low", + "manifestPath": "plugins/tools/device/chaitin_safeline_waf_v1_0_0/manifest.json", + "descriptionCn": "长亭雷池 WAF OpenAPI 接入。" + }, + { + "id": "chaitin_dongjian_v2_8", + "type": "device", + "name": "Chaitin Dongjian", + "description": "Chaitin Dongjian (X-Ray) security assessment system OpenAPI V2.8 integration.", + "version": "2.8", + "category": "integration", + "tags": [ + "vulnerability", + "web-security", + "integration" + ], + "useCases": [ + "integration", + "vulnerability-management", + "security-reporting" + ], + "trust": "official", + "riskLevel": "low", + "manifestPath": "plugins/tools/device/chaitin_dongjian_v2_8/manifest.json", + "descriptionCn": "长亭洞鉴(X-Ray)安全评估系统 OpenAPI V2.8 接入。" } ] } diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/_provider.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/_provider.yaml new file mode 100644 index 000000000..11fed5924 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/_provider.yaml @@ -0,0 +1,40 @@ +name: chaitin_dongjian +vendor: chaitin +service_id: chaitin_dongjian_api +version: "2.8" +integration_type: device +description: > + Chaitin Dongjian (X-Ray) security assessment system OpenAPI V2.8 + integration. Configure the device URL and API Token. The handler normalizes + the base URL to /api/v2. +description_cn: > + 长亭洞鉴(X-Ray)安全评估系统 OpenAPI V2.8 接入。配置设备地址和 API Token; + handler 会将地址归一化到 /api/v2。 +auth: + type: custom + secret: chaitin_dongjian_token +credential_fields: + - key: base_url + label: 设备地址 + storage: config + config_key: base_url + input_type: url + required: true + placeholder: "https://dongjian.example.com" + - key: token + label: API Token + storage: secret + config_key: token + secret_id: chaitin_dongjian_token + input_type: password + required: true +defaults: + timeout: 30 + category: custom + product_version: "OpenAPI V2.8" + verify_ssl: false +notes: | + 认证规则来自《洞鉴(X-Ray)安全评估系统OpenAPI接口文档(标准版)V2.8》: + - 所有 API 请求需要在请求头 token 中携带认证信息。 + - 接口路径基于 /api/v2,例如 GET /api/v2/project/?limit=1&offset=0。 + - GET 用于获取指定数据;POST /filter/ 用于批量筛选查询。 diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/_test.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/_test.yaml new file mode 100644 index 000000000..223818a67 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/_test.yaml @@ -0,0 +1,59 @@ +schema_version: 1 +provider: chaitin_dongjian_api + +connectivity: + tool: chaitin_dongjian_projects + params: + action: project_list + limit: 1 + offset: 0 + +fixtures: + chaitin_dongjian_projects: + - label: List projects + label_cn: 查询组织单位列表 + tags: [smoke] + params: + action: project_list + limit: 10 + offset: 0 + assert: + success: true + + chaitin_dongjian_tasks: + - label: Filter scan task instances + label_cn: 筛选任务实例 + tags: [task] + params: + action: xprocess_filter + body: + limit: 10 + offset: 0 + + chaitin_dongjian_results: + - label: Filter vulnerabilities + label_cn: 筛选漏洞资产 + tags: [vulnerability] + params: + action: vuln_filter + body: + limit: 10 + offset: 0 + + chaitin_dongjian_api_readonly: + - label: Show API catalog + label_cn: 查看 API 目录 + tags: [api] + params: + action: api_catalog + assert: + success: true + + chaitin_dongjian_api_mutation: + - label: Show API catalog before confirmed mutation + label_cn: 变更调用前查看 API 目录 + tags: [api, mutation] + params: + action: api_catalog + assert: + success: true diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian.handler.py b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian.handler.py new file mode 100644 index 000000000..00dfe3105 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian.handler.py @@ -0,0 +1,371 @@ +from __future__ import annotations + +import asyncio +import json +import os +from pathlib import Path +from typing import Any, Callable + +import requests + +from flocks.config.config_writer import ConfigWriter +from flocks.security import get_secret_manager +from flocks.tool.registry import ToolContext, ToolResult + + +SERVICE_ID = "chaitin_dongjian_api" +STORAGE_KEY = "chaitin_dongjian_v2_8" +PRODUCT_VERSION = "OpenAPI V2.8" +DEFAULT_TIMEOUT = 30 +DEFAULT_VERIFY_SSL = False +CATALOG_FILE = Path(__file__).with_name("chaitin_dongjian_api_catalog.json") + + +class ChaitinDongjianError(RuntimeError): + pass + + +class RuntimeConfig: + def __init__( + self, + *, + base_url: str, + token: str, + verify_ssl: bool, + timeout: int, + ) -> None: + self.base_url = base_url + self.token = token + self.verify_ssl = verify_ssl + self.timeout = timeout + + +def _resolve_ref(value: Any) -> str: + if value is None: + return "" + if not isinstance(value, str): + return str(value) + if value.startswith("{secret:") and value.endswith("}"): + return get_secret_manager().get(value[len("{secret:") : -1]) or "" + if value.startswith("{env:") and value.endswith("}"): + return os.getenv(value[len("{env:") : -1], "") + return value + + +def _raw_service_config() -> dict[str, Any]: + raw = ConfigWriter.get_api_service_raw(SERVICE_ID) + if not isinstance(raw, dict): + raw = ConfigWriter.get_api_service_raw(STORAGE_KEY) + return raw if isinstance(raw, dict) else {} + + +def _config_value(raw: dict[str, Any], *keys: str) -> Any: + for key in keys: + if raw.get(key) is not None: + return raw[key] + custom_settings = raw.get("custom_settings") + if isinstance(custom_settings, dict): + for key in keys: + if custom_settings.get(key) is not None: + return custom_settings[key] + return None + + +def _as_bool(value: Any, default: bool) -> bool: + if value is None: + return default + if isinstance(value, bool): + return value + if isinstance(value, str): + text = value.strip().lower() + if text in {"1", "true", "yes", "on"}: + return True + if text in {"0", "false", "no", "off"}: + return False + return bool(value) + + +def _normalize_base_url(base_url: str) -> str: + text = base_url.strip().rstrip("/") + if not text.endswith("/api/v2"): + text = f"{text}/api/v2" + return text.rstrip("/") + + +def resolve_config() -> RuntimeConfig: + raw = _raw_service_config() + base_url = ( + _resolve_ref(_config_value(raw, "base_url", "baseUrl")) + or os.getenv("CHAITIN_DONGJIAN_BASE_URL", "") + ) + if not base_url: + raise ChaitinDongjianError("Chaitin Dongjian base_url is not configured") + + token = ( + _resolve_ref(_config_value(raw, "token", "api_token", "apiToken")) + or get_secret_manager().get("chaitin_dongjian_token") + or get_secret_manager().get(f"{SERVICE_ID}_token") + or os.getenv("CHAITIN_DONGJIAN_TOKEN", "") + ) + if not token: + raise ChaitinDongjianError("Chaitin Dongjian token is not configured") + + try: + timeout = int(_config_value(raw, "timeout") or DEFAULT_TIMEOUT) + except (TypeError, ValueError): + timeout = DEFAULT_TIMEOUT + verify_ssl = _as_bool( + _config_value(raw, "verify_ssl", "ssl_verify", "verifySsl") + if _config_value(raw, "verify_ssl", "ssl_verify", "verifySsl") is not None + else os.getenv("CHAITIN_DONGJIAN_VERIFY_SSL"), + DEFAULT_VERIFY_SSL, + ) + return RuntimeConfig( + base_url=_normalize_base_url(base_url), + token=token, + verify_ssl=verify_ssl, + timeout=timeout, + ) + + +def _render_path(path: str, args: dict[str, Any]) -> str: + rendered = path + path_params = args.get("path_params") if isinstance(args.get("path_params"), dict) else {} + for key, value in {**path_params, **args}.items(): + if isinstance(key, str): + rendered = rendered.replace("{" + key + "}", str(value)) + if "{" in rendered or "}" in rendered: + raise ChaitinDongjianError(f"Missing path parameter for {path}") + return rendered + + +class DongjianClient: + def __init__(self, config: RuntimeConfig) -> None: + self.config = config + + def request( + self, + method: str, + path: str, + *, + query: dict[str, Any] | None = None, + body: Any = None, + ) -> Any: + url = f"{self.config.base_url}{path}" + headers = { + "Accept": "application/json", + "token": self.config.token, + } + if method.upper() in {"POST", "PUT", "DELETE", "PATCH"}: + headers["Content-Type"] = "application/json" + response = requests.request( + method.upper(), + url, + params={k: v for k, v in (query or {}).items() if v is not None}, + json=body if body not in (None, "") else None, + headers=headers, + timeout=self.config.timeout, + verify=self.config.verify_ssl, + ) + return _json_response(response) + + +def _json_response(response: requests.Response) -> Any: + try: + payload = response.json() + except ValueError as exc: + raise ChaitinDongjianError(f"Invalid JSON response: HTTP {response.status_code}") from exc + if response.status_code >= 400: + raise ChaitinDongjianError(f"HTTP {response.status_code}: {payload}") + if isinstance(payload, dict) and payload.get("err") not in (None, ""): + raise ChaitinDongjianError(str(payload.get("msg") or payload.get("err"))) + return payload + + +def _ok(data: Any, *, action: str) -> ToolResult: + return ToolResult( + success=True, + output=data, + metadata={"source": "Chaitin Dongjian", "version": PRODUCT_VERSION, "action": action}, + ) + + +def get_client() -> DongjianClient: + return DongjianClient(resolve_config()) + + +def _request_args(args: dict[str, Any], default_method: str, default_path: str) -> tuple[str, str, dict[str, Any], Any]: + method = str(args.get("method") or default_method).upper() + path = _render_path(str(args.get("path") or default_path), args) + query = args.get("query") if isinstance(args.get("query"), dict) else {} + body = args.get("body") + if method == "GET" and not query: + ignored = {"action", "method", "path", "query", "body", "path_params"} + query = {k: v for k, v in args.items() if k not in ignored and v is not None} + return method, path, dict(query), body + + +def _load_api_catalog() -> list[dict[str, Any]]: + try: + data = json.loads(CATALOG_FILE.read_text(encoding="utf-8")) + except FileNotFoundError: + return [] + entries = data.get("entries") + return entries if isinstance(entries, list) else [] + + +def _catalog_pairs(kind: str) -> set[tuple[str, str]]: + return { + (str(entry.get("method", "")).upper(), str(entry.get("path", ""))) + for entry in _load_api_catalog() + if entry.get("kind") == kind and entry.get("method") and entry.get("path") + } + + +READONLY_ACTIONS: dict[str, tuple[str, str]] = { + "project_list": ("GET", "/project/"), + "project_filter": ("POST", "/project/filter/"), + "template_list": ("GET", "/template/"), + "plan_filter": ("POST", "/plan/filter/"), + "plan_detail": ("GET", "/plan/{id}/"), + "plugin_filter": ("POST", "/plugin/filter/"), + "engine_filter": ("POST", "/engine/filter/"), + "xprocess_filter": ("POST", "/xprocess/filter/"), + "xprocess_detail": ("GET", "/xprocess/{id}/"), + "xprocess_progress": ("GET", "/xprocess/{id}/progress/"), + "result_filter": ("POST", "/result/filter/"), + "result_detail": ("GET", "/result/{id}/"), + "website_filter": ("POST", "/website/filter/"), + "host_filter": ("POST", "/ip/filter/"), + "service_filter": ("POST", "/service/filter/"), + "domain_filter": ("POST", "/domain/filter/"), + "vuln_filter": ("POST", "/vuln/filter/"), + "vuln_detail": ("GET", "/vuln/{id}/"), + "auditlog_filter": ("POST", "/auditlog/filter/"), + "report_filter": ("POST", "/report/filter/"), + "system_info_mgmt": ("GET", "/system/info/mgmt/"), + "system_services": ("GET", "/system/info/services/"), +} + + +PROJECT_ACTIONS = {"project_list", "project_filter", "template_list"} +TASK_ACTIONS = { + "plan_filter", + "plan_detail", + "plugin_filter", + "engine_filter", + "xprocess_filter", + "xprocess_detail", + "xprocess_progress", +} +ASSET_ACTIONS = {"website_filter", "host_filter", "service_filter", "domain_filter"} +RESULT_ACTIONS = {"result_filter", "result_detail", "vuln_filter", "vuln_detail", "auditlog_filter", "report_filter"} +SYSTEM_ACTIONS = {"system_info_mgmt", "system_services"} + + +def call_rest(action: str, args: dict[str, Any]) -> ToolResult: + method, path = READONLY_ACTIONS[action] + req_method, req_path, query, body = _request_args(args, method, path) + return _ok(get_client().request(req_method, req_path, query=query, body=body), action=action) + + +def api_catalog(args: dict[str, Any]) -> ToolResult: + del args + catalog = _load_api_catalog() + return _ok( + { + "base_path": "/api/v2", + "catalog_counts": { + "total": len(catalog), + "readonly": sum(1 for entry in catalog if entry.get("kind") == "readonly"), + "mutation": sum(1 for entry in catalog if entry.get("kind") == "mutation"), + }, + "documented_api_catalog": catalog, + "common_actions": { + "projects": sorted(PROJECT_ACTIONS), + "tasks": sorted(TASK_ACTIONS), + "assets": sorted(ASSET_ACTIONS), + "results": sorted(RESULT_ACTIONS), + "system": sorted(SYSTEM_ACTIONS), + }, + }, + action="api_catalog", + ) + + +def rest_call_readonly(args: dict[str, Any]) -> ToolResult: + method, path, query, body = _request_args(args, "GET", "") + if (method, path) not in _catalog_pairs("readonly"): + raise ChaitinDongjianError("Only documented read-only REST method/path pairs are allowed") + return _ok(get_client().request(method, path, query=query, body=body), action="rest_call_readonly") + + +def rest_call_mutation(args: dict[str, Any]) -> ToolResult: + method, path, query, body = _request_args(args, "POST", "") + if (method, path) not in _catalog_pairs("mutation"): + raise ChaitinDongjianError("Only documented mutation REST method/path pairs are allowed") + return _ok(get_client().request(method, path, query=query, body=body), action="rest_call_mutation") + + +ACTION_HANDLERS: dict[str, Callable[[dict[str, Any]], ToolResult]] = { + "api_catalog": api_catalog, + "rest_call_readonly": rest_call_readonly, + "rest_call_mutation": rest_call_mutation, +} +for _action in READONLY_ACTIONS: + ACTION_HANDLERS[_action] = lambda args, action=_action: call_rest(action, args) + + +async def _dispatch(ctx: ToolContext, allowed: set[str], action: str, **params: Any) -> ToolResult: + del ctx + if action == "test": + action = "project_list" + params.setdefault("limit", 1) + params.setdefault("offset", 0) + if action not in allowed: + return ToolResult( + success=False, + error=f"Unsupported Chaitin Dongjian action: {action}. Available: {', '.join(sorted(allowed))}", + ) + try: + return await asyncio.to_thread(ACTION_HANDLERS[action], params) + except ChaitinDongjianError as exc: + return ToolResult( + success=False, + error=str(exc), + metadata={"source": "Chaitin Dongjian", "version": PRODUCT_VERSION, "action": action}, + ) + except Exception as exc: + return ToolResult( + success=False, + error=f"Unexpected Chaitin Dongjian error: {exc}", + metadata={"source": "Chaitin Dongjian", "version": PRODUCT_VERSION, "action": action}, + ) + + +async def projects(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, PROJECT_ACTIONS | {"test"}, action, **params) + + +async def tasks(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, TASK_ACTIONS | {"test"}, action, **params) + + +async def assets(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, ASSET_ACTIONS | {"test"}, action, **params) + + +async def results(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, RESULT_ACTIONS | {"test"}, action, **params) + + +async def system(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, SYSTEM_ACTIONS | {"test"}, action, **params) + + +async def api_readonly(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, {"api_catalog", "rest_call_readonly", *READONLY_ACTIONS.keys(), "test"}, action, **params) + + +async def api_mutation(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, {"api_catalog", "rest_call_mutation"}, action, **params) diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_catalog.json b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_catalog.json new file mode 100644 index 000000000..08c89c657 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_catalog.json @@ -0,0 +1,854 @@ +{ + "schema_version": 1, + "source": "洞鉴(X-Ray)安全评估系统OpenAPI接口文档(标准版)V2.8.pdf", + "base_path": "/api/v2", + "entries": [ + { + "method": "GET", + "path": "/project/", + "kind": "readonly", + "description": "获取组织单位列表", + "page": 24 + }, + { + "method": "POST", + "path": "/project/", + "kind": "mutation", + "description": "创建组织单位", + "page": 25 + }, + { + "method": "POST", + "path": "/project/filter/", + "kind": "readonly", + "description": "功能 2: 根据组织单位全称查询组织单位详情", + "page": 27 + }, + { + "method": "GET", + "path": "/project/{id}/", + "kind": "readonly", + "description": "获取组织单位详情", + "page": 29 + }, + { + "method": "GET", + "path": "/template/", + "kind": "readonly", + "description": "获取策略模版列表", + "page": 32 + }, + { + "method": "GET", + "path": "/template/{id}/", + "kind": "readonly", + "description": "获取策略模版详情", + "page": 33 + }, + { + "method": "POST", + "path": "/plan/filter/", + "kind": "readonly", + "description": "按条件批量获取任务计划列表", + "page": 36 + }, + { + "method": "GET", + "path": "/plan/{id}/", + "kind": "readonly", + "description": "获取任务计划详情", + "page": 38 + }, + { + "method": "DELETE", + "path": "/plan/{id}/", + "kind": "mutation", + "description": "删除任务计划", + "page": 39 + }, + { + "method": "POST", + "path": "/plan/create/", + "kind": "mutation", + "description": "创建任务计划", + "page": 40 + }, + { + "method": "POST", + "path": "/plan/update/", + "kind": "mutation", + "description": "更新任务计划", + "page": 42 + }, + { + "method": "POST", + "path": "/plan/stop/", + "kind": "mutation", + "description": "停止循环任务的循环设置,不影响当前正在扫描的任务实例。", + "page": 44 + }, + { + "method": "POST", + "path": "/plan/execute/", + "kind": "readonly", + "description": "例", + "page": 45 + }, + { + "method": "POST", + "path": "/plugin/filter/", + "kind": "readonly", + "description": "获取漏洞插件列表", + "page": 49 + }, + { + "method": "POST", + "path": "/custom_plugin/filter/", + "kind": "readonly", + "description": "获取自定义插件列表", + "page": 50 + }, + { + "method": "GET", + "path": "/custom_plugin/{id}/", + "kind": "readonly", + "description": "漏洞插件的标识,作为策略配置中插件启用/禁用的输入参数", + "page": 51 + }, + { + "method": "POST", + "path": "/scannerdict/", + "kind": "mutation", + "description": "创建字典", + "page": 52 + }, + { + "method": "DELETE", + "path": "/scannerdict/", + "kind": "mutation", + "description": "删除字典列表", + "page": 53 + }, + { + "method": "POST", + "path": "/scannerdict/filter/", + "kind": "readonly", + "description": "获取字典列表", + "page": 54 + }, + { + "method": "GET", + "path": "/scannerdict/{id}/", + "kind": "readonly", + "description": "获取字典详情", + "page": 55 + }, + { + "method": "POST", + "path": "/portgroup/filter/", + "kind": "readonly", + "description": "获取端口组列表", + "page": 56 + }, + { + "method": "POST", + "path": "/hostlogrule/filter/", + "kind": "readonly", + "description": "则”参数", + "page": 57 + }, + { + "method": "POST", + "path": "/upload_file/", + "kind": "mutation", + "description": "上传文件", + "page": 58 + }, + { + "method": "POST", + "path": "/engine/filter/", + "kind": "readonly", + "description": "获取引擎节点列表", + "page": 59 + }, + { + "method": "GET", + "path": "/reverse_platform/{uuid}/", + "kind": "readonly", + "description": "获取反连平台详情", + "page": 60 + }, + { + "method": "POST", + "path": "/reverse_platform/filter/", + "kind": "readonly", + "description": "获取反连平台列表", + "page": 61 + }, + { + "method": "POST", + "path": "/whitelist/", + "kind": "mutation", + "description": "创建全局白名单", + "page": 62 + }, + { + "method": "POST", + "path": "/whitelist/update/", + "kind": "mutation", + "description": "更新全局白名单", + "page": 65 + }, + { + "method": "POST", + "path": "/whitelist/filter/", + "kind": "readonly", + "description": "获取全局白名单列表", + "page": 67 + }, + { + "method": "GET", + "path": "/whitelist/{id}/", + "kind": "readonly", + "description": "获取全局白名单详情", + "page": 68 + }, + { + "method": "POST", + "path": "/xprocess/filter/", + "kind": "readonly", + "description": "按条件批量获取任务实例列表", + "page": 75 + }, + { + "method": "GET", + "path": "/xprocess/{id}/", + "kind": "readonly", + "description": "获取任务实例", + "page": 77 + }, + { + "method": "GET", + "path": "/xprocess/{id}/progress/", + "kind": "readonly", + "description": "务是否完成应该根据进度提供的 status 判断。", + "page": 78 + }, + { + "method": "POST", + "path": "/xprocess/stop/", + "kind": "readonly", + "description": "结束正在执行过程中的扫描实例", + "page": 80 + }, + { + "method": "POST", + "path": "/xprocess/pause/", + "kind": "mutation", + "description": "暂停正在执行过程中的扫描实例", + "page": 81 + }, + { + "method": "POST", + "path": "/xprocess/resume/", + "kind": "mutation", + "description": "仅能恢复手动暂停的任务实例", + "page": 82 + }, + { + "method": "POST", + "path": "/xprocess/pause/stage/", + "kind": "readonly", + "description": "当前仅支持扫描策略为被动 Web 扫描(流量)的任务", + "page": 83 + }, + { + "method": "POST", + "path": "/xprocess/resume/stage/", + "kind": "readonly", + "description": "仅支持扫描策略为被动 Web 扫描(流量)的任务", + "page": 84 + }, + { + "method": "POST", + "path": "/result/filter/", + "kind": "readonly", + "description": "按条件批量获取任务结果", + "page": 89 + }, + { + "method": "GET", + "path": "/result/{id}/", + "kind": "readonly", + "description": "获取任务结果", + "page": 91 + }, + { + "method": "POST", + "path": "/ssh_key/filter/", + "kind": "readonly", + "description": "按条件批量获取 SSH 认证私钥列表", + "page": 101 + }, + { + "method": "POST", + "path": "/ssh_key/create/", + "kind": "mutation", + "description": "创建 SSH 认证私钥", + "page": 102 + }, + { + "method": "POST", + "path": "/check_sets/filter/", + "kind": "readonly", + "description": "按条件批量获取检查策略列表", + "page": 103 + }, + { + "method": "POST", + "path": "/baseline/task/filter/", + "kind": "readonly", + "description": "按条件批量获取基线任务列表", + "page": 105 + }, + { + "method": "POST", + "path": "/baseline/task/create/", + "kind": "readonly", + "description": "仅支持在线检查", + "page": 107 + }, + { + "method": "POST", + "path": "/baseline/task/stop/", + "kind": "readonly", + "description": "仅支持在线检查", + "page": 111 + }, + { + "method": "POST", + "path": "/baseline/task/execute/", + "kind": "readonly", + "description": "仅支持在线检查", + "page": 112 + }, + { + "method": "POST", + "path": "/process/item/filter/", + "kind": "readonly", + "description": "按条件批量获取检查结果", + "page": 113 + }, + { + "method": "POST", + "path": "/website/", + "kind": "mutation", + "description": "批量增加 Web 站点", + "page": 118 + }, + { + "method": "DELETE", + "path": "/website/", + "kind": "mutation", + "description": "批量删除 Web 站点", + "page": 119 + }, + { + "method": "POST", + "path": "/website/filter/", + "kind": "readonly", + "description": "逐步废弃此 API,改用更精简的 /website/filter/simple", + "page": 120 + }, + { + "method": "POST", + "path": "/website/filter/simple/", + "kind": "readonly", + "description": "按条件批量获取简易版 Web 站点列表", + "page": 121 + }, + { + "method": "GET", + "path": "/website/{id}/", + "kind": "readonly", + "description": "获取 Web 站点详情", + "page": 122 + }, + { + "method": "POST", + "path": "/website/{id}/", + "kind": "mutation", + "description": "修改 Web 站点", + "page": 125 + }, + { + "method": "GET", + "path": "/website/openapi/{id}/", + "kind": "readonly", + "description": "获取 API 资产详情", + "page": 126 + }, + { + "method": "GET", + "path": "/ip/os/", + "kind": "readonly", + "description": "直接调用接口即可获取全量的操作系统列表", + "page": 134 + }, + { + "method": "POST", + "path": "/ip/", + "kind": "mutation", + "description": "批量增加主机", + "page": 135 + }, + { + "method": "DELETE", + "path": "/ip/", + "kind": "mutation", + "description": "批量删除主机", + "page": 136 + }, + { + "method": "POST", + "path": "/ip/filter/", + "kind": "readonly", + "description": "按条件批量获取主机列表", + "page": 137 + }, + { + "method": "GET", + "path": "/ip/{id}/", + "kind": "readonly", + "description": "获取主机资产详情", + "page": 139 + }, + { + "method": "POST", + "path": "/ip/{id}/", + "kind": "mutation", + "description": "修改主机资产", + "page": 142 + }, + { + "method": "GET", + "path": "/service/application_protocol/", + "kind": "readonly", + "description": "获取服务列表", + "page": 146 + }, + { + "method": "POST", + "path": "/service/", + "kind": "mutation", + "description": "批量增加服务", + "page": 147 + }, + { + "method": "DELETE", + "path": "/service/", + "kind": "mutation", + "description": "批量删除服务", + "page": 148 + }, + { + "method": "POST", + "path": "/service/filter/", + "kind": "readonly", + "description": "按条件批量获取服务", + "page": 149 + }, + { + "method": "GET", + "path": "/service/{id}/", + "kind": "readonly", + "description": "获取服务资产", + "page": 151 + }, + { + "method": "POST", + "path": "/service/{id}/", + "kind": "mutation", + "description": "修改服务资产", + "page": 152 + }, + { + "method": "POST", + "path": "/domain/", + "kind": "mutation", + "description": "批量增加域名", + "page": 156 + }, + { + "method": "DELETE", + "path": "/domain/", + "kind": "mutation", + "description": "批量删除域名", + "page": 157 + }, + { + "method": "POST", + "path": "/domain/filter/", + "kind": "readonly", + "description": "逐步废弃此 API,改用更精简的 /domain/filter/simple", + "page": 158 + }, + { + "method": "POST", + "path": "/domain/filter/simple/", + "kind": "readonly", + "description": "按条件批量获取精简的域名", + "page": 159 + }, + { + "method": "GET", + "path": "/domain/{id}/", + "kind": "readonly", + "description": "获取域名资产", + "page": 160 + }, + { + "method": "POST", + "path": "/domain/{id}/", + "kind": "mutation", + "description": "修改域名资产", + "page": 161 + }, + { + "method": "GET", + "path": "/vuln/{id}/", + "kind": "readonly", + "description": "获取漏洞资产详情", + "page": 166 + }, + { + "method": "POST", + "path": "/vuln/{id}/", + "kind": "mutation", + "description": "修改漏洞资产状态", + "page": 170 + }, + { + "method": "DELETE", + "path": "/vuln/", + "kind": "mutation", + "description": "批量删除漏洞资产", + "page": 172 + }, + { + "method": "POST", + "path": "/vuln/filter/", + "kind": "readonly", + "description": "按条件批量获取漏洞列表", + "page": 173 + }, + { + "method": "POST", + "path": "/vuln/retest/", + "kind": "mutation", + "description": "复测漏洞资产", + "page": 177 + }, + { + "method": "GET", + "path": "/vuln/retest/{task_id}/", + "kind": "readonly", + "description": "漏洞资产复测结果获取", + "page": 178 + }, + { + "method": "POST", + "path": "/auditlog/filter/", + "kind": "readonly", + "description": "按条件批量获取审计日志", + "page": 187 + }, + { + "method": "GET", + "path": "/auditlog/action/", + "kind": "readonly", + "description": "审计日志操作类型", + "page": 189 + }, + { + "method": "POST", + "path": "/report/download/", + "kind": "readonly", + "description": "下载报表", + "page": 192 + }, + { + "method": "POST", + "path": "/report/", + "kind": "mutation", + "description": "创建报表", + "page": 193 + }, + { + "method": "POST", + "path": "/report/template/filter/", + "kind": "readonly", + "description": "按条件批量获取报表模版列表", + "page": 195 + }, + { + "method": "POST", + "path": "/report/filter/", + "kind": "readonly", + "description": "按条件批量获取报表列表", + "page": 197 + }, + { + "method": "GET", + "path": "/report/{id}/", + "kind": "readonly", + "description": "查询报表详细信息", + "page": 199 + }, + { + "method": "DELETE", + "path": "/report/{id}/", + "kind": "mutation", + "description": "删除报表", + "page": 200 + }, + { + "method": "DELETE", + "path": "/engine/{id}/", + "kind": "readonly", + "description": "仅超级管理员可进行此操作", + "page": 206 + }, + { + "method": "GET", + "path": "/system/hosts/engine/{id}/", + "kind": "readonly", + "description": "获取指定引擎的静态 host 配置", + "page": 207 + }, + { + "method": "POST", + "path": "/system/hosts/engine/{id}/", + "kind": "mutation", + "description": "设置引擎节点的静态 hosts 配置", + "page": 208 + }, + { + "method": "GET", + "path": "/system/dns/engine/{id}/", + "kind": "readonly", + "description": "获取指定引擎的 dns 配置", + "page": 209 + }, + { + "method": "POST", + "path": "/system/dns/engine/{id}/", + "kind": "mutation", + "description": "设置引擎节点的 dns 配置", + "page": 210 + }, + { + "method": "GET", + "path": "/system/info/engine/{id}/", + "kind": "readonly", + "description": "获取引擎的系统信息", + "page": 211 + }, + { + "method": "GET", + "path": "/system/info/mgmt/", + "kind": "readonly", + "description": "查询管理节点系统信息和负载信息", + "page": 213 + }, + { + "method": "GET", + "path": "/system/info/services/", + "kind": "readonly", + "description": "查询管理节点服务容器名称列表", + "page": 215 + }, + { + "method": "POST", + "path": "/system/info/services/", + "kind": "readonly", + "description": "查询系统服务工作状态和负载信息", + "page": 216 + }, + { + "method": "POST", + "path": "/upload_upgrade_package/", + "kind": "mutation", + "description": "支持引擎升级包、数据库升级包,需要通过文件上传接口上传安装包", + "page": 219 + }, + { + "method": "POST", + "path": "/package/check/", + "kind": "mutation", + "description": "升级前需通过该接口对升级包进行校验", + "page": 220 + }, + { + "method": "POST", + "path": "/engine/upgrade/", + "kind": "mutation", + "description": "升级前需要通过升级包校验接口校验通过,方可升级成功", + "page": 222 + }, + { + "method": "POST", + "path": "/vuln_library/upgrade/", + "kind": "mutation", + "description": "升级前需要通过升级包校验接口校验通过,方可升级成功", + "page": 223 + }, + { + "method": "POST", + "path": "/execution/filter/", + "kind": "readonly", + "description": "执行状态列表", + "page": 224 + }, + { + "method": "POST", + "path": "/customtag/", + "kind": "readonly", + "description": "获取可用自定义 POC 标签列表", + "page": 226 + }, + { + "method": "POST", + "path": "/upload/custompoc/", + "kind": "mutation", + "description": "通过文件上传创建自定义 POC", + "page": 227 + }, + { + "method": "POST", + "path": "/custompoc/", + "kind": "mutation", + "description": "创建自定义 POC", + "page": 228 + }, + { + "method": "DELETE", + "path": "/custompoc/", + "kind": "mutation", + "description": "批量删除自定义 POC", + "page": 230 + }, + { + "method": "POST", + "path": "/custompoc/filter/", + "kind": "readonly", + "description": "按条件批量获取自定义 POC", + "page": 231 + }, + { + "method": "POST", + "path": "/custompoc/update/", + "kind": "mutation", + "description": "修改自定义 POC", + "page": 233 + }, + { + "method": "GET", + "path": "/vuln_category/", + "kind": "readonly", + "description": "获取可用漏洞类型列表", + "page": 235 + }, + { + "method": "POST", + "path": "/business_system/filter/", + "kind": "readonly", + "description": "筛选业务系统列表", + "page": 238 + }, + { + "method": "GET", + "path": "/business_system/{id}/", + "kind": "readonly", + "description": "获取业务系统详情", + "page": 240 + }, + { + "method": "POST", + "path": "/asset_tag/filter/", + "kind": "readonly", + "description": "筛选资产标签列表", + "page": 241 + }, + { + "method": "GET", + "path": "/asset_tag/{id}/", + "kind": "readonly", + "description": "获取资产标签详情", + "page": 242 + }, + { + "method": "POST", + "path": "/network_region/filter/", + "kind": "readonly", + "description": "筛选网络区域列表", + "page": 243 + }, + { + "method": "GET", + "path": "/network_region/{id}/", + "kind": "readonly", + "description": "获取网络区域详情", + "page": 244 + }, + { + "method": "POST", + "path": "/location/filter/", + "kind": "readonly", + "description": "筛选行政区域规划位置", + "page": 245 + }, + { + "method": "GET", + "path": "/location/{id}/", + "kind": "readonly", + "description": "获取行政规划区域详情", + "page": 247 + }, + { + "method": "POST", + "path": "/user/", + "kind": "mutation", + "description": "创建用户", + "page": 250 + }, + { + "method": "DELETE", + "path": "/user/{id}/", + "kind": "mutation", + "description": "删除用户", + "page": 252 + }, + { + "method": "POST", + "path": "/user/filter/", + "kind": "readonly", + "description": "根据用户名筛选用户", + "page": 253 + }, + { + "method": "POST", + "path": "/role/", + "kind": "mutation", + "description": "创建角色", + "page": 255 + }, + { + "method": "POST", + "path": "/role/filter/", + "kind": "readonly", + "description": "根据角色名称筛选角色列表", + "page": 257 + } + ] +} diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_mutation.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_mutation.yaml new file mode 100644 index 000000000..758c5c3d7 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_mutation.yaml @@ -0,0 +1,36 @@ +name: chaitin_dongjian_api_mutation +description: Chaitin Dongjian documented mutation REST caller with confirmation. +description_cn: 长亭洞鉴文档内变更类 REST 调用工具。所有调用都需要确认。 +category: custom +enabled: true +requires_confirmation: true +provider: chaitin_dongjian_api +version: "2.8" +inputSchema: + type: object + properties: + action: + type: string + enum: + - api_catalog + - rest_call_mutation + method: + type: string + description: HTTP 方法,必须和 catalog 中 kind=mutation 的 method/path 匹配。 + path: + type: string + description: REST 路径,例如 /plan/create/。 + path_params: + type: object + description: 路径参数。 + query: + type: object + description: Query string 参数。 + body: + description: JSON body,按洞鉴 OpenAPI V2.8 对应接口填写。 + required: + - action +handler: + type: script + script_file: chaitin_dongjian.handler.py + function: api_mutation diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_readonly.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_readonly.yaml new file mode 100644 index 000000000..2c1fa5fc0 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_readonly.yaml @@ -0,0 +1,59 @@ +name: chaitin_dongjian_api_readonly +description: Chaitin Dongjian documented read-only REST caller. +description_cn: 长亭洞鉴文档内只读 REST 调用工具。使用 api_catalog 查看已收录 API,再用 rest_call_readonly 调用 kind=readonly 的 method/path。 +category: custom +enabled: true +requires_confirmation: false +provider: chaitin_dongjian_api +version: "2.8" +inputSchema: + type: object + properties: + action: + type: string + enum: + - api_catalog + - rest_call_readonly + - project_list + - project_filter + - template_list + - plan_filter + - plan_detail + - plugin_filter + - engine_filter + - xprocess_filter + - xprocess_detail + - xprocess_progress + - result_filter + - result_detail + - website_filter + - host_filter + - service_filter + - domain_filter + - vuln_filter + - vuln_detail + - auditlog_filter + - report_filter + - system_info_mgmt + - system_services + - test + method: + type: string + description: rest_call_readonly 使用的 HTTP 方法。 + path: + type: string + description: REST 路径,例如 /project/ 或 /xprocess/{id}/。 + path_params: + type: object + description: '路径参数,例如 {"id": 1}。' + query: + type: object + description: Query string 参数。 + body: + description: JSON body。 + required: + - action +handler: + type: script + script_file: chaitin_dongjian.handler.py + function: api_readonly diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_assets.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_assets.yaml new file mode 100644 index 000000000..4bec2a578 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_assets.yaml @@ -0,0 +1,35 @@ +name: chaitin_dongjian_assets +description: Chaitin Dongjian web, host, service, and domain asset read-only queries. +description_cn: 长亭洞鉴 Web、主机、服务和域名资产只读查询工具。 +category: custom +enabled: true +requires_confirmation: false +provider: chaitin_dongjian_api +version: "2.8" +inputSchema: + type: object + properties: + action: + type: string + enum: + - website_filter + - host_filter + - service_filter + - domain_filter + - test + description: | + - website_filter: POST /website/filter/,筛选 Web 站点。 + - host_filter: POST /ip/filter/,筛选主机资产。 + - service_filter: POST /service/filter/,筛选服务资产。 + - domain_filter: POST /domain/filter/,筛选域名资产。 + body: + description: POST 查询 body。 + query: + type: object + description: Query 参数,例如 project_id。 + required: + - action +handler: + type: script + script_file: chaitin_dongjian.handler.py + function: assets diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_projects.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_projects.yaml new file mode 100644 index 000000000..5c55717c3 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_projects.yaml @@ -0,0 +1,37 @@ +name: chaitin_dongjian_projects +description: Chaitin Dongjian project and template read-only queries. +description_cn: 长亭洞鉴组织单位与策略模板只读查询工具。 +category: custom +enabled: true +requires_confirmation: false +provider: chaitin_dongjian_api +version: "2.8" +inputSchema: + type: object + properties: + action: + type: string + enum: + - project_list + - project_filter + - template_list + - test + description: | + - project_list: GET /project/,获取组织单位列表。 + - project_filter: POST /project/filter/,按条件批量获取组织单位列表/详情。 + - template_list: GET /template/,获取策略模板列表。 + query: + type: object + description: GET query 参数。 + body: + description: POST 查询 body。 + limit: + type: integer + offset: + type: integer + required: + - action +handler: + type: script + script_file: chaitin_dongjian.handler.py + function: projects diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_results.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_results.yaml new file mode 100644 index 000000000..312c46b41 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_results.yaml @@ -0,0 +1,42 @@ +name: chaitin_dongjian_results +description: Chaitin Dongjian scan result, vulnerability, audit log, and report read-only queries. +description_cn: 长亭洞鉴扫描结果、漏洞、审计日志和报表只读查询工具。 +category: custom +enabled: true +requires_confirmation: false +provider: chaitin_dongjian_api +version: "2.8" +inputSchema: + type: object + properties: + action: + type: string + enum: + - result_filter + - result_detail + - vuln_filter + - vuln_detail + - auditlog_filter + - report_filter + - test + description: | + - result_filter: POST /result/filter/,筛选任务结果。 + - result_detail: GET /result/{id}/,查询任务结果详情。 + - vuln_filter: POST /vuln/filter/,筛选漏洞资产。 + - vuln_detail: GET /vuln/{id}/,查询漏洞资产详情。 + - auditlog_filter: POST /auditlog/filter/,筛选审计日志。 + - report_filter: POST /report/filter/,筛选报表。 + id: + type: integer + description: 路径中的结果或漏洞 ID。 + query: + type: object + description: GET query 参数。 + body: + description: POST 查询 body。 + required: + - action +handler: + type: script + script_file: chaitin_dongjian.handler.py + function: results diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_system.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_system.yaml new file mode 100644 index 000000000..ec90ab11f --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_system.yaml @@ -0,0 +1,29 @@ +name: chaitin_dongjian_system +description: Chaitin Dongjian management-node and service status read-only queries. +description_cn: 长亭洞鉴管理节点与系统服务状态只读查询工具。 +category: custom +enabled: true +requires_confirmation: false +provider: chaitin_dongjian_api +version: "2.8" +inputSchema: + type: object + properties: + action: + type: string + enum: + - system_info_mgmt + - system_services + - test + description: | + - system_info_mgmt: GET /system/info/mgmt/,查询管理节点系统信息和负载。 + - system_services: GET /system/info/services/,查询系统服务容器名称列表。 + query: + type: object + description: GET query 参数。 + required: + - action +handler: + type: script + script_file: chaitin_dongjian.handler.py + function: system diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_tasks.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_tasks.yaml new file mode 100644 index 000000000..ee5905573 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_tasks.yaml @@ -0,0 +1,44 @@ +name: chaitin_dongjian_tasks +description: Chaitin Dongjian scan plan, configuration, and instance read-only queries. +description_cn: 长亭洞鉴扫描计划、任务配置和任务实例只读查询工具。 +category: custom +enabled: true +requires_confirmation: false +provider: chaitin_dongjian_api +version: "2.8" +inputSchema: + type: object + properties: + action: + type: string + enum: + - plan_filter + - plan_detail + - plugin_filter + - engine_filter + - xprocess_filter + - xprocess_detail + - xprocess_progress + - test + description: | + - plan_filter: POST /plan/filter/,筛选任务计划。 + - plan_detail: GET /plan/{id}/,查询任务计划详情。 + - plugin_filter: POST /plugin/filter/,获取漏洞插件列表。 + - engine_filter: POST /engine/filter/,获取引擎节点列表。 + - xprocess_filter: POST /xprocess/filter/,筛选任务实例。 + - xprocess_detail: GET /xprocess/{id}/,查询任务实例详情。 + - xprocess_progress: GET /xprocess/{id}/progress/,查询扫描进度。 + id: + type: integer + description: 路径中的计划或任务实例 ID。 + query: + type: object + description: GET query 参数。 + body: + description: POST 查询 body。 + required: + - action +handler: + type: script + script_file: chaitin_dongjian.handler.py + function: tasks diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/manifest.json b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/manifest.json new file mode 100644 index 000000000..597259327 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/manifest.json @@ -0,0 +1,72 @@ +{ + "schemaVersion": "hub.plugin.v1", + "id": "chaitin_dongjian_v2_8", + "type": "device", + "name": "Chaitin Dongjian", + "description": "Chaitin Dongjian (X-Ray) security assessment system OpenAPI V2.8 integration.", + "descriptionCn": "长亭洞鉴(X-Ray)安全评估系统 OpenAPI V2.8 接入。", + "version": "2.8", + "author": "Flocks Team", + "license": "MIT", + "category": "integration", + "tags": [ + "vulnerability", + "web-security", + "integration" + ], + "useCases": [ + "integration", + "vulnerability-management", + "security-reporting" + ], + "domains": [ + "security-ops" + ], + "capabilities": [ + "device-integration", + "rest-api" + ], + "trust": "official", + "source": { + "kind": "bundled", + "path": "plugins/tools/device/chaitin_dongjian_v2_8" + }, + "compatibility": { + "flocks": ">=0.8.0", + "os": [ + "darwin", + "linux", + "windows" + ] + }, + "dependencies": { + "skills": [], + "tools": [], + "python": [], + "external": [] + }, + "permissions": { + "tools": [], + "network": true, + "shell": false, + "filesystem": "none" + }, + "risk": { + "level": "low", + "reasons": [] + }, + "entrypoints": [ + "_provider.yaml", + "_test.yaml", + "chaitin_dongjian.handler.py", + "chaitin_dongjian_api_catalog.json", + "chaitin_dongjian_projects.yaml", + "chaitin_dongjian_tasks.yaml", + "chaitin_dongjian_assets.yaml", + "chaitin_dongjian_results.yaml", + "chaitin_dongjian_system.yaml", + "chaitin_dongjian_api_readonly.yaml", + "chaitin_dongjian_api_mutation.yaml" + ], + "checksums": {} +} diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/_provider.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/_provider.yaml new file mode 100644 index 000000000..39c7482ed --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/_provider.yaml @@ -0,0 +1,47 @@ +name: chaitin_muyun +vendor: chaitin +service_id: chaitin_muyun_api +version: "API 3.0" +integration_type: device +description: > + Chaitin Muyun host security platform JSON-RPC API integration. Configure + the device URL, API Token, and optional organization ID. All business + APIs are called through POST /rpc with JSON-RPC 2.0 payloads. +description_cn: > + 长亭牧云主机安全平台 API 3.0 接入。配置设备地址、API Token 和可选机构 ID; + 业务接口统一通过 POST /rpc 的 JSON-RPC 2.0 调用。 +auth: + type: custom + secret: chaitin_muyun_api_token +credential_fields: + - key: base_url + label: 设备地址 + storage: config + config_key: base_url + input_type: url + required: true + placeholder: "https://muyun.example.com" + - key: api_token + label: API Token + storage: secret + config_key: api_token + secret_id: chaitin_muyun_api_token + input_type: password + required: true + - key: org_id + label: 机构 ID(可选) + storage: config + config_key: org_id + input_type: text + required: false +defaults: + timeout: 30 + category: custom + product_version: "API 3.0" + verify_ssl: false +notes: | + 认证规则来自《API 3.0接口使用说明》: + - 所有 JSON-RPC 接口暴露在 https://${SERVER_ADDR}/rpc。 + - 请求头 Content-Type 为 application/json。 + - 推荐使用 API Token,Token 以 Cookie: API-Token=... 传递。 + - 机构用户访问跨机构数据时可配置 org_id,handler 会写入 X-CW-OID。 diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/_test.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/_test.yaml new file mode 100644 index 000000000..2b1766e3b --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/_test.yaml @@ -0,0 +1,60 @@ +schema_version: 1 +provider: chaitin_muyun_api + +connectivity: + tool: chaitin_muyun_assets + params: + action: product_info + +fixtures: + chaitin_muyun_assets: + - label: Query product information + label_cn: 查询产品信息 + tags: [smoke, system] + params: + action: product_info + assert: + success: true + - label: Count host assets + label_cn: 统计主机资产数量 + tags: [asset] + params: + action: host_count + + chaitin_muyun_events: + - label: List malware events + label_cn: 查询恶意文件事件 + tags: [event] + params: + action: malware_events + params: + limit: 10 + offset: 0 + + chaitin_muyun_risk: + - label: List vulnerability events + label_cn: 查询漏洞事件 + tags: [vulnerability] + params: + action: vuln_list + params: + limit: 10 + offset: 0 + + chaitin_muyun_api_readonly: + - label: Show API catalog + label_cn: 查看 API 目录 + tags: [api] + params: + action: api_catalog + assert: + success: true + + chaitin_muyun_api_mutation: + - label: Show API catalog before confirmed mutation + label_cn: 变更调用前查看 API 目录 + tags: [api, mutation] + params: + action: api_catalog + assert: + success: true diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun.handler.py b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun.handler.py new file mode 100644 index 000000000..07d7db6f0 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun.handler.py @@ -0,0 +1,371 @@ +from __future__ import annotations + +import asyncio +import json +import os +import uuid +from pathlib import Path +from typing import Any, Callable + +import requests + +from flocks.config.config_writer import ConfigWriter +from flocks.security import get_secret_manager +from flocks.tool.registry import ToolContext, ToolResult + + +SERVICE_ID = "chaitin_muyun_api" +STORAGE_KEY = "chaitin_muyun_api_v3" +PRODUCT_VERSION = "API 3.0" +DEFAULT_TIMEOUT = 30 +DEFAULT_VERIFY_SSL = False +CATALOG_FILE = Path(__file__).with_name("chaitin_muyun_api_catalog.json") + + +class ChaitinMuyunError(RuntimeError): + pass + + +class RuntimeConfig: + def __init__( + self, + *, + base_url: str, + api_token: str, + org_id: str, + verify_ssl: bool, + timeout: int, + ) -> None: + self.base_url = base_url + self.api_token = api_token + self.org_id = org_id + self.verify_ssl = verify_ssl + self.timeout = timeout + + +def _resolve_ref(value: Any) -> str: + if value is None: + return "" + if not isinstance(value, str): + return str(value) + if value.startswith("{secret:") and value.endswith("}"): + return get_secret_manager().get(value[len("{secret:") : -1]) or "" + if value.startswith("{env:") and value.endswith("}"): + return os.getenv(value[len("{env:") : -1], "") + return value + + +def _raw_service_config() -> dict[str, Any]: + raw = ConfigWriter.get_api_service_raw(SERVICE_ID) + if not isinstance(raw, dict): + raw = ConfigWriter.get_api_service_raw(STORAGE_KEY) + return raw if isinstance(raw, dict) else {} + + +def _config_value(raw: dict[str, Any], *keys: str) -> Any: + for key in keys: + if raw.get(key) is not None: + return raw[key] + custom_settings = raw.get("custom_settings") + if isinstance(custom_settings, dict): + for key in keys: + if custom_settings.get(key) is not None: + return custom_settings[key] + return None + + +def _as_bool(value: Any, default: bool) -> bool: + if value is None: + return default + if isinstance(value, bool): + return value + if isinstance(value, str): + text = value.strip().lower() + if text in {"1", "true", "yes", "on"}: + return True + if text in {"0", "false", "no", "off"}: + return False + return bool(value) + + +def _normalize_base_url(base_url: str) -> str: + text = base_url.strip().rstrip("/") + if text.endswith("/rpc"): + text = text[:-4] + return text.rstrip("/") + + +def resolve_config() -> RuntimeConfig: + raw = _raw_service_config() + base_url = ( + _resolve_ref(_config_value(raw, "base_url", "baseUrl")) + or os.getenv("CHAITIN_MUYUN_BASE_URL", "") + ) + if not base_url: + raise ChaitinMuyunError("Chaitin Muyun base_url is not configured") + + api_token = ( + _resolve_ref(_config_value(raw, "api_token", "apiToken", "token")) + or get_secret_manager().get("chaitin_muyun_api_token") + or get_secret_manager().get(f"{SERVICE_ID}_token") + or os.getenv("CHAITIN_MUYUN_API_TOKEN", "") + ) + if not api_token: + raise ChaitinMuyunError("Chaitin Muyun API token is not configured") + + org_id = ( + _resolve_ref(_config_value(raw, "org_id", "oid")) + or os.getenv("CHAITIN_MUYUN_ORG_ID", "") + ) + try: + timeout = int(_config_value(raw, "timeout") or DEFAULT_TIMEOUT) + except (TypeError, ValueError): + timeout = DEFAULT_TIMEOUT + + verify_ssl = _as_bool( + _config_value(raw, "verify_ssl", "ssl_verify", "verifySsl") + if _config_value(raw, "verify_ssl", "ssl_verify", "verifySsl") is not None + else os.getenv("CHAITIN_MUYUN_VERIFY_SSL"), + DEFAULT_VERIFY_SSL, + ) + return RuntimeConfig( + base_url=_normalize_base_url(base_url), + api_token=api_token, + org_id=org_id, + verify_ssl=verify_ssl, + timeout=timeout, + ) + + +class MuyunClient: + def __init__(self, config: RuntimeConfig) -> None: + self.config = config + + @property + def rpc_url(self) -> str: + return f"{self.config.base_url}/rpc" + + def rpc(self, method: str, params: dict[str, Any] | None = None) -> Any: + body = { + "jsonrpc": "2.0", + "method": method, + "params": params or {}, + "id": str(uuid.uuid4()), + } + headers = { + "Content-Type": "application/json", + "Cookie": f"API-Token={self.config.api_token}", + } + if self.config.org_id: + headers["X-CW-OID"] = self.config.org_id + response = requests.post( + self.rpc_url, + json=body, + headers=headers, + timeout=self.config.timeout, + verify=self.config.verify_ssl, + ) + return _json_rpc_response(response) + + +def _json_rpc_response(response: requests.Response) -> Any: + try: + payload = response.json() + except ValueError as exc: + raise ChaitinMuyunError(f"Invalid JSON response: HTTP {response.status_code}") from exc + if not isinstance(payload, dict): + raise ChaitinMuyunError("Unexpected JSON-RPC response shape: expected object") + if response.status_code >= 400: + raise ChaitinMuyunError(f"HTTP {response.status_code}: {payload}") + if payload.get("error"): + error = payload["error"] + if isinstance(error, dict): + message = error.get("message") or error.get("code") or error + else: + message = error + raise ChaitinMuyunError(str(message)) + return payload.get("result", payload) + + +def _ok(data: Any, *, action: str) -> ToolResult: + return ToolResult( + success=True, + output=data, + metadata={"source": "Chaitin Muyun", "version": PRODUCT_VERSION, "action": action}, + ) + + +def get_client() -> MuyunClient: + return MuyunClient(resolve_config()) + + +def _params(args: dict[str, Any]) -> dict[str, Any]: + raw = args.get("params") + if isinstance(raw, dict): + return dict(raw) + ignored = {"action", "method"} + return {k: v for k, v in args.items() if k not in ignored and v is not None} + + +def _load_api_catalog() -> list[dict[str, Any]]: + try: + data = json.loads(CATALOG_FILE.read_text(encoding="utf-8")) + except FileNotFoundError: + return [] + entries = data.get("entries") + return entries if isinstance(entries, list) else [] + + +def _catalog_methods(kind: str) -> set[str]: + return { + str(entry.get("method")) + for entry in _load_api_catalog() + if entry.get("kind") == kind and entry.get("method") + } + + +READONLY_ACTIONS: dict[str, str] = { + "product_info": "CloudwalkerSettingService.GetProductInfo", + "current_user": "AccountAuthService.GetCurrentUserInfo", + "host_count": "HostAssetService.CountHost", + "host_list": "HostAssetService.GetHostAssetList", + "host_detail": "HostAssetService.GetHostInfoDetail", + "application_list": "ApplicationAssetService.GetApplicationAssetList", + "website_list": "WebsiteAssetService.GetWebsiteList", + "process_list": "ProcessAssetService.GetProcessList", + "webshell_events": "WebshellEventService.GetEventList", + "malware_events": "MalwareEventService.GetEventList", + "bruteforce_events": "BruteForceService.GetEventList", + "abnormal_login_events": "AbnormalLoginEventService.GetEventList", + "realtime_events": "ThreatOverviewService.ListRealTimeEvents", + "vuln_list": "VulnService.GetVulnList", + "vuln_detail": "VulnService.GetVuln", + "security_check_events": "SecurityCheckService.GetEventList", + "baseline_tasks": "BaselineV2Service.GetTaskList", + "emergency_vulns": "EmergencyVulnService.ListVuln", +} + + +ASSET_ACTIONS = { + "product_info", + "current_user", + "host_count", + "host_list", + "host_detail", + "application_list", + "website_list", + "process_list", +} +EVENT_ACTIONS = { + "webshell_events", + "malware_events", + "bruteforce_events", + "abnormal_login_events", + "realtime_events", +} +RISK_ACTIONS = { + "vuln_list", + "vuln_detail", + "security_check_events", + "baseline_tasks", + "emergency_vulns", +} + + +def call_method(method: str, args: dict[str, Any], *, action: str) -> ToolResult: + return _ok(get_client().rpc(method, _params(args)), action=action) + + +def api_catalog(args: dict[str, Any]) -> ToolResult: + del args + catalog = _load_api_catalog() + return _ok( + { + "rpc": "/rpc", + "catalog_counts": { + "total": len(catalog), + "readonly": sum(1 for entry in catalog if entry.get("kind") == "readonly"), + "mutation": sum(1 for entry in catalog if entry.get("kind") == "mutation"), + }, + "documented_api_catalog": catalog, + "common_actions": { + "assets": sorted(ASSET_ACTIONS), + "events": sorted(EVENT_ACTIONS), + "risk": sorted(RISK_ACTIONS), + }, + }, + action="api_catalog", + ) + + +def rpc_call_readonly(args: dict[str, Any]) -> ToolResult: + method = str(args.get("method") or "").strip() + if not method: + raise ChaitinMuyunError("method is required") + allowed = _catalog_methods("readonly") | set(READONLY_ACTIONS.values()) + if method not in allowed: + raise ChaitinMuyunError("Only documented read-only JSON-RPC methods are allowed") + return call_method(method, args, action="rpc_call_readonly") + + +def rpc_call_mutation(args: dict[str, Any]) -> ToolResult: + method = str(args.get("method") or "").strip() + if not method: + raise ChaitinMuyunError("method is required") + if method not in _catalog_methods("mutation"): + raise ChaitinMuyunError("Only documented mutation JSON-RPC methods are allowed") + return call_method(method, args, action="rpc_call_mutation") + + +ACTION_HANDLERS: dict[str, Callable[[dict[str, Any]], ToolResult]] = { + "api_catalog": api_catalog, + "rpc_call_readonly": rpc_call_readonly, + "rpc_call_mutation": rpc_call_mutation, +} +for _action, _method in READONLY_ACTIONS.items(): + ACTION_HANDLERS[_action] = lambda args, method=_method, action=_action: call_method(method, args, action=action) + + +async def _dispatch(ctx: ToolContext, allowed: set[str], action: str, **params: Any) -> ToolResult: + del ctx + if action == "test": + action = "product_info" + if action not in allowed: + return ToolResult( + success=False, + error=f"Unsupported Chaitin Muyun action: {action}. Available: {', '.join(sorted(allowed))}", + ) + try: + return await asyncio.to_thread(ACTION_HANDLERS[action], params) + except ChaitinMuyunError as exc: + return ToolResult( + success=False, + error=str(exc), + metadata={"source": "Chaitin Muyun", "version": PRODUCT_VERSION, "action": action}, + ) + except Exception as exc: + return ToolResult( + success=False, + error=f"Unexpected Chaitin Muyun error: {exc}", + metadata={"source": "Chaitin Muyun", "version": PRODUCT_VERSION, "action": action}, + ) + + +async def assets(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, ASSET_ACTIONS | {"test"}, action, **params) + + +async def events(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, EVENT_ACTIONS | {"test"}, action, **params) + + +async def risk(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, RISK_ACTIONS | {"test"}, action, **params) + + +async def api_readonly(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, {"api_catalog", "rpc_call_readonly", *READONLY_ACTIONS.keys(), "test"}, action, **params) + + +async def api_mutation(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, {"api_catalog", "rpc_call_mutation"}, action, **params) diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_catalog.json b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_catalog.json new file mode 100644 index 000000000..f8dbc4d0b --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_catalog.json @@ -0,0 +1,7787 @@ +{ + "schema_version": 1, + "source": "长亭牧云api/openapi.json", + "rpc_endpoint": "/rpc", + "entries": [ + { + "method": "AbnormalLoginEventService.CreateWhitelist", + "service": "AbnormalLoginEventService", + "operation": "CreateWhitelist", + "kind": "mutation", + "description": "生成白名单规则", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.DeleteEvent", + "service": "AbnormalLoginEventService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除所选 ID 的事件", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.DeleteEventByHost", + "service": "AbnormalLoginEventService", + "operation": "DeleteEventByHost", + "kind": "mutation", + "description": "删除所选主机的事件", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.DeleteEventByLoginIP", + "service": "AbnormalLoginEventService", + "operation": "DeleteEventByLoginIP", + "kind": "mutation", + "description": "删除所选登陆 IP 的事件", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.EditEventComment", + "service": "AbnormalLoginEventService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.EditEventState", + "service": "AbnormalLoginEventService", + "operation": "EditEventState", + "kind": "mutation", + "description": "改变所选 ID 事件的处置状态", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.EditEventStateByHost", + "service": "AbnormalLoginEventService", + "operation": "EditEventStateByHost", + "kind": "mutation", + "description": "改变所选主机 ID 事件的处置状态", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.EditEventStateByLoginIP", + "service": "AbnormalLoginEventService", + "operation": "EditEventStateByLoginIP", + "kind": "mutation", + "description": "改变所选登陆 IP 事件的处置状态", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.GenerateEventFirewallRule", + "service": "AbnormalLoginEventService", + "operation": "GenerateEventFirewallRule", + "kind": "mutation", + "description": "根据所选事件生成网络阻断规则", + "tags": [ + "异常登陆" + ] + }, + { + "method": "AbnormalLoginEventService.GetEvent", + "service": "AbnormalLoginEventService", + "operation": "GetEvent", + "kind": "readonly", + "description": "获取事件详情", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.GetEventByHostList", + "service": "AbnormalLoginEventService", + "operation": "GetEventByHostList", + "kind": "readonly", + "description": "获取按主机聚合的事件列表", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.GetEventByLoginIPList", + "service": "AbnormalLoginEventService", + "operation": "GetEventByLoginIPList", + "kind": "readonly", + "description": "获取按登陆 IP 聚合的事件列表", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.GetEventList", + "service": "AbnormalLoginEventService", + "operation": "GetEventList", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.GetGeographicalLocation", + "service": "AbnormalLoginEventService", + "operation": "GetGeographicalLocation", + "kind": "readonly", + "description": "获取地理信息", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.GetWhitelist", + "service": "AbnormalLoginEventService", + "operation": "GetWhitelist", + "kind": "readonly", + "description": "获取白名单规则", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.MarkAsRead", + "service": "AbnormalLoginEventService", + "operation": "MarkAsRead", + "kind": "mutation", + "description": "标记事件为已读", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.ResetEventState", + "service": "AbnormalLoginEventService", + "operation": "ResetEventState", + "kind": "mutation", + "description": "reset the state of event to 'risky'", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.ResetEventStateByHost", + "service": "AbnormalLoginEventService", + "operation": "ResetEventStateByHost", + "kind": "mutation", + "description": "reset the state of event to 'risky'", + "tags": [ + "异常登录" + ] + }, + { + "method": "AbnormalLoginEventService.ResetEventStateByLoginIP", + "service": "AbnormalLoginEventService", + "operation": "ResetEventStateByLoginIP", + "kind": "mutation", + "description": "改变所选主机 ID 事件的处置状态", + "tags": [ + "异常登录" + ] + }, + { + "method": "AccountAuthService.BindCurrentUserOAuth", + "service": "AccountAuthService", + "operation": "BindCurrentUserOAuth", + "kind": "mutation", + "description": "绑定当前用户 Oauth", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.ConfirmCurrentUserFeitian", + "service": "AccountAuthService", + "operation": "ConfirmCurrentUserFeitian", + "kind": "mutation", + "description": "绑定当前用户 TOTP", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.ConfirmCurrentUserTotp", + "service": "AccountAuthService", + "operation": "ConfirmCurrentUserTotp", + "kind": "mutation", + "description": "绑定当前用户 TOTP", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.CreateAPIToken", + "service": "AccountAuthService", + "operation": "CreateAPIToken", + "kind": "mutation", + "description": "创建 API Token", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.CreateLoginToken", + "service": "AccountAuthService", + "operation": "CreateLoginToken", + "kind": "mutation", + "description": "使用 API Token 获取登录 Token", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.CreateRole", + "service": "AccountAuthService", + "operation": "CreateRole", + "kind": "mutation", + "description": "创建角色", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.CreateSessionToken", + "service": "AccountAuthService", + "operation": "CreateSessionToken", + "kind": "mutation", + "description": "创建会话 Token", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.CreateUser", + "service": "AccountAuthService", + "operation": "CreateUser", + "kind": "mutation", + "description": "创建用户", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.DeleteAPIToken", + "service": "AccountAuthService", + "operation": "DeleteAPIToken", + "kind": "mutation", + "description": "删除 API Token", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.DeleteCurrentUserTotp", + "service": "AccountAuthService", + "operation": "DeleteCurrentUserTotp", + "kind": "mutation", + "description": "解除绑定当前用户 TOTP", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.DeleteRole", + "service": "AccountAuthService", + "operation": "DeleteRole", + "kind": "mutation", + "description": "删除角色", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.DeleteUser", + "service": "AccountAuthService", + "operation": "DeleteUser", + "kind": "mutation", + "description": "删除用户", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditAPIToken", + "service": "AccountAuthService", + "operation": "EditAPIToken", + "kind": "mutation", + "description": "编辑 API Token", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditAPITokenEnable", + "service": "AccountAuthService", + "operation": "EditAPITokenEnable", + "kind": "mutation", + "description": "启用/禁用 API Token", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditCurrentUserCredential", + "service": "AccountAuthService", + "operation": "EditCurrentUserCredential", + "kind": "mutation", + "description": "编辑当前用户登录凭证", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditCurrentUserIPPolicy", + "service": "AccountAuthService", + "operation": "EditCurrentUserIPPolicy", + "kind": "mutation", + "description": "编辑当前用户 IP 访问规则", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditCurrentUserInfo", + "service": "AccountAuthService", + "operation": "EditCurrentUserInfo", + "kind": "mutation", + "description": "编辑当前用户备注", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditCurrentUserLanguage", + "service": "AccountAuthService", + "operation": "EditCurrentUserLanguage", + "kind": "mutation", + "description": "编辑当前用户语言", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditCurrentUserName", + "service": "AccountAuthService", + "operation": "EditCurrentUserName", + "kind": "mutation", + "description": "编辑当前用户名", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditCurrentUserSessionExpireTime", + "service": "AccountAuthService", + "operation": "EditCurrentUserSessionExpireTime", + "kind": "mutation", + "description": "编辑当前用户会话过期超时时间", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditCurrentUserTimezone", + "service": "AccountAuthService", + "operation": "EditCurrentUserTimezone", + "kind": "mutation", + "description": "编辑当前用户时区", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditRole", + "service": "AccountAuthService", + "operation": "EditRole", + "kind": "mutation", + "description": "编辑角色", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditUser", + "service": "AccountAuthService", + "operation": "EditUser", + "kind": "mutation", + "description": "编辑用户信息", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditUserCredential", + "service": "AccountAuthService", + "operation": "EditUserCredential", + "kind": "mutation", + "description": "编辑用户登录凭证", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditUserEnable", + "service": "AccountAuthService", + "operation": "EditUserEnable", + "kind": "mutation", + "description": "启用/禁用用户", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditUserExpireTime", + "service": "AccountAuthService", + "operation": "EditUserExpireTime", + "kind": "mutation", + "description": "编辑用户过期时间", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditUserIPPolicy", + "service": "AccountAuthService", + "operation": "EditUserIPPolicy", + "kind": "mutation", + "description": "编辑用户 IP 访问规则", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditUserInfo", + "service": "AccountAuthService", + "operation": "EditUserInfo", + "kind": "mutation", + "description": "编辑用户备注", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditUserName", + "service": "AccountAuthService", + "operation": "EditUserName", + "kind": "mutation", + "description": "编辑用户名", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditUserRole", + "service": "AccountAuthService", + "operation": "EditUserRole", + "kind": "mutation", + "description": "编辑用户角色", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.EditUserSessionExpireTime", + "service": "AccountAuthService", + "operation": "EditUserSessionExpireTime", + "kind": "mutation", + "description": "编辑用户会话过期超时时间", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.GenerateTotp", + "service": "AccountAuthService", + "operation": "GenerateTotp", + "kind": "mutation", + "description": "生成 TOTP 随机密码和链接", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.GetAPIToken", + "service": "AccountAuthService", + "operation": "GetAPIToken", + "kind": "readonly", + "description": "获取 API Token 信息", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.GetCurrentUserInfo", + "service": "AccountAuthService", + "operation": "GetCurrentUserInfo", + "kind": "readonly", + "description": "获取当前用户信息", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.GetCurrentUserOAuthBind", + "service": "AccountAuthService", + "operation": "GetCurrentUserOAuthBind", + "kind": "readonly", + "description": "获取当前用户 Oauth 绑定信息", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.GetCurrentUserOtpConfig", + "service": "AccountAuthService", + "operation": "GetCurrentUserOtpConfig", + "kind": "readonly", + "description": "获取当前用户 OTP 配置", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.GetCurrentUserPermission", + "service": "AccountAuthService", + "operation": "GetCurrentUserPermission", + "kind": "readonly", + "description": "获取当前用户权限", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.GetPermissionInfo", + "service": "AccountAuthService", + "operation": "GetPermissionInfo", + "kind": "readonly", + "description": "获取权限列表", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.GetRoleInfo", + "service": "AccountAuthService", + "operation": "GetRoleInfo", + "kind": "readonly", + "description": "获取角色详情", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.GetRoleList", + "service": "AccountAuthService", + "operation": "GetRoleList", + "kind": "readonly", + "description": "获取角色列表", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.GetSessionTokenExpire", + "service": "AccountAuthService", + "operation": "GetSessionTokenExpire", + "kind": "readonly", + "description": "获取会话 Token 过期时间", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.GetUserInfo", + "service": "AccountAuthService", + "operation": "GetUserInfo", + "kind": "readonly", + "description": "获取用户信息", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.GetUserList", + "service": "AccountAuthService", + "operation": "GetUserList", + "kind": "readonly", + "description": "获取用户列表", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.Logout", + "service": "AccountAuthService", + "operation": "Logout", + "kind": "mutation", + "description": "用户登出", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountAuthService.UnbindCurrentUserOAuth", + "service": "AccountAuthService", + "operation": "UnbindCurrentUserOAuth", + "kind": "mutation", + "description": "解绑当前用户 Oauth", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountNoAuthService.GetAvailableOAuth", + "service": "AccountNoAuthService", + "operation": "GetAvailableOAuth", + "kind": "readonly", + "description": "获取系统可用 Oauth 登录类型", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountNoAuthService.Login", + "service": "AccountNoAuthService", + "operation": "Login", + "kind": "mutation", + "description": "用户登录", + "tags": [ + "用户管理" + ] + }, + { + "method": "AccountNoAuthService.Mfa", + "service": "AccountNoAuthService", + "operation": "Mfa", + "kind": "mutation", + "description": "用户登录", + "tags": [ + "用户管理" + ] + }, + { + "method": "AdminAccountService.CreateUser", + "service": "AdminAccountService", + "operation": "CreateUser", + "kind": "mutation", + "description": "创建用户", + "tags": [ + "后台:账号管理" + ] + }, + { + "method": "AdminAccountService.DeleteUser", + "service": "AdminAccountService", + "operation": "DeleteUser", + "kind": "mutation", + "description": "删除用户", + "tags": [ + "后台:账号管理" + ] + }, + { + "method": "AdminAccountService.GetUserInfo", + "service": "AdminAccountService", + "operation": "GetUserInfo", + "kind": "readonly", + "description": "获取用户信息", + "tags": [ + "后台:账号管理" + ] + }, + { + "method": "AdminAccountService.ListUser", + "service": "AdminAccountService", + "operation": "ListUser", + "kind": "readonly", + "description": "用户列表", + "tags": [ + "后台:账号管理" + ] + }, + { + "method": "AdminAccountService.UpdateCurrentUser", + "service": "AdminAccountService", + "operation": "UpdateCurrentUser", + "kind": "mutation", + "description": "更新当前用户信息", + "tags": [ + "后台:账号管理" + ] + }, + { + "method": "AdminAccountService.UpdateUser", + "service": "AdminAccountService", + "operation": "UpdateUser", + "kind": "mutation", + "description": "更新用户信息", + "tags": [ + "后台:账号管理" + ] + }, + { + "method": "AdminAgentService.ApplyPackage", + "service": "AdminAgentService", + "operation": "ApplyPackage", + "kind": "mutation", + "description": "应用探针模块升级包", + "tags": [ + "后台:探针管理" + ] + }, + { + "method": "AdminAgentService.DeleteModule", + "service": "AdminAgentService", + "operation": "DeleteModule", + "kind": "mutation", + "description": "删除模块", + "tags": [ + "后台:探针管理" + ] + }, + { + "method": "AdminAgentService.GetAgentList", + "service": "AdminAgentService", + "operation": "GetAgentList", + "kind": "readonly", + "description": "获取探针列表", + "tags": [ + "后台:探针管理" + ] + }, + { + "method": "AdminAgentService.GetModuleDetail", + "service": "AdminAgentService", + "operation": "GetModuleDetail", + "kind": "readonly", + "description": "获取探针模块详情", + "tags": [ + "后台:探针管理" + ] + }, + { + "method": "AdminAgentService.GetModuleList", + "service": "AdminAgentService", + "operation": "GetModuleList", + "kind": "readonly", + "description": "获取探针模块列表", + "tags": [ + "后台:探针管理" + ] + }, + { + "method": "AdminStrategyService.GetLoginControlStrategy", + "service": "AdminStrategyService", + "operation": "GetLoginControlStrategy", + "kind": "readonly", + "description": "获取登陆控制策略", + "tags": [ + "后台:策略管理" + ] + }, + { + "method": "AdminStrategyService.GetSystemStrategy", + "service": "AdminStrategyService", + "operation": "GetSystemStrategy", + "kind": "readonly", + "description": "获取系统默认策略", + "tags": [ + "后台:策略管理" + ] + }, + { + "method": "AdminStrategyService.RestoreSystemStrategy", + "service": "AdminStrategyService", + "operation": "RestoreSystemStrategy", + "kind": "mutation", + "description": "恢复系统默认策略", + "tags": [ + "后台:策略管理" + ] + }, + { + "method": "AdminStrategyService.SetLoginControlStrategy", + "service": "AdminStrategyService", + "operation": "SetLoginControlStrategy", + "kind": "mutation", + "description": "设置安全登陆控制策略", + "tags": [ + "后台:策略管理" + ] + }, + { + "method": "AdminStrategyService.SetSystemStrategy", + "service": "AdminStrategyService", + "operation": "SetSystemStrategy", + "kind": "mutation", + "description": "设置系统默认策略", + "tags": [ + "后台:策略管理" + ] + }, + { + "method": "AgentCEService.CreateCmd", + "service": "AgentCEService", + "operation": "CreateCmd", + "kind": "mutation", + "description": "创建命令推送", + "tags": [ + "命令推送" + ] + }, + { + "method": "AgentCEService.DeleteCmd", + "service": "AgentCEService", + "operation": "DeleteCmd", + "kind": "mutation", + "description": "删除命令推送", + "tags": [ + "命令推送" + ] + }, + { + "method": "AgentCEService.GetCe", + "service": "AgentCEService", + "operation": "GetCe", + "kind": "readonly", + "description": "获取某个探针的命令推送执行详情", + "tags": [ + "命令推送" + ] + }, + { + "method": "AgentCEService.GetCmd", + "service": "AgentCEService", + "operation": "GetCmd", + "kind": "readonly", + "description": "获取某个命令推送的详情", + "tags": [ + "命令推送" + ] + }, + { + "method": "AgentCEService.ListCmd", + "service": "AgentCEService", + "operation": "ListCmd", + "kind": "readonly", + "description": "获取命令推送列表", + "tags": [ + "命令推送" + ] + }, + { + "method": "AgentCEService.RerunCe", + "service": "AgentCEService", + "operation": "RerunCe", + "kind": "mutation", + "description": "触发探针重新执行某个命令", + "tags": [ + "命令推送" + ] + }, + { + "method": "AgentCEService.RerunCmd", + "service": "AgentCEService", + "operation": "RerunCmd", + "kind": "mutation", + "description": "重新推送某条命令", + "tags": [ + "命令推送" + ] + }, + { + "method": "AgentFileManageService.CopyFile", + "service": "AgentFileManageService", + "operation": "CopyFile", + "kind": "mutation", + "description": "复制探针文件", + "tags": [ + "文件管理" + ] + }, + { + "method": "AgentFileManageService.CreateDir", + "service": "AgentFileManageService", + "operation": "CreateDir", + "kind": "mutation", + "description": "创建探针目录", + "tags": [ + "文件管理" + ] + }, + { + "method": "AgentFileManageService.CreateFile", + "service": "AgentFileManageService", + "operation": "CreateFile", + "kind": "mutation", + "description": "创建探针文件", + "tags": [ + "文件管理" + ] + }, + { + "method": "AgentFileManageService.DelFile", + "service": "AgentFileManageService", + "operation": "DelFile", + "kind": "mutation", + "description": "删除探针文件", + "tags": [ + "文件管理" + ] + }, + { + "method": "AgentFileManageService.GetHostMaintenanceEnabled", + "service": "AgentFileManageService", + "operation": "GetHostMaintenanceEnabled", + "kind": "readonly", + "description": "获取业务运维功能是否启用", + "tags": [ + "文件管理" + ] + }, + { + "method": "AgentFileManageService.GetWindowsDrive", + "service": "AgentFileManageService", + "operation": "GetWindowsDrive", + "kind": "readonly", + "description": "获取 Windows 探针盘符的盘符项", + "tags": [ + "文件管理" + ] + }, + { + "method": "AgentFileManageService.ListDir", + "service": "AgentFileManageService", + "operation": "ListDir", + "kind": "readonly", + "description": "浏览探针文件", + "tags": [ + "文件管理" + ] + }, + { + "method": "AgentFileManageService.MoveFile", + "service": "AgentFileManageService", + "operation": "MoveFile", + "kind": "mutation", + "description": "移动探针文件", + "tags": [ + "文件管理" + ] + }, + { + "method": "AgentModuleService.GetAgentList", + "service": "AgentModuleService", + "operation": "GetAgentList", + "kind": "readonly", + "description": "获取探针列表", + "tags": [ + "探针模块" + ] + }, + { + "method": "AgentModuleService.OperateModule", + "service": "AgentModuleService", + "operation": "OperateModule", + "kind": "mutation", + "description": "操作探针模块", + "tags": [ + "探针模块" + ] + }, + { + "method": "AgentModuleService.SetLogConfig", + "service": "AgentModuleService", + "operation": "SetLogConfig", + "kind": "mutation", + "description": "设置日志配置", + "tags": [ + "探针模块" + ] + }, + { + "method": "AgentModuleService.SetOverload", + "service": "AgentModuleService", + "operation": "SetOverload", + "kind": "mutation", + "description": "设置自动休眠设置", + "tags": [ + "探针模块" + ] + }, + { + "method": "AgentModuleService.SetResourceLimit", + "service": "AgentModuleService", + "operation": "SetResourceLimit", + "kind": "mutation", + "description": "设置资源配额", + "tags": [ + "探针模块" + ] + }, + { + "method": "AgentService.GetAgentGroupTree", + "service": "AgentService", + "operation": "GetAgentGroupTree", + "kind": "readonly", + "description": "获取业务组", + "tags": [ + "探针管理" + ] + }, + { + "method": "AlertConfigService.List", + "service": "AlertConfigService", + "operation": "List", + "kind": "readonly", + "description": "获取告警信息", + "tags": [ + "告警配置" + ] + }, + { + "method": "AlertConfigService.Update", + "service": "AlertConfigService", + "operation": "Update", + "kind": "mutation", + "description": "更新告警配置", + "tags": [ + "告警配置" + ] + }, + { + "method": "AntiRansomwareService.AddRule", + "service": "AntiRansomwareService", + "operation": "AddRule", + "kind": "mutation", + "description": "添加规则", + "tags": [ + "勒索防护" + ] + }, + { + "method": "AntiRansomwareService.DeleteEvent", + "service": "AntiRansomwareService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除规则", + "tags": [ + "勒索防护" + ] + }, + { + "method": "AntiRansomwareService.DeleteRule", + "service": "AntiRansomwareService", + "operation": "DeleteRule", + "kind": "mutation", + "description": "删除规则", + "tags": [ + "勒索防护" + ] + }, + { + "method": "AntiRansomwareService.DisposeEventList", + "service": "AntiRansomwareService", + "operation": "DisposeEventList", + "kind": "mutation", + "description": "处置事件,如阻断勒索进程、隔离勒索文件", + "tags": [ + "勒索防护" + ] + }, + { + "method": "AntiRansomwareService.EditEventComment", + "service": "AntiRansomwareService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "勒索防护" + ] + }, + { + "method": "AntiRansomwareService.EditEventState", + "service": "AntiRansomwareService", + "operation": "EditEventState", + "kind": "mutation", + "description": "改变所选事件的处置状态", + "tags": [ + "勒索防护" + ] + }, + { + "method": "AntiRansomwareService.EditRule", + "service": "AntiRansomwareService", + "operation": "EditRule", + "kind": "mutation", + "description": "修改防护规则", + "tags": [ + "勒索防护" + ] + }, + { + "method": "AntiRansomwareService.EnableRule", + "service": "AntiRansomwareService", + "operation": "EnableRule", + "kind": "mutation", + "description": "获取规则列表", + "tags": [ + "勒索防护" + ] + }, + { + "method": "AntiRansomwareService.GetDecoyList", + "service": "AntiRansomwareService", + "operation": "GetDecoyList", + "kind": "readonly", + "description": "获取主机诱饵文件列表", + "tags": [ + "勒索防护" + ] + }, + { + "method": "AntiRansomwareService.GetEvent", + "service": "AntiRansomwareService", + "operation": "GetEvent", + "kind": "readonly", + "description": "获取事件详情", + "tags": [ + "勒索防护" + ] + }, + { + "method": "AntiRansomwareService.GetEventList", + "service": "AntiRansomwareService", + "operation": "GetEventList", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "勒索防护" + ] + }, + { + "method": "AntiRansomwareService.GetHostList", + "service": "AntiRansomwareService", + "operation": "GetHostList", + "kind": "readonly", + "description": "获取主机防护状态列表", + "tags": [ + "勒索防护" + ] + }, + { + "method": "AntiRansomwareService.GetRule", + "service": "AntiRansomwareService", + "operation": "GetRule", + "kind": "readonly", + "description": "获取规则", + "tags": [ + "勒索防护" + ] + }, + { + "method": "AntiRansomwareService.GetRuleList", + "service": "AntiRansomwareService", + "operation": "GetRuleList", + "kind": "readonly", + "description": "获取规则列表", + "tags": [ + "勒索防护" + ] + }, + { + "method": "AntiRansomwareService.MarkAsRead", + "service": "AntiRansomwareService", + "operation": "MarkAsRead", + "kind": "mutation", + "description": "标记事件为已读", + "tags": [ + "勒索防护" + ] + }, + { + "method": "ApplicationAssetService.DeleteApplication", + "service": "ApplicationAssetService", + "operation": "DeleteApplication", + "kind": "mutation", + "description": "删除软件资产", + "tags": [ + "应用资产" + ] + }, + { + "method": "ApplicationAssetService.GetApplication", + "service": "ApplicationAssetService", + "operation": "GetApplication", + "kind": "readonly", + "description": "获取软件详情信息", + "tags": [ + "应用资产" + ] + }, + { + "method": "ApplicationAssetService.GetApplicationAssetList", + "service": "ApplicationAssetService", + "operation": "GetApplicationAssetList", + "kind": "readonly", + "description": "根据指定条件获取软件资产的列表", + "tags": [ + "应用资产" + ] + }, + { + "method": "ApplicationAssetService.GetApplicationAssetListByApp", + "service": "ApplicationAssetService", + "operation": "GetApplicationAssetListByApp", + "kind": "readonly", + "description": "软件数据分组,根据指定条件获取应用资产的列表", + "tags": [ + "应用资产" + ] + }, + { + "method": "ApplicationAssetService.GetApplicationAssetListByAppVersion", + "service": "ApplicationAssetService", + "operation": "GetApplicationAssetListByAppVersion", + "kind": "readonly", + "description": "软件版本号数据分组,根据指定条件获取软件资产的列表", + "tags": [ + "应用资产" + ] + }, + { + "method": "ApplicationAssetService.GetApplicationAssetListByHost", + "service": "ApplicationAssetService", + "operation": "GetApplicationAssetListByHost", + "kind": "readonly", + "description": "主机分组,根据指定条件获取软件资产的列表", + "tags": [ + "应用资产" + ] + }, + { + "method": "ApplicationAssetService.GetRefreshDateTime", + "service": "ApplicationAssetService", + "operation": "GetRefreshDateTime", + "kind": "readonly", + "description": "获取软件资产的上一次更新时间", + "tags": [ + "应用资产" + ] + }, + { + "method": "ApplicationAssetService.StatApplicationByCategory", + "service": "ApplicationAssetService", + "operation": "StatApplicationByCategory", + "kind": "readonly", + "description": "软件类型数据分组,根据指定条件获取软件资产的列表", + "tags": [ + "应用资产" + ] + }, + { + "method": "AssetCertService.Get", + "service": "AssetCertService", + "operation": "Get", + "kind": "readonly", + "description": "获取主机证书详情", + "tags": [ + "证书资产" + ] + }, + { + "method": "AssetCertService.GetList", + "service": "AssetCertService", + "operation": "GetList", + "kind": "readonly", + "description": "获取主机证书信息", + "tags": [ + "证书资产" + ] + }, + { + "method": "AssetConfigService.CreateWebScanRule", + "service": "AssetConfigService", + "operation": "CreateWebScanRule", + "kind": "mutation", + "description": "创建 Web 自定义路径", + "tags": [ + "资产识别配置" + ] + }, + { + "method": "AssetConfigService.DeleteWebScanRule", + "service": "AssetConfigService", + "operation": "DeleteWebScanRule", + "kind": "mutation", + "description": "删除 Web 自定义路径", + "tags": [ + "资产识别配置" + ] + }, + { + "method": "AssetConfigService.ListAssetCollectConfig", + "service": "AssetConfigService", + "operation": "ListAssetCollectConfig", + "kind": "readonly", + "description": "获取资产采集设置", + "tags": [ + "资产识别配置" + ] + }, + { + "method": "AssetConfigService.ListWebScanRule", + "service": "AssetConfigService", + "operation": "ListWebScanRule", + "kind": "readonly", + "description": "获取 Web 自定义路径列表", + "tags": [ + "资产识别配置" + ] + }, + { + "method": "AssetConfigService.ResetAssetCollectConfig", + "service": "AssetConfigService", + "operation": "ResetAssetCollectConfig", + "kind": "mutation", + "description": "重置资产采集设置", + "tags": [ + "资产识别配置" + ] + }, + { + "method": "AssetConfigService.UpdateAssetCollectConfig", + "service": "AssetConfigService", + "operation": "UpdateAssetCollectConfig", + "kind": "mutation", + "description": "更新资产采集设置", + "tags": [ + "资产识别配置" + ] + }, + { + "method": "AssetConfigService.UpdateWebScanRule", + "service": "AssetConfigService", + "operation": "UpdateWebScanRule", + "kind": "mutation", + "description": "更新 Web 自定义路径", + "tags": [ + "资产识别配置" + ] + }, + { + "method": "AssetCrontabService.GetCrontabList", + "service": "AssetCrontabService", + "operation": "GetCrontabList", + "kind": "readonly", + "description": "获取任务计划列表", + "tags": [ + "计划任务资产" + ] + }, + { + "method": "AssetCrontabService.GetRefreshDateTime", + "service": "AssetCrontabService", + "operation": "GetRefreshDateTime", + "kind": "readonly", + "description": "获取资产的更新时间", + "tags": [ + "计划任务资产" + ] + }, + { + "method": "AssetEnvService.GetList", + "service": "AssetEnvService", + "operation": "GetList", + "kind": "readonly", + "description": "获取主机环境变量信息", + "tags": [ + "环境变量资产" + ] + }, + { + "method": "AssetModuleService.GetModule", + "service": "AssetModuleService", + "operation": "GetModule", + "kind": "readonly", + "description": "获取主机内核模块信息", + "tags": [ + "内核模块" + ] + }, + { + "method": "AssetModuleService.GetModuleList", + "service": "AssetModuleService", + "operation": "GetModuleList", + "kind": "readonly", + "description": "获取主机分区信息列表", + "tags": [ + "内核模块" + ] + }, + { + "method": "AssetModuleService.GetRefreshDateTime", + "service": "AssetModuleService", + "operation": "GetRefreshDateTime", + "kind": "readonly", + "description": "获取资产的更新时间", + "tags": [ + "内核模块" + ] + }, + { + "method": "AssetRegistryService.GetList", + "service": "AssetRegistryService", + "operation": "GetList", + "kind": "readonly", + "description": "获取主机注册表信息", + "tags": [ + "注册表资产" + ] + }, + { + "method": "AssetStartupService.GetList", + "service": "AssetStartupService", + "operation": "GetList", + "kind": "readonly", + "description": "获取主机启动项信息", + "tags": [ + "启动项资产" + ] + }, + { + "method": "AssetStartupService.GetRefreshDateTime", + "service": "AssetStartupService", + "operation": "GetRefreshDateTime", + "kind": "readonly", + "description": "获取启动项资产的更新时间", + "tags": [ + "启动项资产" + ] + }, + { + "method": "BackupService.CreateBackup", + "service": "BackupService", + "operation": "CreateBackup", + "kind": "mutation", + "description": "手动创建备份", + "tags": [ + "配置备份" + ] + }, + { + "method": "BackupService.DeleteHistory", + "service": "BackupService", + "operation": "DeleteHistory", + "kind": "mutation", + "description": "删除备份历史", + "tags": [ + "配置备份" + ] + }, + { + "method": "BackupService.GetConfig", + "service": "BackupService", + "operation": "GetConfig", + "kind": "readonly", + "description": "获取备份配置", + "tags": [ + "配置备份" + ] + }, + { + "method": "BackupService.GetHistory", + "service": "BackupService", + "operation": "GetHistory", + "kind": "readonly", + "description": "获取备份历史详情", + "tags": [ + "配置备份" + ] + }, + { + "method": "BackupService.GetRecovery", + "service": "BackupService", + "operation": "GetRecovery", + "kind": "readonly", + "description": "获取恢复历史详情", + "tags": [ + "配置备份" + ] + }, + { + "method": "BackupService.GetStatus", + "service": "BackupService", + "operation": "GetStatus", + "kind": "readonly", + "description": "获取备份恢复状态", + "tags": [ + "配置备份" + ] + }, + { + "method": "BackupService.ListHistory", + "service": "BackupService", + "operation": "ListHistory", + "kind": "readonly", + "description": "获取备份历史列表", + "tags": [ + "配置备份" + ] + }, + { + "method": "BackupService.RestoreByHistory", + "service": "BackupService", + "operation": "RestoreByHistory", + "kind": "mutation", + "description": "根据备份历史恢复", + "tags": [ + "配置备份" + ] + }, + { + "method": "BackupService.SetConfig", + "service": "BackupService", + "operation": "SetConfig", + "kind": "mutation", + "description": "更新备份配置", + "tags": [ + "配置备份" + ] + }, + { + "method": "BaselineV2Service.BatchUpdateItem", + "service": "BaselineV2Service", + "operation": "BatchUpdateItem", + "kind": "mutation", + "description": "编辑导入的核查项", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.CopyLogic", + "service": "BaselineV2Service", + "operation": "CopyLogic", + "kind": "mutation", + "description": "复制核查逻辑", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.CreateCredential", + "service": "BaselineV2Service", + "operation": "CreateCredential", + "kind": "mutation", + "description": "添加凭证", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.CreateItem", + "service": "BaselineV2Service", + "operation": "CreateItem", + "kind": "mutation", + "description": "导入新的核查项", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.CreateLogic", + "service": "BaselineV2Service", + "operation": "CreateLogic", + "kind": "mutation", + "description": "快速新增核查逻辑", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.CreateSet", + "service": "BaselineV2Service", + "operation": "CreateSet", + "kind": "mutation", + "description": "添加策略", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.CreateTask", + "service": "BaselineV2Service", + "operation": "CreateTask", + "kind": "mutation", + "description": "新建核查任务", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.CreateWhitelist", + "service": "BaselineV2Service", + "operation": "CreateWhitelist", + "kind": "mutation", + "description": "生成白名单规则", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.DeleteCredential", + "service": "BaselineV2Service", + "operation": "DeleteCredential", + "kind": "mutation", + "description": "删除凭证", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.DeleteItem", + "service": "BaselineV2Service", + "operation": "DeleteItem", + "kind": "mutation", + "description": "删除导入的核查项", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.DeleteLogic", + "service": "BaselineV2Service", + "operation": "DeleteLogic", + "kind": "mutation", + "description": "删除核查逻辑", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.DeleteSet", + "service": "BaselineV2Service", + "operation": "DeleteSet", + "kind": "mutation", + "description": "删除策略", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.DeleteSubtask", + "service": "BaselineV2Service", + "operation": "DeleteSubtask", + "kind": "mutation", + "description": "删除核查子任务", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.DeleteTask", + "service": "BaselineV2Service", + "operation": "DeleteTask", + "kind": "mutation", + "description": "删除核查任务,将会连带删除子任务", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.EditLogic", + "service": "BaselineV2Service", + "operation": "EditLogic", + "kind": "mutation", + "description": "编辑核查逻辑", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.EditSubtaskState", + "service": "BaselineV2Service", + "operation": "EditSubtaskState", + "kind": "mutation", + "description": "修改子任务状态", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.GetAllTag", + "service": "BaselineV2Service", + "operation": "GetAllTag", + "kind": "readonly", + "description": "获取目前用户自定义的所有 Tag", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.GetCredentialList", + "service": "BaselineV2Service", + "operation": "GetCredentialList", + "kind": "readonly", + "description": "获取凭证列表", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.GetItemList", + "service": "BaselineV2Service", + "operation": "GetItemList", + "kind": "readonly", + "description": "获取导入的核查项详情", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.GetLogic", + "service": "BaselineV2Service", + "operation": "GetLogic", + "kind": "readonly", + "description": "获取核查逻辑详细信息,仅应该在用户选择好逻辑后,获取几个具体逻辑的详细信息", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.GetLogicList", + "service": "BaselineV2Service", + "operation": "GetLogicList", + "kind": "readonly", + "description": "获取核查逻辑列表", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.GetLogicTags", + "service": "BaselineV2Service", + "operation": "GetLogicTags", + "kind": "readonly", + "description": "获取核查逻辑的所有标签", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.GetSet", + "service": "BaselineV2Service", + "operation": "GetSet", + "kind": "readonly", + "description": "获取策略信息", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.GetSetList", + "service": "BaselineV2Service", + "operation": "GetSetList", + "kind": "readonly", + "description": "获取策略列表", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.GetSubtask", + "service": "BaselineV2Service", + "operation": "GetSubtask", + "kind": "readonly", + "description": "获取核查子任务详情", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.GetSubtaskList", + "service": "BaselineV2Service", + "operation": "GetSubtaskList", + "kind": "readonly", + "description": "获取核查子任务列表", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.GetTask", + "service": "BaselineV2Service", + "operation": "GetTask", + "kind": "readonly", + "description": "获取核查任务详情", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.GetTaskList", + "service": "BaselineV2Service", + "operation": "GetTaskList", + "kind": "readonly", + "description": "获取核查任务列表", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.GetTaskNameList", + "service": "BaselineV2Service", + "operation": "GetTaskNameList", + "kind": "readonly", + "description": "获取核查任务名称列表", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.GetTemplateLogic", + "service": "BaselineV2Service", + "operation": "GetTemplateLogic", + "kind": "readonly", + "description": "获取快速自定义核查逻辑详细信息,用于编辑快速自定义之前查询信息", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.GetWhitelistRequest", + "service": "BaselineV2Service", + "operation": "GetWhitelistRequest", + "kind": "readonly", + "description": "获取白名单规则", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.StartSubtask", + "service": "BaselineV2Service", + "operation": "StartSubtask", + "kind": "mutation", + "description": "立即进行子任务核查,将会覆盖原有的子任务结果", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.StartTask", + "service": "BaselineV2Service", + "operation": "StartTask", + "kind": "mutation", + "description": "开始核查任务", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.StopTask", + "service": "BaselineV2Service", + "operation": "StopTask", + "kind": "mutation", + "description": "停止核查任务", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.UpdateCredential", + "service": "BaselineV2Service", + "operation": "UpdateCredential", + "kind": "mutation", + "description": "编辑凭证", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.UpdateItem", + "service": "BaselineV2Service", + "operation": "UpdateItem", + "kind": "mutation", + "description": "编辑导入的核查项", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.UpdateLogic", + "service": "BaselineV2Service", + "operation": "UpdateLogic", + "kind": "mutation", + "description": "编辑核查逻辑,目前编辑核查逻辑只能编辑其默认参数(json schema 的 default)", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.UpdateSet", + "service": "BaselineV2Service", + "operation": "UpdateSet", + "kind": "mutation", + "description": "更新策略", + "tags": [ + "合规基线" + ] + }, + { + "method": "BaselineV2Service.UpdateTask", + "service": "BaselineV2Service", + "operation": "UpdateTask", + "kind": "mutation", + "description": "修改任务绑定的核查策略或者任务绑定的探针", + "tags": [ + "合规基线" + ] + }, + { + "method": "BruteForceService.CreateWhitelist", + "service": "BruteForceService", + "operation": "CreateWhitelist", + "kind": "mutation", + "description": "生成白名单规则", + "tags": [ + "暴力破解" + ] + }, + { + "method": "BruteForceService.DeleteEvent", + "service": "BruteForceService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除所选的事件", + "tags": [ + "暴力破解" + ] + }, + { + "method": "BruteForceService.EditEventComment", + "service": "BruteForceService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "暴力破解" + ] + }, + { + "method": "BruteForceService.EditEventState", + "service": "BruteForceService", + "operation": "EditEventState", + "kind": "mutation", + "description": "改变所选事件的处置状态", + "tags": [ + "暴力破解" + ] + }, + { + "method": "BruteForceService.GenerateEventFirewallRule", + "service": "BruteForceService", + "operation": "GenerateEventFirewallRule", + "kind": "mutation", + "description": "根据所选事件生成网络阻断规则", + "tags": [ + "暴力破解" + ] + }, + { + "method": "BruteForceService.GetEvent", + "service": "BruteForceService", + "operation": "GetEvent", + "kind": "readonly", + "description": "获取事件详情", + "tags": [ + "暴力破解" + ] + }, + { + "method": "BruteForceService.GetEventList", + "service": "BruteForceService", + "operation": "GetEventList", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "暴力破解" + ] + }, + { + "method": "BruteForceService.GetEventSourceIP", + "service": "BruteForceService", + "operation": "GetEventSourceIP", + "kind": "readonly", + "description": "获取某事件的攻击源 IP", + "tags": [ + "暴力破解" + ] + }, + { + "method": "BruteForceService.GetWhitelist", + "service": "BruteForceService", + "operation": "GetWhitelist", + "kind": "readonly", + "description": "获取白名单规则", + "tags": [ + "暴力破解" + ] + }, + { + "method": "BruteForceService.MarkAsRead", + "service": "BruteForceService", + "operation": "MarkAsRead", + "kind": "mutation", + "description": "标记事件为已读", + "tags": [ + "暴力破解" + ] + }, + { + "method": "BusinessGroupService.CreateBusinessGroup", + "service": "BusinessGroupService", + "operation": "CreateBusinessGroup", + "kind": "mutation", + "description": "新建子业务组", + "tags": [ + "业务组管理" + ] + }, + { + "method": "BusinessGroupService.DeleteBusinessGroup", + "service": "BusinessGroupService", + "operation": "DeleteBusinessGroup", + "kind": "mutation", + "description": "删除业务组", + "tags": [ + "业务组管理" + ] + }, + { + "method": "BusinessGroupService.EditBusinessGroup", + "service": "BusinessGroupService", + "operation": "EditBusinessGroup", + "kind": "mutation", + "description": "编辑业务组", + "tags": [ + "业务组管理" + ] + }, + { + "method": "BusinessGroupService.GetBusinessGroupDetail", + "service": "BusinessGroupService", + "operation": "GetBusinessGroupDetail", + "kind": "readonly", + "description": "获取业务组详情", + "tags": [ + "业务组管理" + ] + }, + { + "method": "BusinessGroupService.GetBusinessGroupTree", + "service": "BusinessGroupService", + "operation": "GetBusinessGroupTree", + "kind": "readonly", + "description": "获取业务组列表", + "tags": [ + "业务组管理" + ] + }, + { + "method": "BusinessGroupService.GetBusinessGroupTreeByOrg", + "service": "BusinessGroupService", + "operation": "GetBusinessGroupTreeByOrg", + "kind": "readonly", + "description": "获取某机构的业务组列表", + "tags": [ + "业务组管理" + ] + }, + { + "method": "CloudWalkerAccountAuthService.CreateRole", + "service": "CloudWalkerAccountAuthService", + "operation": "CreateRole", + "kind": "mutation", + "description": "创建角色", + "tags": [ + "用户角色管理" + ] + }, + { + "method": "CloudWalkerAccountAuthService.CreateUser", + "service": "CloudWalkerAccountAuthService", + "operation": "CreateUser", + "kind": "mutation", + "description": "创建用户", + "tags": [ + "用户角色管理" + ] + }, + { + "method": "CloudWalkerAccountAuthService.DeleteRole", + "service": "CloudWalkerAccountAuthService", + "operation": "DeleteRole", + "kind": "mutation", + "description": "删除角色", + "tags": [ + "用户角色管理" + ] + }, + { + "method": "CloudWalkerAccountAuthService.DeleteUser", + "service": "CloudWalkerAccountAuthService", + "operation": "DeleteUser", + "kind": "mutation", + "description": "删除用户", + "tags": [ + "用户角色管理" + ] + }, + { + "method": "CloudWalkerAccountAuthService.GetRole", + "service": "CloudWalkerAccountAuthService", + "operation": "GetRole", + "kind": "readonly", + "description": "获取角色", + "tags": [ + "用户角色管理" + ] + }, + { + "method": "CloudWalkerAccountAuthService.GetUserInfo", + "service": "CloudWalkerAccountAuthService", + "operation": "GetUserInfo", + "kind": "readonly", + "description": "获取用户信息详情", + "tags": [ + "用户角色管理" + ] + }, + { + "method": "CloudWalkerAccountAuthService.ListRole", + "service": "CloudWalkerAccountAuthService", + "operation": "ListRole", + "kind": "readonly", + "description": "获取角色列表", + "tags": [ + "用户角色管理" + ] + }, + { + "method": "CloudWalkerAccountAuthService.ListUser", + "service": "CloudWalkerAccountAuthService", + "operation": "ListUser", + "kind": "readonly", + "description": "获取用户列表", + "tags": [ + "用户角色管理" + ] + }, + { + "method": "CloudWalkerAccountAuthService.UpdateRole", + "service": "CloudWalkerAccountAuthService", + "operation": "UpdateRole", + "kind": "mutation", + "description": "更新角色", + "tags": [ + "用户角色管理" + ] + }, + { + "method": "CloudWalkerAccountAuthService.UpdateUser", + "service": "CloudWalkerAccountAuthService", + "operation": "UpdateUser", + "kind": "mutation", + "description": "更新用户", + "tags": [ + "用户角色管理" + ] + }, + { + "method": "CloudWalkerAccountAuthService.UpdateUserEnable", + "service": "CloudWalkerAccountAuthService", + "operation": "UpdateUserEnable", + "kind": "mutation", + "description": "启用/禁用用户", + "tags": [ + "用户角色管理" + ] + }, + { + "method": "CloudwalkerSettingService.ExternalLink", + "service": "CloudwalkerSettingService", + "operation": "ExternalLink", + "kind": "mutation", + "description": "外部连接", + "tags": [ + "牧云设置" + ] + }, + { + "method": "CloudwalkerSettingService.ExternalLinkRedirect", + "service": "CloudwalkerSettingService", + "operation": "ExternalLinkRedirect", + "kind": "mutation", + "description": "外部连接重定向", + "tags": [ + "牧云设置" + ] + }, + { + "method": "CloudwalkerSettingService.GetCurrentLanguage", + "service": "CloudwalkerSettingService", + "operation": "GetCurrentLanguage", + "kind": "readonly", + "description": "获取当前语言", + "tags": [ + "牧云设置" + ] + }, + { + "method": "CloudwalkerSettingService.GetCurrentTime", + "service": "CloudwalkerSettingService", + "operation": "GetCurrentTime", + "kind": "readonly", + "description": "获取当前系统时间", + "tags": [ + "系统配置" + ] + }, + { + "method": "CloudwalkerSettingService.GetDisabledFeature", + "service": "CloudwalkerSettingService", + "operation": "GetDisabledFeature", + "kind": "readonly", + "description": "获取被禁用的功能", + "tags": [ + "系统配置" + ] + }, + { + "method": "CloudwalkerSettingService.GetInstallationInfo", + "service": "CloudwalkerSettingService", + "operation": "GetInstallationInfo", + "kind": "readonly", + "description": "获取安装信息", + "tags": [ + "牧云设置" + ] + }, + { + "method": "CloudwalkerSettingService.GetProductInfo", + "service": "CloudwalkerSettingService", + "operation": "GetProductInfo", + "kind": "readonly", + "description": "获取产品信息", + "tags": [ + "牧云设置" + ] + }, + { + "method": "CloudwalkerSettingService.GetPublicKey", + "service": "CloudwalkerSettingService", + "operation": "GetPublicKey", + "kind": "readonly", + "description": "获取服务端公钥", + "tags": [ + "系统配置" + ] + }, + { + "method": "CloudwalkerSettingService.SetProductInfo", + "service": "CloudwalkerSettingService", + "operation": "SetProductInfo", + "kind": "mutation", + "description": "设置产品相关信息", + "tags": [ + "牧云设置" + ] + }, + { + "method": "CrontabService.CreatePlan", + "service": "CrontabService", + "operation": "CreatePlan", + "kind": "mutation", + "description": "创建任务计划", + "tags": [ + "任务计划" + ] + }, + { + "method": "CrontabService.CreateWeakPasswordPlan", + "service": "CrontabService", + "operation": "CreateWeakPasswordPlan", + "kind": "mutation", + "description": "创建弱口令任务计划", + "tags": [ + "任务计划" + ] + }, + { + "method": "CrontabService.DeletePlan", + "service": "CrontabService", + "operation": "DeletePlan", + "kind": "mutation", + "description": "删除任务计划", + "tags": [ + "任务计划" + ] + }, + { + "method": "CrontabService.EditPlan", + "service": "CrontabService", + "operation": "EditPlan", + "kind": "mutation", + "description": "修改任务计划", + "tags": [ + "任务计划" + ] + }, + { + "method": "CrontabService.EditWeakPasswordPlan", + "service": "CrontabService", + "operation": "EditWeakPasswordPlan", + "kind": "mutation", + "description": "修改弱口令任务计划", + "tags": [ + "任务计划" + ] + }, + { + "method": "CrontabService.GetPlan", + "service": "CrontabService", + "operation": "GetPlan", + "kind": "readonly", + "description": "获取任务计划详情", + "tags": [ + "任务计划" + ] + }, + { + "method": "CrontabService.GetPlanList", + "service": "CrontabService", + "operation": "GetPlanList", + "kind": "readonly", + "description": "获取任务计划列表", + "tags": [ + "任务计划" + ] + }, + { + "method": "CrontabService.GetPlanLog", + "service": "CrontabService", + "operation": "GetPlanLog", + "kind": "readonly", + "description": "获取任务计划日志", + "tags": [ + "任务计划" + ] + }, + { + "method": "CrontabService.GetTaskResult", + "service": "CrontabService", + "operation": "GetTaskResult", + "kind": "readonly", + "description": "获取任务计划结果", + "tags": [ + "任务计划" + ] + }, + { + "method": "CrontabService.GetWeakPasswordPlan", + "service": "CrontabService", + "operation": "GetWeakPasswordPlan", + "kind": "readonly", + "description": "获取弱口令任务计划详情", + "tags": [ + "任务计划" + ] + }, + { + "method": "CrontabService.GetWeakPasswordPlanList", + "service": "CrontabService", + "operation": "GetWeakPasswordPlanList", + "kind": "readonly", + "description": "获取弱口令任务计划列表", + "tags": [ + "任务计划" + ] + }, + { + "method": "CrontabService.GetWeakPasswordTaskConfig", + "service": "CrontabService", + "operation": "GetWeakPasswordTaskConfig", + "kind": "readonly", + "description": "获取弱口令任务默认配置", + "tags": [ + "任务计划" + ] + }, + { + "method": "CrontabService.RetryTaskByPlan", + "service": "CrontabService", + "operation": "RetryTaskByPlan", + "kind": "mutation", + "description": "重试任务计划中的失败的任务", + "tags": [ + "任务计划" + ] + }, + { + "method": "CrontabService.SetPlanEnablement", + "service": "CrontabService", + "operation": "SetPlanEnablement", + "kind": "mutation", + "description": "设置任务计划自动执行", + "tags": [ + "任务计划" + ] + }, + { + "method": "CrontabService.StartPlan", + "service": "CrontabService", + "operation": "StartPlan", + "kind": "mutation", + "description": "手动开始任务计划", + "tags": [ + "任务计划" + ] + }, + { + "method": "CrontabService.StopPlan", + "service": "CrontabService", + "operation": "StopPlan", + "kind": "mutation", + "description": "手动停止执行中的任务计划", + "tags": [ + "任务计划" + ] + }, + { + "method": "DetectionRuleService.CreateAbnormalLoginRule", + "service": "DetectionRuleService", + "operation": "CreateAbnormalLoginRule", + "kind": "mutation", + "description": "创建异常登陆检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.CreateHoneypotRule", + "service": "DetectionRuleService", + "operation": "CreateHoneypotRule", + "kind": "mutation", + "description": "创建蜜罐诱捕检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.CreateNetworkAuditRule", + "service": "DetectionRuleService", + "operation": "CreateNetworkAuditRule", + "kind": "mutation", + "description": "创建网络异常检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.CreateSensitiveFileRule", + "service": "DetectionRuleService", + "operation": "CreateSensitiveFileRule", + "kind": "mutation", + "description": "创建敏感文件检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.CreateSensitivePortRule", + "service": "DetectionRuleService", + "operation": "CreateSensitivePortRule", + "kind": "mutation", + "description": "创建敏感端口检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.CreateSuspiciousOperationRule", + "service": "DetectionRuleService", + "operation": "CreateSuspiciousOperationRule", + "kind": "mutation", + "description": "创建可疑命令检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.DeleteAbnormalLoginRule", + "service": "DetectionRuleService", + "operation": "DeleteAbnormalLoginRule", + "kind": "mutation", + "description": "删除异常登陆检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.DeleteHoneypotRule", + "service": "DetectionRuleService", + "operation": "DeleteHoneypotRule", + "kind": "mutation", + "description": "删除蜜罐诱捕检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.DeleteNetworkAuditRule", + "service": "DetectionRuleService", + "operation": "DeleteNetworkAuditRule", + "kind": "mutation", + "description": "删除网络异常检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.DeleteSensitiveFileRule", + "service": "DetectionRuleService", + "operation": "DeleteSensitiveFileRule", + "kind": "mutation", + "description": "删除敏感文件检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.DeleteSensitivePortRule", + "service": "DetectionRuleService", + "operation": "DeleteSensitivePortRule", + "kind": "mutation", + "description": "删除敏感端口检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.DeleteSuspiciousOperationRule", + "service": "DetectionRuleService", + "operation": "DeleteSuspiciousOperationRule", + "kind": "mutation", + "description": "删除可疑命令检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.EnablementAbnormalLoginRule", + "service": "DetectionRuleService", + "operation": "EnablementAbnormalLoginRule", + "kind": "mutation", + "description": "启禁用异常登录检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.EnablementHoneypotRule", + "service": "DetectionRuleService", + "operation": "EnablementHoneypotRule", + "kind": "mutation", + "description": "启禁用蜜罐诱捕检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.EnablementNetworkAuditRule", + "service": "DetectionRuleService", + "operation": "EnablementNetworkAuditRule", + "kind": "mutation", + "description": "启禁用网络异常检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.EnablementSensitiveFileRule", + "service": "DetectionRuleService", + "operation": "EnablementSensitiveFileRule", + "kind": "mutation", + "description": "启禁用敏感文件检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.EnablementSensitivePortRule", + "service": "DetectionRuleService", + "operation": "EnablementSensitivePortRule", + "kind": "mutation", + "description": "启禁用敏感端口检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.EnablementSuspiciousOperationRule", + "service": "DetectionRuleService", + "operation": "EnablementSuspiciousOperationRule", + "kind": "mutation", + "description": "启禁用可疑命令检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.GetBruteForceAdvCfg", + "service": "DetectionRuleService", + "operation": "GetBruteForceAdvCfg", + "kind": "readonly", + "description": "获取暴力破解高级配置", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.GetHoneypotRule", + "service": "DetectionRuleService", + "operation": "GetHoneypotRule", + "kind": "readonly", + "description": "获取蜜罐诱捕检测规则详情", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.GetMaliciousFileAdvCfg", + "service": "DetectionRuleService", + "operation": "GetMaliciousFileAdvCfg", + "kind": "readonly", + "description": "获取恶意文件高级配置", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.GetNetworkAuditAdvCfg", + "service": "DetectionRuleService", + "operation": "GetNetworkAuditAdvCfg", + "kind": "readonly", + "description": "获取网络异常高级配置", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.GetSuspiciousOperationAdvCfg", + "service": "DetectionRuleService", + "operation": "GetSuspiciousOperationAdvCfg", + "kind": "readonly", + "description": "获取可疑命令高级配置", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.GetWebshellAdvCfg", + "service": "DetectionRuleService", + "operation": "GetWebshellAdvCfg", + "kind": "readonly", + "description": "获取 Webshell 高级配置", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.ListAbnormalLoginRule", + "service": "DetectionRuleService", + "operation": "ListAbnormalLoginRule", + "kind": "readonly", + "description": "获取异常登陆检测规则列表", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.ListHoneypotRule", + "service": "DetectionRuleService", + "operation": "ListHoneypotRule", + "kind": "readonly", + "description": "获取蜜罐诱捕检测规则列表", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.ListNetworkAuditRule", + "service": "DetectionRuleService", + "operation": "ListNetworkAuditRule", + "kind": "readonly", + "description": "获取网络异常检测规则列表", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.ListSensitiveFileRule", + "service": "DetectionRuleService", + "operation": "ListSensitiveFileRule", + "kind": "readonly", + "description": "获取敏感文件检测规则列表", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.ListSensitivePortRule", + "service": "DetectionRuleService", + "operation": "ListSensitivePortRule", + "kind": "readonly", + "description": "获取敏感端口检测规则列表", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.ListSuspiciousOperationRule", + "service": "DetectionRuleService", + "operation": "ListSuspiciousOperationRule", + "kind": "readonly", + "description": "获取可疑命令检测规则列表", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.SetBruteForceAdvCfg", + "service": "DetectionRuleService", + "operation": "SetBruteForceAdvCfg", + "kind": "mutation", + "description": "设置暴力破解高级配置", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.SetMaliciousFileAdvCfg", + "service": "DetectionRuleService", + "operation": "SetMaliciousFileAdvCfg", + "kind": "mutation", + "description": "设置恶意文件高级配置", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.SetNetworkAuditAdvCfg", + "service": "DetectionRuleService", + "operation": "SetNetworkAuditAdvCfg", + "kind": "mutation", + "description": "设置网络异常高级配置", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.SetSuspiciousOperationAdvCfg", + "service": "DetectionRuleService", + "operation": "SetSuspiciousOperationAdvCfg", + "kind": "mutation", + "description": "设置可疑命令高级配置", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.SetWebshellAdvCfg", + "service": "DetectionRuleService", + "operation": "SetWebshellAdvCfg", + "kind": "mutation", + "description": "设置 Webshell 高级配置", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.UpdateAbnormalLoginRule", + "service": "DetectionRuleService", + "operation": "UpdateAbnormalLoginRule", + "kind": "mutation", + "description": "更新异常登陆检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.UpdateHoneypotRule", + "service": "DetectionRuleService", + "operation": "UpdateHoneypotRule", + "kind": "mutation", + "description": "更新蜜罐诱捕检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.UpdateNetworkAuditRule", + "service": "DetectionRuleService", + "operation": "UpdateNetworkAuditRule", + "kind": "mutation", + "description": "更新网络异常检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.UpdateSensitiveFileRule", + "service": "DetectionRuleService", + "operation": "UpdateSensitiveFileRule", + "kind": "mutation", + "description": "更新敏感文件检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.UpdateSensitivePortRule", + "service": "DetectionRuleService", + "operation": "UpdateSensitivePortRule", + "kind": "mutation", + "description": "更新敏感端口检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DetectionRuleService.UpdateSuspiciousOperationRule", + "service": "DetectionRuleService", + "operation": "UpdateSuspiciousOperationRule", + "kind": "mutation", + "description": "更新可疑命令检测规则", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "DockerContainerService.GetContainer", + "service": "DockerContainerService", + "operation": "GetContainer", + "kind": "readonly", + "description": "获取Docker容器资产详情", + "tags": [ + "Docker资产" + ] + }, + { + "method": "DockerContainerService.GetContainerList", + "service": "DockerContainerService", + "operation": "GetContainerList", + "kind": "readonly", + "description": "获取Docker容器资产列表", + "tags": [ + "Docker资产" + ] + }, + { + "method": "DockerContainerService.StatContainer", + "service": "DockerContainerService", + "operation": "StatContainer", + "kind": "readonly", + "description": "获取Docker容器统计结果", + "tags": [ + "Docker资产" + ] + }, + { + "method": "DockerImageService.GetImage", + "service": "DockerImageService", + "operation": "GetImage", + "kind": "readonly", + "description": "获取Docker镜像资产详情", + "tags": [ + "Docker资产" + ] + }, + { + "method": "DockerImageService.GetImageList", + "service": "DockerImageService", + "operation": "GetImageList", + "kind": "readonly", + "description": "获取Docker镜像资产列表", + "tags": [ + "Docker资产" + ] + }, + { + "method": "DockerImageService.StatImage", + "service": "DockerImageService", + "operation": "StatImage", + "kind": "readonly", + "description": "获取Docker镜像统计", + "tags": [ + "Docker资产" + ] + }, + { + "method": "DockerNetworkService.GetNetwork", + "service": "DockerNetworkService", + "operation": "GetNetwork", + "kind": "readonly", + "description": "获取Docker网络资产详情", + "tags": [ + "Docker资产" + ] + }, + { + "method": "DockerNetworkService.GetNetworkList", + "service": "DockerNetworkService", + "operation": "GetNetworkList", + "kind": "readonly", + "description": "获取Docker网络资产列表", + "tags": [ + "Docker资产" + ] + }, + { + "method": "DockerNetworkService.StatNetwork", + "service": "DockerNetworkService", + "operation": "StatNetwork", + "kind": "readonly", + "description": "获取Docker网络资产列表", + "tags": [ + "Docker资产" + ] + }, + { + "method": "ElevationProcessEventService.CreateWhitelist", + "service": "ElevationProcessEventService", + "operation": "CreateWhitelist", + "kind": "mutation", + "description": "生成白名单规则", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.DeleteEvent", + "service": "ElevationProcessEventService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除所选的事件", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.EditEventComment", + "service": "ElevationProcessEventService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.EditEventState", + "service": "ElevationProcessEventService", + "operation": "EditEventState", + "kind": "mutation", + "description": "改变所选事件的处置状态", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.GetEvent", + "service": "ElevationProcessEventService", + "operation": "GetEvent", + "kind": "readonly", + "description": "获取事件详情", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.GetEventList", + "service": "ElevationProcessEventService", + "operation": "GetEventList", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.GetEventListByExename", + "service": "ElevationProcessEventService", + "operation": "GetEventListByExename", + "kind": "readonly", + "description": "返回按进程聚合的事件列表", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.GetEventListByHost", + "service": "ElevationProcessEventService", + "operation": "GetEventListByHost", + "kind": "readonly", + "description": "返回按主机聚合的事件列表", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.GetEventListByOriginEffectUser", + "service": "ElevationProcessEventService", + "operation": "GetEventListByOriginEffectUser", + "kind": "readonly", + "description": "返回按原有效用户聚合的事件列表", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.GetWhitelist", + "service": "ElevationProcessEventService", + "operation": "GetWhitelist", + "kind": "readonly", + "description": "获取白名单规则", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.MarkAsRead", + "service": "ElevationProcessEventService", + "operation": "MarkAsRead", + "kind": "mutation", + "description": "标记事件为已读", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.ProcessKill", + "service": "ElevationProcessEventService", + "operation": "ProcessKill", + "kind": "mutation", + "description": "删除所选的事件", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.StatEventByExename", + "service": "ElevationProcessEventService", + "operation": "StatEventByExename", + "kind": "readonly", + "description": "获取按进程名聚合的统计结果", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.StatEventByHost", + "service": "ElevationProcessEventService", + "operation": "StatEventByHost", + "kind": "readonly", + "description": "获取按主机聚合的统计结果", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.StatEventByLevel", + "service": "ElevationProcessEventService", + "operation": "StatEventByLevel", + "kind": "readonly", + "description": "获取按事件风险等级聚合的统计结果", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.StatEventByOriginEffectUser", + "service": "ElevationProcessEventService", + "operation": "StatEventByOriginEffectUser", + "kind": "readonly", + "description": "获取按提权原有效用户聚合的统计结果", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.StatEventByState", + "service": "ElevationProcessEventService", + "operation": "StatEventByState", + "kind": "readonly", + "description": "获取按处置状态聚合的统计结果", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.StatEventByTime", + "service": "ElevationProcessEventService", + "operation": "StatEventByTime", + "kind": "readonly", + "description": "获取按事件发生时间聚合的统计结果", + "tags": [ + "本地提权" + ] + }, + { + "method": "ElevationProcessEventService.StatEventByType", + "service": "ElevationProcessEventService", + "operation": "StatEventByType", + "kind": "readonly", + "description": "获取按提权类型聚合的统计结果", + "tags": [ + "本地提权" + ] + }, + { + "method": "EmergencyVulnService.CancelIgnoreEventTask", + "service": "EmergencyVulnService", + "operation": "CancelIgnoreEventTask", + "kind": "mutation", + "description": "取消忽略漏洞事件", + "tags": [ + "漏洞应急" + ] + }, + { + "method": "EmergencyVulnService.CreateEventTask", + "service": "EmergencyVulnService", + "operation": "CreateEventTask", + "kind": "mutation", + "description": "漏洞应急事件复测", + "tags": [ + "漏洞应急" + ] + }, + { + "method": "EmergencyVulnService.CreateVulnTask", + "service": "EmergencyVulnService", + "operation": "CreateVulnTask", + "kind": "mutation", + "description": "创建漏洞应急扫描任务", + "tags": [ + "漏洞应急" + ] + }, + { + "method": "EmergencyVulnService.GetVulnInfo", + "service": "EmergencyVulnService", + "operation": "GetVulnInfo", + "kind": "readonly", + "description": "漏洞详细信息", + "tags": [ + "漏洞应急" + ] + }, + { + "method": "EmergencyVulnService.IgnoreEventTask", + "service": "EmergencyVulnService", + "operation": "IgnoreEventTask", + "kind": "mutation", + "description": "忽略漏洞事件", + "tags": [ + "漏洞应急" + ] + }, + { + "method": "EmergencyVulnService.ListVuln", + "service": "EmergencyVulnService", + "operation": "ListVuln", + "kind": "readonly", + "description": "漏洞应急列表页", + "tags": [ + "漏洞应急" + ] + }, + { + "method": "EmergencyVulnService.ListVulnEvent", + "service": "EmergencyVulnService", + "operation": "ListVulnEvent", + "kind": "readonly", + "description": "漏洞应急事件列表页", + "tags": [ + "漏洞应急" + ] + }, + { + "method": "EndpointService.ApplyConfig", + "service": "EndpointService", + "operation": "ApplyConfig", + "kind": "mutation", + "description": "应用配置变更响应", + "tags": [ + "其他系统设置" + ] + }, + { + "method": "EndpointService.EditAgentConfig", + "service": "EndpointService", + "operation": "EditAgentConfig", + "kind": "mutation", + "description": "修改探针连接配置", + "tags": [ + "Endpoint" + ] + }, + { + "method": "EndpointService.EditAgentPort", + "service": "EndpointService", + "operation": "EditAgentPort", + "kind": "mutation", + "description": "修改探针端口配置参数", + "tags": [ + "其他系统设置" + ] + }, + { + "method": "EndpointService.EditServerAddress", + "service": "EndpointService", + "operation": "EditServerAddress", + "kind": "mutation", + "description": "修改服务端地址(当前仅用于判断连接方式)", + "tags": [ + "其他系统设置" + ] + }, + { + "method": "EndpointService.EditWebPort", + "service": "EndpointService", + "operation": "EditWebPort", + "kind": "mutation", + "description": "修改服务端端口配置参数", + "tags": [ + "其他系统设置" + ] + }, + { + "method": "EndpointService.GetServerAddress", + "service": "EndpointService", + "operation": "GetServerAddress", + "kind": "readonly", + "description": "获取服务端地址(当前仅用于判断连接方式)", + "tags": [ + "其他系统设置" + ] + }, + { + "method": "EndpointService.GetWebConfig", + "service": "EndpointService", + "operation": "GetWebConfig", + "kind": "readonly", + "description": "获取web管理配置参数", + "tags": [ + "其他系统设置" + ] + }, + { + "method": "EndpointService.ListServerCert", + "service": "EndpointService", + "operation": "ListServerCert", + "kind": "readonly", + "description": "获取证书列表参数", + "tags": [ + "其他系统设置" + ] + }, + { + "method": "EndpointService.SwitchServerCert", + "service": "EndpointService", + "operation": "SwitchServerCert", + "kind": "mutation", + "description": "切换服务端证书参数", + "tags": [ + "其他系统设置" + ] + }, + { + "method": "FileDisposalService.Isolation", + "service": "FileDisposalService", + "operation": "Isolation", + "kind": "mutation", + "description": "文件隔离或者文件信任", + "tags": [ + "FileIsolation" + ] + }, + { + "method": "FileDisposalService.ListEvent", + "service": "FileDisposalService", + "operation": "ListEvent", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "FileIsolation" + ] + }, + { + "method": "FirewallService.CreateRule", + "service": "FirewallService", + "operation": "CreateRule", + "kind": "mutation", + "description": "添加规则", + "tags": [ + "防火墙" + ] + }, + { + "method": "FirewallService.DeleteEvent", + "service": "FirewallService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除事件", + "tags": [ + "防火墙" + ] + }, + { + "method": "FirewallService.DeleteRule", + "service": "FirewallService", + "operation": "DeleteRule", + "kind": "mutation", + "description": "删除规则", + "tags": [ + "防火墙" + ] + }, + { + "method": "FirewallService.GetEventList", + "service": "FirewallService", + "operation": "GetEventList", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "防火墙" + ] + }, + { + "method": "FirewallService.GetFirewallGlobalConfig", + "service": "FirewallService", + "operation": "GetFirewallGlobalConfig", + "kind": "readonly", + "description": "获取防火墙全局配置", + "tags": [ + "防火墙" + ] + }, + { + "method": "FirewallService.GetRule", + "service": "FirewallService", + "operation": "GetRule", + "kind": "readonly", + "description": "获取规则列表", + "tags": [ + "防火墙" + ] + }, + { + "method": "FirewallService.SetFirewallGlobalConfig", + "service": "FirewallService", + "operation": "SetFirewallGlobalConfig", + "kind": "mutation", + "description": "设置防火墙全局配置", + "tags": [ + "防火墙" + ] + }, + { + "method": "FirewallService.UpdateRule", + "service": "FirewallService", + "operation": "UpdateRule", + "kind": "mutation", + "description": "修改规则", + "tags": [ + "防火墙" + ] + }, + { + "method": "FullCommandService.Delete", + "service": "FullCommandService", + "operation": "Delete", + "kind": "mutation", + "description": "删除命令", + "tags": [ + "全量命令" + ] + }, + { + "method": "FullCommandService.EditEventComment", + "service": "FullCommandService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "全量命令" + ] + }, + { + "method": "FullCommandService.Get", + "service": "FullCommandService", + "operation": "Get", + "kind": "readonly", + "description": "获取命令详情", + "tags": [ + "全量命令" + ] + }, + { + "method": "FullCommandService.GetList", + "service": "FullCommandService", + "operation": "GetList", + "kind": "readonly", + "description": "获取命令列表", + "tags": [ + "全量命令" + ] + }, + { + "method": "FullCommandService.GetListByHost", + "service": "FullCommandService", + "operation": "GetListByHost", + "kind": "readonly", + "description": "获取按主机聚合的事件列表", + "tags": [ + "全量命令" + ] + }, + { + "method": "FullCommandService.GetListByNetApp", + "service": "FullCommandService", + "operation": "GetListByNetApp", + "kind": "readonly", + "description": "获取按网络应用聚合的事件列表", + "tags": [ + "全量命令" + ] + }, + { + "method": "FullCommandService.GetListBySSHClientIP", + "service": "FullCommandService", + "operation": "GetListBySSHClientIP", + "kind": "readonly", + "description": "获取按SSH登录聚合的事件列表", + "tags": [ + "全量命令" + ] + }, + { + "method": "HoneypotService.CreateWhitelist", + "service": "HoneypotService", + "operation": "CreateWhitelist", + "kind": "mutation", + "description": "生成白名单规则", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.DeleteEvent", + "service": "HoneypotService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除所选 ID 的事件", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.DeleteEventByHoneypot", + "service": "HoneypotService", + "operation": "DeleteEventByHoneypot", + "kind": "mutation", + "description": "删除所选蜜罐名的事件", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.DeleteEventByHost", + "service": "HoneypotService", + "operation": "DeleteEventByHost", + "kind": "mutation", + "description": "删除所选主机 ID 的事件", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.DeleteEventBySrcIP", + "service": "HoneypotService", + "operation": "DeleteEventBySrcIP", + "kind": "mutation", + "description": "删除所选源 IP 的事件", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.EditEventComment", + "service": "HoneypotService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.EditState", + "service": "HoneypotService", + "operation": "EditState", + "kind": "mutation", + "description": "改变所选 ID 事件的处置状态", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.EditStateByHoneypot", + "service": "HoneypotService", + "operation": "EditStateByHoneypot", + "kind": "mutation", + "description": "改变所选蜜罐名事件的处置状态", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.EditStateByHost", + "service": "HoneypotService", + "operation": "EditStateByHost", + "kind": "mutation", + "description": "改变所选主机 ID 事件的处置状态", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.EditStateBySrcIP", + "service": "HoneypotService", + "operation": "EditStateBySrcIP", + "kind": "mutation", + "description": "改变所选源 IP 事件的处置状态", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.GetEvent", + "service": "HoneypotService", + "operation": "GetEvent", + "kind": "readonly", + "description": "获取事件详情", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.GetWhitelist", + "service": "HoneypotService", + "operation": "GetWhitelist", + "kind": "readonly", + "description": "获取白名单规则", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.List", + "service": "HoneypotService", + "operation": "List", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.ListByHoneypot", + "service": "HoneypotService", + "operation": "ListByHoneypot", + "kind": "readonly", + "description": "获取按蜜罐名聚合的事件列表", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.ListByHost", + "service": "HoneypotService", + "operation": "ListByHost", + "kind": "readonly", + "description": "获取按主机聚合的事件列表", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.ListBySrcIP", + "service": "HoneypotService", + "operation": "ListBySrcIP", + "kind": "readonly", + "description": "获取按源 IP 聚合的事件列表", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.MarkAsRead", + "service": "HoneypotService", + "operation": "MarkAsRead", + "kind": "mutation", + "description": "标记事件为已读", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HoneypotService.StatEvent", + "service": "HoneypotService", + "operation": "StatEvent", + "kind": "readonly", + "description": "获取按多种视角聚合的事件统计信息", + "tags": [ + "蜜罐诱捕" + ] + }, + { + "method": "HostAssetService.AddAttributes", + "service": "HostAssetService", + "operation": "AddAttributes", + "kind": "mutation", + "description": "增加主机属性字段", + "tags": [ + "主机属性" + ] + }, + { + "method": "HostAssetService.BatchEditHostAttribute", + "service": "HostAssetService", + "operation": "BatchEditHostAttribute", + "kind": "mutation", + "description": "批量编辑主机属性信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.CountHost", + "service": "HostAssetService", + "operation": "CountHost", + "kind": "readonly", + "description": "获取主机资产数量", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.DeleteAttributes", + "service": "HostAssetService", + "operation": "DeleteAttributes", + "kind": "mutation", + "description": "删除主机属性字段", + "tags": [ + "主机属性" + ] + }, + { + "method": "HostAssetService.DeleteHost", + "service": "HostAssetService", + "operation": "DeleteHost", + "kind": "mutation", + "description": "卸载探针", + "tags": [ + "探针管理" + ] + }, + { + "method": "HostAssetService.DisableHost", + "service": "HostAssetService", + "operation": "DisableHost", + "kind": "mutation", + "description": "停用探针", + "tags": [ + "探针管理" + ] + }, + { + "method": "HostAssetService.EditAgentComment", + "service": "HostAssetService", + "operation": "EditAgentComment", + "kind": "mutation", + "description": "修改主机备注", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.EditAgentOrg", + "service": "HostAssetService", + "operation": "EditAgentOrg", + "kind": "mutation", + "description": "修改主机机构", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.EditAttributes", + "service": "HostAssetService", + "operation": "EditAttributes", + "kind": "mutation", + "description": "编辑主机属性字段", + "tags": [ + "主机属性" + ] + }, + { + "method": "HostAssetService.EditHostAttribute", + "service": "HostAssetService", + "operation": "EditHostAttribute", + "kind": "mutation", + "description": "编辑主机属性信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GenerateInstallCommand", + "service": "HostAssetService", + "operation": "GenerateInstallCommand", + "kind": "mutation", + "description": "生成探针安装命令", + "tags": [ + "探针管理" + ] + }, + { + "method": "HostAssetService.GenerateInstallInstaller", + "service": "HostAssetService", + "operation": "GenerateInstallInstaller", + "kind": "mutation", + "description": "生成探针安装包", + "tags": [ + "探针管理" + ] + }, + { + "method": "HostAssetService.GetAgentCloneConfig", + "service": "HostAssetService", + "operation": "GetAgentCloneConfig", + "kind": "readonly", + "description": "获取探针克隆配置", + "tags": [ + "探针管理" + ] + }, + { + "method": "HostAssetService.GetAgentConfig", + "service": "HostAssetService", + "operation": "GetAgentConfig", + "kind": "readonly", + "description": "获取探针配置", + "tags": [ + "探针模块" + ] + }, + { + "method": "HostAssetService.GetAgentInfo", + "service": "HostAssetService", + "operation": "GetAgentInfo", + "kind": "readonly", + "description": "获取探针信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetAllHostTag", + "service": "HostAssetService", + "operation": "GetAllHostTag", + "kind": "readonly", + "description": "获取所有已有标签", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetAntiUninstallConfig", + "service": "HostAssetService", + "operation": "GetAntiUninstallConfig", + "kind": "readonly", + "description": "获取探针防卸载配置", + "tags": [ + "探针管理" + ] + }, + { + "method": "HostAssetService.GetAssetOverView", + "service": "HostAssetService", + "operation": "GetAssetOverView", + "kind": "readonly", + "description": "获取主机上的资产的统计信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetAttributes", + "service": "HostAssetService", + "operation": "GetAttributes", + "kind": "readonly", + "description": "获取主机属性字段", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetEventList", + "service": "HostAssetService", + "operation": "GetEventList", + "kind": "readonly", + "description": "获取入侵检测事件信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetEventOverView", + "service": "HostAssetService", + "operation": "GetEventOverView", + "kind": "readonly", + "description": "获取主机上的资产的统计信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetFileState", + "service": "HostAssetService", + "operation": "GetFileState", + "kind": "readonly", + "description": "获取文件状态", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetHostAssetList", + "service": "HostAssetService", + "operation": "GetHostAssetList", + "kind": "readonly", + "description": "获取主机资产列表信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetHostAttribute", + "service": "HostAssetService", + "operation": "GetHostAttribute", + "kind": "readonly", + "description": "获取主机属性信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetHostBusinessInfo", + "service": "HostAssetService", + "operation": "GetHostBusinessInfo", + "kind": "readonly", + "description": "获取业务组信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetHostEnviron", + "service": "HostAssetService", + "operation": "GetHostEnviron", + "kind": "readonly", + "description": "获取主机资产环境变量", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetHostInfoDetail", + "service": "HostAssetService", + "operation": "GetHostInfoDetail", + "kind": "readonly", + "description": "获取主机资产的详情信息, 包含软件信息,硬件信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetHostLog", + "service": "HostAssetService", + "operation": "GetHostLog", + "kind": "readonly", + "description": "获取探针端获取日志,默认忽略离线探针,默认超时时间为1min.", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetHostPhysicalInfo", + "service": "HostAssetService", + "operation": "GetHostPhysicalInfo", + "kind": "readonly", + "description": "获取主机资产物理信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetHostPprof", + "service": "HostAssetService", + "operation": "GetHostPprof", + "kind": "readonly", + "description": "探针端获取日志,默认忽略离线探针,默认超时时间为 1 min.", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetHostView", + "service": "HostAssetService", + "operation": "GetHostView", + "kind": "readonly", + "description": "获取主机信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetRiskOverView", + "service": "HostAssetService", + "operation": "GetRiskOverView", + "kind": "readonly", + "description": "获取主机上的资产的统计信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetScore", + "service": "HostAssetService", + "operation": "GetScore", + "kind": "readonly", + "description": "获取主机分数", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.GetUninstallCommand", + "service": "HostAssetService", + "operation": "GetUninstallCommand", + "kind": "readonly", + "description": "获取离线卸载 token", + "tags": [ + "探针管理" + ] + }, + { + "method": "HostAssetService.MultiEditTags", + "service": "HostAssetService", + "operation": "MultiEditTags", + "kind": "mutation", + "description": "更新主机的标签", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.RemoteInstallCancel", + "service": "HostAssetService", + "operation": "RemoteInstallCancel", + "kind": "mutation", + "description": "取消远程安装操作", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.RemoteInstallCurrent", + "service": "HostAssetService", + "operation": "RemoteInstallCurrent", + "kind": "mutation", + "description": "获取当前任务信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.RemoteInstallStart", + "service": "HostAssetService", + "operation": "RemoteInstallStart", + "kind": "mutation", + "description": "开始远程安装任务", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.RemoteInstallStatus", + "service": "HostAssetService", + "operation": "RemoteInstallStatus", + "kind": "mutation", + "description": "获取远程安装的状态信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.RepairHost", + "service": "HostAssetService", + "operation": "RepairHost", + "kind": "mutation", + "description": "修复探针", + "tags": [ + "探针管理" + ] + }, + { + "method": "HostAssetService.RestartHost", + "service": "HostAssetService", + "operation": "RestartHost", + "kind": "mutation", + "description": "重启探针", + "tags": [ + "探针管理" + ] + }, + { + "method": "HostAssetService.SetAgentCloneConfig", + "service": "HostAssetService", + "operation": "SetAgentCloneConfig", + "kind": "mutation", + "description": "设置探针克隆配置", + "tags": [ + "探针管理" + ] + }, + { + "method": "HostAssetService.SetAntiUninstallConfig", + "service": "HostAssetService", + "operation": "SetAntiUninstallConfig", + "kind": "mutation", + "description": "设置探针防卸载开关", + "tags": [ + "探针管理" + ] + }, + { + "method": "HostAssetService.SetGroup", + "service": "HostAssetService", + "operation": "SetGroup", + "kind": "mutation", + "description": "修改主机业务组", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.StatAgentState", + "service": "HostAssetService", + "operation": "StatAgentState", + "kind": "readonly", + "description": "获取按 探针状态 聚合的主机分布", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.StatAgentVersion", + "service": "HostAssetService", + "operation": "StatAgentVersion", + "kind": "readonly", + "description": "获取按 探针版本 聚合的主机分布", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.StatCpuCore", + "service": "HostAssetService", + "operation": "StatCpuCore", + "kind": "readonly", + "description": "获取按 cpu核数 聚合的主机分布", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.StatCpuUsage", + "service": "HostAssetService", + "operation": "StatCpuUsage", + "kind": "readonly", + "description": "获取按 CPU 用量 聚合的主机分布", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.StatHostCountByTime", + "service": "HostAssetService", + "operation": "StatHostCountByTime", + "kind": "readonly", + "description": "获取按 探针安装时间 聚合的主机分布", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.StatMemSize", + "service": "HostAssetService", + "operation": "StatMemSize", + "kind": "readonly", + "description": "获取按 内存大小 聚合的主机分布", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.StatMemUsage", + "service": "HostAssetService", + "operation": "StatMemUsage", + "kind": "readonly", + "description": "获取按 内存使用量 聚合的主机分布", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.StatOsReleaseName", + "service": "HostAssetService", + "operation": "StatOsReleaseName", + "kind": "readonly", + "description": "获取按 操作系统发行版本名称 聚合的主机分布", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.StatTag", + "service": "HostAssetService", + "operation": "StatTag", + "kind": "readonly", + "description": "获取按 主机特征(用户自定的) 聚合的主机分布", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.UpdateHostInfoDetail", + "service": "HostAssetService", + "operation": "UpdateHostInfoDetail", + "kind": "mutation", + "description": "立即更新主机详情信息。包含软件信息,硬件信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostAssetService.UpgradeHost", + "service": "HostAssetService", + "operation": "UpgradeHost", + "kind": "mutation", + "description": "升级探针", + "tags": [ + "探针管理" + ] + }, + { + "method": "HostDiscoveryService.DeleteHost", + "service": "HostDiscoveryService", + "operation": "DeleteHost", + "kind": "mutation", + "description": "删除未知主机资产", + "tags": [ + "未知资产发现" + ] + }, + { + "method": "HostDiscoveryService.ListHost", + "service": "HostDiscoveryService", + "operation": "ListHost", + "kind": "readonly", + "description": "获取未知主机资产信息", + "tags": [ + "未知资产发现" + ] + }, + { + "method": "HostNicAssetService.GetHostNic", + "service": "HostNicAssetService", + "operation": "GetHostNic", + "kind": "readonly", + "description": "获取主机网卡信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "HostPartitionAssetService.GetHostPartition", + "service": "HostPartitionAssetService", + "operation": "GetHostPartition", + "kind": "readonly", + "description": "获取主机分区信息", + "tags": [ + "分区资产" + ] + }, + { + "method": "HostPartitionAssetService.GetNetworkStorageFileSystem", + "service": "HostPartitionAssetService", + "operation": "GetNetworkStorageFileSystem", + "kind": "readonly", + "description": "获取所有主机网络存储文件系统", + "tags": [ + "分区资产" + ] + }, + { + "method": "HostPartitionAssetService.GetNetworkStoragePartition", + "service": "HostPartitionAssetService", + "operation": "GetNetworkStoragePartition", + "kind": "readonly", + "description": "获取主机网络存储分区信息", + "tags": [ + "分区资产" + ] + }, + { + "method": "HostPartitionAssetService.GetNetworkStoragePartitionByFileSystem", + "service": "HostPartitionAssetService", + "operation": "GetNetworkStoragePartitionByFileSystem", + "kind": "readonly", + "description": "获取主机网络存储分区信息,通过文件系统聚合", + "tags": [ + "分区资产" + ] + }, + { + "method": "HostPartitionAssetService.GetNetworkStoragePartitionByHost", + "service": "HostPartitionAssetService", + "operation": "GetNetworkStoragePartitionByHost", + "kind": "readonly", + "description": "获取主机网络存储分区信息,通过主机聚合", + "tags": [ + "分区资产" + ] + }, + { + "method": "HostPartitionAssetService.GetNetworkStoragePartitionByMountPoint", + "service": "HostPartitionAssetService", + "operation": "GetNetworkStoragePartitionByMountPoint", + "kind": "readonly", + "description": "获取主机网络存储分区信息,通过挂载点聚合", + "tags": [ + "分区资产" + ] + }, + { + "method": "HostPartitionAssetService.SetNetworkStorageScanEnablement", + "service": "HostPartitionAssetService", + "operation": "SetNetworkStorageScanEnablement", + "kind": "mutation", + "description": "设置主机网络存储分区资产扫描启用状态", + "tags": [ + "分区资产" + ] + }, + { + "method": "HostRouteAssetService.GetHostRoute", + "service": "HostRouteAssetService", + "operation": "GetHostRoute", + "kind": "readonly", + "description": "获取主机路由资产信息", + "tags": [ + "主机资产" + ] + }, + { + "method": "LighterManagerService.Apply", + "service": "LighterManagerService", + "operation": "Apply", + "kind": "mutation", + "description": "应用lighter升级包", + "tags": [ + "lighter模块" + ] + }, + { + "method": "LighterManagerService.GetLatestVersion", + "service": "LighterManagerService", + "operation": "GetLatestVersion", + "kind": "readonly", + "description": "获取最新的 lighter 版本", + "tags": [ + "lighter模块" + ] + }, + { + "method": "LighterManagerService.Upgrade", + "service": "LighterManagerService", + "operation": "Upgrade", + "kind": "mutation", + "description": "更新 lighter", + "tags": [ + "lighter 管理" + ] + }, + { + "method": "LogCollectService.CreateLogCollect", + "service": "LogCollectService", + "operation": "CreateLogCollect", + "kind": "mutation", + "description": "创建日志采集", + "tags": [ + "日志采集" + ] + }, + { + "method": "LogCollectService.DeleteLogCollect", + "service": "LogCollectService", + "operation": "DeleteLogCollect", + "kind": "mutation", + "description": "删除日志采集规则", + "tags": [ + "日志采集" + ] + }, + { + "method": "LogCollectService.EnablementLogCollect", + "service": "LogCollectService", + "operation": "EnablementLogCollect", + "kind": "mutation", + "description": "启禁用日志采集规则", + "tags": [ + "日志采集" + ] + }, + { + "method": "LogCollectService.GetLogCollectInfo", + "service": "LogCollectService", + "operation": "GetLogCollectInfo", + "kind": "readonly", + "description": "获取日志采集信息", + "tags": [ + "日志采集" + ] + }, + { + "method": "LogCollectService.ListLogCollect", + "service": "LogCollectService", + "operation": "ListLogCollect", + "kind": "readonly", + "description": "获取日志采集列表", + "tags": [ + "日志采集" + ] + }, + { + "method": "LogCollectService.UpdateLogCollect", + "service": "LogCollectService", + "operation": "UpdateLogCollect", + "kind": "mutation", + "description": "更新日志采集", + "tags": [ + "日志采集" + ] + }, + { + "method": "MalwareEventService.CreateWhitelist", + "service": "MalwareEventService", + "operation": "CreateWhitelist", + "kind": "mutation", + "description": "生成白名单规则", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.DeleteEvent", + "service": "MalwareEventService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除所选的事件", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.DeleteLibrary", + "service": "MalwareEventService", + "operation": "DeleteLibrary", + "kind": "mutation", + "description": "删除规则匹配引擎库", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.EditEventComment", + "service": "MalwareEventService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.EditEventState", + "service": "MalwareEventService", + "operation": "EditEventState", + "kind": "mutation", + "description": "改变所选事件的处置状态", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.GetCredibleEngineVersion", + "service": "MalwareEventService", + "operation": "GetCredibleEngineVersion", + "kind": "readonly", + "description": "获取可信引擎库版本", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.GetEvent", + "service": "MalwareEventService", + "operation": "GetEvent", + "kind": "readonly", + "description": "获取事件详情", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.GetEventList", + "service": "MalwareEventService", + "operation": "GetEventList", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.GetLibraryList", + "service": "MalwareEventService", + "operation": "GetLibraryList", + "kind": "readonly", + "description": "获取规则匹配引擎库列表", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.GetMalwareEngineVersion", + "service": "MalwareEventService", + "operation": "GetMalwareEngineVersion", + "kind": "readonly", + "description": "获取恶意文件检测引擎版本", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.GetWhitelist", + "service": "MalwareEventService", + "operation": "GetWhitelist", + "kind": "readonly", + "description": "获取白名单规则", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.IsolateTask", + "service": "MalwareEventService", + "operation": "IsolateTask", + "kind": "readonly", + "description": "恶意文件\"隔离\"操作任务", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.MarkAsRead", + "service": "MalwareEventService", + "operation": "MarkAsRead", + "kind": "mutation", + "description": "标记事件为已读", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.ProcessKill", + "service": "MalwareEventService", + "operation": "ProcessKill", + "kind": "mutation", + "description": "进程阻断", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.RetestEvent", + "service": "MalwareEventService", + "operation": "RetestEvent", + "kind": "mutation", + "description": "恶意文件快速复测", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.StatEventByFileType", + "service": "MalwareEventService", + "operation": "StatEventByFileType", + "kind": "readonly", + "description": "获取按文件类型聚合的统计结果", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.StatEventByState", + "service": "MalwareEventService", + "operation": "StatEventByState", + "kind": "readonly", + "description": "获取按状态聚合的统计结果", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MalwareEventService.TrustTask", + "service": "MalwareEventService", + "operation": "TrustTask", + "kind": "mutation", + "description": "恶意文件 信任 操作任务", + "tags": [ + "恶意文件" + ] + }, + { + "method": "MessageQueueService.GetNsqSummary", + "service": "MessageQueueService", + "operation": "GetNsqSummary", + "kind": "readonly", + "description": "获取nsq消息", + "tags": [ + "Nsq" + ] + }, + { + "method": "MimicryService.DeleteEvent", + "service": "MimicryService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除事件", + "tags": [ + "MimicryService" + ] + }, + { + "method": "MimicryService.ListEvent", + "service": "MimicryService", + "operation": "ListEvent", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "MimicryService" + ] + }, + { + "method": "MimicryService.StopMimicry", + "service": "MimicryService", + "operation": "StopMimicry", + "kind": "mutation", + "description": "停止拟态防护", + "tags": [ + "MimicryService" + ] + }, + { + "method": "NetworkAuditEventService.CreateWhitelist", + "service": "NetworkAuditEventService", + "operation": "CreateWhitelist", + "kind": "mutation", + "description": "生成白名单规则", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.DeleteEvent", + "service": "NetworkAuditEventService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除所选的事件", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.EditEventComment", + "service": "NetworkAuditEventService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.EditEventState", + "service": "NetworkAuditEventService", + "operation": "EditEventState", + "kind": "mutation", + "description": "改变所选事件的处置状态", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.GetEvent", + "service": "NetworkAuditEventService", + "operation": "GetEvent", + "kind": "readonly", + "description": "获取事件详情", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.GetEventList", + "service": "NetworkAuditEventService", + "operation": "GetEventList", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.GetEventListByHost", + "service": "NetworkAuditEventService", + "operation": "GetEventListByHost", + "kind": "readonly", + "description": "获取按主机聚合的事件列表", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.GetEventListByProcessName", + "service": "NetworkAuditEventService", + "operation": "GetEventListByProcessName", + "kind": "readonly", + "description": "获取按进程名聚合的事件列表", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.GetEventListByTarget", + "service": "NetworkAuditEventService", + "operation": "GetEventListByTarget", + "kind": "readonly", + "description": "获取按目标网络地址统计的事件列表", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.GetWhitelist", + "service": "NetworkAuditEventService", + "operation": "GetWhitelist", + "kind": "readonly", + "description": "获取白名单规则", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.MarkAsRead", + "service": "NetworkAuditEventService", + "operation": "MarkAsRead", + "kind": "mutation", + "description": "标记事件为已读", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.ProcessKill", + "service": "NetworkAuditEventService", + "operation": "ProcessKill", + "kind": "mutation", + "description": "进程阻断", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.StatEventByHost", + "service": "NetworkAuditEventService", + "operation": "StatEventByHost", + "kind": "readonly", + "description": "获取按主机聚合的事件列表", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.StatEventByLevelState", + "service": "NetworkAuditEventService", + "operation": "StatEventByLevelState", + "kind": "readonly", + "description": "获取按风险等级与处置状态聚合的事件列表", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.StatEventByProcessName", + "service": "NetworkAuditEventService", + "operation": "StatEventByProcessName", + "kind": "readonly", + "description": "获取按进程名聚合的事件列表", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.StatEventByTarget", + "service": "NetworkAuditEventService", + "operation": "StatEventByTarget", + "kind": "readonly", + "description": "获取按目标地址聚合的事件列表", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.StatEventByTimeState", + "service": "NetworkAuditEventService", + "operation": "StatEventByTimeState", + "kind": "readonly", + "description": "获取按事件发生时间聚合的事件列表", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkAuditEventService.StatEventByType", + "service": "NetworkAuditEventService", + "operation": "StatEventByType", + "kind": "readonly", + "description": "获取按网络外连类型聚合的事件列表", + "tags": [ + "网络审计" + ] + }, + { + "method": "NetworkRejectService.DeleteEvent", + "service": "NetworkRejectService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除事件", + "tags": [ + "NetworkReject" + ] + }, + { + "method": "NetworkRejectService.ListEvent", + "service": "NetworkRejectService", + "operation": "ListEvent", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "NetworkReject" + ] + }, + { + "method": "NetworkRejectService.ReleaseReject", + "service": "NetworkRejectService", + "operation": "ReleaseReject", + "kind": "mutation", + "description": "解除阻断", + "tags": [ + "NetworkReject" + ] + }, + { + "method": "NonWhiteProcessService.CreateRule", + "service": "NonWhiteProcessService", + "operation": "CreateRule", + "kind": "mutation", + "description": "创建命令白名单规则", + "tags": [ + "命令白名单" + ] + }, + { + "method": "NonWhiteProcessService.DeleteEvent", + "service": "NonWhiteProcessService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除事件", + "tags": [ + "命令白名单" + ] + }, + { + "method": "NonWhiteProcessService.DeleteRule", + "service": "NonWhiteProcessService", + "operation": "DeleteRule", + "kind": "mutation", + "description": "删除命令白名单规则", + "tags": [ + "命令白名单" + ] + }, + { + "method": "NonWhiteProcessService.EditEventComment", + "service": "NonWhiteProcessService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "更新事件备注", + "tags": [ + "命令白名单" + ] + }, + { + "method": "NonWhiteProcessService.EditEventState", + "service": "NonWhiteProcessService", + "operation": "EditEventState", + "kind": "mutation", + "description": "编辑事件状态", + "tags": [ + "命令白名单" + ] + }, + { + "method": "NonWhiteProcessService.GetEventDetail", + "service": "NonWhiteProcessService", + "operation": "GetEventDetail", + "kind": "readonly", + "description": "获取事件详情", + "tags": [ + "命令白名单" + ] + }, + { + "method": "NonWhiteProcessService.GetEventList", + "service": "NonWhiteProcessService", + "operation": "GetEventList", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "命令白名单" + ] + }, + { + "method": "NonWhiteProcessService.GetEventListByCmdline", + "service": "NonWhiteProcessService", + "operation": "GetEventListByCmdline", + "kind": "readonly", + "description": "根据进程cmdline聚合事件列表", + "tags": [ + "命令白名单" + ] + }, + { + "method": "NonWhiteProcessService.GetEventListByHost", + "service": "NonWhiteProcessService", + "operation": "GetEventListByHost", + "kind": "readonly", + "description": "获取按主机聚合的事件列表", + "tags": [ + "命令白名单" + ] + }, + { + "method": "NonWhiteProcessService.GetEventListByName", + "service": "NonWhiteProcessService", + "operation": "GetEventListByName", + "kind": "readonly", + "description": "根据进程名称聚合事件列", + "tags": [ + "命令白名单" + ] + }, + { + "method": "NonWhiteProcessService.ListRule", + "service": "NonWhiteProcessService", + "operation": "ListRule", + "kind": "readonly", + "description": "获取命令白名单规则", + "tags": [ + "命令白名单" + ] + }, + { + "method": "NonWhiteProcessService.MarkAsRead", + "service": "NonWhiteProcessService", + "operation": "MarkAsRead", + "kind": "mutation", + "description": "标记事件为已读", + "tags": [ + "命令白名单" + ] + }, + { + "method": "NonWhiteProcessService.UpdateRule", + "service": "NonWhiteProcessService", + "operation": "UpdateRule", + "kind": "mutation", + "description": "更新命令白名单规则", + "tags": [ + "命令白名单" + ] + }, + { + "method": "NonWhiteProcessService.WhiteEvent", + "service": "NonWhiteProcessService", + "operation": "WhiteEvent", + "kind": "mutation", + "description": "加白事件", + "tags": [ + "命令白名单" + ] + }, + { + "method": "OrganizationService.CreateOrg", + "service": "OrganizationService", + "operation": "CreateOrg", + "kind": "mutation", + "description": "创建机构", + "tags": [ + "后台:机构管理" + ] + }, + { + "method": "OrganizationService.DeleteOrg", + "service": "OrganizationService", + "operation": "DeleteOrg", + "kind": "mutation", + "description": "删除机构", + "tags": [ + "后台:机构管理" + ] + }, + { + "method": "OrganizationService.GetOrgInfo", + "service": "OrganizationService", + "operation": "GetOrgInfo", + "kind": "readonly", + "description": "获取机构信息", + "tags": [ + "后台:机构管理" + ] + }, + { + "method": "OrganizationService.ListOrg", + "service": "OrganizationService", + "operation": "ListOrg", + "kind": "readonly", + "description": "用户列表", + "tags": [ + "后台:机构管理" + ] + }, + { + "method": "OrganizationService.ListOrgWithBizGroup", + "service": "OrganizationService", + "operation": "ListOrgWithBizGroup", + "kind": "readonly", + "description": "用户列表", + "tags": [ + "后台:机构管理" + ] + }, + { + "method": "OrganizationService.UpdateOrg", + "service": "OrganizationService", + "operation": "UpdateOrg", + "kind": "mutation", + "description": "更新机构", + "tags": [ + "后台:机构管理" + ] + }, + { + "method": "PackageService.ApplyPackage", + "service": "PackageService", + "operation": "ApplyPackage", + "kind": "mutation", + "description": "应用升级包", + "tags": [ + "产品更新" + ] + }, + { + "method": "PackageService.BatchApplyPackage", + "service": "PackageService", + "operation": "BatchApplyPackage", + "kind": "mutation", + "description": "批量应用升级包", + "tags": [ + "产品更新" + ] + }, + { + "method": "PackageService.CancelDownload", + "service": "PackageService", + "operation": "CancelDownload", + "kind": "mutation", + "description": "取消下载", + "tags": [ + "产品更新" + ] + }, + { + "method": "PackageService.DeletePackage", + "service": "PackageService", + "operation": "DeletePackage", + "kind": "mutation", + "description": "删除升级包", + "tags": [ + "产品更新" + ] + }, + { + "method": "PackageService.DownloadPackage", + "service": "PackageService", + "operation": "DownloadPackage", + "kind": "mutation", + "description": "下载升级包", + "tags": [ + "产品更新" + ] + }, + { + "method": "PackageService.GetAllModules", + "service": "PackageService", + "operation": "GetAllModules", + "kind": "readonly", + "description": "获取所有模块", + "tags": [ + "产品更新" + ] + }, + { + "method": "PackageService.GetApplyHistory", + "service": "PackageService", + "operation": "GetApplyHistory", + "kind": "readonly", + "description": "获取历史更新记录", + "tags": [ + "产品更新" + ] + }, + { + "method": "PackageService.GetDownloadResult", + "service": "PackageService", + "operation": "GetDownloadResult", + "kind": "readonly", + "description": "获取升级包下载结果", + "tags": [ + "产品更新" + ] + }, + { + "method": "PackageService.GetLatestPackages", + "service": "PackageService", + "operation": "GetLatestPackages", + "kind": "readonly", + "description": "获取最近的升级包", + "tags": [ + "产品更新" + ] + }, + { + "method": "PackageService.GetModules", + "service": "PackageService", + "operation": "GetModules", + "kind": "readonly", + "description": "获取模块", + "tags": [ + "产品更新" + ] + }, + { + "method": "PackageService.GetOverview", + "service": "PackageService", + "operation": "GetOverview", + "kind": "readonly", + "description": "获取版本信息", + "tags": [ + "产品更新" + ] + }, + { + "method": "PackageService.GetPackage", + "service": "PackageService", + "operation": "GetPackage", + "kind": "readonly", + "description": "获取升级包信息", + "tags": [ + "产品更新" + ] + }, + { + "method": "PackageService.GetProxyHost", + "service": "PackageService", + "operation": "GetProxyHost", + "kind": "readonly", + "description": "获取代理主机信息", + "tags": [ + "产品更新" + ] + }, + { + "method": "PackageService.ListPackages", + "service": "PackageService", + "operation": "ListPackages", + "kind": "readonly", + "description": "获取升级包列表", + "tags": [ + "产品更新" + ] + }, + { + "method": "PackageService.UpsertProxyHost", + "service": "PackageService", + "operation": "UpsertProxyHost", + "kind": "mutation", + "description": "更新插入代理", + "tags": [ + "产品更新" + ] + }, + { + "method": "PatchInfoEventService.CreateWhitelist", + "service": "PatchInfoEventService", + "operation": "CreateWhitelist", + "kind": "mutation", + "description": "创建事件加白规则", + "tags": [ + "补丁风险" + ] + }, + { + "method": "PatchInfoEventService.DelPatchInfoEvent", + "service": "PatchInfoEventService", + "operation": "DelPatchInfoEvent", + "kind": "mutation", + "description": "删除事件", + "tags": [ + "补丁风险" + ] + }, + { + "method": "PatchInfoEventService.GetPatchInfoEvent", + "service": "PatchInfoEventService", + "operation": "GetPatchInfoEvent", + "kind": "readonly", + "description": "获取事件详情", + "tags": [ + "补丁风险" + ] + }, + { + "method": "PatchInfoEventService.GetPatchInfoEventList", + "service": "PatchInfoEventService", + "operation": "GetPatchInfoEventList", + "kind": "readonly", + "description": "获取补丁风险列表", + "tags": [ + "补丁风险" + ] + }, + { + "method": "PatchInfoEventService.GetPatchInfoEventListByHost", + "service": "PatchInfoEventService", + "operation": "GetPatchInfoEventListByHost", + "kind": "readonly", + "description": "获取按 主机 聚合的事件列表", + "tags": [ + "补丁风险" + ] + }, + { + "method": "PatchInfoEventService.GetPatchInfoEventListByPatchInfo", + "service": "PatchInfoEventService", + "operation": "GetPatchInfoEventListByPatchInfo", + "kind": "readonly", + "description": "获取按 补丁信息 聚合的事件列表", + "tags": [ + "补丁风险" + ] + }, + { + "method": "PatchInfoEventService.GetWhitelist", + "service": "PatchInfoEventService", + "operation": "GetWhitelist", + "kind": "readonly", + "description": "获取白名单规则", + "tags": [ + "补丁风险" + ] + }, + { + "method": "PatchInfoEventService.InstallPatchInfo", + "service": "PatchInfoEventService", + "operation": "InstallPatchInfo", + "kind": "mutation", + "description": "安装补丁", + "tags": [ + "补丁风险" + ] + }, + { + "method": "PatchInfoEventService.RetestPatchInfo", + "service": "PatchInfoEventService", + "operation": "RetestPatchInfo", + "kind": "mutation", + "description": "复测补丁", + "tags": [ + "补丁风险" + ] + }, + { + "method": "PatchInfoEventService.StatPatchInfoEventByHost", + "service": "PatchInfoEventService", + "operation": "StatPatchInfoEventByHost", + "kind": "readonly", + "description": "返回按 主机 聚合的统计视图", + "tags": [ + "补丁风险" + ] + }, + { + "method": "PatchInfoEventService.StatPatchInfoEventByLevelPatchState", + "service": "PatchInfoEventService", + "operation": "StatPatchInfoEventByLevelPatchState", + "kind": "readonly", + "description": "返回按 补丁处置状态 聚合的统计视图", + "tags": [ + "补丁风险" + ] + }, + { + "method": "PatchInfoEventService.StatPatchInfoEventByPatchInfo", + "service": "PatchInfoEventService", + "operation": "StatPatchInfoEventByPatchInfo", + "kind": "readonly", + "description": "返回按 补丁信息 聚合的统计视图", + "tags": [ + "补丁风险" + ] + }, + { + "method": "PatchInfoEventService.StatPatchInfoEventByTime", + "service": "PatchInfoEventService", + "operation": "StatPatchInfoEventByTime", + "kind": "readonly", + "description": "返回按 时间 聚合的统计视图", + "tags": [ + "补丁风险" + ] + }, + { + "method": "PatchInfoEventService.UpdatePatchInfoEventComment", + "service": "PatchInfoEventService", + "operation": "UpdatePatchInfoEventComment", + "kind": "mutation", + "description": "修改事件备注", + "tags": [ + "补丁风险" + ] + }, + { + "method": "PatchInfoEventService.UpdatePatchInfoEventPatchState", + "service": "PatchInfoEventService", + "operation": "UpdatePatchInfoEventPatchState", + "kind": "mutation", + "description": "编辑状态", + "tags": [ + "补丁风险" + ] + }, + { + "method": "PatchInfoService.EditCustomSolution", + "service": "PatchInfoService", + "operation": "EditCustomSolution", + "kind": "mutation", + "description": "修改补丁修复方案", + "tags": [ + "补丁管理" + ] + }, + { + "method": "PatchInfoService.GetPatchInfo", + "service": "PatchInfoService", + "operation": "GetPatchInfo", + "kind": "readonly", + "description": "获取补丁详情", + "tags": [ + "补丁管理" + ] + }, + { + "method": "PatchInfoService.GetPatchInfoList", + "service": "PatchInfoService", + "operation": "GetPatchInfoList", + "kind": "readonly", + "description": "获取补丁风险列表", + "tags": [ + "补丁管理" + ] + }, + { + "method": "PortAssetService.DeletePort", + "service": "PortAssetService", + "operation": "DeletePort", + "kind": "mutation", + "description": "删除端口资产", + "tags": [ + "端口资产" + ] + }, + { + "method": "PortAssetService.GetPortAssetList", + "service": "PortAssetService", + "operation": "GetPortAssetList", + "kind": "readonly", + "description": "获取端口资产列表", + "tags": [ + "端口资产" + ] + }, + { + "method": "PortAssetService.GetPortAssetListByCmd", + "service": "PortAssetService", + "operation": "GetPortAssetListByCmd", + "kind": "readonly", + "description": "进程名数据分组,按照指定条件获取端口资产", + "tags": [ + "端口资产" + ] + }, + { + "method": "PortAssetService.GetPortAssetListByProtocolIPPort", + "service": "PortAssetService", + "operation": "GetPortAssetListByProtocolIPPort", + "kind": "readonly", + "description": "监听端口协议数据分组,按照指定要求获取端口", + "tags": [ + "端口资产" + ] + }, + { + "method": "PortAssetService.GetPortAssetListByProtocolPort", + "service": "PortAssetService", + "operation": "GetPortAssetListByProtocolPort", + "kind": "readonly", + "description": "监听端口数据分组,按照指定要求获取端口", + "tags": [ + "端口资产" + ] + }, + { + "method": "PortAssetService.StatPort", + "service": "PortAssetService", + "operation": "StatPort", + "kind": "readonly", + "description": "表示端口开放情况", + "tags": [ + "端口资产" + ] + }, + { + "method": "ProcessAssetService.GetProcess", + "service": "ProcessAssetService", + "operation": "GetProcess", + "kind": "readonly", + "description": "获取进程资产详情", + "tags": [ + "进程资产" + ] + }, + { + "method": "ProcessAssetService.GetProcessList", + "service": "ProcessAssetService", + "operation": "GetProcessList", + "kind": "readonly", + "description": "获取主机上进程资产列表", + "tags": [ + "进程资产" + ] + }, + { + "method": "ProcessAssetService.GetProcessListByHost", + "service": "ProcessAssetService", + "operation": "GetProcessListByHost", + "kind": "readonly", + "description": "主机数据分组,按照指定条件获取进程资产列表", + "tags": [ + "进程资产" + ] + }, + { + "method": "ProcessAssetService.GetProcessListByName", + "service": "ProcessAssetService", + "operation": "GetProcessListByName", + "kind": "readonly", + "description": "进程名数据分组,按照指定信息获取主机上进程资产列表", + "tags": [ + "进程资产" + ] + }, + { + "method": "ProcessAssetService.GetProcessListByPath", + "service": "ProcessAssetService", + "operation": "GetProcessListByPath", + "kind": "readonly", + "description": "获取主机上进程列表", + "tags": [ + "进程资产" + ] + }, + { + "method": "ProcessAssetService.GetRefreshDateTime", + "service": "ProcessAssetService", + "operation": "GetRefreshDateTime", + "kind": "readonly", + "description": "获取进程资产的更新时间", + "tags": [ + "进程资产" + ] + }, + { + "method": "ProcessAssetService.Refresh", + "service": "ProcessAssetService", + "operation": "Refresh", + "kind": "mutation", + "description": "更新进程资产", + "tags": [ + "进程资产" + ] + }, + { + "method": "ProcessAssetService.StatProcessByEffectiveUser", + "service": "ProcessAssetService", + "operation": "StatProcessByEffectiveUser", + "kind": "readonly", + "description": "有效用户数据分组下,按照指定条件返回进程资产列表", + "tags": [ + "进程资产" + ] + }, + { + "method": "ProcessAssetService.StatProcessBySafety", + "service": "ProcessAssetService", + "operation": "StatProcessBySafety", + "kind": "readonly", + "description": "进程安全性数据分组下,按照指定条件返回进程资产列表", + "tags": [ + "进程资产" + ] + }, + { + "method": "ProcessAssetService.StatProcessByStatus", + "service": "ProcessAssetService", + "operation": "StatProcessByStatus", + "kind": "readonly", + "description": "进程状态数据分组下,按照指定条件返回进程资产列表", + "tags": [ + "进程资产" + ] + }, + { + "method": "ProcessAssetService.WhitelistProcess", + "service": "ProcessAssetService", + "operation": "WhitelistProcess", + "kind": "mutation", + "description": "给进程加白名单", + "tags": [ + "进程资产" + ] + }, + { + "method": "ProcessKillService.DeleteEvent", + "service": "ProcessKillService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除事件", + "tags": [ + "NetworkReject" + ] + }, + { + "method": "ProcessKillService.ListEvent", + "service": "ProcessKillService", + "operation": "ListEvent", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "NetworkReject" + ] + }, + { + "method": "ReportService.CopyReport", + "service": "ReportService", + "operation": "CopyReport", + "kind": "mutation", + "description": "复制报告", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.CopyTemplate", + "service": "ReportService", + "operation": "CopyTemplate", + "kind": "mutation", + "description": "复制模板", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.CreateReport", + "service": "ReportService", + "operation": "CreateReport", + "kind": "mutation", + "description": "添加报告", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.CreateTemplate", + "service": "ReportService", + "operation": "CreateTemplate", + "kind": "mutation", + "description": "创建模板", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.DeleteReport", + "service": "ReportService", + "operation": "DeleteReport", + "kind": "mutation", + "description": "删除报告", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.DeleteReportHistory", + "service": "ReportService", + "operation": "DeleteReportHistory", + "kind": "mutation", + "description": "删除历史报告", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.DeleteTemplate", + "service": "ReportService", + "operation": "DeleteTemplate", + "kind": "mutation", + "description": "删除模板", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.EditReport", + "service": "ReportService", + "operation": "EditReport", + "kind": "mutation", + "description": "编辑报告", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.EditTemplate", + "service": "ReportService", + "operation": "EditTemplate", + "kind": "mutation", + "description": "编辑模板", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.GenerateReport", + "service": "ReportService", + "operation": "GenerateReport", + "kind": "mutation", + "description": "生成报告", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.GetReport", + "service": "ReportService", + "operation": "GetReport", + "kind": "readonly", + "description": "获取报告详情", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.GetReportGeneratingInfo", + "service": "ReportService", + "operation": "GetReportGeneratingInfo", + "kind": "readonly", + "description": "生成报告", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.GetTemplate", + "service": "ReportService", + "operation": "GetTemplate", + "kind": "readonly", + "description": "获取模板", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.GetTemplateTree", + "service": "ReportService", + "operation": "GetTemplateTree", + "kind": "readonly", + "description": "获取模板树", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.GetTemplateTypes", + "service": "ReportService", + "operation": "GetTemplateTypes", + "kind": "readonly", + "description": "获取模板类型", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.ListReport", + "service": "ReportService", + "operation": "ListReport", + "kind": "readonly", + "description": "获取报告列表", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.ListReportHistory", + "service": "ReportService", + "operation": "ListReportHistory", + "kind": "readonly", + "description": "查阅历史报告", + "tags": [ + "报告管理" + ] + }, + { + "method": "ReportService.ListTemplate", + "service": "ReportService", + "operation": "ListTemplate", + "kind": "readonly", + "description": "获取模板列表", + "tags": [ + "报告管理" + ] + }, + { + "method": "RevshellEventService.CreateWhitelist", + "service": "RevshellEventService", + "operation": "CreateWhitelist", + "kind": "mutation", + "description": "生成白名单规则", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.DeleteEvent", + "service": "RevshellEventService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除所选的事件", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.EditEventComment", + "service": "RevshellEventService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.EditEventState", + "service": "RevshellEventService", + "operation": "EditEventState", + "kind": "mutation", + "description": "改变所选事件的处置状态", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.GenerateEventFirewallRule", + "service": "RevshellEventService", + "operation": "GenerateEventFirewallRule", + "kind": "mutation", + "description": "根据所选事件生成网络阻断规则", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.GetEvent", + "service": "RevshellEventService", + "operation": "GetEvent", + "kind": "readonly", + "description": "获取事件详情", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.GetEventByHostList", + "service": "RevshellEventService", + "operation": "GetEventByHostList", + "kind": "readonly", + "description": "获取按主机 ID 聚合的事件列表", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.GetEventByRemoteAddrList", + "service": "RevshellEventService", + "operation": "GetEventByRemoteAddrList", + "kind": "readonly", + "description": "获取按远程 IP 聚合的事件列表", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.GetEventList", + "service": "RevshellEventService", + "operation": "GetEventList", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.GetWhitelist", + "service": "RevshellEventService", + "operation": "GetWhitelist", + "kind": "readonly", + "description": "获取白名单规则", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.MarkAsRead", + "service": "RevshellEventService", + "operation": "MarkAsRead", + "kind": "mutation", + "description": "标记事件为已读", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.ProcessKill", + "service": "RevshellEventService", + "operation": "ProcessKill", + "kind": "mutation", + "description": "删除所选的事件", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.StatEventByAsset", + "service": "RevshellEventService", + "operation": "StatEventByAsset", + "kind": "readonly", + "description": "返回反弹shell最多的主机 top n ( n = 10 default )", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.StatEventByCmdline", + "service": "RevshellEventService", + "operation": "StatEventByCmdline", + "kind": "readonly", + "description": "返回反弹shell最多的cmdline top n ( n = 5 default )", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.StatEventByRemoteAddr", + "service": "RevshellEventService", + "operation": "StatEventByRemoteAddr", + "kind": "readonly", + "description": "返回反弹shell最多的远程地址 top n ( n = 10 default )", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.StatEventByState", + "service": "RevshellEventService", + "operation": "StatEventByState", + "kind": "readonly", + "description": "返回处置事件状态分布的统计信息", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.StatEventByTime", + "service": "RevshellEventService", + "operation": "StatEventByTime", + "kind": "readonly", + "description": "返回反弹shell按时间的趋势 top n ( n = 10 default )", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "RevshellEventService.StatEventByUname", + "service": "RevshellEventService", + "operation": "StatEventByUname", + "kind": "readonly", + "description": "返回反弹shell最多的User Name( 按shell权限 ) top n ( n = 5 default )", + "tags": [ + "反弹 Shell" + ] + }, + { + "method": "ScoutAgentApiService.GenerateInstallCommand", + "service": "ScoutAgentApiService", + "operation": "GenerateInstallCommand", + "kind": "mutation", + "description": "生成探针安装命令", + "tags": [ + "采集探针" + ] + }, + { + "method": "ScoutAgentApiService.GetAgentList", + "service": "ScoutAgentApiService", + "operation": "GetAgentList", + "kind": "readonly", + "description": "获取探针列表", + "tags": [ + "采集探针" + ] + }, + { + "method": "ScoutAgentApiService.SetCollectionRange", + "service": "ScoutAgentApiService", + "operation": "SetCollectionRange", + "kind": "mutation", + "description": "设置采集范围", + "tags": [ + "采集探针" + ] + }, + { + "method": "ScoutAgentApiService.SetKafkaAddrRange", + "service": "ScoutAgentApiService", + "operation": "SetKafkaAddrRange", + "kind": "mutation", + "description": "设置 kafka 地址", + "tags": [ + "采集探针" + ] + }, + { + "method": "ScoutAgentApiService.SetResourceLimit", + "service": "ScoutAgentApiService", + "operation": "SetResourceLimit", + "kind": "mutation", + "description": "设置资源配额", + "tags": [ + "采集探针" + ] + }, + { + "method": "ScoutAgentApiService.TestKafka", + "service": "ScoutAgentApiService", + "operation": "TestKafka", + "kind": "mutation", + "description": "测试 kafka", + "tags": [ + "采集探针" + ] + }, + { + "method": "ScoutAgentApiService.Uninstall", + "service": "ScoutAgentApiService", + "operation": "Uninstall", + "kind": "mutation", + "description": "卸载采集探针", + "tags": [ + "采集探针" + ] + }, + { + "method": "ScoutAgentApiService.Upgrade", + "service": "ScoutAgentApiService", + "operation": "Upgrade", + "kind": "mutation", + "description": "更新采集探针", + "tags": [ + "采集探针" + ] + }, + { + "method": "SecurityCheckService.DeleteEvent", + "service": "SecurityCheckService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除安全基线", + "tags": [ + "安全基线" + ] + }, + { + "method": "SecurityCheckService.EditEventComment", + "service": "SecurityCheckService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "安全基线" + ] + }, + { + "method": "SecurityCheckService.EditEventState", + "service": "SecurityCheckService", + "operation": "EditEventState", + "kind": "mutation", + "description": "修改安全基线事件状态", + "tags": [ + "安全基线" + ] + }, + { + "method": "SecurityCheckService.GetEvent", + "service": "SecurityCheckService", + "operation": "GetEvent", + "kind": "readonly", + "description": "获取安全基线事件详情", + "tags": [ + "安全基线" + ] + }, + { + "method": "SecurityCheckService.GetEventList", + "service": "SecurityCheckService", + "operation": "GetEventList", + "kind": "readonly", + "description": "安全基线事件列表", + "tags": [ + "安全基线" + ] + }, + { + "method": "SecurityCheckService.GetEventListByHost", + "service": "SecurityCheckService", + "operation": "GetEventListByHost", + "kind": "readonly", + "description": "根据Host筛选条件获取安全基线事件列表", + "tags": [ + "安全基线" + ] + }, + { + "method": "SecurityCheckService.GetEventListByItemID", + "service": "SecurityCheckService", + "operation": "GetEventListByItemID", + "kind": "readonly", + "description": "根据风险筛选条件获取安全基线事件列表", + "tags": [ + "安全基线" + ] + }, + { + "method": "SecurityCheckService.GetPluginList", + "service": "SecurityCheckService", + "operation": "GetPluginList", + "kind": "readonly", + "description": "获取检测插件更新状态", + "tags": [ + "安全基线" + ] + }, + { + "method": "SecurityCheckService.RetestEvent", + "service": "SecurityCheckService", + "operation": "RetestEvent", + "kind": "mutation", + "description": "复测安全基线事件", + "tags": [ + "安全基线" + ] + }, + { + "method": "SecurityCheckService.StatEventByHost", + "service": "SecurityCheckService", + "operation": "StatEventByHost", + "kind": "readonly", + "description": "高风险主机", + "tags": [ + "安全基线" + ] + }, + { + "method": "SecurityCheckService.StatEventByItem", + "service": "SecurityCheckService", + "operation": "StatEventByItem", + "kind": "readonly", + "description": "高频风险", + "tags": [ + "安全基线" + ] + }, + { + "method": "SecurityCheckService.StatEventByLevelState", + "service": "SecurityCheckService", + "operation": "StatEventByLevelState", + "kind": "readonly", + "description": "时间状态分布", + "tags": [ + "安全基线" + ] + }, + { + "method": "SecurityCheckService.StatEventByTags", + "service": "SecurityCheckService", + "operation": "StatEventByTags", + "kind": "readonly", + "description": "风险特征分布", + "tags": [ + "安全基线" + ] + }, + { + "method": "SecurityCheckService.StatEventByTime", + "service": "SecurityCheckService", + "operation": "StatEventByTime", + "kind": "readonly", + "description": "风险发生趋势", + "tags": [ + "安全基线" + ] + }, + { + "method": "SecurityStrategyService.CreateSecurityStrategy", + "service": "SecurityStrategyService", + "operation": "CreateSecurityStrategy", + "kind": "mutation", + "description": "添加安全策略", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "SecurityStrategyService.DeleteSecurityStrategy", + "service": "SecurityStrategyService", + "operation": "DeleteSecurityStrategy", + "kind": "mutation", + "description": "删除安全策略", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "SecurityStrategyService.GetSecurityStrategyDetail", + "service": "SecurityStrategyService", + "operation": "GetSecurityStrategyDetail", + "kind": "readonly", + "description": "获取安全策略详情", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "SecurityStrategyService.GetSecurityStrategyTree", + "service": "SecurityStrategyService", + "operation": "GetSecurityStrategyTree", + "kind": "readonly", + "description": "获取安全策略树", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "SecurityStrategyService.ListSecurityStrategy", + "service": "SecurityStrategyService", + "operation": "ListSecurityStrategy", + "kind": "readonly", + "description": "获取安全策略列表", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "SecurityStrategyService.SetGroupStrategy", + "service": "SecurityStrategyService", + "operation": "SetGroupStrategy", + "kind": "mutation", + "description": "设置业务组的安全策略", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "SecurityStrategyService.UpdateSecurityStrategy", + "service": "SecurityStrategyService", + "operation": "UpdateSecurityStrategy", + "kind": "mutation", + "description": "更新安全策略", + "tags": [ + "入侵检测配置" + ] + }, + { + "method": "SensitiveFileService.DeleteEvent", + "service": "SensitiveFileService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除敏感文件事件", + "tags": [ + "敏感文件" + ] + }, + { + "method": "SensitiveFileService.EditEventComment", + "service": "SensitiveFileService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "敏感文件" + ] + }, + { + "method": "SensitiveFileService.EditEventState", + "service": "SensitiveFileService", + "operation": "EditEventState", + "kind": "mutation", + "description": "修改敏感文件事件状态", + "tags": [ + "敏感文件" + ] + }, + { + "method": "SensitiveFileService.GetEvent", + "service": "SensitiveFileService", + "operation": "GetEvent", + "kind": "readonly", + "description": "获取敏感文件事件详情", + "tags": [ + "敏感文件" + ] + }, + { + "method": "SensitiveFileService.GetEventList", + "service": "SensitiveFileService", + "operation": "GetEventList", + "kind": "readonly", + "description": "获取敏感文件事件列表", + "tags": [ + "敏感文件" + ] + }, + { + "method": "SensitiveFileService.ResetEventState", + "service": "SensitiveFileService", + "operation": "ResetEventState", + "kind": "mutation", + "description": "重置事件状态为 'risky'", + "tags": [ + "敏感文件" + ] + }, + { + "method": "SensitivePortService.CreateWhitelist", + "service": "SensitivePortService", + "operation": "CreateWhitelist", + "kind": "mutation", + "description": "生成白名单规则", + "tags": [ + "敏感端口" + ] + }, + { + "method": "SensitivePortService.DeleteEvent", + "service": "SensitivePortService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除敏感端口事件", + "tags": [ + "敏感端口" + ] + }, + { + "method": "SensitivePortService.EditEventComment", + "service": "SensitivePortService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "敏感端口" + ] + }, + { + "method": "SensitivePortService.EditEventState", + "service": "SensitivePortService", + "operation": "EditEventState", + "kind": "mutation", + "description": "修改敏感端口事件状态", + "tags": [ + "敏感端口" + ] + }, + { + "method": "SensitivePortService.GetEvent", + "service": "SensitivePortService", + "operation": "GetEvent", + "kind": "readonly", + "description": "获取事件详情", + "tags": [ + "敏感端口" + ] + }, + { + "method": "SensitivePortService.GetEventList", + "service": "SensitivePortService", + "operation": "GetEventList", + "kind": "readonly", + "description": "获取敏感端口事件列表", + "tags": [ + "敏感端口" + ] + }, + { + "method": "SensitivePortService.GetHostViewEventList", + "service": "SensitivePortService", + "operation": "GetHostViewEventList", + "kind": "readonly", + "description": "获取敏感端口事件列表(主机视角)", + "tags": [ + "敏感端口" + ] + }, + { + "method": "SensitivePortService.GetPortViewEventList", + "service": "SensitivePortService", + "operation": "GetPortViewEventList", + "kind": "readonly", + "description": "获取敏感端口事件列表(端口视角)", + "tags": [ + "敏感端口" + ] + }, + { + "method": "SensitivePortService.GetProcessViewEventList", + "service": "SensitivePortService", + "operation": "GetProcessViewEventList", + "kind": "readonly", + "description": "获取敏感端口事件列表(进程视角)", + "tags": [ + "敏感端口" + ] + }, + { + "method": "SensitivePortService.GetWhitelist", + "service": "SensitivePortService", + "operation": "GetWhitelist", + "kind": "readonly", + "description": "获取白名单规则", + "tags": [ + "敏感端口" + ] + }, + { + "method": "SensitivePortService.RetestEvent", + "service": "SensitivePortService", + "operation": "RetestEvent", + "kind": "mutation", + "description": "复测事件", + "tags": [ + "敏感端口" + ] + }, + { + "method": "SensitivePortService.StatEventByCmd", + "service": "SensitivePortService", + "operation": "StatEventByCmd", + "kind": "readonly", + "description": "敏感进程分布", + "tags": [ + "敏感端口" + ] + }, + { + "method": "SensitivePortService.StatEventByHost", + "service": "SensitivePortService", + "operation": "StatEventByHost", + "kind": "readonly", + "description": "敏感端口分布-主机维度", + "tags": [ + "敏感端口" + ] + }, + { + "method": "SensitivePortService.StatEventByPort", + "service": "SensitivePortService", + "operation": "StatEventByPort", + "kind": "readonly", + "description": "敏感端口分布", + "tags": [ + "敏感端口" + ] + }, + { + "method": "SensitivePortService.StatEventByState", + "service": "SensitivePortService", + "operation": "StatEventByState", + "kind": "readonly", + "description": "事件状态分布", + "tags": [ + "敏感端口" + ] + }, + { + "method": "SensitivePortService.StatEventByTime", + "service": "SensitivePortService", + "operation": "StatEventByTime", + "kind": "readonly", + "description": "事件时间分布", + "tags": [ + "敏感端口" + ] + }, + { + "method": "StatisticsService.GetEventOverview", + "service": "StatisticsService", + "operation": "GetEventOverview", + "kind": "readonly", + "description": "获取事件描述", + "tags": [ + "态势感知" + ] + }, + { + "method": "StatisticsService.GetHostScore", + "service": "StatisticsService", + "operation": "GetHostScore", + "kind": "readonly", + "description": "获取主机得分与事件概况", + "tags": [ + "态势感知" + ] + }, + { + "method": "StatisticsService.GetScanTime", + "service": "StatisticsService", + "operation": "GetScanTime", + "kind": "readonly", + "description": "获取最近一次扫描任务完成时间", + "tags": [ + "态势感知" + ] + }, + { + "method": "SuspiciousOperationService.CreateWhitelist", + "service": "SuspiciousOperationService", + "operation": "CreateWhitelist", + "kind": "mutation", + "description": "生成白名单规则", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.DeleteEvent", + "service": "SuspiciousOperationService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除事件", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.EditEventComment", + "service": "SuspiciousOperationService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.EditEventState", + "service": "SuspiciousOperationService", + "operation": "EditEventState", + "kind": "mutation", + "description": "编辑事件状态", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.GetEvent", + "service": "SuspiciousOperationService", + "operation": "GetEvent", + "kind": "readonly", + "description": "获取命令详情", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.GetEventList", + "service": "SuspiciousOperationService", + "operation": "GetEventList", + "kind": "readonly", + "description": "获取命令列表", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.GetEventListByHost", + "service": "SuspiciousOperationService", + "operation": "GetEventListByHost", + "kind": "readonly", + "description": "返回按 主机 聚合的可疑操作列表", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.GetEventListByNetApp", + "service": "SuspiciousOperationService", + "operation": "GetEventListByNetApp", + "kind": "readonly", + "description": "返回按 网络应用 聚合的可疑操作列表", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.GetEventListByRuleName", + "service": "SuspiciousOperationService", + "operation": "GetEventListByRuleName", + "kind": "readonly", + "description": "返回按 规则 聚合的可疑操作列表", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.GetEventListBySSHClientIP", + "service": "SuspiciousOperationService", + "operation": "GetEventListBySSHClientIP", + "kind": "readonly", + "description": "返回按 SSH登录 聚合的可疑操作列表", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.GetWhitelist", + "service": "SuspiciousOperationService", + "operation": "GetWhitelist", + "kind": "readonly", + "description": "获取白名单规则", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.MarkAsRead", + "service": "SuspiciousOperationService", + "operation": "MarkAsRead", + "kind": "mutation", + "description": "标记事件为已读", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.ProcessKill", + "service": "SuspiciousOperationService", + "operation": "ProcessKill", + "kind": "mutation", + "description": "进程阻断", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.StatEventByHost", + "service": "SuspiciousOperationService", + "operation": "StatEventByHost", + "kind": "readonly", + "description": "返回按 主机 聚合的统计视图", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.StatEventByLevelState", + "service": "SuspiciousOperationService", + "operation": "StatEventByLevelState", + "kind": "readonly", + "description": "返回按 风险级别类型 聚合的统计视图", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.StatEventByNetApp", + "service": "SuspiciousOperationService", + "operation": "StatEventByNetApp", + "kind": "readonly", + "description": "返回按 网络应用 聚合的统计视图", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.StatEventByRuleName", + "service": "SuspiciousOperationService", + "operation": "StatEventByRuleName", + "kind": "readonly", + "description": "返回按 规则名称 聚合的统计视图", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.StatEventBySSHClientIP", + "service": "SuspiciousOperationService", + "operation": "StatEventBySSHClientIP", + "kind": "readonly", + "description": "返回按 SSH登录地址 聚合的统计视图", + "tags": [ + "可疑命令" + ] + }, + { + "method": "SuspiciousOperationService.StatEventByTime", + "service": "SuspiciousOperationService", + "operation": "StatEventByTime", + "kind": "readonly", + "description": "返回按 创建日期 聚合的统计视图", + "tags": [ + "可疑命令" + ] + }, + { + "method": "TamperProofService.AddRule", + "service": "TamperProofService", + "operation": "AddRule", + "kind": "mutation", + "description": "添加规则", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.DeleteEventList", + "service": "TamperProofService", + "operation": "DeleteEventList", + "kind": "mutation", + "description": "删除事件", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.DeleteRuleList", + "service": "TamperProofService", + "operation": "DeleteRuleList", + "kind": "mutation", + "description": "删除规则", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.DisableHostList", + "service": "TamperProofService", + "operation": "DisableHostList", + "kind": "mutation", + "description": "关闭多个主机的文件防篡改功能", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.EditEventListRead", + "service": "TamperProofService", + "operation": "EditEventListRead", + "kind": "mutation", + "description": "将多个事件置为已读或未读", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.EditRule", + "service": "TamperProofService", + "operation": "EditRule", + "kind": "mutation", + "description": "修改防篡改规则", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.EditRuleEnable", + "service": "TamperProofService", + "operation": "EditRuleEnable", + "kind": "mutation", + "description": "修改防篡改规则", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.EnableHostList", + "service": "TamperProofService", + "operation": "EnableHostList", + "kind": "mutation", + "description": "开启多个主机的文件防篡改功能", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.GetEventDetails", + "service": "TamperProofService", + "operation": "GetEventDetails", + "kind": "readonly", + "description": "事件的详情", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.GetEventList", + "service": "TamperProofService", + "operation": "GetEventList", + "kind": "readonly", + "description": "文件篡改事件的列表", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.GetHostList", + "service": "TamperProofService", + "operation": "GetHostList", + "kind": "readonly", + "description": "开启文件防篡改的主机列表", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.GetMaxNum", + "service": "TamperProofService", + "operation": "GetMaxNum", + "kind": "readonly", + "description": "获取最大文件防篡改探针授权数量", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.GetModuleList", + "service": "TamperProofService", + "operation": "GetModuleList", + "kind": "readonly", + "description": "文件防篡改模块的列表", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.GetRule", + "service": "TamperProofService", + "operation": "GetRule", + "kind": "readonly", + "description": "获取单个文件防篡改规则", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.GetRuleList", + "service": "TamperProofService", + "operation": "GetRuleList", + "kind": "readonly", + "description": "文件防篡改规则的列表", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.Install", + "service": "TamperProofService", + "operation": "Install", + "kind": "mutation", + "description": "给主机安装防篡改模块", + "tags": [ + "TamperProof" + ] + }, + { + "method": "TamperProofService.Uninstall", + "service": "TamperProofService", + "operation": "Uninstall", + "kind": "mutation", + "description": "给主机拆卸防篡改模块", + "tags": [ + "TamperProof" + ] + }, + { + "method": "ThreatOverviewService.GetProcessedEventInfo", + "service": "ThreatOverviewService", + "operation": "GetProcessedEventInfo", + "kind": "readonly", + "description": "事件处置情况", + "tags": [ + "威胁事件" + ] + }, + { + "method": "ThreatOverviewService.ListEventDetectedTrendInfo", + "service": "ThreatOverviewService", + "operation": "ListEventDetectedTrendInfo", + "kind": "readonly", + "description": "事件发生趋势", + "tags": [ + "威胁事件" + ] + }, + { + "method": "ThreatOverviewService.ListEventTypeDistInfo", + "service": "ThreatOverviewService", + "operation": "ListEventTypeDistInfo", + "kind": "readonly", + "description": "事件类型分布", + "tags": [ + "威胁事件" + ] + }, + { + "method": "ThreatOverviewService.ListGetRiskyHostInfo", + "service": "ThreatOverviewService", + "operation": "ListGetRiskyHostInfo", + "kind": "readonly", + "description": "高风险主机", + "tags": [ + "威胁事件" + ] + }, + { + "method": "ThreatOverviewService.ListRealTimeEvents", + "service": "ThreatOverviewService", + "operation": "ListRealTimeEvents", + "kind": "readonly", + "description": "获取事件描述", + "tags": [ + "威胁事件" + ] + }, + { + "method": "UserAssetService.GetUserAuthorizedKeys", + "service": "UserAssetService", + "operation": "GetUserAuthorizedKeys", + "kind": "readonly", + "description": "获取用户公钥信息", + "tags": [ + "用户资产" + ] + }, + { + "method": "UserAssetService.GetUserList", + "service": "UserAssetService", + "operation": "GetUserList", + "kind": "readonly", + "description": "根据指定条件获取用户资产列表", + "tags": [ + "用户资产" + ] + }, + { + "method": "UserAssetService.GetUserListByUsername", + "service": "UserAssetService", + "operation": "GetUserListByUsername", + "kind": "readonly", + "description": "用户名数据分组,根据指定的条件获取用户资产列表", + "tags": [ + "用户资产" + ] + }, + { + "method": "UserAssetService.GetWindowsDomainUserList", + "service": "UserAssetService", + "operation": "GetWindowsDomainUserList", + "kind": "readonly", + "description": "获取 windows 域用户列表", + "tags": [ + "用户资产" + ] + }, + { + "method": "UserAssetService.GetWindowsDomainUserListByDomain", + "service": "UserAssetService", + "operation": "GetWindowsDomainUserListByDomain", + "kind": "readonly", + "description": "获取 windows 域用户列表,按域聚合", + "tags": [ + "用户资产" + ] + }, + { + "method": "UserAssetService.GetWindowsUserList", + "service": "UserAssetService", + "operation": "GetWindowsUserList", + "kind": "readonly", + "description": "获取 windows 用户列表", + "tags": [ + "用户资产" + ] + }, + { + "method": "UserAssetService.GetWindowsUserListByHost", + "service": "UserAssetService", + "operation": "GetWindowsUserListByHost", + "kind": "readonly", + "description": "获取 windows 用户列表,按主机聚合", + "tags": [ + "用户资产" + ] + }, + { + "method": "UserAssetService.GetWindowsUserListByUserName", + "service": "UserAssetService", + "operation": "GetWindowsUserListByUserName", + "kind": "readonly", + "description": "取 windows 用户列表,按用户名聚合", + "tags": [ + "用户资产" + ] + }, + { + "method": "UserAssetService.GetWindowsUserListByUsername", + "service": "UserAssetService", + "operation": "GetWindowsUserListByUsername", + "kind": "readonly", + "description": "获取 windows 域用户列表,按用户名聚合", + "tags": [ + "用户资产" + ] + }, + { + "method": "UserAssetService.StatUser", + "service": "UserAssetService", + "operation": "StatUser", + "kind": "readonly", + "description": "用户统计信息", + "tags": [ + "用户资产" + ] + }, + { + "method": "VulnInfoService.GetVulnInfo", + "service": "VulnInfoService", + "operation": "GetVulnInfo", + "kind": "readonly", + "description": "敏感端口事件导出", + "tags": [ + "漏洞情报" + ] + }, + { + "method": "VulnInfoService.ListVulnInfo", + "service": "VulnInfoService", + "operation": "ListVulnInfo", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "漏洞情报" + ] + }, + { + "method": "VulnInfoService.StatVulnInfoByLevel", + "service": "VulnInfoService", + "operation": "StatVulnInfoByLevel", + "kind": "readonly", + "description": "漏洞级别分布", + "tags": [ + "漏洞情报" + ] + }, + { + "method": "VulnInfoService.TrendVulnInfo", + "service": "VulnInfoService", + "operation": "TrendVulnInfo", + "kind": "readonly", + "description": "漏洞公布时间趋势", + "tags": [ + "漏洞情报" + ] + }, + { + "method": "VulnService.CreateWhitelist", + "service": "VulnService", + "operation": "CreateWhitelist", + "kind": "mutation", + "description": "生成白名单规则", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.DeleteVuln", + "service": "VulnService", + "operation": "DeleteVuln", + "kind": "mutation", + "description": "根据漏洞 ID 删除漏洞", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.EditEventComment", + "service": "VulnService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.EditVulnState", + "service": "VulnService", + "operation": "EditVulnState", + "kind": "mutation", + "description": "修改漏洞事件状态", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.GetVuln", + "service": "VulnService", + "operation": "GetVuln", + "kind": "readonly", + "description": "获取漏洞事件详情", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.GetVulnByAppList", + "service": "VulnService", + "operation": "GetVulnByAppList", + "kind": "readonly", + "description": "根据影响软件返回漏洞事件列表", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.GetVulnByHostList", + "service": "VulnService", + "operation": "GetVulnByHostList", + "kind": "readonly", + "description": "根据主机返回漏洞事件列表", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.GetVulnByVulnList", + "service": "VulnService", + "operation": "GetVulnByVulnList", + "kind": "readonly", + "description": "根据漏洞筛选调教返回漏洞事件列表", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.GetVulnList", + "service": "VulnService", + "operation": "GetVulnList", + "kind": "readonly", + "description": "获取通用漏洞事件列表", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.GetVulnTypes", + "service": "VulnService", + "operation": "GetVulnTypes", + "kind": "readonly", + "description": "获取漏洞类型", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.GetWhitelist", + "service": "VulnService", + "operation": "GetWhitelist", + "kind": "readonly", + "description": "获取白名单规则", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.RetestVuln", + "service": "VulnService", + "operation": "RetestVuln", + "kind": "mutation", + "description": "根据漏洞事件 ID 列表进行复测", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.StatVulnByAV", + "service": "VulnService", + "operation": "StatVulnByAV", + "kind": "readonly", + "description": "漏洞的攻击途径分布", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.StatVulnByLevelState", + "service": "VulnService", + "operation": "StatVulnByLevelState", + "kind": "readonly", + "description": "返回按 风险级别类型 聚合的统计视图", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.StatVulnByTag", + "service": "VulnService", + "operation": "StatVulnByTag", + "kind": "readonly", + "description": "漏洞的标签分布", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.StatVulnByTime", + "service": "VulnService", + "operation": "StatVulnByTime", + "kind": "readonly", + "description": "返回按 时间 聚合的统计视图", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "VulnService.StatVulnProcessByTime", + "service": "VulnService", + "operation": "StatVulnProcessByTime", + "kind": "readonly", + "description": "根据时间汇总漏洞处理详情", + "tags": [ + "通用漏洞" + ] + }, + { + "method": "WeakPasswdService.CreateDict", + "service": "WeakPasswdService", + "operation": "CreateDict", + "kind": "mutation", + "description": "创建弱口令字典", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.CreateWhitelist", + "service": "WeakPasswdService", + "operation": "CreateWhitelist", + "kind": "mutation", + "description": "生成白名单规则", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.Delete", + "service": "WeakPasswdService", + "operation": "Delete", + "kind": "mutation", + "description": "删除弱口令事件", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.DeleteDict", + "service": "WeakPasswdService", + "operation": "DeleteDict", + "kind": "mutation", + "description": "删除弱口令字典", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.DictList", + "service": "WeakPasswdService", + "operation": "DictList", + "kind": "mutation", + "description": "弱口令字典列表", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.EditDict", + "service": "WeakPasswdService", + "operation": "EditDict", + "kind": "mutation", + "description": "修改弱口令字典", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.EditEventComment", + "service": "WeakPasswdService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.EditState", + "service": "WeakPasswdService", + "operation": "EditState", + "kind": "mutation", + "description": "修改弱口令事件状态", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.EnableDict", + "service": "WeakPasswdService", + "operation": "EnableDict", + "kind": "mutation", + "description": "启用弱口令字典", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.Get", + "service": "WeakPasswdService", + "operation": "Get", + "kind": "readonly", + "description": "获取弱口令事件详情", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.GetAggEventList", + "service": "WeakPasswdService", + "operation": "GetAggEventList", + "kind": "readonly", + "description": "获取数据分组后弱口令事件列表", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.GetDict", + "service": "WeakPasswdService", + "operation": "GetDict", + "kind": "readonly", + "description": "获取弱口令字典详情", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.GetWhitelist", + "service": "WeakPasswdService", + "operation": "GetWhitelist", + "kind": "readonly", + "description": "获取白名单规则", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.HistoryList", + "service": "WeakPasswdService", + "operation": "HistoryList", + "kind": "mutation", + "description": "弱口令事件变更记录", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.List", + "service": "WeakPasswdService", + "operation": "List", + "kind": "readonly", + "description": "弱口令事件列表", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.ListByHost", + "service": "WeakPasswdService", + "operation": "ListByHost", + "kind": "readonly", + "description": "根据Host筛选条件获取弱口令事件列表", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.ListByPlan", + "service": "WeakPasswdService", + "operation": "ListByPlan", + "kind": "readonly", + "description": "根据PlanId筛选条件获取弱口令事件列表", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.ListByService", + "service": "WeakPasswdService", + "operation": "ListByService", + "kind": "readonly", + "description": "根据服务筛选条件获取弱口令事件列表", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.RetestEvent", + "service": "WeakPasswdService", + "operation": "RetestEvent", + "kind": "mutation", + "description": "复测弱口令事件", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.StatEventByHost", + "service": "WeakPasswdService", + "operation": "StatEventByHost", + "kind": "readonly", + "description": "高风险主机", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.StatEventByPassword", + "service": "WeakPasswdService", + "operation": "StatEventByPassword", + "kind": "readonly", + "description": "高风险密码", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.StatEventByService", + "service": "WeakPasswdService", + "operation": "StatEventByService", + "kind": "readonly", + "description": "弱口令服务类型分布", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.StatEventByState", + "service": "WeakPasswdService", + "operation": "StatEventByState", + "kind": "readonly", + "description": "弱口令事件状态分布", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.StatEventByTime", + "service": "WeakPasswdService", + "operation": "StatEventByTime", + "kind": "readonly", + "description": "弱口令事件发生趋势", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.StatEventByType", + "service": "WeakPasswdService", + "operation": "StatEventByType", + "kind": "readonly", + "description": "弱口令事件状态分布", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WeakPasswdService.StatEventByUsername", + "service": "WeakPasswdService", + "operation": "StatEventByUsername", + "kind": "readonly", + "description": "高风险用户名", + "tags": [ + "弱口令检测" + ] + }, + { + "method": "WebshellEventService.CreateWhitelist", + "service": "WebshellEventService", + "operation": "CreateWhitelist", + "kind": "mutation", + "description": "生成白名单规则", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.DeleteEvent", + "service": "WebshellEventService", + "operation": "DeleteEvent", + "kind": "mutation", + "description": "删除所选事件", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.EditEventComment", + "service": "WebshellEventService", + "operation": "EditEventComment", + "kind": "mutation", + "description": "改变所选事件备注", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.EditEventState", + "service": "WebshellEventService", + "operation": "EditEventState", + "kind": "mutation", + "description": "改变所选事件的处置状态", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.EditMimicryConfig", + "service": "WebshellEventService", + "operation": "EditMimicryConfig", + "kind": "mutation", + "description": "用来修改全局拟态防御的配置", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.GetEvent", + "service": "WebshellEventService", + "operation": "GetEvent", + "kind": "readonly", + "description": "获取事件详情", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.GetEventByHostList", + "service": "WebshellEventService", + "operation": "GetEventByHostList", + "kind": "readonly", + "description": "根据主机获取事件列表", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.GetEventList", + "service": "WebshellEventService", + "operation": "GetEventList", + "kind": "readonly", + "description": "获取事件列表", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.GetEventListByFileName", + "service": "WebshellEventService", + "operation": "GetEventListByFileName", + "kind": "readonly", + "description": "根据文件名获取事件列表", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.GetEventListByFilePath", + "service": "WebshellEventService", + "operation": "GetEventListByFilePath", + "kind": "readonly", + "description": "根据文件路径获取事件列表", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.GetEventListByWebshellType", + "service": "WebshellEventService", + "operation": "GetEventListByWebshellType", + "kind": "readonly", + "description": "根据Webshell 类型获取事件列表", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.GetFile", + "service": "WebshellEventService", + "operation": "GetFile", + "kind": "readonly", + "description": "获取 Webshell 文件内容", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.GetMimicryConfig", + "service": "WebshellEventService", + "operation": "GetMimicryConfig", + "kind": "readonly", + "description": "用来换取拟态防御全局配置", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.GetOverview", + "service": "WebshellEventService", + "operation": "GetOverview", + "kind": "readonly", + "description": "获取 Webshell 概述信息", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.GetWhitelist", + "service": "WebshellEventService", + "operation": "GetWhitelist", + "kind": "readonly", + "description": "获取白名单规则", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.IsolateWebshell", + "service": "WebshellEventService", + "operation": "IsolateWebshell", + "kind": "readonly", + "description": "用来隔离主机上的 Webshell", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.MarkAsRead", + "service": "WebshellEventService", + "operation": "MarkAsRead", + "kind": "mutation", + "description": "标记事件为已读", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.RetestEvent", + "service": "WebshellEventService", + "operation": "RetestEvent", + "kind": "mutation", + "description": "触发一个探针端任务用来检测 Webshell 是否仍然存在", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.StatEventByFileName", + "service": "WebshellEventService", + "operation": "StatEventByFileName", + "kind": "readonly", + "description": "获取按文件名聚合的统计结果", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.StatEventByHost", + "service": "WebshellEventService", + "operation": "StatEventByHost", + "kind": "readonly", + "description": "获取按主机聚合的统计结果", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.StatEventByIsolateState", + "service": "WebshellEventService", + "operation": "StatEventByIsolateState", + "kind": "readonly", + "description": "获取按 Webshell 隔离状态聚合的统计结果", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.StatEventByLevel", + "service": "WebshellEventService", + "operation": "StatEventByLevel", + "kind": "readonly", + "description": "获取按风险等级与处置状态聚合的统计结果", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.StatEventByTime", + "service": "WebshellEventService", + "operation": "StatEventByTime", + "kind": "readonly", + "description": "获取按事件发生事件聚合的统计结果", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.StatEventByWebshellType", + "service": "WebshellEventService", + "operation": "StatEventByWebshellType", + "kind": "readonly", + "description": "获取按 Webshell 类型聚合的统计结果", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.TestMimicryToken", + "service": "WebshellEventService", + "operation": "TestMimicryToken", + "kind": "mutation", + "description": "测试拟态防御服务平台token,如果是401说明token不正确,500说明token正确", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebshellEventService.TrendWebshell", + "service": "WebshellEventService", + "operation": "TrendWebshell", + "kind": "readonly", + "description": "获取按事件发现日期(年,月,日)聚合的统计结果", + "tags": [ + "WebShell" + ] + }, + { + "method": "WebsiteAssetService.GetWebsite", + "service": "WebsiteAssetService", + "operation": "GetWebsite", + "kind": "readonly", + "description": "获取站点资产详情", + "tags": [ + "网站资产" + ] + }, + { + "method": "WebsiteAssetService.GetWebsiteList", + "service": "WebsiteAssetService", + "operation": "GetWebsiteList", + "kind": "readonly", + "description": "获取站点资产列表", + "tags": [ + "网站资产" + ] + }, + { + "method": "WhitelistService.CreateWhitelist", + "service": "WhitelistService", + "operation": "CreateWhitelist", + "kind": "mutation", + "description": "创建事件加白规则", + "tags": [ + "事件加白规则" + ] + }, + { + "method": "WhitelistService.DeleteWhitelist", + "service": "WhitelistService", + "operation": "DeleteWhitelist", + "kind": "mutation", + "description": "删除事件加白规则", + "tags": [ + "事件加白规则" + ] + }, + { + "method": "WhitelistService.EnablementWhitelist", + "service": "WhitelistService", + "operation": "EnablementWhitelist", + "kind": "mutation", + "description": "启禁用事件加白规则", + "tags": [ + "事件加白规则" + ] + }, + { + "method": "WhitelistService.ListWhitelist", + "service": "WhitelistService", + "operation": "ListWhitelist", + "kind": "readonly", + "description": "获取事件加白规则列表", + "tags": [ + "事件加白规则" + ] + }, + { + "method": "WhitelistService.UpdateWhitelist", + "service": "WhitelistService", + "operation": "UpdateWhitelist", + "kind": "mutation", + "description": "更新事件加白规则", + "tags": [ + "事件加白规则" + ] + } + ] +} diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_mutation.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_mutation.yaml new file mode 100644 index 000000000..b5cab6d0f --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_mutation.yaml @@ -0,0 +1,28 @@ +name: chaitin_muyun_api_mutation +description: Chaitin Muyun documented mutation JSON-RPC caller with confirmation. +description_cn: 长亭牧云文档内变更类 JSON-RPC 调用工具。所有调用都需要确认。 +category: custom +enabled: true +requires_confirmation: true +provider: chaitin_muyun_api +version: "API 3.0" +inputSchema: + type: object + properties: + action: + type: string + enum: + - api_catalog + - rpc_call_mutation + method: + type: string + description: rpc_call_mutation 使用的 JSON-RPC 方法名,必须属于 catalog 中 kind=mutation 的条目。 + params: + type: object + description: JSON-RPC params 对象。 + required: + - action +handler: + type: script + script_file: chaitin_muyun.handler.py + function: api_mutation diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_readonly.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_readonly.yaml new file mode 100644 index 000000000..16b2b000f --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_readonly.yaml @@ -0,0 +1,47 @@ +name: chaitin_muyun_api_readonly +description: Chaitin Muyun documented read-only JSON-RPC caller. +description_cn: 长亭牧云文档内只读 JSON-RPC 调用工具。使用 api_catalog 查看已收录方法,再用 rpc_call_readonly 调用 kind=readonly 的方法。 +category: custom +enabled: true +requires_confirmation: false +provider: chaitin_muyun_api +version: "API 3.0" +inputSchema: + type: object + properties: + action: + type: string + enum: + - api_catalog + - rpc_call_readonly + - product_info + - current_user + - host_count + - host_list + - host_detail + - application_list + - website_list + - process_list + - webshell_events + - malware_events + - bruteforce_events + - abnormal_login_events + - realtime_events + - vuln_list + - vuln_detail + - security_check_events + - baseline_tasks + - emergency_vulns + - test + method: + type: string + description: rpc_call_readonly 使用的 JSON-RPC 方法名,例如 HostAssetService.GetHostAssetList。 + params: + type: object + description: JSON-RPC params 对象。 + required: + - action +handler: + type: script + script_file: chaitin_muyun.handler.py + function: api_readonly diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_assets.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_assets.yaml new file mode 100644 index 000000000..cb8175d6d --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_assets.yaml @@ -0,0 +1,42 @@ +name: chaitin_muyun_assets +description: Chaitin Muyun product, user, host, application, website, and process asset queries. +description_cn: 长亭牧云产品、用户、主机、应用、网站和进程资产查询工具。 +category: custom +enabled: true +requires_confirmation: false +provider: chaitin_muyun_api +version: "API 3.0" +inputSchema: + type: object + properties: + action: + type: string + enum: + - product_info + - current_user + - host_count + - host_list + - host_detail + - application_list + - website_list + - process_list + - test + description: | + 资产类动作: + - product_info: 获取产品信息。 + - current_user: 获取当前 Token 用户信息。 + - host_count: 获取主机资产数量。 + - host_list: 获取主机资产列表。 + - host_detail: 获取主机资产详情。 + - application_list: 获取应用/软件资产列表。 + - website_list: 获取 Web 站点资产列表。 + - process_list: 获取进程资产列表。 + params: + type: object + description: JSON-RPC params 对象;字段按牧云 API 3.0 对应方法填写。 + required: + - action +handler: + type: script + script_file: chaitin_muyun.handler.py + function: assets diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_events.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_events.yaml new file mode 100644 index 000000000..858ba528d --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_events.yaml @@ -0,0 +1,36 @@ +name: chaitin_muyun_events +description: Chaitin Muyun security event query tool. +description_cn: 长亭牧云安全事件查询工具。 +category: custom +enabled: true +requires_confirmation: false +provider: chaitin_muyun_api +version: "API 3.0" +inputSchema: + type: object + properties: + action: + type: string + enum: + - webshell_events + - malware_events + - bruteforce_events + - abnormal_login_events + - realtime_events + - test + description: | + 事件类动作: + - webshell_events: 查询 WebShell 事件。 + - malware_events: 查询恶意文件事件。 + - bruteforce_events: 查询暴力破解事件。 + - abnormal_login_events: 查询异常登录事件。 + - realtime_events: 查询实时事件概览。 + params: + type: object + description: JSON-RPC params 对象;建议显式传分页、时间和过滤条件。 + required: + - action +handler: + type: script + script_file: chaitin_muyun.handler.py + function: events diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_risk.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_risk.yaml new file mode 100644 index 000000000..bf0751000 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_risk.yaml @@ -0,0 +1,36 @@ +name: chaitin_muyun_risk +description: Chaitin Muyun vulnerability, baseline, and emergency vulnerability query tool. +description_cn: 长亭牧云漏洞、安全基线和漏洞应急查询工具。 +category: custom +enabled: true +requires_confirmation: false +provider: chaitin_muyun_api +version: "API 3.0" +inputSchema: + type: object + properties: + action: + type: string + enum: + - vuln_list + - vuln_detail + - security_check_events + - baseline_tasks + - emergency_vulns + - test + description: | + 风险类动作: + - vuln_list: 查询通用漏洞事件列表。 + - vuln_detail: 查询漏洞事件详情。 + - security_check_events: 查询安全基线事件。 + - baseline_tasks: 查询核查任务列表。 + - emergency_vulns: 查询漏洞应急列表。 + params: + type: object + description: JSON-RPC params 对象;字段按牧云 API 3.0 对应方法填写。 + required: + - action +handler: + type: script + script_file: chaitin_muyun.handler.py + function: risk diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/manifest.json b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/manifest.json new file mode 100644 index 000000000..1a77cedd0 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/manifest.json @@ -0,0 +1,71 @@ +{ + "schemaVersion": "hub.plugin.v1", + "id": "chaitin_muyun_api_v3", + "type": "device", + "name": "Chaitin Muyun", + "description": "Chaitin Muyun host security platform JSON-RPC API 3.0 integration.", + "descriptionCn": "长亭牧云主机安全平台 API 3.0 接入。", + "version": "3.0", + "author": "Flocks Team", + "license": "MIT", + "category": "integration", + "tags": [ + "edr", + "hids", + "vulnerability", + "integration" + ], + "useCases": [ + "integration", + "incident-response", + "vulnerability-management" + ], + "domains": [ + "security-ops" + ], + "capabilities": [ + "device-integration", + "json-rpc-api" + ], + "trust": "official", + "source": { + "kind": "bundled", + "path": "plugins/tools/device/chaitin_muyun_api_v3" + }, + "compatibility": { + "flocks": ">=0.8.0", + "os": [ + "darwin", + "linux", + "windows" + ] + }, + "dependencies": { + "skills": [], + "tools": [], + "python": [], + "external": [] + }, + "permissions": { + "tools": [], + "network": true, + "shell": false, + "filesystem": "none" + }, + "risk": { + "level": "low", + "reasons": [] + }, + "entrypoints": [ + "_provider.yaml", + "_test.yaml", + "chaitin_muyun.handler.py", + "chaitin_muyun_api_catalog.json", + "chaitin_muyun_assets.yaml", + "chaitin_muyun_events.yaml", + "chaitin_muyun_risk.yaml", + "chaitin_muyun_api_readonly.yaml", + "chaitin_muyun_api_mutation.yaml" + ], + "checksums": {} +} diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/_provider.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/_provider.yaml new file mode 100644 index 000000000..78bd4126d --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/_provider.yaml @@ -0,0 +1,38 @@ +name: chaitin_safeline_waf +vendor: chaitin +service_id: chaitin_safeline_waf +version: "1.0" +integration_type: device +description: > + Chaitin SafeLine WAF OpenAPI integration. Configure the device URL and + API Token. Read-only calls and mutation calls are separated at tool level. +description_cn: > + 长亭雷池 WAF OpenAPI 接入。配置设备地址和 API Token;只读查询与变更调用在工具层隔离。 +auth: + type: custom + secret: chaitin_safeline_waf_api_token +credential_fields: + - key: base_url + label: 设备地址 + storage: config + config_key: base_url + input_type: url + required: true + placeholder: "https://safeline.example.com" + - key: api_token + label: API Token + storage: secret + config_key: api_token + secret_id: chaitin_safeline_waf_api_token + input_type: password + required: true +defaults: + timeout: 30 + category: custom + product_version: "1.0" + verify_ssl: false +notes: | + 认证规则来自《长亭雷池WAF》OpenAPI 文档: + - Token 在管理界面个人中心的 Open API 页面创建。 + - 所有 API 请求在 Header 中携带 API-TOKEN。 + - GET 使用 query string;POST/PUT/DELETE 使用 JSON body。 diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/_test.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/_test.yaml new file mode 100644 index 000000000..09957410d --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/_test.yaml @@ -0,0 +1,58 @@ +schema_version: 1 +provider: chaitin_safeline_waf + +connectivity: + tool: chaitin_safeline_waf_system + params: + action: profile + +fixtures: + chaitin_safeline_waf_system: + - label: Query current profile + label_cn: 查询当前账号信息 + tags: [smoke, auth] + params: + action: profile + assert: + success: true + - label: Query security overview + label_cn: 查询安全概览 + tags: [dashboard] + params: + action: overview + + chaitin_safeline_waf_policy: + - label: List ACL templates + label_cn: 查询访问频率限制规则 + tags: [policy] + params: + action: acl_templates + count: 10 + offset: 0 + + chaitin_safeline_waf_site: + - label: List reverse proxy sites + label_cn: 查询反向代理站点 + tags: [site] + params: + action: reverse_proxy_sites + count: 10 + offset: 0 + + chaitin_safeline_waf_api_readonly: + - label: Show API catalog + label_cn: 查看 API 目录 + tags: [api] + params: + action: api_catalog + assert: + success: true + + chaitin_safeline_waf_api_mutation: + - label: Show API catalog before confirmed mutation + label_cn: 变更调用前查看 API 目录 + tags: [api, mutation] + params: + action: api_catalog + assert: + success: true diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf.handler.py b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf.handler.py new file mode 100644 index 000000000..19cb8ec15 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf.handler.py @@ -0,0 +1,339 @@ +from __future__ import annotations + +import asyncio +import json +import os +from pathlib import Path +from typing import Any, Callable + +import requests + +from flocks.config.config_writer import ConfigWriter +from flocks.security import get_secret_manager +from flocks.tool.registry import ToolContext, ToolResult + + +SERVICE_ID = "chaitin_safeline_waf" +STORAGE_KEY = "chaitin_safeline_waf_api" +PRODUCT_VERSION = "1.0" +DEFAULT_TIMEOUT = 30 +DEFAULT_VERIFY_SSL = False +CATALOG_FILE = Path(__file__).with_name("chaitin_safeline_waf_api_catalog.json") + + +class ChaitinWafError(RuntimeError): + pass + + +class RuntimeConfig: + def __init__( + self, + *, + base_url: str, + api_token: str, + verify_ssl: bool, + timeout: int, + ) -> None: + self.base_url = base_url + self.api_token = api_token + self.verify_ssl = verify_ssl + self.timeout = timeout + + +def _resolve_ref(value: Any) -> str: + if value is None: + return "" + if not isinstance(value, str): + return str(value) + if value.startswith("{secret:") and value.endswith("}"): + return get_secret_manager().get(value[len("{secret:") : -1]) or "" + if value.startswith("{env:") and value.endswith("}"): + return os.getenv(value[len("{env:") : -1], "") + return value + + +def _raw_service_config() -> dict[str, Any]: + raw = ConfigWriter.get_api_service_raw(SERVICE_ID) + if not isinstance(raw, dict): + raw = ConfigWriter.get_api_service_raw(STORAGE_KEY) + return raw if isinstance(raw, dict) else {} + + +def _config_value(raw: dict[str, Any], *keys: str) -> Any: + for key in keys: + if raw.get(key) is not None: + return raw[key] + custom_settings = raw.get("custom_settings") + if isinstance(custom_settings, dict): + for key in keys: + if custom_settings.get(key) is not None: + return custom_settings[key] + return None + + +def _as_bool(value: Any, default: bool) -> bool: + if value is None: + return default + if isinstance(value, bool): + return value + if isinstance(value, str): + text = value.strip().lower() + if text in {"1", "true", "yes", "on"}: + return True + if text in {"0", "false", "no", "off"}: + return False + return bool(value) + + +def _normalize_base_url(base_url: str) -> str: + return base_url.strip().rstrip("/") + + +def resolve_config() -> RuntimeConfig: + raw = _raw_service_config() + base_url = ( + _resolve_ref(_config_value(raw, "base_url", "baseUrl")) + or os.getenv("CHAITIN_SAFELINE_WAF_BASE_URL", "") + ) + if not base_url: + raise ChaitinWafError("Chaitin SafeLine WAF base_url is not configured") + + api_token = ( + _resolve_ref(_config_value(raw, "api_token", "apiToken", "token")) + or get_secret_manager().get("chaitin_safeline_waf_api_token") + or get_secret_manager().get(f"{SERVICE_ID}_token") + or os.getenv("CHAITIN_SAFELINE_WAF_API_TOKEN", "") + ) + if not api_token: + raise ChaitinWafError("Chaitin SafeLine WAF API token is not configured") + + try: + timeout = int(_config_value(raw, "timeout") or DEFAULT_TIMEOUT) + except (TypeError, ValueError): + timeout = DEFAULT_TIMEOUT + verify_ssl = _as_bool( + _config_value(raw, "verify_ssl", "ssl_verify", "verifySsl") + if _config_value(raw, "verify_ssl", "ssl_verify", "verifySsl") is not None + else os.getenv("CHAITIN_SAFELINE_WAF_VERIFY_SSL"), + DEFAULT_VERIFY_SSL, + ) + return RuntimeConfig( + base_url=_normalize_base_url(base_url), + api_token=api_token, + verify_ssl=verify_ssl, + timeout=timeout, + ) + + +def _render_path(path: str, args: dict[str, Any]) -> str: + rendered = path + path_params = args.get("path_params") if isinstance(args.get("path_params"), dict) else {} + for key, value in {**path_params, **args}.items(): + if isinstance(key, str): + rendered = rendered.replace("{" + key + "}", str(value)) + if "{" in rendered or "}" in rendered: + raise ChaitinWafError(f"Missing path parameter for {path}") + return rendered + + +class WafClient: + def __init__(self, config: RuntimeConfig) -> None: + self.config = config + + def request( + self, + method: str, + path: str, + *, + query: dict[str, Any] | None = None, + body: Any = None, + ) -> Any: + url = f"{self.config.base_url}{path}" + headers = { + "Accept": "application/json", + "API-TOKEN": self.config.api_token, + } + if method.upper() in {"POST", "PUT", "DELETE", "PATCH"}: + headers["Content-Type"] = "application/json" + response = requests.request( + method.upper(), + url, + params={k: v for k, v in (query or {}).items() if v is not None}, + json=body if body not in (None, "") else None, + headers=headers, + timeout=self.config.timeout, + verify=self.config.verify_ssl, + ) + return _json_response(response) + + +def _json_response(response: requests.Response) -> Any: + try: + payload = response.json() + except ValueError as exc: + raise ChaitinWafError(f"Invalid JSON response: HTTP {response.status_code}") from exc + if response.status_code >= 400: + raise ChaitinWafError(f"HTTP {response.status_code}: {payload}") + if isinstance(payload, dict) and payload.get("err") not in (None, ""): + raise ChaitinWafError(str(payload.get("msg") or payload.get("err"))) + return payload + + +def _ok(data: Any, *, action: str) -> ToolResult: + return ToolResult( + success=True, + output=data, + metadata={"source": "Chaitin SafeLine WAF", "version": PRODUCT_VERSION, "action": action}, + ) + + +def get_client() -> WafClient: + return WafClient(resolve_config()) + + +def _request_args(args: dict[str, Any], default_method: str, default_path: str) -> tuple[str, str, dict[str, Any], Any]: + method = str(args.get("method") or default_method).upper() + path = _render_path(str(args.get("path") or default_path), args) + query = args.get("query") if isinstance(args.get("query"), dict) else {} + body = args.get("body") + if method == "GET" and not query: + ignored = {"action", "method", "path", "query", "body", "path_params"} + query = {k: v for k, v in args.items() if k not in ignored and v is not None} + return method, path, dict(query), body + + +def _load_api_catalog() -> list[dict[str, Any]]: + try: + data = json.loads(CATALOG_FILE.read_text(encoding="utf-8")) + except FileNotFoundError: + return [] + entries = data.get("entries") + return entries if isinstance(entries, list) else [] + + +def _catalog_pairs(kind: str) -> set[tuple[str, str]]: + return { + (str(entry.get("method", "")).upper(), str(entry.get("path", ""))) + for entry in _load_api_catalog() + if entry.get("kind") == kind and entry.get("method") and entry.get("path") + } + + +READONLY_ACTIONS: dict[str, tuple[str, str]] = { + "profile": ("GET", "/api/ProfileAPI"), + "overview": ("GET", "/api/OverviewAPI"), + "acl_rules": ("GET", "/api/ACLRuleAPI"), + "acl_templates": ("GET", "/api/ACLRuleTemplateAPI"), + "attack_logs": ("GET", "/api/FilterV2API"), + "ip_groups": ("GET", "/api/IPGroupAPI"), + "reverse_proxy_sites": ("GET", "/api/HardwareReverseProxyWebsiteAPI"), + "traffic_detection_sites": ("GET", "/api/HardwareTrafficDetectionWebsiteAPI"), + "certificates": ("GET", "/api/CertAPI"), + "traffic_learning_overview": ("GET", "/api/traffic_learning/v1/Overview"), +} + + +SYSTEM_ACTIONS = {"profile", "overview"} +POLICY_ACTIONS = {"acl_rules", "acl_templates", "ip_groups"} +SITE_ACTIONS = {"reverse_proxy_sites", "traffic_detection_sites", "certificates"} +LOG_ACTIONS = {"attack_logs", "traffic_learning_overview"} + + +def call_rest(action: str, args: dict[str, Any]) -> ToolResult: + method, path = READONLY_ACTIONS[action] + req_method, req_path, query, body = _request_args(args, method, path) + return _ok(get_client().request(req_method, req_path, query=query, body=body), action=action) + + +def api_catalog(args: dict[str, Any]) -> ToolResult: + del args + catalog = _load_api_catalog() + return _ok( + { + "catalog_counts": { + "total": len(catalog), + "readonly": sum(1 for entry in catalog if entry.get("kind") == "readonly"), + "mutation": sum(1 for entry in catalog if entry.get("kind") == "mutation"), + }, + "documented_api_catalog": catalog, + "common_actions": { + "system": sorted(SYSTEM_ACTIONS), + "policy": sorted(POLICY_ACTIONS), + "site": sorted(SITE_ACTIONS), + "logs": sorted(LOG_ACTIONS), + }, + }, + action="api_catalog", + ) + + +def rest_call_readonly(args: dict[str, Any]) -> ToolResult: + method, path, query, body = _request_args(args, "GET", "") + if (method, path) not in _catalog_pairs("readonly"): + raise ChaitinWafError("Only documented read-only REST method/path pairs are allowed") + return _ok(get_client().request(method, path, query=query, body=body), action="rest_call_readonly") + + +def rest_call_mutation(args: dict[str, Any]) -> ToolResult: + method, path, query, body = _request_args(args, "POST", "") + if (method, path) not in _catalog_pairs("mutation"): + raise ChaitinWafError("Only documented mutation REST method/path pairs are allowed") + return _ok(get_client().request(method, path, query=query, body=body), action="rest_call_mutation") + + +ACTION_HANDLERS: dict[str, Callable[[dict[str, Any]], ToolResult]] = { + "api_catalog": api_catalog, + "rest_call_readonly": rest_call_readonly, + "rest_call_mutation": rest_call_mutation, +} +for _action in READONLY_ACTIONS: + ACTION_HANDLERS[_action] = lambda args, action=_action: call_rest(action, args) + + +async def _dispatch(ctx: ToolContext, allowed: set[str], action: str, **params: Any) -> ToolResult: + del ctx + if action == "test": + action = "profile" + if action not in allowed: + return ToolResult( + success=False, + error=f"Unsupported Chaitin SafeLine WAF action: {action}. Available: {', '.join(sorted(allowed))}", + ) + try: + return await asyncio.to_thread(ACTION_HANDLERS[action], params) + except ChaitinWafError as exc: + return ToolResult( + success=False, + error=str(exc), + metadata={"source": "Chaitin SafeLine WAF", "version": PRODUCT_VERSION, "action": action}, + ) + except Exception as exc: + return ToolResult( + success=False, + error=f"Unexpected Chaitin SafeLine WAF error: {exc}", + metadata={"source": "Chaitin SafeLine WAF", "version": PRODUCT_VERSION, "action": action}, + ) + + +async def system(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, SYSTEM_ACTIONS | {"test"}, action, **params) + + +async def policy(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, POLICY_ACTIONS | {"test"}, action, **params) + + +async def site(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, SITE_ACTIONS | {"test"}, action, **params) + + +async def logs(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, LOG_ACTIONS | {"test"}, action, **params) + + +async def api_readonly(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, {"api_catalog", "rest_call_readonly", *READONLY_ACTIONS.keys(), "test"}, action, **params) + + +async def api_mutation(ctx: ToolContext, action: str, **params: Any) -> ToolResult: + return await _dispatch(ctx, {"api_catalog", "rest_call_mutation"}, action, **params) diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_catalog.json b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_catalog.json new file mode 100644 index 000000000..1d55cf883 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_catalog.json @@ -0,0 +1,498 @@ +{ + "schema_version": 1, + "source": "长亭雷池WAF/长亭雷池WAF.docx", + "entries": [ + { + "method": "DELETE", + "path": "/api/ACLRuleAPI", + "kind": "mutation", + "description": "删除指定 ID 的 ACL Rule,并可通过参数指定加入白名单" + }, + { + "method": "GET", + "path": "/api/ACLRuleAPI", + "kind": "readonly", + "description": "根据 ID 查找指定 ACL Rule Template,返回其所包含的所有 ACL Rule" + }, + { + "method": "POST", + "path": "/api/ACLRuleAPI", + "kind": "mutation", + "description": "新建一条包含指定内容的 ACL Rule,并加入指定 Template" + }, + { + "method": "DELETE", + "path": "/api/ACLRuleExecutionLogAPI", + "kind": "mutation", + "description": "删除日志" + }, + { + "method": "GET", + "path": "/api/ACLRuleExecutionLogAPI", + "kind": "readonly", + "description": "查询 ACL 执行日志的统计数据,以 5 分钟为间隔,按时间顺序排列" + }, + { + "method": "DELETE", + "path": "/api/ACLRuleTemplateAPI", + "kind": "mutation", + "description": "删除频率限制规则" + }, + { + "method": "GET", + "path": "/api/ACLRuleTemplateAPI", + "kind": "readonly", + "description": "查看频率限制规则" + }, + { + "method": "POST", + "path": "/api/ACLRuleTemplateAPI", + "kind": "mutation", + "description": "新建频率限制规则" + }, + { + "method": "PUT", + "path": "/api/ACLRuleTemplateAPI", + "kind": "mutation", + "description": "编辑指定 ID 的 ACLRuleTemplate" + }, + { + "method": "DELETE", + "path": "/api/ACLWhiteListAPI", + "kind": "mutation", + "description": "删除指定 ID 对应的 ACL White List" + }, + { + "method": "GET", + "path": "/api/ACLWhiteListAPI", + "kind": "readonly", + "description": "根据参数过滤已有的 ACL White List,并返回所有符合条件的项目" + }, + { + "method": "POST", + "path": "/api/ACLWhiteListAPI", + "kind": "mutation", + "description": "新建 ACL 白名单" + }, + { + "method": "DELETE", + "path": "/api/ClearACLRuleAPI", + "kind": "mutation", + "description": "清空 ACL Rule Template 的所有用户,并可通过参数指定加入白名单" + }, + { + "method": "POST", + "path": "/api/ESDownloadIndices", + "kind": "mutation", + "description": "新建「下载索引归档」日志下载任务,需要到日志下载管理界面下载归档" + }, + { + "method": "PUT", + "path": "/api/ESIndexLifecycle", + "kind": "mutation", + "description": "修改索引生命周期" + }, + { + "method": "DELETE", + "path": "/api/ESIndices", + "kind": "mutation", + "description": "删除归档" + }, + { + "method": "GET", + "path": "/api/ESIndices", + "kind": "readonly", + "description": "查看索引信息" + }, + { + "method": "PUT", + "path": "/api/ESIndices", + "kind": "mutation", + "description": "恢复归档" + }, + { + "method": "GET", + "path": "/api/FilterV2API", + "kind": "readonly", + "description": "限制用户列表-满足条件的用户; 查询限制用户列表-已知用户; 查询访问频率限制规则; 查询攻击检测日志列表页和详情页; 查询 IP 组; 查询防护策略" + }, + { + "method": "GET", + "path": "/api/FilterHistory", + "kind": "readonly", + "description": "查看攻击检测日志筛选历史" + }, + { + "method": "DELETE", + "path": "/api/SavedFilter", + "kind": "mutation", + "description": "删除筛选器" + }, + { + "method": "GET", + "path": "/api/SavedFilter", + "kind": "readonly", + "description": "获取筛选器" + }, + { + "method": "POST", + "path": "/api/SavedFilter", + "kind": "mutation", + "description": "新建筛选器" + }, + { + "method": "PUT", + "path": "/api/SavedFilter", + "kind": "mutation", + "description": "编辑筛选器" + }, + { + "method": "DELETE", + "path": "/api/EditIPGroupItem", + "kind": "mutation", + "description": "IP 列表删除 IP" + }, + { + "method": "POST", + "path": "/api/EditIPGroupItem", + "kind": "mutation", + "description": "IP 列表添加 IP" + }, + { + "method": "DELETE", + "path": "/api/IPGroupAPI", + "kind": "mutation", + "description": "删除 IP 组" + }, + { + "method": "GET", + "path": "/api/IPGroupAPI", + "kind": "readonly", + "description": "获取 IP 组信息" + }, + { + "method": "POST", + "path": "/api/IPGroupAPI", + "kind": "mutation", + "description": "新建 IP 组" + }, + { + "method": "PUT", + "path": "/api/IPGroupAPI", + "kind": "mutation", + "description": "编辑 IP 组名称和备注" + }, + { + "method": "GET", + "path": "/api/LogFlagConfig", + "kind": "readonly", + "description": "获取标记" + }, + { + "method": "PUT", + "path": "/api/LogFlagConfig", + "kind": "mutation", + "description": "修改标记" + }, + { + "method": "GET", + "path": "/_api/DashboardConfigAPI", + "kind": "readonly", + "description": "获取配置" + }, + { + "method": "POST", + "path": "/_api/DashboardConfigAPI", + "kind": "mutation", + "description": "修改配置" + }, + { + "method": "POST", + "path": "/api/HTTPReplayAPI", + "kind": "mutation", + "description": "重放请求" + }, + { + "method": "GET", + "path": "/api/LogAggregationConfigAPI", + "kind": "readonly", + "description": "获取配置" + }, + { + "method": "PUT", + "path": "/api/LogAggregationConfigAPI", + "kind": "mutation", + "description": "修改配置" + }, + { + "method": "GET", + "path": "/api/OverviewAPI", + "kind": "readonly", + "description": "统计信息" + }, + { + "method": "POST", + "path": "/api/report/v2/ReportTask", + "kind": "mutation", + "description": "手动生成节点状态报告" + }, + { + "method": "PUT", + "path": "/api/report/v2/ReportTask", + "kind": "mutation", + "description": "编辑定时报告任务" + }, + { + "method": "POST", + "path": "/api/report/v2/SendReport", + "kind": "mutation", + "description": "报告外发" + }, + { + "method": "GET", + "path": "/api/SoftwareReverseProxyWebsiteAPI", + "kind": "readonly", + "description": "手动生成一个报告" + }, + { + "method": "GET", + "path": "/api/traffic_learning/v1/AutoIntf", + "kind": "readonly", + "description": "获取自动发现业务列表" + }, + { + "method": "POST", + "path": "/api/traffic_learning/v1/AutoIntf", + "kind": "mutation", + "description": "自动发现业务移入业务建模" + }, + { + "method": "DELETE", + "path": "/api/traffic_learning/v1/Intf", + "kind": "mutation", + "description": "编辑智学习业务信息,支持批量" + }, + { + "method": "POST", + "path": "/api/traffic_learning/v1/Intf", + "kind": "mutation", + "description": "手动创建智学习业务" + }, + { + "method": "PUT", + "path": "/api/traffic_learning/v1/Intf", + "kind": "mutation", + "description": "编辑智学习业务信息" + }, + { + "method": "GET", + "path": "/api/traffic_learning/v1/IntfConfig", + "kind": "readonly", + "description": "获取某个站点的业务配置信息" + }, + { + "method": "PUT", + "path": "/api/traffic_learning/v1/IntfConfig", + "kind": "mutation", + "description": "编辑某个站点的业务配置信息" + }, + { + "method": "GET", + "path": "/api/traffic_learning/v1/Overview", + "kind": "readonly", + "description": "获取智学习总览信息" + }, + { + "method": "POST", + "path": "/api/traffic_learning/v1/ToggleIntf", + "kind": "mutation", + "description": "修改业务模型状态,包括开始/停止检测,开始/结束/重新开始业务学习,支持批量操作" + }, + { + "method": "DELETE", + "path": "/api/CertAPI", + "kind": "mutation", + "description": "根据指定的 ID 删除证书" + }, + { + "method": "GET", + "path": "/api/CertAPI", + "kind": "readonly", + "description": "获取已经上传的所有证书" + }, + { + "method": "DELETE", + "path": "/api/HardwareReverseProxyWebsiteAPI", + "kind": "mutation", + "description": "批量删除指定 ID 对应的站点配置" + }, + { + "method": "GET", + "path": "/api/HardwareReverseProxyWebsiteAPI", + "kind": "readonly", + "description": "根据查询条件,过滤并返回已经存在的站点配置" + }, + { + "method": "POST", + "path": "/api/HardwareReverseProxyWebsiteAPI", + "kind": "mutation", + "description": "新建站点" + }, + { + "method": "PUT", + "path": "/api/HardwareReverseProxyWebsiteAPI", + "kind": "mutation", + "description": "编辑站点" + }, + { + "method": "DELETE", + "path": "/api/HardwareTrafficDetectionWebsiteAPI", + "kind": "mutation", + "description": "编辑站点" + }, + { + "method": "GET", + "path": "/api/HardwareTrafficDetectionWebsiteAPI", + "kind": "readonly", + "description": "根据查询条件,过滤并返回已经存在的站点配置,在使用工作于流量监测模式下的硬件版时调用" + }, + { + "method": "POST", + "path": "/api/HardwareTrafficDetectionWebsiteAPI", + "kind": "mutation", + "description": "新建站点" + }, + { + "method": "PUT", + "path": "/api/HardwareTrafficDetectionWebsiteAPI", + "kind": "mutation", + "description": "编辑站点" + }, + { + "method": "DELETE", + "path": "/api/HardwareTransparentBridgingWebsiteAPI", + "kind": "mutation", + "description": "批量删除指定 ID 对应的站点配置" + }, + { + "method": "GET", + "path": "/api/HardwareTransparentBridgingWebsiteAPI", + "kind": "readonly", + "description": "根据查询条件,过滤并返回已经存在的站点配置" + }, + { + "method": "POST", + "path": "/api/HardwareTransparentBridgingWebsiteAPI", + "kind": "mutation", + "description": "新建站点" + }, + { + "method": "PUT", + "path": "/api/HardwareTransparentBridgingWebsiteAPI", + "kind": "mutation", + "description": "编辑站点" + }, + { + "method": "DELETE", + "path": "/api/HardwareTransparentProxyWebsiteAPI", + "kind": "mutation", + "description": "批量删除指定 ID 对应的站点配置" + }, + { + "method": "GET", + "path": "/api/HardwareTransparentProxyWebsiteAPI", + "kind": "readonly", + "description": "根据查询条件,过滤并返回已经存在的站点配置" + }, + { + "method": "POST", + "path": "/api/HardwareTransparentProxyWebsiteAPI", + "kind": "mutation", + "description": "新建站点" + }, + { + "method": "PUT", + "path": "/api/HardwareTransparentProxyWebsiteAPI", + "kind": "mutation", + "description": "编辑站点" + }, + { + "method": "DELETE", + "path": "/api/SoftwareClusterReverseProxyWebsiteAPI", + "kind": "mutation", + "description": "批量删除指定 ID 对应的站点配置" + }, + { + "method": "GET", + "path": "/api/SoftwareClusterReverseProxyWebsiteAPI", + "kind": "readonly", + "description": "根据查询条件,过滤并返回已经存在的站点配置" + }, + { + "method": "POST", + "path": "/api/SoftwareClusterReverseProxyWebsiteAPI", + "kind": "mutation", + "description": "新建站点" + }, + { + "method": "PUT", + "path": "/api/SoftwareClusterReverseProxyWebsiteAPI", + "kind": "mutation", + "description": "编辑站点" + }, + { + "method": "DELETE", + "path": "/api/SoftwarePortMirroringWebsiteAPI", + "kind": "mutation", + "description": "批量删除指定 ID 对应的站点配置" + }, + { + "method": "GET", + "path": "/api/SoftwarePortMirroringWebsiteAPI", + "kind": "readonly", + "description": "根据查询条件,过滤并返回已经存在的站点配置" + }, + { + "method": "POST", + "path": "/api/SoftwarePortMirroringWebsiteAPI", + "kind": "mutation", + "description": "新建站点" + }, + { + "method": "PUT", + "path": "/api/SoftwarePortMirroringWebsiteAPI", + "kind": "mutation", + "description": "编辑站点" + }, + { + "method": "DELETE", + "path": "/api/SoftwareReverseProxyWebsiteAPI", + "kind": "mutation", + "description": "批量删除指定 ID 对应的站点配置" + }, + { + "method": "POST", + "path": "/api/SoftwareReverseProxyWebsiteAPI", + "kind": "mutation", + "description": "新建站点" + }, + { + "method": "PUT", + "path": "/api/SoftwareReverseProxyWebsiteAPI", + "kind": "mutation", + "description": "编辑站点" + }, + { + "method": "POST", + "path": "/api/UploadForbiddenPageAPI", + "kind": "mutation", + "description": "上传访问被拦截时,所返回响应页面" + }, + { + "method": "POST", + "path": "/api/UploadSSLCertAPI", + "kind": "mutation", + "description": "当为站点开启 SSL时,使用此 API 上传证书 - name 参数如果不传,则会使用证书的域名拼接作为名字(可能会很长) - id 参数如果不传代表新建,否则为编辑这个 ID 的证书" + } + ] +} diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_mutation.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_mutation.yaml new file mode 100644 index 000000000..5da0bf023 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_mutation.yaml @@ -0,0 +1,33 @@ +name: chaitin_safeline_waf_api_mutation +description: Chaitin SafeLine WAF documented mutation REST caller with confirmation. +description_cn: 长亭雷池 WAF 文档内变更类 REST 调用工具。所有调用都需要确认。 +category: custom +enabled: true +requires_confirmation: true +provider: chaitin_safeline_waf +version: "1.0" +inputSchema: + type: object + properties: + action: + type: string + enum: + - api_catalog + - rest_call_mutation + method: + type: string + description: HTTP 方法,必须和 catalog 中 kind=mutation 的 method/path 匹配。 + path: + type: string + description: REST 路径,例如 /api/ACLRuleAPI。 + query: + type: object + description: Query string 参数。 + body: + description: JSON body,按雷池 WAF 文档对应接口填写。 + required: + - action +handler: + type: script + script_file: chaitin_safeline_waf.handler.py + function: api_mutation diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_readonly.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_readonly.yaml new file mode 100644 index 000000000..ca13bb563 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_readonly.yaml @@ -0,0 +1,44 @@ +name: chaitin_safeline_waf_api_readonly +description: Chaitin SafeLine WAF documented read-only REST caller. +description_cn: 长亭雷池 WAF 文档内只读 REST 调用工具。使用 api_catalog 查看已收录 API,再用 rest_call_readonly 调用 kind=readonly 的 method/path。 +category: custom +enabled: true +requires_confirmation: false +provider: chaitin_safeline_waf +version: "1.0" +inputSchema: + type: object + properties: + action: + type: string + enum: + - api_catalog + - rest_call_readonly + - profile + - overview + - acl_rules + - acl_templates + - attack_logs + - ip_groups + - reverse_proxy_sites + - traffic_detection_sites + - certificates + - traffic_learning_overview + - test + method: + type: string + description: rest_call_readonly 使用的 HTTP 方法,通常为 GET。 + path: + type: string + description: REST 路径,例如 /api/ProfileAPI,必须属于 catalog 中 kind=readonly 的条目。 + query: + type: object + description: Query string 参数。 + body: + description: 请求 body;只读调用通常不需要。 + required: + - action +handler: + type: script + script_file: chaitin_safeline_waf.handler.py + function: api_readonly diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_logs.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_logs.yaml new file mode 100644 index 000000000..eb8d56223 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_logs.yaml @@ -0,0 +1,33 @@ +name: chaitin_safeline_waf_logs +description: Chaitin SafeLine WAF attack log and traffic-learning read-only queries. +description_cn: 长亭雷池 WAF 攻击日志与智学习只读查询工具。 +category: custom +enabled: true +requires_confirmation: false +provider: chaitin_safeline_waf +version: "1.0" +inputSchema: + type: object + properties: + action: + type: string + enum: + - attack_logs + - traffic_learning_overview + - test + description: | + - attack_logs: GET /api/FilterV2API,查询攻击检测日志列表页/详情页等筛选数据。 + - traffic_learning_overview: GET /api/traffic_learning/v1/Overview,查询智学习总览。 + query: + type: object + description: GET query 参数。 + count: + type: integer + offset: + type: integer + required: + - action +handler: + type: script + script_file: chaitin_safeline_waf.handler.py + function: logs diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_policy.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_policy.yaml new file mode 100644 index 000000000..d04a22476 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_policy.yaml @@ -0,0 +1,37 @@ +name: chaitin_safeline_waf_policy +description: Chaitin SafeLine WAF ACL, rate-limit, and IP group read-only queries. +description_cn: 长亭雷池 WAF 访问频率限制、ACL 和 IP 组只读查询工具。 +category: custom +enabled: true +requires_confirmation: false +provider: chaitin_safeline_waf +version: "1.0" +inputSchema: + type: object + properties: + action: + type: string + enum: + - acl_rules + - acl_templates + - ip_groups + - test + description: | + - acl_rules: GET /api/ACLRuleAPI,查询 ACL Rule。 + - acl_templates: GET /api/ACLRuleTemplateAPI,查询访问频率限制规则。 + - ip_groups: GET /api/IPGroupAPI,查询 IP 组。 + query: + type: object + description: GET query 参数。 + count: + type: integer + description: 分页数量。 + offset: + type: integer + description: 分页偏移量。 + required: + - action +handler: + type: script + script_file: chaitin_safeline_waf.handler.py + function: policy diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_site.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_site.yaml new file mode 100644 index 000000000..a4cc53593 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_site.yaml @@ -0,0 +1,35 @@ +name: chaitin_safeline_waf_site +description: Chaitin SafeLine WAF protected site and certificate read-only queries. +description_cn: 长亭雷池 WAF 防护站点与证书只读查询工具。 +category: custom +enabled: true +requires_confirmation: false +provider: chaitin_safeline_waf +version: "1.0" +inputSchema: + type: object + properties: + action: + type: string + enum: + - reverse_proxy_sites + - traffic_detection_sites + - certificates + - test + description: | + - reverse_proxy_sites: GET /api/HardwareReverseProxyWebsiteAPI,查询反向代理站点。 + - traffic_detection_sites: GET /api/HardwareTrafficDetectionWebsiteAPI,查询流量检测站点。 + - certificates: GET /api/CertAPI,查询证书列表。 + query: + type: object + description: GET query 参数。 + count: + type: integer + offset: + type: integer + required: + - action +handler: + type: script + script_file: chaitin_safeline_waf.handler.py + function: site diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_system.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_system.yaml new file mode 100644 index 000000000..16a6e0a2f --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_system.yaml @@ -0,0 +1,29 @@ +name: chaitin_safeline_waf_system +description: Chaitin SafeLine WAF profile and overview queries. +description_cn: 长亭雷池 WAF 账号信息与概览查询工具。 +category: custom +enabled: true +requires_confirmation: false +provider: chaitin_safeline_waf +version: "1.0" +inputSchema: + type: object + properties: + action: + type: string + enum: + - profile + - overview + - test + description: | + - profile: GET /api/ProfileAPI,查询当前账号/API Token 可见的账号信息。 + - overview: GET /api/OverviewAPI,查询 WAF 统计概览。 + query: + type: object + description: GET query 参数;也可直接传 count、offset 等简单字段。 + required: + - action +handler: + type: script + script_file: chaitin_safeline_waf.handler.py + function: system diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/manifest.json b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/manifest.json new file mode 100644 index 000000000..065286060 --- /dev/null +++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/manifest.json @@ -0,0 +1,71 @@ +{ + "schemaVersion": "hub.plugin.v1", + "id": "chaitin_safeline_waf_v1_0_0", + "type": "device", + "name": "Chaitin SafeLine WAF", + "description": "Chaitin SafeLine WAF OpenAPI integration.", + "descriptionCn": "长亭雷池 WAF OpenAPI 接入。", + "version": "1.0.0", + "author": "Flocks Team", + "license": "MIT", + "category": "integration", + "tags": [ + "waf", + "web-security", + "integration" + ], + "useCases": [ + "integration", + "threat-detection", + "log-analysis" + ], + "domains": [ + "security-ops" + ], + "capabilities": [ + "device-integration", + "rest-api" + ], + "trust": "official", + "source": { + "kind": "bundled", + "path": "plugins/tools/device/chaitin_safeline_waf_v1_0_0" + }, + "compatibility": { + "flocks": ">=0.8.0", + "os": [ + "darwin", + "linux", + "windows" + ] + }, + "dependencies": { + "skills": [], + "tools": [], + "python": [], + "external": [] + }, + "permissions": { + "tools": [], + "network": true, + "shell": false, + "filesystem": "none" + }, + "risk": { + "level": "low", + "reasons": [] + }, + "entrypoints": [ + "_provider.yaml", + "_test.yaml", + "chaitin_safeline_waf.handler.py", + "chaitin_safeline_waf_api_catalog.json", + "chaitin_safeline_waf_system.yaml", + "chaitin_safeline_waf_policy.yaml", + "chaitin_safeline_waf_site.yaml", + "chaitin_safeline_waf_logs.yaml", + "chaitin_safeline_waf_api_readonly.yaml", + "chaitin_safeline_waf_api_mutation.yaml" + ], + "checksums": {} +} diff --git a/webui/public/vendor-logos/chaitin.png b/webui/public/vendor-logos/chaitin.png new file mode 100644 index 000000000..c412e8d64 Binary files /dev/null and b/webui/public/vendor-logos/chaitin.png differ diff --git a/webui/src/pages/DeviceIntegration/index.test.tsx b/webui/src/pages/DeviceIntegration/index.test.tsx index 35c00de2b..4d4a93474 100644 --- a/webui/src/pages/DeviceIntegration/index.test.tsx +++ b/webui/src/pages/DeviceIntegration/index.test.tsx @@ -586,6 +586,71 @@ describe('DeviceIntegrationPage', () => { expect(mocks.toastSuccess).toHaveBeenCalledWith('已填充设备配置表单'); }); + it('does not fill the device address from account-like Rex draft values', async () => { + const user = userEvent.setup(); + mocks.sessionId = 'session-1'; + mocks.listTemplates.mockResolvedValue({ + data: [ + buildTemplate({ + storage_key: 'chaitin_safeline_waf', + service_id: 'chaitin_safeline_waf', + name: '长亭雷池 WAF', + vendor: 'chaitin', + credential_schema: [ + { + key: 'base_url', + label: '设备地址', + storage: 'config', + sensitive: false, + required: true, + input_type: 'url', + config_key: 'base_url', + }, + { + key: 'api_token', + label: 'API Token', + storage: 'secret', + sensitive: true, + required: true, + input_type: 'password', + config_key: 'api_token', + }, + ], + }), + ], + }); + mocks.getSessionMessagesPage.mockResolvedValue({ + items: [ + { + info: { role: 'assistant' }, + parts: [ + { + type: 'text', + text: '```json\n{"storage_key":"chaitin_safeline_waf","device_name":"长亭雷池","fields":{"url":"admin","api_token":"token-from-user"},"verify_ssl":false}\n```', + }, + ], + }, + ], + }); + + render(); + + await user.click(await screen.findByRole('button', { name: /立即添加设备/ })); + await user.click(await screen.findByRole('button', { name: /mock stream done/ })); + await user.click(await screen.findByRole('button', { name: /^填充表单$/ })); + + expect(await screen.findByDisplayValue('长亭雷池')).toBeInTheDocument(); + expect(screen.getByText(/设备地址/)).toBeInTheDocument(); + expect(screen.getByText(/API Token/)).toBeInTheDocument(); + expect(screen.queryByText(/管理端地址/)).toBeNull(); + expect(screen.queryByText(/OpenAPI Token/)).toBeNull(); + expect(screen.queryByDisplayValue('admin')).toBeNull(); + expect(screen.getByDisplayValue('token-from-user')).toBeInTheDocument(); + const blankTextInputs = screen.getAllByRole('textbox') + .filter((input) => (input as HTMLInputElement).value === ''); + expect(blankTextInputs.length).toBeGreaterThan(0); + }); + it('returns to the Rex session and asks for testing guidance after confirming integration', async () => { const user = userEvent.setup(); mocks.sessionId = 'session-1'; @@ -851,6 +916,13 @@ describe('DeviceIntegrationPage', () => { name: '360 WAF', vendor: '360', }), + buildTemplate({ + plugin_id: 'chaitin_safeline_waf_v1_0_0', + storage_key: 'chaitin_safeline_waf', + service_id: 'chaitin_safeline_waf', + name: '长亭雷池 WAF', + vendor: 'chaitin', + }), ], }); const { container } = render(); @@ -859,14 +931,17 @@ describe('DeviceIntegrationPage', () => { expect(screen.getByText('火绒')).toBeInTheDocument(); expect(screen.getByText('华为云')).toBeInTheDocument(); + expect(screen.getByText('长亭')).toBeInTheDocument(); expect(screen.getAllByText('360').length).toBeGreaterThan(0); expect(screen.queryByText('huorong')).toBeNull(); expect(screen.queryByText('huaweicloud')).toBeNull(); + expect(screen.queryByText('chaitin')).toBeNull(); const huorongLogo = container.querySelector('img[src="/vendor-logos/huorong.png"]'); expect(huorongLogo).not.toBeNull(); expect(container.querySelector('img[src="/vendor-logos/huaweicloud.png"]')).not.toBeNull(); expect(container.querySelector('img[src="/vendor-logos/360.png"]')).not.toBeNull(); + expect(container.querySelector('img[src="/vendor-logos/chaitin.png"]')).not.toBeNull(); fireEvent.error(huorongLogo as Element); await waitFor(() => expect(screen.getByText('火')).toBeInTheDocument()); diff --git a/webui/src/pages/DeviceIntegration/index.tsx b/webui/src/pages/DeviceIntegration/index.tsx index 5f2da06c6..1538bdc89 100644 --- a/webui/src/pages/DeviceIntegration/index.tsx +++ b/webui/src/pages/DeviceIntegration/index.tsx @@ -67,6 +67,7 @@ const VENDOR_PRESENTATION: Record> = { threatbook: { nameCn: '微步', nameEn: 'ThreatBook', color: 'bg-orange-100 text-orange-800', mark: '微', logoSrc: '/vendor-logos/threatbook.png' }, qingteng: { nameCn: '青藤', nameEn: 'Qingteng', color: 'bg-teal-100 text-teal-800', mark: '青', logoSrc: '/vendor-logos/qingteng.png' }, nsfocus: { nameCn: '绿盟', nameEn: 'NSFOCUS', color: 'bg-green-100 text-green-800', mark: '绿', logoSrc: '/vendor-logos/nsfocus.png' }, + chaitin: { nameCn: '长亭', nameEn: 'Chaitin', color: 'bg-lime-100 text-lime-800', mark: '长', logoSrc: '/vendor-logos/chaitin.png' }, }; function vendorPresentation(vendorKey: string): DeviceVendor { @@ -240,6 +241,7 @@ function buildDeviceAddSessionContext(templates: DeviceTemplate[]): string { buildCustomDeviceModeRoutingPrompt(), '信息足够时,不要只输出表格或操作步骤;必须在回复末尾输出一个 ```json 代码块,页面只会读取这个 JSON 草稿用于一键回填。', 'JSON 草稿格式为 {"storage_key":"...","device_name":"...","fields":{"base_url":"..."},"verify_ssl":false}。', + 'fields 只能使用设备模板列出的字段;账号/用户名只有模板包含 username/user/account 字段时才填写,不能写入 base_url 或 url。', '不要把真实密码、Token、Secret、API Key 写入 JSON;这些密钥字段留空或省略,并提示用户稍后在设备接入表单中填写。', '', '当前可见设备模板:', @@ -254,6 +256,17 @@ function normalizeExtractedValue(value: unknown): string | undefined { return text.replace(/^`|`$/g, '').trim(); } +function looksLikeDeviceAddress(value: string): boolean { + const text = value.trim(); + if (!text) return false; + if (/^[a-z][a-z0-9+.-]*:\/\//i.test(text)) return true; + if (/^localhost(?::\d+)?(?:\/.*)?$/i.test(text)) return true; + if (/^(?:\d{1,3}\.){3}\d{1,3}(?::\d+)?(?:\/.*)?$/.test(text)) return true; + if (/^[a-z0-9-]+(?:\.[a-z0-9-]+)+(?::\d+)?(?:\/.*)?$/i.test(text)) return true; + if (/^[a-z0-9-]+:\d+(?:\/.*)?$/i.test(text)) return true; + return false; +} + function parseJsonDraft(text: string): ExtractedDeviceDraft | null { const trimmed = text.trim(); const candidates = Array.from(text.matchAll(/```json\s*([\s\S]*?)```/gi)).map((match) => match[1]); @@ -342,6 +355,9 @@ function normalizeDraftFields(template: DeviceTemplate, fields: Record