diff --git a/.flocks/flockshub/index.json b/.flocks/flockshub/index.json
index 1316944dd..1d4147397 100644
--- a/.flocks/flockshub/index.json
+++ b/.flocks/flockshub/index.json
@@ -14544,6 +14544,73 @@
"trust": "community",
"riskLevel": "medium",
"manifestPath": "plugins/skills/Anthropic-Cybersecurity-Skills/validating-backup-integrity-for-recovery/manifest.json"
+ },
+ {
+ "id": "chaitin_muyun_api_v3",
+ "type": "device",
+ "name": "Chaitin Muyun",
+ "description": "Chaitin Muyun host security platform JSON-RPC API 3.0 integration.",
+ "version": "3.0",
+ "category": "integration",
+ "tags": [
+ "edr",
+ "hids",
+ "vulnerability",
+ "integration"
+ ],
+ "useCases": [
+ "integration",
+ "incident-response",
+ "vulnerability-management"
+ ],
+ "trust": "official",
+ "riskLevel": "low",
+ "manifestPath": "plugins/tools/device/chaitin_muyun_api_v3/manifest.json",
+ "descriptionCn": "长亭牧云主机安全平台 API 3.0 接入。"
+ },
+ {
+ "id": "chaitin_safeline_waf_v1_0_0",
+ "type": "device",
+ "name": "Chaitin SafeLine WAF",
+ "description": "Chaitin SafeLine WAF OpenAPI integration.",
+ "version": "1.0.0",
+ "category": "integration",
+ "tags": [
+ "waf",
+ "web-security",
+ "integration"
+ ],
+ "useCases": [
+ "integration",
+ "threat-detection",
+ "log-analysis"
+ ],
+ "trust": "official",
+ "riskLevel": "low",
+ "manifestPath": "plugins/tools/device/chaitin_safeline_waf_v1_0_0/manifest.json",
+ "descriptionCn": "长亭雷池 WAF OpenAPI 接入。"
+ },
+ {
+ "id": "chaitin_dongjian_v2_8",
+ "type": "device",
+ "name": "Chaitin Dongjian",
+ "description": "Chaitin Dongjian (X-Ray) security assessment system OpenAPI V2.8 integration.",
+ "version": "2.8",
+ "category": "integration",
+ "tags": [
+ "vulnerability",
+ "web-security",
+ "integration"
+ ],
+ "useCases": [
+ "integration",
+ "vulnerability-management",
+ "security-reporting"
+ ],
+ "trust": "official",
+ "riskLevel": "low",
+ "manifestPath": "plugins/tools/device/chaitin_dongjian_v2_8/manifest.json",
+ "descriptionCn": "长亭洞鉴(X-Ray)安全评估系统 OpenAPI V2.8 接入。"
}
]
}
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/_provider.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/_provider.yaml
new file mode 100644
index 000000000..11fed5924
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/_provider.yaml
@@ -0,0 +1,40 @@
+name: chaitin_dongjian
+vendor: chaitin
+service_id: chaitin_dongjian_api
+version: "2.8"
+integration_type: device
+description: >
+ Chaitin Dongjian (X-Ray) security assessment system OpenAPI V2.8
+ integration. Configure the device URL and API Token. The handler normalizes
+ the base URL to /api/v2.
+description_cn: >
+ 长亭洞鉴(X-Ray)安全评估系统 OpenAPI V2.8 接入。配置设备地址和 API Token;
+ handler 会将地址归一化到 /api/v2。
+auth:
+ type: custom
+ secret: chaitin_dongjian_token
+credential_fields:
+ - key: base_url
+ label: 设备地址
+ storage: config
+ config_key: base_url
+ input_type: url
+ required: true
+ placeholder: "https://dongjian.example.com"
+ - key: token
+ label: API Token
+ storage: secret
+ config_key: token
+ secret_id: chaitin_dongjian_token
+ input_type: password
+ required: true
+defaults:
+ timeout: 30
+ category: custom
+ product_version: "OpenAPI V2.8"
+ verify_ssl: false
+notes: |
+ 认证规则来自《洞鉴(X-Ray)安全评估系统OpenAPI接口文档(标准版)V2.8》:
+ - 所有 API 请求需要在请求头 token 中携带认证信息。
+ - 接口路径基于 /api/v2,例如 GET /api/v2/project/?limit=1&offset=0。
+ - GET 用于获取指定数据;POST /filter/ 用于批量筛选查询。
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/_test.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/_test.yaml
new file mode 100644
index 000000000..223818a67
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/_test.yaml
@@ -0,0 +1,59 @@
+schema_version: 1
+provider: chaitin_dongjian_api
+
+connectivity:
+ tool: chaitin_dongjian_projects
+ params:
+ action: project_list
+ limit: 1
+ offset: 0
+
+fixtures:
+ chaitin_dongjian_projects:
+ - label: List projects
+ label_cn: 查询组织单位列表
+ tags: [smoke]
+ params:
+ action: project_list
+ limit: 10
+ offset: 0
+ assert:
+ success: true
+
+ chaitin_dongjian_tasks:
+ - label: Filter scan task instances
+ label_cn: 筛选任务实例
+ tags: [task]
+ params:
+ action: xprocess_filter
+ body:
+ limit: 10
+ offset: 0
+
+ chaitin_dongjian_results:
+ - label: Filter vulnerabilities
+ label_cn: 筛选漏洞资产
+ tags: [vulnerability]
+ params:
+ action: vuln_filter
+ body:
+ limit: 10
+ offset: 0
+
+ chaitin_dongjian_api_readonly:
+ - label: Show API catalog
+ label_cn: 查看 API 目录
+ tags: [api]
+ params:
+ action: api_catalog
+ assert:
+ success: true
+
+ chaitin_dongjian_api_mutation:
+ - label: Show API catalog before confirmed mutation
+ label_cn: 变更调用前查看 API 目录
+ tags: [api, mutation]
+ params:
+ action: api_catalog
+ assert:
+ success: true
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian.handler.py b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian.handler.py
new file mode 100644
index 000000000..00dfe3105
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian.handler.py
@@ -0,0 +1,371 @@
+from __future__ import annotations
+
+import asyncio
+import json
+import os
+from pathlib import Path
+from typing import Any, Callable
+
+import requests
+
+from flocks.config.config_writer import ConfigWriter
+from flocks.security import get_secret_manager
+from flocks.tool.registry import ToolContext, ToolResult
+
+
+SERVICE_ID = "chaitin_dongjian_api"
+STORAGE_KEY = "chaitin_dongjian_v2_8"
+PRODUCT_VERSION = "OpenAPI V2.8"
+DEFAULT_TIMEOUT = 30
+DEFAULT_VERIFY_SSL = False
+CATALOG_FILE = Path(__file__).with_name("chaitin_dongjian_api_catalog.json")
+
+
+class ChaitinDongjianError(RuntimeError):
+ pass
+
+
+class RuntimeConfig:
+ def __init__(
+ self,
+ *,
+ base_url: str,
+ token: str,
+ verify_ssl: bool,
+ timeout: int,
+ ) -> None:
+ self.base_url = base_url
+ self.token = token
+ self.verify_ssl = verify_ssl
+ self.timeout = timeout
+
+
+def _resolve_ref(value: Any) -> str:
+ if value is None:
+ return ""
+ if not isinstance(value, str):
+ return str(value)
+ if value.startswith("{secret:") and value.endswith("}"):
+ return get_secret_manager().get(value[len("{secret:") : -1]) or ""
+ if value.startswith("{env:") and value.endswith("}"):
+ return os.getenv(value[len("{env:") : -1], "")
+ return value
+
+
+def _raw_service_config() -> dict[str, Any]:
+ raw = ConfigWriter.get_api_service_raw(SERVICE_ID)
+ if not isinstance(raw, dict):
+ raw = ConfigWriter.get_api_service_raw(STORAGE_KEY)
+ return raw if isinstance(raw, dict) else {}
+
+
+def _config_value(raw: dict[str, Any], *keys: str) -> Any:
+ for key in keys:
+ if raw.get(key) is not None:
+ return raw[key]
+ custom_settings = raw.get("custom_settings")
+ if isinstance(custom_settings, dict):
+ for key in keys:
+ if custom_settings.get(key) is not None:
+ return custom_settings[key]
+ return None
+
+
+def _as_bool(value: Any, default: bool) -> bool:
+ if value is None:
+ return default
+ if isinstance(value, bool):
+ return value
+ if isinstance(value, str):
+ text = value.strip().lower()
+ if text in {"1", "true", "yes", "on"}:
+ return True
+ if text in {"0", "false", "no", "off"}:
+ return False
+ return bool(value)
+
+
+def _normalize_base_url(base_url: str) -> str:
+ text = base_url.strip().rstrip("/")
+ if not text.endswith("/api/v2"):
+ text = f"{text}/api/v2"
+ return text.rstrip("/")
+
+
+def resolve_config() -> RuntimeConfig:
+ raw = _raw_service_config()
+ base_url = (
+ _resolve_ref(_config_value(raw, "base_url", "baseUrl"))
+ or os.getenv("CHAITIN_DONGJIAN_BASE_URL", "")
+ )
+ if not base_url:
+ raise ChaitinDongjianError("Chaitin Dongjian base_url is not configured")
+
+ token = (
+ _resolve_ref(_config_value(raw, "token", "api_token", "apiToken"))
+ or get_secret_manager().get("chaitin_dongjian_token")
+ or get_secret_manager().get(f"{SERVICE_ID}_token")
+ or os.getenv("CHAITIN_DONGJIAN_TOKEN", "")
+ )
+ if not token:
+ raise ChaitinDongjianError("Chaitin Dongjian token is not configured")
+
+ try:
+ timeout = int(_config_value(raw, "timeout") or DEFAULT_TIMEOUT)
+ except (TypeError, ValueError):
+ timeout = DEFAULT_TIMEOUT
+ verify_ssl = _as_bool(
+ _config_value(raw, "verify_ssl", "ssl_verify", "verifySsl")
+ if _config_value(raw, "verify_ssl", "ssl_verify", "verifySsl") is not None
+ else os.getenv("CHAITIN_DONGJIAN_VERIFY_SSL"),
+ DEFAULT_VERIFY_SSL,
+ )
+ return RuntimeConfig(
+ base_url=_normalize_base_url(base_url),
+ token=token,
+ verify_ssl=verify_ssl,
+ timeout=timeout,
+ )
+
+
+def _render_path(path: str, args: dict[str, Any]) -> str:
+ rendered = path
+ path_params = args.get("path_params") if isinstance(args.get("path_params"), dict) else {}
+ for key, value in {**path_params, **args}.items():
+ if isinstance(key, str):
+ rendered = rendered.replace("{" + key + "}", str(value))
+ if "{" in rendered or "}" in rendered:
+ raise ChaitinDongjianError(f"Missing path parameter for {path}")
+ return rendered
+
+
+class DongjianClient:
+ def __init__(self, config: RuntimeConfig) -> None:
+ self.config = config
+
+ def request(
+ self,
+ method: str,
+ path: str,
+ *,
+ query: dict[str, Any] | None = None,
+ body: Any = None,
+ ) -> Any:
+ url = f"{self.config.base_url}{path}"
+ headers = {
+ "Accept": "application/json",
+ "token": self.config.token,
+ }
+ if method.upper() in {"POST", "PUT", "DELETE", "PATCH"}:
+ headers["Content-Type"] = "application/json"
+ response = requests.request(
+ method.upper(),
+ url,
+ params={k: v for k, v in (query or {}).items() if v is not None},
+ json=body if body not in (None, "") else None,
+ headers=headers,
+ timeout=self.config.timeout,
+ verify=self.config.verify_ssl,
+ )
+ return _json_response(response)
+
+
+def _json_response(response: requests.Response) -> Any:
+ try:
+ payload = response.json()
+ except ValueError as exc:
+ raise ChaitinDongjianError(f"Invalid JSON response: HTTP {response.status_code}") from exc
+ if response.status_code >= 400:
+ raise ChaitinDongjianError(f"HTTP {response.status_code}: {payload}")
+ if isinstance(payload, dict) and payload.get("err") not in (None, ""):
+ raise ChaitinDongjianError(str(payload.get("msg") or payload.get("err")))
+ return payload
+
+
+def _ok(data: Any, *, action: str) -> ToolResult:
+ return ToolResult(
+ success=True,
+ output=data,
+ metadata={"source": "Chaitin Dongjian", "version": PRODUCT_VERSION, "action": action},
+ )
+
+
+def get_client() -> DongjianClient:
+ return DongjianClient(resolve_config())
+
+
+def _request_args(args: dict[str, Any], default_method: str, default_path: str) -> tuple[str, str, dict[str, Any], Any]:
+ method = str(args.get("method") or default_method).upper()
+ path = _render_path(str(args.get("path") or default_path), args)
+ query = args.get("query") if isinstance(args.get("query"), dict) else {}
+ body = args.get("body")
+ if method == "GET" and not query:
+ ignored = {"action", "method", "path", "query", "body", "path_params"}
+ query = {k: v for k, v in args.items() if k not in ignored and v is not None}
+ return method, path, dict(query), body
+
+
+def _load_api_catalog() -> list[dict[str, Any]]:
+ try:
+ data = json.loads(CATALOG_FILE.read_text(encoding="utf-8"))
+ except FileNotFoundError:
+ return []
+ entries = data.get("entries")
+ return entries if isinstance(entries, list) else []
+
+
+def _catalog_pairs(kind: str) -> set[tuple[str, str]]:
+ return {
+ (str(entry.get("method", "")).upper(), str(entry.get("path", "")))
+ for entry in _load_api_catalog()
+ if entry.get("kind") == kind and entry.get("method") and entry.get("path")
+ }
+
+
+READONLY_ACTIONS: dict[str, tuple[str, str]] = {
+ "project_list": ("GET", "/project/"),
+ "project_filter": ("POST", "/project/filter/"),
+ "template_list": ("GET", "/template/"),
+ "plan_filter": ("POST", "/plan/filter/"),
+ "plan_detail": ("GET", "/plan/{id}/"),
+ "plugin_filter": ("POST", "/plugin/filter/"),
+ "engine_filter": ("POST", "/engine/filter/"),
+ "xprocess_filter": ("POST", "/xprocess/filter/"),
+ "xprocess_detail": ("GET", "/xprocess/{id}/"),
+ "xprocess_progress": ("GET", "/xprocess/{id}/progress/"),
+ "result_filter": ("POST", "/result/filter/"),
+ "result_detail": ("GET", "/result/{id}/"),
+ "website_filter": ("POST", "/website/filter/"),
+ "host_filter": ("POST", "/ip/filter/"),
+ "service_filter": ("POST", "/service/filter/"),
+ "domain_filter": ("POST", "/domain/filter/"),
+ "vuln_filter": ("POST", "/vuln/filter/"),
+ "vuln_detail": ("GET", "/vuln/{id}/"),
+ "auditlog_filter": ("POST", "/auditlog/filter/"),
+ "report_filter": ("POST", "/report/filter/"),
+ "system_info_mgmt": ("GET", "/system/info/mgmt/"),
+ "system_services": ("GET", "/system/info/services/"),
+}
+
+
+PROJECT_ACTIONS = {"project_list", "project_filter", "template_list"}
+TASK_ACTIONS = {
+ "plan_filter",
+ "plan_detail",
+ "plugin_filter",
+ "engine_filter",
+ "xprocess_filter",
+ "xprocess_detail",
+ "xprocess_progress",
+}
+ASSET_ACTIONS = {"website_filter", "host_filter", "service_filter", "domain_filter"}
+RESULT_ACTIONS = {"result_filter", "result_detail", "vuln_filter", "vuln_detail", "auditlog_filter", "report_filter"}
+SYSTEM_ACTIONS = {"system_info_mgmt", "system_services"}
+
+
+def call_rest(action: str, args: dict[str, Any]) -> ToolResult:
+ method, path = READONLY_ACTIONS[action]
+ req_method, req_path, query, body = _request_args(args, method, path)
+ return _ok(get_client().request(req_method, req_path, query=query, body=body), action=action)
+
+
+def api_catalog(args: dict[str, Any]) -> ToolResult:
+ del args
+ catalog = _load_api_catalog()
+ return _ok(
+ {
+ "base_path": "/api/v2",
+ "catalog_counts": {
+ "total": len(catalog),
+ "readonly": sum(1 for entry in catalog if entry.get("kind") == "readonly"),
+ "mutation": sum(1 for entry in catalog if entry.get("kind") == "mutation"),
+ },
+ "documented_api_catalog": catalog,
+ "common_actions": {
+ "projects": sorted(PROJECT_ACTIONS),
+ "tasks": sorted(TASK_ACTIONS),
+ "assets": sorted(ASSET_ACTIONS),
+ "results": sorted(RESULT_ACTIONS),
+ "system": sorted(SYSTEM_ACTIONS),
+ },
+ },
+ action="api_catalog",
+ )
+
+
+def rest_call_readonly(args: dict[str, Any]) -> ToolResult:
+ method, path, query, body = _request_args(args, "GET", "")
+ if (method, path) not in _catalog_pairs("readonly"):
+ raise ChaitinDongjianError("Only documented read-only REST method/path pairs are allowed")
+ return _ok(get_client().request(method, path, query=query, body=body), action="rest_call_readonly")
+
+
+def rest_call_mutation(args: dict[str, Any]) -> ToolResult:
+ method, path, query, body = _request_args(args, "POST", "")
+ if (method, path) not in _catalog_pairs("mutation"):
+ raise ChaitinDongjianError("Only documented mutation REST method/path pairs are allowed")
+ return _ok(get_client().request(method, path, query=query, body=body), action="rest_call_mutation")
+
+
+ACTION_HANDLERS: dict[str, Callable[[dict[str, Any]], ToolResult]] = {
+ "api_catalog": api_catalog,
+ "rest_call_readonly": rest_call_readonly,
+ "rest_call_mutation": rest_call_mutation,
+}
+for _action in READONLY_ACTIONS:
+ ACTION_HANDLERS[_action] = lambda args, action=_action: call_rest(action, args)
+
+
+async def _dispatch(ctx: ToolContext, allowed: set[str], action: str, **params: Any) -> ToolResult:
+ del ctx
+ if action == "test":
+ action = "project_list"
+ params.setdefault("limit", 1)
+ params.setdefault("offset", 0)
+ if action not in allowed:
+ return ToolResult(
+ success=False,
+ error=f"Unsupported Chaitin Dongjian action: {action}. Available: {', '.join(sorted(allowed))}",
+ )
+ try:
+ return await asyncio.to_thread(ACTION_HANDLERS[action], params)
+ except ChaitinDongjianError as exc:
+ return ToolResult(
+ success=False,
+ error=str(exc),
+ metadata={"source": "Chaitin Dongjian", "version": PRODUCT_VERSION, "action": action},
+ )
+ except Exception as exc:
+ return ToolResult(
+ success=False,
+ error=f"Unexpected Chaitin Dongjian error: {exc}",
+ metadata={"source": "Chaitin Dongjian", "version": PRODUCT_VERSION, "action": action},
+ )
+
+
+async def projects(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, PROJECT_ACTIONS | {"test"}, action, **params)
+
+
+async def tasks(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, TASK_ACTIONS | {"test"}, action, **params)
+
+
+async def assets(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, ASSET_ACTIONS | {"test"}, action, **params)
+
+
+async def results(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, RESULT_ACTIONS | {"test"}, action, **params)
+
+
+async def system(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, SYSTEM_ACTIONS | {"test"}, action, **params)
+
+
+async def api_readonly(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, {"api_catalog", "rest_call_readonly", *READONLY_ACTIONS.keys(), "test"}, action, **params)
+
+
+async def api_mutation(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, {"api_catalog", "rest_call_mutation"}, action, **params)
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_catalog.json b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_catalog.json
new file mode 100644
index 000000000..08c89c657
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_catalog.json
@@ -0,0 +1,854 @@
+{
+ "schema_version": 1,
+ "source": "洞鉴(X-Ray)安全评估系统OpenAPI接口文档(标准版)V2.8.pdf",
+ "base_path": "/api/v2",
+ "entries": [
+ {
+ "method": "GET",
+ "path": "/project/",
+ "kind": "readonly",
+ "description": "获取组织单位列表",
+ "page": 24
+ },
+ {
+ "method": "POST",
+ "path": "/project/",
+ "kind": "mutation",
+ "description": "创建组织单位",
+ "page": 25
+ },
+ {
+ "method": "POST",
+ "path": "/project/filter/",
+ "kind": "readonly",
+ "description": "功能 2: 根据组织单位全称查询组织单位详情",
+ "page": 27
+ },
+ {
+ "method": "GET",
+ "path": "/project/{id}/",
+ "kind": "readonly",
+ "description": "获取组织单位详情",
+ "page": 29
+ },
+ {
+ "method": "GET",
+ "path": "/template/",
+ "kind": "readonly",
+ "description": "获取策略模版列表",
+ "page": 32
+ },
+ {
+ "method": "GET",
+ "path": "/template/{id}/",
+ "kind": "readonly",
+ "description": "获取策略模版详情",
+ "page": 33
+ },
+ {
+ "method": "POST",
+ "path": "/plan/filter/",
+ "kind": "readonly",
+ "description": "按条件批量获取任务计划列表",
+ "page": 36
+ },
+ {
+ "method": "GET",
+ "path": "/plan/{id}/",
+ "kind": "readonly",
+ "description": "获取任务计划详情",
+ "page": 38
+ },
+ {
+ "method": "DELETE",
+ "path": "/plan/{id}/",
+ "kind": "mutation",
+ "description": "删除任务计划",
+ "page": 39
+ },
+ {
+ "method": "POST",
+ "path": "/plan/create/",
+ "kind": "mutation",
+ "description": "创建任务计划",
+ "page": 40
+ },
+ {
+ "method": "POST",
+ "path": "/plan/update/",
+ "kind": "mutation",
+ "description": "更新任务计划",
+ "page": 42
+ },
+ {
+ "method": "POST",
+ "path": "/plan/stop/",
+ "kind": "mutation",
+ "description": "停止循环任务的循环设置,不影响当前正在扫描的任务实例。",
+ "page": 44
+ },
+ {
+ "method": "POST",
+ "path": "/plan/execute/",
+ "kind": "readonly",
+ "description": "例",
+ "page": 45
+ },
+ {
+ "method": "POST",
+ "path": "/plugin/filter/",
+ "kind": "readonly",
+ "description": "获取漏洞插件列表",
+ "page": 49
+ },
+ {
+ "method": "POST",
+ "path": "/custom_plugin/filter/",
+ "kind": "readonly",
+ "description": "获取自定义插件列表",
+ "page": 50
+ },
+ {
+ "method": "GET",
+ "path": "/custom_plugin/{id}/",
+ "kind": "readonly",
+ "description": "漏洞插件的标识,作为策略配置中插件启用/禁用的输入参数",
+ "page": 51
+ },
+ {
+ "method": "POST",
+ "path": "/scannerdict/",
+ "kind": "mutation",
+ "description": "创建字典",
+ "page": 52
+ },
+ {
+ "method": "DELETE",
+ "path": "/scannerdict/",
+ "kind": "mutation",
+ "description": "删除字典列表",
+ "page": 53
+ },
+ {
+ "method": "POST",
+ "path": "/scannerdict/filter/",
+ "kind": "readonly",
+ "description": "获取字典列表",
+ "page": 54
+ },
+ {
+ "method": "GET",
+ "path": "/scannerdict/{id}/",
+ "kind": "readonly",
+ "description": "获取字典详情",
+ "page": 55
+ },
+ {
+ "method": "POST",
+ "path": "/portgroup/filter/",
+ "kind": "readonly",
+ "description": "获取端口组列表",
+ "page": 56
+ },
+ {
+ "method": "POST",
+ "path": "/hostlogrule/filter/",
+ "kind": "readonly",
+ "description": "则”参数",
+ "page": 57
+ },
+ {
+ "method": "POST",
+ "path": "/upload_file/",
+ "kind": "mutation",
+ "description": "上传文件",
+ "page": 58
+ },
+ {
+ "method": "POST",
+ "path": "/engine/filter/",
+ "kind": "readonly",
+ "description": "获取引擎节点列表",
+ "page": 59
+ },
+ {
+ "method": "GET",
+ "path": "/reverse_platform/{uuid}/",
+ "kind": "readonly",
+ "description": "获取反连平台详情",
+ "page": 60
+ },
+ {
+ "method": "POST",
+ "path": "/reverse_platform/filter/",
+ "kind": "readonly",
+ "description": "获取反连平台列表",
+ "page": 61
+ },
+ {
+ "method": "POST",
+ "path": "/whitelist/",
+ "kind": "mutation",
+ "description": "创建全局白名单",
+ "page": 62
+ },
+ {
+ "method": "POST",
+ "path": "/whitelist/update/",
+ "kind": "mutation",
+ "description": "更新全局白名单",
+ "page": 65
+ },
+ {
+ "method": "POST",
+ "path": "/whitelist/filter/",
+ "kind": "readonly",
+ "description": "获取全局白名单列表",
+ "page": 67
+ },
+ {
+ "method": "GET",
+ "path": "/whitelist/{id}/",
+ "kind": "readonly",
+ "description": "获取全局白名单详情",
+ "page": 68
+ },
+ {
+ "method": "POST",
+ "path": "/xprocess/filter/",
+ "kind": "readonly",
+ "description": "按条件批量获取任务实例列表",
+ "page": 75
+ },
+ {
+ "method": "GET",
+ "path": "/xprocess/{id}/",
+ "kind": "readonly",
+ "description": "获取任务实例",
+ "page": 77
+ },
+ {
+ "method": "GET",
+ "path": "/xprocess/{id}/progress/",
+ "kind": "readonly",
+ "description": "务是否完成应该根据进度提供的 status 判断。",
+ "page": 78
+ },
+ {
+ "method": "POST",
+ "path": "/xprocess/stop/",
+ "kind": "readonly",
+ "description": "结束正在执行过程中的扫描实例",
+ "page": 80
+ },
+ {
+ "method": "POST",
+ "path": "/xprocess/pause/",
+ "kind": "mutation",
+ "description": "暂停正在执行过程中的扫描实例",
+ "page": 81
+ },
+ {
+ "method": "POST",
+ "path": "/xprocess/resume/",
+ "kind": "mutation",
+ "description": "仅能恢复手动暂停的任务实例",
+ "page": 82
+ },
+ {
+ "method": "POST",
+ "path": "/xprocess/pause/stage/",
+ "kind": "readonly",
+ "description": "当前仅支持扫描策略为被动 Web 扫描(流量)的任务",
+ "page": 83
+ },
+ {
+ "method": "POST",
+ "path": "/xprocess/resume/stage/",
+ "kind": "readonly",
+ "description": "仅支持扫描策略为被动 Web 扫描(流量)的任务",
+ "page": 84
+ },
+ {
+ "method": "POST",
+ "path": "/result/filter/",
+ "kind": "readonly",
+ "description": "按条件批量获取任务结果",
+ "page": 89
+ },
+ {
+ "method": "GET",
+ "path": "/result/{id}/",
+ "kind": "readonly",
+ "description": "获取任务结果",
+ "page": 91
+ },
+ {
+ "method": "POST",
+ "path": "/ssh_key/filter/",
+ "kind": "readonly",
+ "description": "按条件批量获取 SSH 认证私钥列表",
+ "page": 101
+ },
+ {
+ "method": "POST",
+ "path": "/ssh_key/create/",
+ "kind": "mutation",
+ "description": "创建 SSH 认证私钥",
+ "page": 102
+ },
+ {
+ "method": "POST",
+ "path": "/check_sets/filter/",
+ "kind": "readonly",
+ "description": "按条件批量获取检查策略列表",
+ "page": 103
+ },
+ {
+ "method": "POST",
+ "path": "/baseline/task/filter/",
+ "kind": "readonly",
+ "description": "按条件批量获取基线任务列表",
+ "page": 105
+ },
+ {
+ "method": "POST",
+ "path": "/baseline/task/create/",
+ "kind": "readonly",
+ "description": "仅支持在线检查",
+ "page": 107
+ },
+ {
+ "method": "POST",
+ "path": "/baseline/task/stop/",
+ "kind": "readonly",
+ "description": "仅支持在线检查",
+ "page": 111
+ },
+ {
+ "method": "POST",
+ "path": "/baseline/task/execute/",
+ "kind": "readonly",
+ "description": "仅支持在线检查",
+ "page": 112
+ },
+ {
+ "method": "POST",
+ "path": "/process/item/filter/",
+ "kind": "readonly",
+ "description": "按条件批量获取检查结果",
+ "page": 113
+ },
+ {
+ "method": "POST",
+ "path": "/website/",
+ "kind": "mutation",
+ "description": "批量增加 Web 站点",
+ "page": 118
+ },
+ {
+ "method": "DELETE",
+ "path": "/website/",
+ "kind": "mutation",
+ "description": "批量删除 Web 站点",
+ "page": 119
+ },
+ {
+ "method": "POST",
+ "path": "/website/filter/",
+ "kind": "readonly",
+ "description": "逐步废弃此 API,改用更精简的 /website/filter/simple",
+ "page": 120
+ },
+ {
+ "method": "POST",
+ "path": "/website/filter/simple/",
+ "kind": "readonly",
+ "description": "按条件批量获取简易版 Web 站点列表",
+ "page": 121
+ },
+ {
+ "method": "GET",
+ "path": "/website/{id}/",
+ "kind": "readonly",
+ "description": "获取 Web 站点详情",
+ "page": 122
+ },
+ {
+ "method": "POST",
+ "path": "/website/{id}/",
+ "kind": "mutation",
+ "description": "修改 Web 站点",
+ "page": 125
+ },
+ {
+ "method": "GET",
+ "path": "/website/openapi/{id}/",
+ "kind": "readonly",
+ "description": "获取 API 资产详情",
+ "page": 126
+ },
+ {
+ "method": "GET",
+ "path": "/ip/os/",
+ "kind": "readonly",
+ "description": "直接调用接口即可获取全量的操作系统列表",
+ "page": 134
+ },
+ {
+ "method": "POST",
+ "path": "/ip/",
+ "kind": "mutation",
+ "description": "批量增加主机",
+ "page": 135
+ },
+ {
+ "method": "DELETE",
+ "path": "/ip/",
+ "kind": "mutation",
+ "description": "批量删除主机",
+ "page": 136
+ },
+ {
+ "method": "POST",
+ "path": "/ip/filter/",
+ "kind": "readonly",
+ "description": "按条件批量获取主机列表",
+ "page": 137
+ },
+ {
+ "method": "GET",
+ "path": "/ip/{id}/",
+ "kind": "readonly",
+ "description": "获取主机资产详情",
+ "page": 139
+ },
+ {
+ "method": "POST",
+ "path": "/ip/{id}/",
+ "kind": "mutation",
+ "description": "修改主机资产",
+ "page": 142
+ },
+ {
+ "method": "GET",
+ "path": "/service/application_protocol/",
+ "kind": "readonly",
+ "description": "获取服务列表",
+ "page": 146
+ },
+ {
+ "method": "POST",
+ "path": "/service/",
+ "kind": "mutation",
+ "description": "批量增加服务",
+ "page": 147
+ },
+ {
+ "method": "DELETE",
+ "path": "/service/",
+ "kind": "mutation",
+ "description": "批量删除服务",
+ "page": 148
+ },
+ {
+ "method": "POST",
+ "path": "/service/filter/",
+ "kind": "readonly",
+ "description": "按条件批量获取服务",
+ "page": 149
+ },
+ {
+ "method": "GET",
+ "path": "/service/{id}/",
+ "kind": "readonly",
+ "description": "获取服务资产",
+ "page": 151
+ },
+ {
+ "method": "POST",
+ "path": "/service/{id}/",
+ "kind": "mutation",
+ "description": "修改服务资产",
+ "page": 152
+ },
+ {
+ "method": "POST",
+ "path": "/domain/",
+ "kind": "mutation",
+ "description": "批量增加域名",
+ "page": 156
+ },
+ {
+ "method": "DELETE",
+ "path": "/domain/",
+ "kind": "mutation",
+ "description": "批量删除域名",
+ "page": 157
+ },
+ {
+ "method": "POST",
+ "path": "/domain/filter/",
+ "kind": "readonly",
+ "description": "逐步废弃此 API,改用更精简的 /domain/filter/simple",
+ "page": 158
+ },
+ {
+ "method": "POST",
+ "path": "/domain/filter/simple/",
+ "kind": "readonly",
+ "description": "按条件批量获取精简的域名",
+ "page": 159
+ },
+ {
+ "method": "GET",
+ "path": "/domain/{id}/",
+ "kind": "readonly",
+ "description": "获取域名资产",
+ "page": 160
+ },
+ {
+ "method": "POST",
+ "path": "/domain/{id}/",
+ "kind": "mutation",
+ "description": "修改域名资产",
+ "page": 161
+ },
+ {
+ "method": "GET",
+ "path": "/vuln/{id}/",
+ "kind": "readonly",
+ "description": "获取漏洞资产详情",
+ "page": 166
+ },
+ {
+ "method": "POST",
+ "path": "/vuln/{id}/",
+ "kind": "mutation",
+ "description": "修改漏洞资产状态",
+ "page": 170
+ },
+ {
+ "method": "DELETE",
+ "path": "/vuln/",
+ "kind": "mutation",
+ "description": "批量删除漏洞资产",
+ "page": 172
+ },
+ {
+ "method": "POST",
+ "path": "/vuln/filter/",
+ "kind": "readonly",
+ "description": "按条件批量获取漏洞列表",
+ "page": 173
+ },
+ {
+ "method": "POST",
+ "path": "/vuln/retest/",
+ "kind": "mutation",
+ "description": "复测漏洞资产",
+ "page": 177
+ },
+ {
+ "method": "GET",
+ "path": "/vuln/retest/{task_id}/",
+ "kind": "readonly",
+ "description": "漏洞资产复测结果获取",
+ "page": 178
+ },
+ {
+ "method": "POST",
+ "path": "/auditlog/filter/",
+ "kind": "readonly",
+ "description": "按条件批量获取审计日志",
+ "page": 187
+ },
+ {
+ "method": "GET",
+ "path": "/auditlog/action/",
+ "kind": "readonly",
+ "description": "审计日志操作类型",
+ "page": 189
+ },
+ {
+ "method": "POST",
+ "path": "/report/download/",
+ "kind": "readonly",
+ "description": "下载报表",
+ "page": 192
+ },
+ {
+ "method": "POST",
+ "path": "/report/",
+ "kind": "mutation",
+ "description": "创建报表",
+ "page": 193
+ },
+ {
+ "method": "POST",
+ "path": "/report/template/filter/",
+ "kind": "readonly",
+ "description": "按条件批量获取报表模版列表",
+ "page": 195
+ },
+ {
+ "method": "POST",
+ "path": "/report/filter/",
+ "kind": "readonly",
+ "description": "按条件批量获取报表列表",
+ "page": 197
+ },
+ {
+ "method": "GET",
+ "path": "/report/{id}/",
+ "kind": "readonly",
+ "description": "查询报表详细信息",
+ "page": 199
+ },
+ {
+ "method": "DELETE",
+ "path": "/report/{id}/",
+ "kind": "mutation",
+ "description": "删除报表",
+ "page": 200
+ },
+ {
+ "method": "DELETE",
+ "path": "/engine/{id}/",
+ "kind": "readonly",
+ "description": "仅超级管理员可进行此操作",
+ "page": 206
+ },
+ {
+ "method": "GET",
+ "path": "/system/hosts/engine/{id}/",
+ "kind": "readonly",
+ "description": "获取指定引擎的静态 host 配置",
+ "page": 207
+ },
+ {
+ "method": "POST",
+ "path": "/system/hosts/engine/{id}/",
+ "kind": "mutation",
+ "description": "设置引擎节点的静态 hosts 配置",
+ "page": 208
+ },
+ {
+ "method": "GET",
+ "path": "/system/dns/engine/{id}/",
+ "kind": "readonly",
+ "description": "获取指定引擎的 dns 配置",
+ "page": 209
+ },
+ {
+ "method": "POST",
+ "path": "/system/dns/engine/{id}/",
+ "kind": "mutation",
+ "description": "设置引擎节点的 dns 配置",
+ "page": 210
+ },
+ {
+ "method": "GET",
+ "path": "/system/info/engine/{id}/",
+ "kind": "readonly",
+ "description": "获取引擎的系统信息",
+ "page": 211
+ },
+ {
+ "method": "GET",
+ "path": "/system/info/mgmt/",
+ "kind": "readonly",
+ "description": "查询管理节点系统信息和负载信息",
+ "page": 213
+ },
+ {
+ "method": "GET",
+ "path": "/system/info/services/",
+ "kind": "readonly",
+ "description": "查询管理节点服务容器名称列表",
+ "page": 215
+ },
+ {
+ "method": "POST",
+ "path": "/system/info/services/",
+ "kind": "readonly",
+ "description": "查询系统服务工作状态和负载信息",
+ "page": 216
+ },
+ {
+ "method": "POST",
+ "path": "/upload_upgrade_package/",
+ "kind": "mutation",
+ "description": "支持引擎升级包、数据库升级包,需要通过文件上传接口上传安装包",
+ "page": 219
+ },
+ {
+ "method": "POST",
+ "path": "/package/check/",
+ "kind": "mutation",
+ "description": "升级前需通过该接口对升级包进行校验",
+ "page": 220
+ },
+ {
+ "method": "POST",
+ "path": "/engine/upgrade/",
+ "kind": "mutation",
+ "description": "升级前需要通过升级包校验接口校验通过,方可升级成功",
+ "page": 222
+ },
+ {
+ "method": "POST",
+ "path": "/vuln_library/upgrade/",
+ "kind": "mutation",
+ "description": "升级前需要通过升级包校验接口校验通过,方可升级成功",
+ "page": 223
+ },
+ {
+ "method": "POST",
+ "path": "/execution/filter/",
+ "kind": "readonly",
+ "description": "执行状态列表",
+ "page": 224
+ },
+ {
+ "method": "POST",
+ "path": "/customtag/",
+ "kind": "readonly",
+ "description": "获取可用自定义 POC 标签列表",
+ "page": 226
+ },
+ {
+ "method": "POST",
+ "path": "/upload/custompoc/",
+ "kind": "mutation",
+ "description": "通过文件上传创建自定义 POC",
+ "page": 227
+ },
+ {
+ "method": "POST",
+ "path": "/custompoc/",
+ "kind": "mutation",
+ "description": "创建自定义 POC",
+ "page": 228
+ },
+ {
+ "method": "DELETE",
+ "path": "/custompoc/",
+ "kind": "mutation",
+ "description": "批量删除自定义 POC",
+ "page": 230
+ },
+ {
+ "method": "POST",
+ "path": "/custompoc/filter/",
+ "kind": "readonly",
+ "description": "按条件批量获取自定义 POC",
+ "page": 231
+ },
+ {
+ "method": "POST",
+ "path": "/custompoc/update/",
+ "kind": "mutation",
+ "description": "修改自定义 POC",
+ "page": 233
+ },
+ {
+ "method": "GET",
+ "path": "/vuln_category/",
+ "kind": "readonly",
+ "description": "获取可用漏洞类型列表",
+ "page": 235
+ },
+ {
+ "method": "POST",
+ "path": "/business_system/filter/",
+ "kind": "readonly",
+ "description": "筛选业务系统列表",
+ "page": 238
+ },
+ {
+ "method": "GET",
+ "path": "/business_system/{id}/",
+ "kind": "readonly",
+ "description": "获取业务系统详情",
+ "page": 240
+ },
+ {
+ "method": "POST",
+ "path": "/asset_tag/filter/",
+ "kind": "readonly",
+ "description": "筛选资产标签列表",
+ "page": 241
+ },
+ {
+ "method": "GET",
+ "path": "/asset_tag/{id}/",
+ "kind": "readonly",
+ "description": "获取资产标签详情",
+ "page": 242
+ },
+ {
+ "method": "POST",
+ "path": "/network_region/filter/",
+ "kind": "readonly",
+ "description": "筛选网络区域列表",
+ "page": 243
+ },
+ {
+ "method": "GET",
+ "path": "/network_region/{id}/",
+ "kind": "readonly",
+ "description": "获取网络区域详情",
+ "page": 244
+ },
+ {
+ "method": "POST",
+ "path": "/location/filter/",
+ "kind": "readonly",
+ "description": "筛选行政区域规划位置",
+ "page": 245
+ },
+ {
+ "method": "GET",
+ "path": "/location/{id}/",
+ "kind": "readonly",
+ "description": "获取行政规划区域详情",
+ "page": 247
+ },
+ {
+ "method": "POST",
+ "path": "/user/",
+ "kind": "mutation",
+ "description": "创建用户",
+ "page": 250
+ },
+ {
+ "method": "DELETE",
+ "path": "/user/{id}/",
+ "kind": "mutation",
+ "description": "删除用户",
+ "page": 252
+ },
+ {
+ "method": "POST",
+ "path": "/user/filter/",
+ "kind": "readonly",
+ "description": "根据用户名筛选用户",
+ "page": 253
+ },
+ {
+ "method": "POST",
+ "path": "/role/",
+ "kind": "mutation",
+ "description": "创建角色",
+ "page": 255
+ },
+ {
+ "method": "POST",
+ "path": "/role/filter/",
+ "kind": "readonly",
+ "description": "根据角色名称筛选角色列表",
+ "page": 257
+ }
+ ]
+}
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_mutation.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_mutation.yaml
new file mode 100644
index 000000000..758c5c3d7
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_mutation.yaml
@@ -0,0 +1,36 @@
+name: chaitin_dongjian_api_mutation
+description: Chaitin Dongjian documented mutation REST caller with confirmation.
+description_cn: 长亭洞鉴文档内变更类 REST 调用工具。所有调用都需要确认。
+category: custom
+enabled: true
+requires_confirmation: true
+provider: chaitin_dongjian_api
+version: "2.8"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - api_catalog
+ - rest_call_mutation
+ method:
+ type: string
+ description: HTTP 方法,必须和 catalog 中 kind=mutation 的 method/path 匹配。
+ path:
+ type: string
+ description: REST 路径,例如 /plan/create/。
+ path_params:
+ type: object
+ description: 路径参数。
+ query:
+ type: object
+ description: Query string 参数。
+ body:
+ description: JSON body,按洞鉴 OpenAPI V2.8 对应接口填写。
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_dongjian.handler.py
+ function: api_mutation
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_readonly.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_readonly.yaml
new file mode 100644
index 000000000..2c1fa5fc0
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_api_readonly.yaml
@@ -0,0 +1,59 @@
+name: chaitin_dongjian_api_readonly
+description: Chaitin Dongjian documented read-only REST caller.
+description_cn: 长亭洞鉴文档内只读 REST 调用工具。使用 api_catalog 查看已收录 API,再用 rest_call_readonly 调用 kind=readonly 的 method/path。
+category: custom
+enabled: true
+requires_confirmation: false
+provider: chaitin_dongjian_api
+version: "2.8"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - api_catalog
+ - rest_call_readonly
+ - project_list
+ - project_filter
+ - template_list
+ - plan_filter
+ - plan_detail
+ - plugin_filter
+ - engine_filter
+ - xprocess_filter
+ - xprocess_detail
+ - xprocess_progress
+ - result_filter
+ - result_detail
+ - website_filter
+ - host_filter
+ - service_filter
+ - domain_filter
+ - vuln_filter
+ - vuln_detail
+ - auditlog_filter
+ - report_filter
+ - system_info_mgmt
+ - system_services
+ - test
+ method:
+ type: string
+ description: rest_call_readonly 使用的 HTTP 方法。
+ path:
+ type: string
+ description: REST 路径,例如 /project/ 或 /xprocess/{id}/。
+ path_params:
+ type: object
+ description: '路径参数,例如 {"id": 1}。'
+ query:
+ type: object
+ description: Query string 参数。
+ body:
+ description: JSON body。
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_dongjian.handler.py
+ function: api_readonly
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_assets.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_assets.yaml
new file mode 100644
index 000000000..4bec2a578
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_assets.yaml
@@ -0,0 +1,35 @@
+name: chaitin_dongjian_assets
+description: Chaitin Dongjian web, host, service, and domain asset read-only queries.
+description_cn: 长亭洞鉴 Web、主机、服务和域名资产只读查询工具。
+category: custom
+enabled: true
+requires_confirmation: false
+provider: chaitin_dongjian_api
+version: "2.8"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - website_filter
+ - host_filter
+ - service_filter
+ - domain_filter
+ - test
+ description: |
+ - website_filter: POST /website/filter/,筛选 Web 站点。
+ - host_filter: POST /ip/filter/,筛选主机资产。
+ - service_filter: POST /service/filter/,筛选服务资产。
+ - domain_filter: POST /domain/filter/,筛选域名资产。
+ body:
+ description: POST 查询 body。
+ query:
+ type: object
+ description: Query 参数,例如 project_id。
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_dongjian.handler.py
+ function: assets
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_projects.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_projects.yaml
new file mode 100644
index 000000000..5c55717c3
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_projects.yaml
@@ -0,0 +1,37 @@
+name: chaitin_dongjian_projects
+description: Chaitin Dongjian project and template read-only queries.
+description_cn: 长亭洞鉴组织单位与策略模板只读查询工具。
+category: custom
+enabled: true
+requires_confirmation: false
+provider: chaitin_dongjian_api
+version: "2.8"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - project_list
+ - project_filter
+ - template_list
+ - test
+ description: |
+ - project_list: GET /project/,获取组织单位列表。
+ - project_filter: POST /project/filter/,按条件批量获取组织单位列表/详情。
+ - template_list: GET /template/,获取策略模板列表。
+ query:
+ type: object
+ description: GET query 参数。
+ body:
+ description: POST 查询 body。
+ limit:
+ type: integer
+ offset:
+ type: integer
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_dongjian.handler.py
+ function: projects
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_results.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_results.yaml
new file mode 100644
index 000000000..312c46b41
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_results.yaml
@@ -0,0 +1,42 @@
+name: chaitin_dongjian_results
+description: Chaitin Dongjian scan result, vulnerability, audit log, and report read-only queries.
+description_cn: 长亭洞鉴扫描结果、漏洞、审计日志和报表只读查询工具。
+category: custom
+enabled: true
+requires_confirmation: false
+provider: chaitin_dongjian_api
+version: "2.8"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - result_filter
+ - result_detail
+ - vuln_filter
+ - vuln_detail
+ - auditlog_filter
+ - report_filter
+ - test
+ description: |
+ - result_filter: POST /result/filter/,筛选任务结果。
+ - result_detail: GET /result/{id}/,查询任务结果详情。
+ - vuln_filter: POST /vuln/filter/,筛选漏洞资产。
+ - vuln_detail: GET /vuln/{id}/,查询漏洞资产详情。
+ - auditlog_filter: POST /auditlog/filter/,筛选审计日志。
+ - report_filter: POST /report/filter/,筛选报表。
+ id:
+ type: integer
+ description: 路径中的结果或漏洞 ID。
+ query:
+ type: object
+ description: GET query 参数。
+ body:
+ description: POST 查询 body。
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_dongjian.handler.py
+ function: results
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_system.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_system.yaml
new file mode 100644
index 000000000..ec90ab11f
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_system.yaml
@@ -0,0 +1,29 @@
+name: chaitin_dongjian_system
+description: Chaitin Dongjian management-node and service status read-only queries.
+description_cn: 长亭洞鉴管理节点与系统服务状态只读查询工具。
+category: custom
+enabled: true
+requires_confirmation: false
+provider: chaitin_dongjian_api
+version: "2.8"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - system_info_mgmt
+ - system_services
+ - test
+ description: |
+ - system_info_mgmt: GET /system/info/mgmt/,查询管理节点系统信息和负载。
+ - system_services: GET /system/info/services/,查询系统服务容器名称列表。
+ query:
+ type: object
+ description: GET query 参数。
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_dongjian.handler.py
+ function: system
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_tasks.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_tasks.yaml
new file mode 100644
index 000000000..ee5905573
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/chaitin_dongjian_tasks.yaml
@@ -0,0 +1,44 @@
+name: chaitin_dongjian_tasks
+description: Chaitin Dongjian scan plan, configuration, and instance read-only queries.
+description_cn: 长亭洞鉴扫描计划、任务配置和任务实例只读查询工具。
+category: custom
+enabled: true
+requires_confirmation: false
+provider: chaitin_dongjian_api
+version: "2.8"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - plan_filter
+ - plan_detail
+ - plugin_filter
+ - engine_filter
+ - xprocess_filter
+ - xprocess_detail
+ - xprocess_progress
+ - test
+ description: |
+ - plan_filter: POST /plan/filter/,筛选任务计划。
+ - plan_detail: GET /plan/{id}/,查询任务计划详情。
+ - plugin_filter: POST /plugin/filter/,获取漏洞插件列表。
+ - engine_filter: POST /engine/filter/,获取引擎节点列表。
+ - xprocess_filter: POST /xprocess/filter/,筛选任务实例。
+ - xprocess_detail: GET /xprocess/{id}/,查询任务实例详情。
+ - xprocess_progress: GET /xprocess/{id}/progress/,查询扫描进度。
+ id:
+ type: integer
+ description: 路径中的计划或任务实例 ID。
+ query:
+ type: object
+ description: GET query 参数。
+ body:
+ description: POST 查询 body。
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_dongjian.handler.py
+ function: tasks
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/manifest.json b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/manifest.json
new file mode 100644
index 000000000..597259327
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_dongjian_v2_8/manifest.json
@@ -0,0 +1,72 @@
+{
+ "schemaVersion": "hub.plugin.v1",
+ "id": "chaitin_dongjian_v2_8",
+ "type": "device",
+ "name": "Chaitin Dongjian",
+ "description": "Chaitin Dongjian (X-Ray) security assessment system OpenAPI V2.8 integration.",
+ "descriptionCn": "长亭洞鉴(X-Ray)安全评估系统 OpenAPI V2.8 接入。",
+ "version": "2.8",
+ "author": "Flocks Team",
+ "license": "MIT",
+ "category": "integration",
+ "tags": [
+ "vulnerability",
+ "web-security",
+ "integration"
+ ],
+ "useCases": [
+ "integration",
+ "vulnerability-management",
+ "security-reporting"
+ ],
+ "domains": [
+ "security-ops"
+ ],
+ "capabilities": [
+ "device-integration",
+ "rest-api"
+ ],
+ "trust": "official",
+ "source": {
+ "kind": "bundled",
+ "path": "plugins/tools/device/chaitin_dongjian_v2_8"
+ },
+ "compatibility": {
+ "flocks": ">=0.8.0",
+ "os": [
+ "darwin",
+ "linux",
+ "windows"
+ ]
+ },
+ "dependencies": {
+ "skills": [],
+ "tools": [],
+ "python": [],
+ "external": []
+ },
+ "permissions": {
+ "tools": [],
+ "network": true,
+ "shell": false,
+ "filesystem": "none"
+ },
+ "risk": {
+ "level": "low",
+ "reasons": []
+ },
+ "entrypoints": [
+ "_provider.yaml",
+ "_test.yaml",
+ "chaitin_dongjian.handler.py",
+ "chaitin_dongjian_api_catalog.json",
+ "chaitin_dongjian_projects.yaml",
+ "chaitin_dongjian_tasks.yaml",
+ "chaitin_dongjian_assets.yaml",
+ "chaitin_dongjian_results.yaml",
+ "chaitin_dongjian_system.yaml",
+ "chaitin_dongjian_api_readonly.yaml",
+ "chaitin_dongjian_api_mutation.yaml"
+ ],
+ "checksums": {}
+}
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/_provider.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/_provider.yaml
new file mode 100644
index 000000000..39c7482ed
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/_provider.yaml
@@ -0,0 +1,47 @@
+name: chaitin_muyun
+vendor: chaitin
+service_id: chaitin_muyun_api
+version: "API 3.0"
+integration_type: device
+description: >
+ Chaitin Muyun host security platform JSON-RPC API integration. Configure
+ the device URL, API Token, and optional organization ID. All business
+ APIs are called through POST /rpc with JSON-RPC 2.0 payloads.
+description_cn: >
+ 长亭牧云主机安全平台 API 3.0 接入。配置设备地址、API Token 和可选机构 ID;
+ 业务接口统一通过 POST /rpc 的 JSON-RPC 2.0 调用。
+auth:
+ type: custom
+ secret: chaitin_muyun_api_token
+credential_fields:
+ - key: base_url
+ label: 设备地址
+ storage: config
+ config_key: base_url
+ input_type: url
+ required: true
+ placeholder: "https://muyun.example.com"
+ - key: api_token
+ label: API Token
+ storage: secret
+ config_key: api_token
+ secret_id: chaitin_muyun_api_token
+ input_type: password
+ required: true
+ - key: org_id
+ label: 机构 ID(可选)
+ storage: config
+ config_key: org_id
+ input_type: text
+ required: false
+defaults:
+ timeout: 30
+ category: custom
+ product_version: "API 3.0"
+ verify_ssl: false
+notes: |
+ 认证规则来自《API 3.0接口使用说明》:
+ - 所有 JSON-RPC 接口暴露在 https://${SERVER_ADDR}/rpc。
+ - 请求头 Content-Type 为 application/json。
+ - 推荐使用 API Token,Token 以 Cookie: API-Token=... 传递。
+ - 机构用户访问跨机构数据时可配置 org_id,handler 会写入 X-CW-OID。
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/_test.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/_test.yaml
new file mode 100644
index 000000000..2b1766e3b
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/_test.yaml
@@ -0,0 +1,60 @@
+schema_version: 1
+provider: chaitin_muyun_api
+
+connectivity:
+ tool: chaitin_muyun_assets
+ params:
+ action: product_info
+
+fixtures:
+ chaitin_muyun_assets:
+ - label: Query product information
+ label_cn: 查询产品信息
+ tags: [smoke, system]
+ params:
+ action: product_info
+ assert:
+ success: true
+ - label: Count host assets
+ label_cn: 统计主机资产数量
+ tags: [asset]
+ params:
+ action: host_count
+
+ chaitin_muyun_events:
+ - label: List malware events
+ label_cn: 查询恶意文件事件
+ tags: [event]
+ params:
+ action: malware_events
+ params:
+ limit: 10
+ offset: 0
+
+ chaitin_muyun_risk:
+ - label: List vulnerability events
+ label_cn: 查询漏洞事件
+ tags: [vulnerability]
+ params:
+ action: vuln_list
+ params:
+ limit: 10
+ offset: 0
+
+ chaitin_muyun_api_readonly:
+ - label: Show API catalog
+ label_cn: 查看 API 目录
+ tags: [api]
+ params:
+ action: api_catalog
+ assert:
+ success: true
+
+ chaitin_muyun_api_mutation:
+ - label: Show API catalog before confirmed mutation
+ label_cn: 变更调用前查看 API 目录
+ tags: [api, mutation]
+ params:
+ action: api_catalog
+ assert:
+ success: true
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun.handler.py b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun.handler.py
new file mode 100644
index 000000000..07d7db6f0
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun.handler.py
@@ -0,0 +1,371 @@
+from __future__ import annotations
+
+import asyncio
+import json
+import os
+import uuid
+from pathlib import Path
+from typing import Any, Callable
+
+import requests
+
+from flocks.config.config_writer import ConfigWriter
+from flocks.security import get_secret_manager
+from flocks.tool.registry import ToolContext, ToolResult
+
+
+SERVICE_ID = "chaitin_muyun_api"
+STORAGE_KEY = "chaitin_muyun_api_v3"
+PRODUCT_VERSION = "API 3.0"
+DEFAULT_TIMEOUT = 30
+DEFAULT_VERIFY_SSL = False
+CATALOG_FILE = Path(__file__).with_name("chaitin_muyun_api_catalog.json")
+
+
+class ChaitinMuyunError(RuntimeError):
+ pass
+
+
+class RuntimeConfig:
+ def __init__(
+ self,
+ *,
+ base_url: str,
+ api_token: str,
+ org_id: str,
+ verify_ssl: bool,
+ timeout: int,
+ ) -> None:
+ self.base_url = base_url
+ self.api_token = api_token
+ self.org_id = org_id
+ self.verify_ssl = verify_ssl
+ self.timeout = timeout
+
+
+def _resolve_ref(value: Any) -> str:
+ if value is None:
+ return ""
+ if not isinstance(value, str):
+ return str(value)
+ if value.startswith("{secret:") and value.endswith("}"):
+ return get_secret_manager().get(value[len("{secret:") : -1]) or ""
+ if value.startswith("{env:") and value.endswith("}"):
+ return os.getenv(value[len("{env:") : -1], "")
+ return value
+
+
+def _raw_service_config() -> dict[str, Any]:
+ raw = ConfigWriter.get_api_service_raw(SERVICE_ID)
+ if not isinstance(raw, dict):
+ raw = ConfigWriter.get_api_service_raw(STORAGE_KEY)
+ return raw if isinstance(raw, dict) else {}
+
+
+def _config_value(raw: dict[str, Any], *keys: str) -> Any:
+ for key in keys:
+ if raw.get(key) is not None:
+ return raw[key]
+ custom_settings = raw.get("custom_settings")
+ if isinstance(custom_settings, dict):
+ for key in keys:
+ if custom_settings.get(key) is not None:
+ return custom_settings[key]
+ return None
+
+
+def _as_bool(value: Any, default: bool) -> bool:
+ if value is None:
+ return default
+ if isinstance(value, bool):
+ return value
+ if isinstance(value, str):
+ text = value.strip().lower()
+ if text in {"1", "true", "yes", "on"}:
+ return True
+ if text in {"0", "false", "no", "off"}:
+ return False
+ return bool(value)
+
+
+def _normalize_base_url(base_url: str) -> str:
+ text = base_url.strip().rstrip("/")
+ if text.endswith("/rpc"):
+ text = text[:-4]
+ return text.rstrip("/")
+
+
+def resolve_config() -> RuntimeConfig:
+ raw = _raw_service_config()
+ base_url = (
+ _resolve_ref(_config_value(raw, "base_url", "baseUrl"))
+ or os.getenv("CHAITIN_MUYUN_BASE_URL", "")
+ )
+ if not base_url:
+ raise ChaitinMuyunError("Chaitin Muyun base_url is not configured")
+
+ api_token = (
+ _resolve_ref(_config_value(raw, "api_token", "apiToken", "token"))
+ or get_secret_manager().get("chaitin_muyun_api_token")
+ or get_secret_manager().get(f"{SERVICE_ID}_token")
+ or os.getenv("CHAITIN_MUYUN_API_TOKEN", "")
+ )
+ if not api_token:
+ raise ChaitinMuyunError("Chaitin Muyun API token is not configured")
+
+ org_id = (
+ _resolve_ref(_config_value(raw, "org_id", "oid"))
+ or os.getenv("CHAITIN_MUYUN_ORG_ID", "")
+ )
+ try:
+ timeout = int(_config_value(raw, "timeout") or DEFAULT_TIMEOUT)
+ except (TypeError, ValueError):
+ timeout = DEFAULT_TIMEOUT
+
+ verify_ssl = _as_bool(
+ _config_value(raw, "verify_ssl", "ssl_verify", "verifySsl")
+ if _config_value(raw, "verify_ssl", "ssl_verify", "verifySsl") is not None
+ else os.getenv("CHAITIN_MUYUN_VERIFY_SSL"),
+ DEFAULT_VERIFY_SSL,
+ )
+ return RuntimeConfig(
+ base_url=_normalize_base_url(base_url),
+ api_token=api_token,
+ org_id=org_id,
+ verify_ssl=verify_ssl,
+ timeout=timeout,
+ )
+
+
+class MuyunClient:
+ def __init__(self, config: RuntimeConfig) -> None:
+ self.config = config
+
+ @property
+ def rpc_url(self) -> str:
+ return f"{self.config.base_url}/rpc"
+
+ def rpc(self, method: str, params: dict[str, Any] | None = None) -> Any:
+ body = {
+ "jsonrpc": "2.0",
+ "method": method,
+ "params": params or {},
+ "id": str(uuid.uuid4()),
+ }
+ headers = {
+ "Content-Type": "application/json",
+ "Cookie": f"API-Token={self.config.api_token}",
+ }
+ if self.config.org_id:
+ headers["X-CW-OID"] = self.config.org_id
+ response = requests.post(
+ self.rpc_url,
+ json=body,
+ headers=headers,
+ timeout=self.config.timeout,
+ verify=self.config.verify_ssl,
+ )
+ return _json_rpc_response(response)
+
+
+def _json_rpc_response(response: requests.Response) -> Any:
+ try:
+ payload = response.json()
+ except ValueError as exc:
+ raise ChaitinMuyunError(f"Invalid JSON response: HTTP {response.status_code}") from exc
+ if not isinstance(payload, dict):
+ raise ChaitinMuyunError("Unexpected JSON-RPC response shape: expected object")
+ if response.status_code >= 400:
+ raise ChaitinMuyunError(f"HTTP {response.status_code}: {payload}")
+ if payload.get("error"):
+ error = payload["error"]
+ if isinstance(error, dict):
+ message = error.get("message") or error.get("code") or error
+ else:
+ message = error
+ raise ChaitinMuyunError(str(message))
+ return payload.get("result", payload)
+
+
+def _ok(data: Any, *, action: str) -> ToolResult:
+ return ToolResult(
+ success=True,
+ output=data,
+ metadata={"source": "Chaitin Muyun", "version": PRODUCT_VERSION, "action": action},
+ )
+
+
+def get_client() -> MuyunClient:
+ return MuyunClient(resolve_config())
+
+
+def _params(args: dict[str, Any]) -> dict[str, Any]:
+ raw = args.get("params")
+ if isinstance(raw, dict):
+ return dict(raw)
+ ignored = {"action", "method"}
+ return {k: v for k, v in args.items() if k not in ignored and v is not None}
+
+
+def _load_api_catalog() -> list[dict[str, Any]]:
+ try:
+ data = json.loads(CATALOG_FILE.read_text(encoding="utf-8"))
+ except FileNotFoundError:
+ return []
+ entries = data.get("entries")
+ return entries if isinstance(entries, list) else []
+
+
+def _catalog_methods(kind: str) -> set[str]:
+ return {
+ str(entry.get("method"))
+ for entry in _load_api_catalog()
+ if entry.get("kind") == kind and entry.get("method")
+ }
+
+
+READONLY_ACTIONS: dict[str, str] = {
+ "product_info": "CloudwalkerSettingService.GetProductInfo",
+ "current_user": "AccountAuthService.GetCurrentUserInfo",
+ "host_count": "HostAssetService.CountHost",
+ "host_list": "HostAssetService.GetHostAssetList",
+ "host_detail": "HostAssetService.GetHostInfoDetail",
+ "application_list": "ApplicationAssetService.GetApplicationAssetList",
+ "website_list": "WebsiteAssetService.GetWebsiteList",
+ "process_list": "ProcessAssetService.GetProcessList",
+ "webshell_events": "WebshellEventService.GetEventList",
+ "malware_events": "MalwareEventService.GetEventList",
+ "bruteforce_events": "BruteForceService.GetEventList",
+ "abnormal_login_events": "AbnormalLoginEventService.GetEventList",
+ "realtime_events": "ThreatOverviewService.ListRealTimeEvents",
+ "vuln_list": "VulnService.GetVulnList",
+ "vuln_detail": "VulnService.GetVuln",
+ "security_check_events": "SecurityCheckService.GetEventList",
+ "baseline_tasks": "BaselineV2Service.GetTaskList",
+ "emergency_vulns": "EmergencyVulnService.ListVuln",
+}
+
+
+ASSET_ACTIONS = {
+ "product_info",
+ "current_user",
+ "host_count",
+ "host_list",
+ "host_detail",
+ "application_list",
+ "website_list",
+ "process_list",
+}
+EVENT_ACTIONS = {
+ "webshell_events",
+ "malware_events",
+ "bruteforce_events",
+ "abnormal_login_events",
+ "realtime_events",
+}
+RISK_ACTIONS = {
+ "vuln_list",
+ "vuln_detail",
+ "security_check_events",
+ "baseline_tasks",
+ "emergency_vulns",
+}
+
+
+def call_method(method: str, args: dict[str, Any], *, action: str) -> ToolResult:
+ return _ok(get_client().rpc(method, _params(args)), action=action)
+
+
+def api_catalog(args: dict[str, Any]) -> ToolResult:
+ del args
+ catalog = _load_api_catalog()
+ return _ok(
+ {
+ "rpc": "/rpc",
+ "catalog_counts": {
+ "total": len(catalog),
+ "readonly": sum(1 for entry in catalog if entry.get("kind") == "readonly"),
+ "mutation": sum(1 for entry in catalog if entry.get("kind") == "mutation"),
+ },
+ "documented_api_catalog": catalog,
+ "common_actions": {
+ "assets": sorted(ASSET_ACTIONS),
+ "events": sorted(EVENT_ACTIONS),
+ "risk": sorted(RISK_ACTIONS),
+ },
+ },
+ action="api_catalog",
+ )
+
+
+def rpc_call_readonly(args: dict[str, Any]) -> ToolResult:
+ method = str(args.get("method") or "").strip()
+ if not method:
+ raise ChaitinMuyunError("method is required")
+ allowed = _catalog_methods("readonly") | set(READONLY_ACTIONS.values())
+ if method not in allowed:
+ raise ChaitinMuyunError("Only documented read-only JSON-RPC methods are allowed")
+ return call_method(method, args, action="rpc_call_readonly")
+
+
+def rpc_call_mutation(args: dict[str, Any]) -> ToolResult:
+ method = str(args.get("method") or "").strip()
+ if not method:
+ raise ChaitinMuyunError("method is required")
+ if method not in _catalog_methods("mutation"):
+ raise ChaitinMuyunError("Only documented mutation JSON-RPC methods are allowed")
+ return call_method(method, args, action="rpc_call_mutation")
+
+
+ACTION_HANDLERS: dict[str, Callable[[dict[str, Any]], ToolResult]] = {
+ "api_catalog": api_catalog,
+ "rpc_call_readonly": rpc_call_readonly,
+ "rpc_call_mutation": rpc_call_mutation,
+}
+for _action, _method in READONLY_ACTIONS.items():
+ ACTION_HANDLERS[_action] = lambda args, method=_method, action=_action: call_method(method, args, action=action)
+
+
+async def _dispatch(ctx: ToolContext, allowed: set[str], action: str, **params: Any) -> ToolResult:
+ del ctx
+ if action == "test":
+ action = "product_info"
+ if action not in allowed:
+ return ToolResult(
+ success=False,
+ error=f"Unsupported Chaitin Muyun action: {action}. Available: {', '.join(sorted(allowed))}",
+ )
+ try:
+ return await asyncio.to_thread(ACTION_HANDLERS[action], params)
+ except ChaitinMuyunError as exc:
+ return ToolResult(
+ success=False,
+ error=str(exc),
+ metadata={"source": "Chaitin Muyun", "version": PRODUCT_VERSION, "action": action},
+ )
+ except Exception as exc:
+ return ToolResult(
+ success=False,
+ error=f"Unexpected Chaitin Muyun error: {exc}",
+ metadata={"source": "Chaitin Muyun", "version": PRODUCT_VERSION, "action": action},
+ )
+
+
+async def assets(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, ASSET_ACTIONS | {"test"}, action, **params)
+
+
+async def events(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, EVENT_ACTIONS | {"test"}, action, **params)
+
+
+async def risk(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, RISK_ACTIONS | {"test"}, action, **params)
+
+
+async def api_readonly(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, {"api_catalog", "rpc_call_readonly", *READONLY_ACTIONS.keys(), "test"}, action, **params)
+
+
+async def api_mutation(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, {"api_catalog", "rpc_call_mutation"}, action, **params)
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_catalog.json b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_catalog.json
new file mode 100644
index 000000000..f8dbc4d0b
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_catalog.json
@@ -0,0 +1,7787 @@
+{
+ "schema_version": 1,
+ "source": "长亭牧云api/openapi.json",
+ "rpc_endpoint": "/rpc",
+ "entries": [
+ {
+ "method": "AbnormalLoginEventService.CreateWhitelist",
+ "service": "AbnormalLoginEventService",
+ "operation": "CreateWhitelist",
+ "kind": "mutation",
+ "description": "生成白名单规则",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.DeleteEvent",
+ "service": "AbnormalLoginEventService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除所选 ID 的事件",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.DeleteEventByHost",
+ "service": "AbnormalLoginEventService",
+ "operation": "DeleteEventByHost",
+ "kind": "mutation",
+ "description": "删除所选主机的事件",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.DeleteEventByLoginIP",
+ "service": "AbnormalLoginEventService",
+ "operation": "DeleteEventByLoginIP",
+ "kind": "mutation",
+ "description": "删除所选登陆 IP 的事件",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.EditEventComment",
+ "service": "AbnormalLoginEventService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.EditEventState",
+ "service": "AbnormalLoginEventService",
+ "operation": "EditEventState",
+ "kind": "mutation",
+ "description": "改变所选 ID 事件的处置状态",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.EditEventStateByHost",
+ "service": "AbnormalLoginEventService",
+ "operation": "EditEventStateByHost",
+ "kind": "mutation",
+ "description": "改变所选主机 ID 事件的处置状态",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.EditEventStateByLoginIP",
+ "service": "AbnormalLoginEventService",
+ "operation": "EditEventStateByLoginIP",
+ "kind": "mutation",
+ "description": "改变所选登陆 IP 事件的处置状态",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.GenerateEventFirewallRule",
+ "service": "AbnormalLoginEventService",
+ "operation": "GenerateEventFirewallRule",
+ "kind": "mutation",
+ "description": "根据所选事件生成网络阻断规则",
+ "tags": [
+ "异常登陆"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.GetEvent",
+ "service": "AbnormalLoginEventService",
+ "operation": "GetEvent",
+ "kind": "readonly",
+ "description": "获取事件详情",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.GetEventByHostList",
+ "service": "AbnormalLoginEventService",
+ "operation": "GetEventByHostList",
+ "kind": "readonly",
+ "description": "获取按主机聚合的事件列表",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.GetEventByLoginIPList",
+ "service": "AbnormalLoginEventService",
+ "operation": "GetEventByLoginIPList",
+ "kind": "readonly",
+ "description": "获取按登陆 IP 聚合的事件列表",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.GetEventList",
+ "service": "AbnormalLoginEventService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.GetGeographicalLocation",
+ "service": "AbnormalLoginEventService",
+ "operation": "GetGeographicalLocation",
+ "kind": "readonly",
+ "description": "获取地理信息",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.GetWhitelist",
+ "service": "AbnormalLoginEventService",
+ "operation": "GetWhitelist",
+ "kind": "readonly",
+ "description": "获取白名单规则",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.MarkAsRead",
+ "service": "AbnormalLoginEventService",
+ "operation": "MarkAsRead",
+ "kind": "mutation",
+ "description": "标记事件为已读",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.ResetEventState",
+ "service": "AbnormalLoginEventService",
+ "operation": "ResetEventState",
+ "kind": "mutation",
+ "description": "reset the state of event to 'risky'",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.ResetEventStateByHost",
+ "service": "AbnormalLoginEventService",
+ "operation": "ResetEventStateByHost",
+ "kind": "mutation",
+ "description": "reset the state of event to 'risky'",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AbnormalLoginEventService.ResetEventStateByLoginIP",
+ "service": "AbnormalLoginEventService",
+ "operation": "ResetEventStateByLoginIP",
+ "kind": "mutation",
+ "description": "改变所选主机 ID 事件的处置状态",
+ "tags": [
+ "异常登录"
+ ]
+ },
+ {
+ "method": "AccountAuthService.BindCurrentUserOAuth",
+ "service": "AccountAuthService",
+ "operation": "BindCurrentUserOAuth",
+ "kind": "mutation",
+ "description": "绑定当前用户 Oauth",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.ConfirmCurrentUserFeitian",
+ "service": "AccountAuthService",
+ "operation": "ConfirmCurrentUserFeitian",
+ "kind": "mutation",
+ "description": "绑定当前用户 TOTP",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.ConfirmCurrentUserTotp",
+ "service": "AccountAuthService",
+ "operation": "ConfirmCurrentUserTotp",
+ "kind": "mutation",
+ "description": "绑定当前用户 TOTP",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.CreateAPIToken",
+ "service": "AccountAuthService",
+ "operation": "CreateAPIToken",
+ "kind": "mutation",
+ "description": "创建 API Token",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.CreateLoginToken",
+ "service": "AccountAuthService",
+ "operation": "CreateLoginToken",
+ "kind": "mutation",
+ "description": "使用 API Token 获取登录 Token",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.CreateRole",
+ "service": "AccountAuthService",
+ "operation": "CreateRole",
+ "kind": "mutation",
+ "description": "创建角色",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.CreateSessionToken",
+ "service": "AccountAuthService",
+ "operation": "CreateSessionToken",
+ "kind": "mutation",
+ "description": "创建会话 Token",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.CreateUser",
+ "service": "AccountAuthService",
+ "operation": "CreateUser",
+ "kind": "mutation",
+ "description": "创建用户",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.DeleteAPIToken",
+ "service": "AccountAuthService",
+ "operation": "DeleteAPIToken",
+ "kind": "mutation",
+ "description": "删除 API Token",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.DeleteCurrentUserTotp",
+ "service": "AccountAuthService",
+ "operation": "DeleteCurrentUserTotp",
+ "kind": "mutation",
+ "description": "解除绑定当前用户 TOTP",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.DeleteRole",
+ "service": "AccountAuthService",
+ "operation": "DeleteRole",
+ "kind": "mutation",
+ "description": "删除角色",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.DeleteUser",
+ "service": "AccountAuthService",
+ "operation": "DeleteUser",
+ "kind": "mutation",
+ "description": "删除用户",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditAPIToken",
+ "service": "AccountAuthService",
+ "operation": "EditAPIToken",
+ "kind": "mutation",
+ "description": "编辑 API Token",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditAPITokenEnable",
+ "service": "AccountAuthService",
+ "operation": "EditAPITokenEnable",
+ "kind": "mutation",
+ "description": "启用/禁用 API Token",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditCurrentUserCredential",
+ "service": "AccountAuthService",
+ "operation": "EditCurrentUserCredential",
+ "kind": "mutation",
+ "description": "编辑当前用户登录凭证",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditCurrentUserIPPolicy",
+ "service": "AccountAuthService",
+ "operation": "EditCurrentUserIPPolicy",
+ "kind": "mutation",
+ "description": "编辑当前用户 IP 访问规则",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditCurrentUserInfo",
+ "service": "AccountAuthService",
+ "operation": "EditCurrentUserInfo",
+ "kind": "mutation",
+ "description": "编辑当前用户备注",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditCurrentUserLanguage",
+ "service": "AccountAuthService",
+ "operation": "EditCurrentUserLanguage",
+ "kind": "mutation",
+ "description": "编辑当前用户语言",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditCurrentUserName",
+ "service": "AccountAuthService",
+ "operation": "EditCurrentUserName",
+ "kind": "mutation",
+ "description": "编辑当前用户名",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditCurrentUserSessionExpireTime",
+ "service": "AccountAuthService",
+ "operation": "EditCurrentUserSessionExpireTime",
+ "kind": "mutation",
+ "description": "编辑当前用户会话过期超时时间",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditCurrentUserTimezone",
+ "service": "AccountAuthService",
+ "operation": "EditCurrentUserTimezone",
+ "kind": "mutation",
+ "description": "编辑当前用户时区",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditRole",
+ "service": "AccountAuthService",
+ "operation": "EditRole",
+ "kind": "mutation",
+ "description": "编辑角色",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditUser",
+ "service": "AccountAuthService",
+ "operation": "EditUser",
+ "kind": "mutation",
+ "description": "编辑用户信息",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditUserCredential",
+ "service": "AccountAuthService",
+ "operation": "EditUserCredential",
+ "kind": "mutation",
+ "description": "编辑用户登录凭证",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditUserEnable",
+ "service": "AccountAuthService",
+ "operation": "EditUserEnable",
+ "kind": "mutation",
+ "description": "启用/禁用用户",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditUserExpireTime",
+ "service": "AccountAuthService",
+ "operation": "EditUserExpireTime",
+ "kind": "mutation",
+ "description": "编辑用户过期时间",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditUserIPPolicy",
+ "service": "AccountAuthService",
+ "operation": "EditUserIPPolicy",
+ "kind": "mutation",
+ "description": "编辑用户 IP 访问规则",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditUserInfo",
+ "service": "AccountAuthService",
+ "operation": "EditUserInfo",
+ "kind": "mutation",
+ "description": "编辑用户备注",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditUserName",
+ "service": "AccountAuthService",
+ "operation": "EditUserName",
+ "kind": "mutation",
+ "description": "编辑用户名",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditUserRole",
+ "service": "AccountAuthService",
+ "operation": "EditUserRole",
+ "kind": "mutation",
+ "description": "编辑用户角色",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.EditUserSessionExpireTime",
+ "service": "AccountAuthService",
+ "operation": "EditUserSessionExpireTime",
+ "kind": "mutation",
+ "description": "编辑用户会话过期超时时间",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.GenerateTotp",
+ "service": "AccountAuthService",
+ "operation": "GenerateTotp",
+ "kind": "mutation",
+ "description": "生成 TOTP 随机密码和链接",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.GetAPIToken",
+ "service": "AccountAuthService",
+ "operation": "GetAPIToken",
+ "kind": "readonly",
+ "description": "获取 API Token 信息",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.GetCurrentUserInfo",
+ "service": "AccountAuthService",
+ "operation": "GetCurrentUserInfo",
+ "kind": "readonly",
+ "description": "获取当前用户信息",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.GetCurrentUserOAuthBind",
+ "service": "AccountAuthService",
+ "operation": "GetCurrentUserOAuthBind",
+ "kind": "readonly",
+ "description": "获取当前用户 Oauth 绑定信息",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.GetCurrentUserOtpConfig",
+ "service": "AccountAuthService",
+ "operation": "GetCurrentUserOtpConfig",
+ "kind": "readonly",
+ "description": "获取当前用户 OTP 配置",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.GetCurrentUserPermission",
+ "service": "AccountAuthService",
+ "operation": "GetCurrentUserPermission",
+ "kind": "readonly",
+ "description": "获取当前用户权限",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.GetPermissionInfo",
+ "service": "AccountAuthService",
+ "operation": "GetPermissionInfo",
+ "kind": "readonly",
+ "description": "获取权限列表",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.GetRoleInfo",
+ "service": "AccountAuthService",
+ "operation": "GetRoleInfo",
+ "kind": "readonly",
+ "description": "获取角色详情",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.GetRoleList",
+ "service": "AccountAuthService",
+ "operation": "GetRoleList",
+ "kind": "readonly",
+ "description": "获取角色列表",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.GetSessionTokenExpire",
+ "service": "AccountAuthService",
+ "operation": "GetSessionTokenExpire",
+ "kind": "readonly",
+ "description": "获取会话 Token 过期时间",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.GetUserInfo",
+ "service": "AccountAuthService",
+ "operation": "GetUserInfo",
+ "kind": "readonly",
+ "description": "获取用户信息",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.GetUserList",
+ "service": "AccountAuthService",
+ "operation": "GetUserList",
+ "kind": "readonly",
+ "description": "获取用户列表",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.Logout",
+ "service": "AccountAuthService",
+ "operation": "Logout",
+ "kind": "mutation",
+ "description": "用户登出",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountAuthService.UnbindCurrentUserOAuth",
+ "service": "AccountAuthService",
+ "operation": "UnbindCurrentUserOAuth",
+ "kind": "mutation",
+ "description": "解绑当前用户 Oauth",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountNoAuthService.GetAvailableOAuth",
+ "service": "AccountNoAuthService",
+ "operation": "GetAvailableOAuth",
+ "kind": "readonly",
+ "description": "获取系统可用 Oauth 登录类型",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountNoAuthService.Login",
+ "service": "AccountNoAuthService",
+ "operation": "Login",
+ "kind": "mutation",
+ "description": "用户登录",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AccountNoAuthService.Mfa",
+ "service": "AccountNoAuthService",
+ "operation": "Mfa",
+ "kind": "mutation",
+ "description": "用户登录",
+ "tags": [
+ "用户管理"
+ ]
+ },
+ {
+ "method": "AdminAccountService.CreateUser",
+ "service": "AdminAccountService",
+ "operation": "CreateUser",
+ "kind": "mutation",
+ "description": "创建用户",
+ "tags": [
+ "后台:账号管理"
+ ]
+ },
+ {
+ "method": "AdminAccountService.DeleteUser",
+ "service": "AdminAccountService",
+ "operation": "DeleteUser",
+ "kind": "mutation",
+ "description": "删除用户",
+ "tags": [
+ "后台:账号管理"
+ ]
+ },
+ {
+ "method": "AdminAccountService.GetUserInfo",
+ "service": "AdminAccountService",
+ "operation": "GetUserInfo",
+ "kind": "readonly",
+ "description": "获取用户信息",
+ "tags": [
+ "后台:账号管理"
+ ]
+ },
+ {
+ "method": "AdminAccountService.ListUser",
+ "service": "AdminAccountService",
+ "operation": "ListUser",
+ "kind": "readonly",
+ "description": "用户列表",
+ "tags": [
+ "后台:账号管理"
+ ]
+ },
+ {
+ "method": "AdminAccountService.UpdateCurrentUser",
+ "service": "AdminAccountService",
+ "operation": "UpdateCurrentUser",
+ "kind": "mutation",
+ "description": "更新当前用户信息",
+ "tags": [
+ "后台:账号管理"
+ ]
+ },
+ {
+ "method": "AdminAccountService.UpdateUser",
+ "service": "AdminAccountService",
+ "operation": "UpdateUser",
+ "kind": "mutation",
+ "description": "更新用户信息",
+ "tags": [
+ "后台:账号管理"
+ ]
+ },
+ {
+ "method": "AdminAgentService.ApplyPackage",
+ "service": "AdminAgentService",
+ "operation": "ApplyPackage",
+ "kind": "mutation",
+ "description": "应用探针模块升级包",
+ "tags": [
+ "后台:探针管理"
+ ]
+ },
+ {
+ "method": "AdminAgentService.DeleteModule",
+ "service": "AdminAgentService",
+ "operation": "DeleteModule",
+ "kind": "mutation",
+ "description": "删除模块",
+ "tags": [
+ "后台:探针管理"
+ ]
+ },
+ {
+ "method": "AdminAgentService.GetAgentList",
+ "service": "AdminAgentService",
+ "operation": "GetAgentList",
+ "kind": "readonly",
+ "description": "获取探针列表",
+ "tags": [
+ "后台:探针管理"
+ ]
+ },
+ {
+ "method": "AdminAgentService.GetModuleDetail",
+ "service": "AdminAgentService",
+ "operation": "GetModuleDetail",
+ "kind": "readonly",
+ "description": "获取探针模块详情",
+ "tags": [
+ "后台:探针管理"
+ ]
+ },
+ {
+ "method": "AdminAgentService.GetModuleList",
+ "service": "AdminAgentService",
+ "operation": "GetModuleList",
+ "kind": "readonly",
+ "description": "获取探针模块列表",
+ "tags": [
+ "后台:探针管理"
+ ]
+ },
+ {
+ "method": "AdminStrategyService.GetLoginControlStrategy",
+ "service": "AdminStrategyService",
+ "operation": "GetLoginControlStrategy",
+ "kind": "readonly",
+ "description": "获取登陆控制策略",
+ "tags": [
+ "后台:策略管理"
+ ]
+ },
+ {
+ "method": "AdminStrategyService.GetSystemStrategy",
+ "service": "AdminStrategyService",
+ "operation": "GetSystemStrategy",
+ "kind": "readonly",
+ "description": "获取系统默认策略",
+ "tags": [
+ "后台:策略管理"
+ ]
+ },
+ {
+ "method": "AdminStrategyService.RestoreSystemStrategy",
+ "service": "AdminStrategyService",
+ "operation": "RestoreSystemStrategy",
+ "kind": "mutation",
+ "description": "恢复系统默认策略",
+ "tags": [
+ "后台:策略管理"
+ ]
+ },
+ {
+ "method": "AdminStrategyService.SetLoginControlStrategy",
+ "service": "AdminStrategyService",
+ "operation": "SetLoginControlStrategy",
+ "kind": "mutation",
+ "description": "设置安全登陆控制策略",
+ "tags": [
+ "后台:策略管理"
+ ]
+ },
+ {
+ "method": "AdminStrategyService.SetSystemStrategy",
+ "service": "AdminStrategyService",
+ "operation": "SetSystemStrategy",
+ "kind": "mutation",
+ "description": "设置系统默认策略",
+ "tags": [
+ "后台:策略管理"
+ ]
+ },
+ {
+ "method": "AgentCEService.CreateCmd",
+ "service": "AgentCEService",
+ "operation": "CreateCmd",
+ "kind": "mutation",
+ "description": "创建命令推送",
+ "tags": [
+ "命令推送"
+ ]
+ },
+ {
+ "method": "AgentCEService.DeleteCmd",
+ "service": "AgentCEService",
+ "operation": "DeleteCmd",
+ "kind": "mutation",
+ "description": "删除命令推送",
+ "tags": [
+ "命令推送"
+ ]
+ },
+ {
+ "method": "AgentCEService.GetCe",
+ "service": "AgentCEService",
+ "operation": "GetCe",
+ "kind": "readonly",
+ "description": "获取某个探针的命令推送执行详情",
+ "tags": [
+ "命令推送"
+ ]
+ },
+ {
+ "method": "AgentCEService.GetCmd",
+ "service": "AgentCEService",
+ "operation": "GetCmd",
+ "kind": "readonly",
+ "description": "获取某个命令推送的详情",
+ "tags": [
+ "命令推送"
+ ]
+ },
+ {
+ "method": "AgentCEService.ListCmd",
+ "service": "AgentCEService",
+ "operation": "ListCmd",
+ "kind": "readonly",
+ "description": "获取命令推送列表",
+ "tags": [
+ "命令推送"
+ ]
+ },
+ {
+ "method": "AgentCEService.RerunCe",
+ "service": "AgentCEService",
+ "operation": "RerunCe",
+ "kind": "mutation",
+ "description": "触发探针重新执行某个命令",
+ "tags": [
+ "命令推送"
+ ]
+ },
+ {
+ "method": "AgentCEService.RerunCmd",
+ "service": "AgentCEService",
+ "operation": "RerunCmd",
+ "kind": "mutation",
+ "description": "重新推送某条命令",
+ "tags": [
+ "命令推送"
+ ]
+ },
+ {
+ "method": "AgentFileManageService.CopyFile",
+ "service": "AgentFileManageService",
+ "operation": "CopyFile",
+ "kind": "mutation",
+ "description": "复制探针文件",
+ "tags": [
+ "文件管理"
+ ]
+ },
+ {
+ "method": "AgentFileManageService.CreateDir",
+ "service": "AgentFileManageService",
+ "operation": "CreateDir",
+ "kind": "mutation",
+ "description": "创建探针目录",
+ "tags": [
+ "文件管理"
+ ]
+ },
+ {
+ "method": "AgentFileManageService.CreateFile",
+ "service": "AgentFileManageService",
+ "operation": "CreateFile",
+ "kind": "mutation",
+ "description": "创建探针文件",
+ "tags": [
+ "文件管理"
+ ]
+ },
+ {
+ "method": "AgentFileManageService.DelFile",
+ "service": "AgentFileManageService",
+ "operation": "DelFile",
+ "kind": "mutation",
+ "description": "删除探针文件",
+ "tags": [
+ "文件管理"
+ ]
+ },
+ {
+ "method": "AgentFileManageService.GetHostMaintenanceEnabled",
+ "service": "AgentFileManageService",
+ "operation": "GetHostMaintenanceEnabled",
+ "kind": "readonly",
+ "description": "获取业务运维功能是否启用",
+ "tags": [
+ "文件管理"
+ ]
+ },
+ {
+ "method": "AgentFileManageService.GetWindowsDrive",
+ "service": "AgentFileManageService",
+ "operation": "GetWindowsDrive",
+ "kind": "readonly",
+ "description": "获取 Windows 探针盘符的盘符项",
+ "tags": [
+ "文件管理"
+ ]
+ },
+ {
+ "method": "AgentFileManageService.ListDir",
+ "service": "AgentFileManageService",
+ "operation": "ListDir",
+ "kind": "readonly",
+ "description": "浏览探针文件",
+ "tags": [
+ "文件管理"
+ ]
+ },
+ {
+ "method": "AgentFileManageService.MoveFile",
+ "service": "AgentFileManageService",
+ "operation": "MoveFile",
+ "kind": "mutation",
+ "description": "移动探针文件",
+ "tags": [
+ "文件管理"
+ ]
+ },
+ {
+ "method": "AgentModuleService.GetAgentList",
+ "service": "AgentModuleService",
+ "operation": "GetAgentList",
+ "kind": "readonly",
+ "description": "获取探针列表",
+ "tags": [
+ "探针模块"
+ ]
+ },
+ {
+ "method": "AgentModuleService.OperateModule",
+ "service": "AgentModuleService",
+ "operation": "OperateModule",
+ "kind": "mutation",
+ "description": "操作探针模块",
+ "tags": [
+ "探针模块"
+ ]
+ },
+ {
+ "method": "AgentModuleService.SetLogConfig",
+ "service": "AgentModuleService",
+ "operation": "SetLogConfig",
+ "kind": "mutation",
+ "description": "设置日志配置",
+ "tags": [
+ "探针模块"
+ ]
+ },
+ {
+ "method": "AgentModuleService.SetOverload",
+ "service": "AgentModuleService",
+ "operation": "SetOverload",
+ "kind": "mutation",
+ "description": "设置自动休眠设置",
+ "tags": [
+ "探针模块"
+ ]
+ },
+ {
+ "method": "AgentModuleService.SetResourceLimit",
+ "service": "AgentModuleService",
+ "operation": "SetResourceLimit",
+ "kind": "mutation",
+ "description": "设置资源配额",
+ "tags": [
+ "探针模块"
+ ]
+ },
+ {
+ "method": "AgentService.GetAgentGroupTree",
+ "service": "AgentService",
+ "operation": "GetAgentGroupTree",
+ "kind": "readonly",
+ "description": "获取业务组",
+ "tags": [
+ "探针管理"
+ ]
+ },
+ {
+ "method": "AlertConfigService.List",
+ "service": "AlertConfigService",
+ "operation": "List",
+ "kind": "readonly",
+ "description": "获取告警信息",
+ "tags": [
+ "告警配置"
+ ]
+ },
+ {
+ "method": "AlertConfigService.Update",
+ "service": "AlertConfigService",
+ "operation": "Update",
+ "kind": "mutation",
+ "description": "更新告警配置",
+ "tags": [
+ "告警配置"
+ ]
+ },
+ {
+ "method": "AntiRansomwareService.AddRule",
+ "service": "AntiRansomwareService",
+ "operation": "AddRule",
+ "kind": "mutation",
+ "description": "添加规则",
+ "tags": [
+ "勒索防护"
+ ]
+ },
+ {
+ "method": "AntiRansomwareService.DeleteEvent",
+ "service": "AntiRansomwareService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除规则",
+ "tags": [
+ "勒索防护"
+ ]
+ },
+ {
+ "method": "AntiRansomwareService.DeleteRule",
+ "service": "AntiRansomwareService",
+ "operation": "DeleteRule",
+ "kind": "mutation",
+ "description": "删除规则",
+ "tags": [
+ "勒索防护"
+ ]
+ },
+ {
+ "method": "AntiRansomwareService.DisposeEventList",
+ "service": "AntiRansomwareService",
+ "operation": "DisposeEventList",
+ "kind": "mutation",
+ "description": "处置事件,如阻断勒索进程、隔离勒索文件",
+ "tags": [
+ "勒索防护"
+ ]
+ },
+ {
+ "method": "AntiRansomwareService.EditEventComment",
+ "service": "AntiRansomwareService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "勒索防护"
+ ]
+ },
+ {
+ "method": "AntiRansomwareService.EditEventState",
+ "service": "AntiRansomwareService",
+ "operation": "EditEventState",
+ "kind": "mutation",
+ "description": "改变所选事件的处置状态",
+ "tags": [
+ "勒索防护"
+ ]
+ },
+ {
+ "method": "AntiRansomwareService.EditRule",
+ "service": "AntiRansomwareService",
+ "operation": "EditRule",
+ "kind": "mutation",
+ "description": "修改防护规则",
+ "tags": [
+ "勒索防护"
+ ]
+ },
+ {
+ "method": "AntiRansomwareService.EnableRule",
+ "service": "AntiRansomwareService",
+ "operation": "EnableRule",
+ "kind": "mutation",
+ "description": "获取规则列表",
+ "tags": [
+ "勒索防护"
+ ]
+ },
+ {
+ "method": "AntiRansomwareService.GetDecoyList",
+ "service": "AntiRansomwareService",
+ "operation": "GetDecoyList",
+ "kind": "readonly",
+ "description": "获取主机诱饵文件列表",
+ "tags": [
+ "勒索防护"
+ ]
+ },
+ {
+ "method": "AntiRansomwareService.GetEvent",
+ "service": "AntiRansomwareService",
+ "operation": "GetEvent",
+ "kind": "readonly",
+ "description": "获取事件详情",
+ "tags": [
+ "勒索防护"
+ ]
+ },
+ {
+ "method": "AntiRansomwareService.GetEventList",
+ "service": "AntiRansomwareService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "勒索防护"
+ ]
+ },
+ {
+ "method": "AntiRansomwareService.GetHostList",
+ "service": "AntiRansomwareService",
+ "operation": "GetHostList",
+ "kind": "readonly",
+ "description": "获取主机防护状态列表",
+ "tags": [
+ "勒索防护"
+ ]
+ },
+ {
+ "method": "AntiRansomwareService.GetRule",
+ "service": "AntiRansomwareService",
+ "operation": "GetRule",
+ "kind": "readonly",
+ "description": "获取规则",
+ "tags": [
+ "勒索防护"
+ ]
+ },
+ {
+ "method": "AntiRansomwareService.GetRuleList",
+ "service": "AntiRansomwareService",
+ "operation": "GetRuleList",
+ "kind": "readonly",
+ "description": "获取规则列表",
+ "tags": [
+ "勒索防护"
+ ]
+ },
+ {
+ "method": "AntiRansomwareService.MarkAsRead",
+ "service": "AntiRansomwareService",
+ "operation": "MarkAsRead",
+ "kind": "mutation",
+ "description": "标记事件为已读",
+ "tags": [
+ "勒索防护"
+ ]
+ },
+ {
+ "method": "ApplicationAssetService.DeleteApplication",
+ "service": "ApplicationAssetService",
+ "operation": "DeleteApplication",
+ "kind": "mutation",
+ "description": "删除软件资产",
+ "tags": [
+ "应用资产"
+ ]
+ },
+ {
+ "method": "ApplicationAssetService.GetApplication",
+ "service": "ApplicationAssetService",
+ "operation": "GetApplication",
+ "kind": "readonly",
+ "description": "获取软件详情信息",
+ "tags": [
+ "应用资产"
+ ]
+ },
+ {
+ "method": "ApplicationAssetService.GetApplicationAssetList",
+ "service": "ApplicationAssetService",
+ "operation": "GetApplicationAssetList",
+ "kind": "readonly",
+ "description": "根据指定条件获取软件资产的列表",
+ "tags": [
+ "应用资产"
+ ]
+ },
+ {
+ "method": "ApplicationAssetService.GetApplicationAssetListByApp",
+ "service": "ApplicationAssetService",
+ "operation": "GetApplicationAssetListByApp",
+ "kind": "readonly",
+ "description": "软件数据分组,根据指定条件获取应用资产的列表",
+ "tags": [
+ "应用资产"
+ ]
+ },
+ {
+ "method": "ApplicationAssetService.GetApplicationAssetListByAppVersion",
+ "service": "ApplicationAssetService",
+ "operation": "GetApplicationAssetListByAppVersion",
+ "kind": "readonly",
+ "description": "软件版本号数据分组,根据指定条件获取软件资产的列表",
+ "tags": [
+ "应用资产"
+ ]
+ },
+ {
+ "method": "ApplicationAssetService.GetApplicationAssetListByHost",
+ "service": "ApplicationAssetService",
+ "operation": "GetApplicationAssetListByHost",
+ "kind": "readonly",
+ "description": "主机分组,根据指定条件获取软件资产的列表",
+ "tags": [
+ "应用资产"
+ ]
+ },
+ {
+ "method": "ApplicationAssetService.GetRefreshDateTime",
+ "service": "ApplicationAssetService",
+ "operation": "GetRefreshDateTime",
+ "kind": "readonly",
+ "description": "获取软件资产的上一次更新时间",
+ "tags": [
+ "应用资产"
+ ]
+ },
+ {
+ "method": "ApplicationAssetService.StatApplicationByCategory",
+ "service": "ApplicationAssetService",
+ "operation": "StatApplicationByCategory",
+ "kind": "readonly",
+ "description": "软件类型数据分组,根据指定条件获取软件资产的列表",
+ "tags": [
+ "应用资产"
+ ]
+ },
+ {
+ "method": "AssetCertService.Get",
+ "service": "AssetCertService",
+ "operation": "Get",
+ "kind": "readonly",
+ "description": "获取主机证书详情",
+ "tags": [
+ "证书资产"
+ ]
+ },
+ {
+ "method": "AssetCertService.GetList",
+ "service": "AssetCertService",
+ "operation": "GetList",
+ "kind": "readonly",
+ "description": "获取主机证书信息",
+ "tags": [
+ "证书资产"
+ ]
+ },
+ {
+ "method": "AssetConfigService.CreateWebScanRule",
+ "service": "AssetConfigService",
+ "operation": "CreateWebScanRule",
+ "kind": "mutation",
+ "description": "创建 Web 自定义路径",
+ "tags": [
+ "资产识别配置"
+ ]
+ },
+ {
+ "method": "AssetConfigService.DeleteWebScanRule",
+ "service": "AssetConfigService",
+ "operation": "DeleteWebScanRule",
+ "kind": "mutation",
+ "description": "删除 Web 自定义路径",
+ "tags": [
+ "资产识别配置"
+ ]
+ },
+ {
+ "method": "AssetConfigService.ListAssetCollectConfig",
+ "service": "AssetConfigService",
+ "operation": "ListAssetCollectConfig",
+ "kind": "readonly",
+ "description": "获取资产采集设置",
+ "tags": [
+ "资产识别配置"
+ ]
+ },
+ {
+ "method": "AssetConfigService.ListWebScanRule",
+ "service": "AssetConfigService",
+ "operation": "ListWebScanRule",
+ "kind": "readonly",
+ "description": "获取 Web 自定义路径列表",
+ "tags": [
+ "资产识别配置"
+ ]
+ },
+ {
+ "method": "AssetConfigService.ResetAssetCollectConfig",
+ "service": "AssetConfigService",
+ "operation": "ResetAssetCollectConfig",
+ "kind": "mutation",
+ "description": "重置资产采集设置",
+ "tags": [
+ "资产识别配置"
+ ]
+ },
+ {
+ "method": "AssetConfigService.UpdateAssetCollectConfig",
+ "service": "AssetConfigService",
+ "operation": "UpdateAssetCollectConfig",
+ "kind": "mutation",
+ "description": "更新资产采集设置",
+ "tags": [
+ "资产识别配置"
+ ]
+ },
+ {
+ "method": "AssetConfigService.UpdateWebScanRule",
+ "service": "AssetConfigService",
+ "operation": "UpdateWebScanRule",
+ "kind": "mutation",
+ "description": "更新 Web 自定义路径",
+ "tags": [
+ "资产识别配置"
+ ]
+ },
+ {
+ "method": "AssetCrontabService.GetCrontabList",
+ "service": "AssetCrontabService",
+ "operation": "GetCrontabList",
+ "kind": "readonly",
+ "description": "获取任务计划列表",
+ "tags": [
+ "计划任务资产"
+ ]
+ },
+ {
+ "method": "AssetCrontabService.GetRefreshDateTime",
+ "service": "AssetCrontabService",
+ "operation": "GetRefreshDateTime",
+ "kind": "readonly",
+ "description": "获取资产的更新时间",
+ "tags": [
+ "计划任务资产"
+ ]
+ },
+ {
+ "method": "AssetEnvService.GetList",
+ "service": "AssetEnvService",
+ "operation": "GetList",
+ "kind": "readonly",
+ "description": "获取主机环境变量信息",
+ "tags": [
+ "环境变量资产"
+ ]
+ },
+ {
+ "method": "AssetModuleService.GetModule",
+ "service": "AssetModuleService",
+ "operation": "GetModule",
+ "kind": "readonly",
+ "description": "获取主机内核模块信息",
+ "tags": [
+ "内核模块"
+ ]
+ },
+ {
+ "method": "AssetModuleService.GetModuleList",
+ "service": "AssetModuleService",
+ "operation": "GetModuleList",
+ "kind": "readonly",
+ "description": "获取主机分区信息列表",
+ "tags": [
+ "内核模块"
+ ]
+ },
+ {
+ "method": "AssetModuleService.GetRefreshDateTime",
+ "service": "AssetModuleService",
+ "operation": "GetRefreshDateTime",
+ "kind": "readonly",
+ "description": "获取资产的更新时间",
+ "tags": [
+ "内核模块"
+ ]
+ },
+ {
+ "method": "AssetRegistryService.GetList",
+ "service": "AssetRegistryService",
+ "operation": "GetList",
+ "kind": "readonly",
+ "description": "获取主机注册表信息",
+ "tags": [
+ "注册表资产"
+ ]
+ },
+ {
+ "method": "AssetStartupService.GetList",
+ "service": "AssetStartupService",
+ "operation": "GetList",
+ "kind": "readonly",
+ "description": "获取主机启动项信息",
+ "tags": [
+ "启动项资产"
+ ]
+ },
+ {
+ "method": "AssetStartupService.GetRefreshDateTime",
+ "service": "AssetStartupService",
+ "operation": "GetRefreshDateTime",
+ "kind": "readonly",
+ "description": "获取启动项资产的更新时间",
+ "tags": [
+ "启动项资产"
+ ]
+ },
+ {
+ "method": "BackupService.CreateBackup",
+ "service": "BackupService",
+ "operation": "CreateBackup",
+ "kind": "mutation",
+ "description": "手动创建备份",
+ "tags": [
+ "配置备份"
+ ]
+ },
+ {
+ "method": "BackupService.DeleteHistory",
+ "service": "BackupService",
+ "operation": "DeleteHistory",
+ "kind": "mutation",
+ "description": "删除备份历史",
+ "tags": [
+ "配置备份"
+ ]
+ },
+ {
+ "method": "BackupService.GetConfig",
+ "service": "BackupService",
+ "operation": "GetConfig",
+ "kind": "readonly",
+ "description": "获取备份配置",
+ "tags": [
+ "配置备份"
+ ]
+ },
+ {
+ "method": "BackupService.GetHistory",
+ "service": "BackupService",
+ "operation": "GetHistory",
+ "kind": "readonly",
+ "description": "获取备份历史详情",
+ "tags": [
+ "配置备份"
+ ]
+ },
+ {
+ "method": "BackupService.GetRecovery",
+ "service": "BackupService",
+ "operation": "GetRecovery",
+ "kind": "readonly",
+ "description": "获取恢复历史详情",
+ "tags": [
+ "配置备份"
+ ]
+ },
+ {
+ "method": "BackupService.GetStatus",
+ "service": "BackupService",
+ "operation": "GetStatus",
+ "kind": "readonly",
+ "description": "获取备份恢复状态",
+ "tags": [
+ "配置备份"
+ ]
+ },
+ {
+ "method": "BackupService.ListHistory",
+ "service": "BackupService",
+ "operation": "ListHistory",
+ "kind": "readonly",
+ "description": "获取备份历史列表",
+ "tags": [
+ "配置备份"
+ ]
+ },
+ {
+ "method": "BackupService.RestoreByHistory",
+ "service": "BackupService",
+ "operation": "RestoreByHistory",
+ "kind": "mutation",
+ "description": "根据备份历史恢复",
+ "tags": [
+ "配置备份"
+ ]
+ },
+ {
+ "method": "BackupService.SetConfig",
+ "service": "BackupService",
+ "operation": "SetConfig",
+ "kind": "mutation",
+ "description": "更新备份配置",
+ "tags": [
+ "配置备份"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.BatchUpdateItem",
+ "service": "BaselineV2Service",
+ "operation": "BatchUpdateItem",
+ "kind": "mutation",
+ "description": "编辑导入的核查项",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.CopyLogic",
+ "service": "BaselineV2Service",
+ "operation": "CopyLogic",
+ "kind": "mutation",
+ "description": "复制核查逻辑",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.CreateCredential",
+ "service": "BaselineV2Service",
+ "operation": "CreateCredential",
+ "kind": "mutation",
+ "description": "添加凭证",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.CreateItem",
+ "service": "BaselineV2Service",
+ "operation": "CreateItem",
+ "kind": "mutation",
+ "description": "导入新的核查项",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.CreateLogic",
+ "service": "BaselineV2Service",
+ "operation": "CreateLogic",
+ "kind": "mutation",
+ "description": "快速新增核查逻辑",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.CreateSet",
+ "service": "BaselineV2Service",
+ "operation": "CreateSet",
+ "kind": "mutation",
+ "description": "添加策略",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.CreateTask",
+ "service": "BaselineV2Service",
+ "operation": "CreateTask",
+ "kind": "mutation",
+ "description": "新建核查任务",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.CreateWhitelist",
+ "service": "BaselineV2Service",
+ "operation": "CreateWhitelist",
+ "kind": "mutation",
+ "description": "生成白名单规则",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.DeleteCredential",
+ "service": "BaselineV2Service",
+ "operation": "DeleteCredential",
+ "kind": "mutation",
+ "description": "删除凭证",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.DeleteItem",
+ "service": "BaselineV2Service",
+ "operation": "DeleteItem",
+ "kind": "mutation",
+ "description": "删除导入的核查项",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.DeleteLogic",
+ "service": "BaselineV2Service",
+ "operation": "DeleteLogic",
+ "kind": "mutation",
+ "description": "删除核查逻辑",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.DeleteSet",
+ "service": "BaselineV2Service",
+ "operation": "DeleteSet",
+ "kind": "mutation",
+ "description": "删除策略",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.DeleteSubtask",
+ "service": "BaselineV2Service",
+ "operation": "DeleteSubtask",
+ "kind": "mutation",
+ "description": "删除核查子任务",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.DeleteTask",
+ "service": "BaselineV2Service",
+ "operation": "DeleteTask",
+ "kind": "mutation",
+ "description": "删除核查任务,将会连带删除子任务",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.EditLogic",
+ "service": "BaselineV2Service",
+ "operation": "EditLogic",
+ "kind": "mutation",
+ "description": "编辑核查逻辑",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.EditSubtaskState",
+ "service": "BaselineV2Service",
+ "operation": "EditSubtaskState",
+ "kind": "mutation",
+ "description": "修改子任务状态",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.GetAllTag",
+ "service": "BaselineV2Service",
+ "operation": "GetAllTag",
+ "kind": "readonly",
+ "description": "获取目前用户自定义的所有 Tag",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.GetCredentialList",
+ "service": "BaselineV2Service",
+ "operation": "GetCredentialList",
+ "kind": "readonly",
+ "description": "获取凭证列表",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.GetItemList",
+ "service": "BaselineV2Service",
+ "operation": "GetItemList",
+ "kind": "readonly",
+ "description": "获取导入的核查项详情",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.GetLogic",
+ "service": "BaselineV2Service",
+ "operation": "GetLogic",
+ "kind": "readonly",
+ "description": "获取核查逻辑详细信息,仅应该在用户选择好逻辑后,获取几个具体逻辑的详细信息",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.GetLogicList",
+ "service": "BaselineV2Service",
+ "operation": "GetLogicList",
+ "kind": "readonly",
+ "description": "获取核查逻辑列表",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.GetLogicTags",
+ "service": "BaselineV2Service",
+ "operation": "GetLogicTags",
+ "kind": "readonly",
+ "description": "获取核查逻辑的所有标签",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.GetSet",
+ "service": "BaselineV2Service",
+ "operation": "GetSet",
+ "kind": "readonly",
+ "description": "获取策略信息",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.GetSetList",
+ "service": "BaselineV2Service",
+ "operation": "GetSetList",
+ "kind": "readonly",
+ "description": "获取策略列表",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.GetSubtask",
+ "service": "BaselineV2Service",
+ "operation": "GetSubtask",
+ "kind": "readonly",
+ "description": "获取核查子任务详情",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.GetSubtaskList",
+ "service": "BaselineV2Service",
+ "operation": "GetSubtaskList",
+ "kind": "readonly",
+ "description": "获取核查子任务列表",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.GetTask",
+ "service": "BaselineV2Service",
+ "operation": "GetTask",
+ "kind": "readonly",
+ "description": "获取核查任务详情",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.GetTaskList",
+ "service": "BaselineV2Service",
+ "operation": "GetTaskList",
+ "kind": "readonly",
+ "description": "获取核查任务列表",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.GetTaskNameList",
+ "service": "BaselineV2Service",
+ "operation": "GetTaskNameList",
+ "kind": "readonly",
+ "description": "获取核查任务名称列表",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.GetTemplateLogic",
+ "service": "BaselineV2Service",
+ "operation": "GetTemplateLogic",
+ "kind": "readonly",
+ "description": "获取快速自定义核查逻辑详细信息,用于编辑快速自定义之前查询信息",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.GetWhitelistRequest",
+ "service": "BaselineV2Service",
+ "operation": "GetWhitelistRequest",
+ "kind": "readonly",
+ "description": "获取白名单规则",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.StartSubtask",
+ "service": "BaselineV2Service",
+ "operation": "StartSubtask",
+ "kind": "mutation",
+ "description": "立即进行子任务核查,将会覆盖原有的子任务结果",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.StartTask",
+ "service": "BaselineV2Service",
+ "operation": "StartTask",
+ "kind": "mutation",
+ "description": "开始核查任务",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.StopTask",
+ "service": "BaselineV2Service",
+ "operation": "StopTask",
+ "kind": "mutation",
+ "description": "停止核查任务",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.UpdateCredential",
+ "service": "BaselineV2Service",
+ "operation": "UpdateCredential",
+ "kind": "mutation",
+ "description": "编辑凭证",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.UpdateItem",
+ "service": "BaselineV2Service",
+ "operation": "UpdateItem",
+ "kind": "mutation",
+ "description": "编辑导入的核查项",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.UpdateLogic",
+ "service": "BaselineV2Service",
+ "operation": "UpdateLogic",
+ "kind": "mutation",
+ "description": "编辑核查逻辑,目前编辑核查逻辑只能编辑其默认参数(json schema 的 default)",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.UpdateSet",
+ "service": "BaselineV2Service",
+ "operation": "UpdateSet",
+ "kind": "mutation",
+ "description": "更新策略",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BaselineV2Service.UpdateTask",
+ "service": "BaselineV2Service",
+ "operation": "UpdateTask",
+ "kind": "mutation",
+ "description": "修改任务绑定的核查策略或者任务绑定的探针",
+ "tags": [
+ "合规基线"
+ ]
+ },
+ {
+ "method": "BruteForceService.CreateWhitelist",
+ "service": "BruteForceService",
+ "operation": "CreateWhitelist",
+ "kind": "mutation",
+ "description": "生成白名单规则",
+ "tags": [
+ "暴力破解"
+ ]
+ },
+ {
+ "method": "BruteForceService.DeleteEvent",
+ "service": "BruteForceService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除所选的事件",
+ "tags": [
+ "暴力破解"
+ ]
+ },
+ {
+ "method": "BruteForceService.EditEventComment",
+ "service": "BruteForceService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "暴力破解"
+ ]
+ },
+ {
+ "method": "BruteForceService.EditEventState",
+ "service": "BruteForceService",
+ "operation": "EditEventState",
+ "kind": "mutation",
+ "description": "改变所选事件的处置状态",
+ "tags": [
+ "暴力破解"
+ ]
+ },
+ {
+ "method": "BruteForceService.GenerateEventFirewallRule",
+ "service": "BruteForceService",
+ "operation": "GenerateEventFirewallRule",
+ "kind": "mutation",
+ "description": "根据所选事件生成网络阻断规则",
+ "tags": [
+ "暴力破解"
+ ]
+ },
+ {
+ "method": "BruteForceService.GetEvent",
+ "service": "BruteForceService",
+ "operation": "GetEvent",
+ "kind": "readonly",
+ "description": "获取事件详情",
+ "tags": [
+ "暴力破解"
+ ]
+ },
+ {
+ "method": "BruteForceService.GetEventList",
+ "service": "BruteForceService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "暴力破解"
+ ]
+ },
+ {
+ "method": "BruteForceService.GetEventSourceIP",
+ "service": "BruteForceService",
+ "operation": "GetEventSourceIP",
+ "kind": "readonly",
+ "description": "获取某事件的攻击源 IP",
+ "tags": [
+ "暴力破解"
+ ]
+ },
+ {
+ "method": "BruteForceService.GetWhitelist",
+ "service": "BruteForceService",
+ "operation": "GetWhitelist",
+ "kind": "readonly",
+ "description": "获取白名单规则",
+ "tags": [
+ "暴力破解"
+ ]
+ },
+ {
+ "method": "BruteForceService.MarkAsRead",
+ "service": "BruteForceService",
+ "operation": "MarkAsRead",
+ "kind": "mutation",
+ "description": "标记事件为已读",
+ "tags": [
+ "暴力破解"
+ ]
+ },
+ {
+ "method": "BusinessGroupService.CreateBusinessGroup",
+ "service": "BusinessGroupService",
+ "operation": "CreateBusinessGroup",
+ "kind": "mutation",
+ "description": "新建子业务组",
+ "tags": [
+ "业务组管理"
+ ]
+ },
+ {
+ "method": "BusinessGroupService.DeleteBusinessGroup",
+ "service": "BusinessGroupService",
+ "operation": "DeleteBusinessGroup",
+ "kind": "mutation",
+ "description": "删除业务组",
+ "tags": [
+ "业务组管理"
+ ]
+ },
+ {
+ "method": "BusinessGroupService.EditBusinessGroup",
+ "service": "BusinessGroupService",
+ "operation": "EditBusinessGroup",
+ "kind": "mutation",
+ "description": "编辑业务组",
+ "tags": [
+ "业务组管理"
+ ]
+ },
+ {
+ "method": "BusinessGroupService.GetBusinessGroupDetail",
+ "service": "BusinessGroupService",
+ "operation": "GetBusinessGroupDetail",
+ "kind": "readonly",
+ "description": "获取业务组详情",
+ "tags": [
+ "业务组管理"
+ ]
+ },
+ {
+ "method": "BusinessGroupService.GetBusinessGroupTree",
+ "service": "BusinessGroupService",
+ "operation": "GetBusinessGroupTree",
+ "kind": "readonly",
+ "description": "获取业务组列表",
+ "tags": [
+ "业务组管理"
+ ]
+ },
+ {
+ "method": "BusinessGroupService.GetBusinessGroupTreeByOrg",
+ "service": "BusinessGroupService",
+ "operation": "GetBusinessGroupTreeByOrg",
+ "kind": "readonly",
+ "description": "获取某机构的业务组列表",
+ "tags": [
+ "业务组管理"
+ ]
+ },
+ {
+ "method": "CloudWalkerAccountAuthService.CreateRole",
+ "service": "CloudWalkerAccountAuthService",
+ "operation": "CreateRole",
+ "kind": "mutation",
+ "description": "创建角色",
+ "tags": [
+ "用户角色管理"
+ ]
+ },
+ {
+ "method": "CloudWalkerAccountAuthService.CreateUser",
+ "service": "CloudWalkerAccountAuthService",
+ "operation": "CreateUser",
+ "kind": "mutation",
+ "description": "创建用户",
+ "tags": [
+ "用户角色管理"
+ ]
+ },
+ {
+ "method": "CloudWalkerAccountAuthService.DeleteRole",
+ "service": "CloudWalkerAccountAuthService",
+ "operation": "DeleteRole",
+ "kind": "mutation",
+ "description": "删除角色",
+ "tags": [
+ "用户角色管理"
+ ]
+ },
+ {
+ "method": "CloudWalkerAccountAuthService.DeleteUser",
+ "service": "CloudWalkerAccountAuthService",
+ "operation": "DeleteUser",
+ "kind": "mutation",
+ "description": "删除用户",
+ "tags": [
+ "用户角色管理"
+ ]
+ },
+ {
+ "method": "CloudWalkerAccountAuthService.GetRole",
+ "service": "CloudWalkerAccountAuthService",
+ "operation": "GetRole",
+ "kind": "readonly",
+ "description": "获取角色",
+ "tags": [
+ "用户角色管理"
+ ]
+ },
+ {
+ "method": "CloudWalkerAccountAuthService.GetUserInfo",
+ "service": "CloudWalkerAccountAuthService",
+ "operation": "GetUserInfo",
+ "kind": "readonly",
+ "description": "获取用户信息详情",
+ "tags": [
+ "用户角色管理"
+ ]
+ },
+ {
+ "method": "CloudWalkerAccountAuthService.ListRole",
+ "service": "CloudWalkerAccountAuthService",
+ "operation": "ListRole",
+ "kind": "readonly",
+ "description": "获取角色列表",
+ "tags": [
+ "用户角色管理"
+ ]
+ },
+ {
+ "method": "CloudWalkerAccountAuthService.ListUser",
+ "service": "CloudWalkerAccountAuthService",
+ "operation": "ListUser",
+ "kind": "readonly",
+ "description": "获取用户列表",
+ "tags": [
+ "用户角色管理"
+ ]
+ },
+ {
+ "method": "CloudWalkerAccountAuthService.UpdateRole",
+ "service": "CloudWalkerAccountAuthService",
+ "operation": "UpdateRole",
+ "kind": "mutation",
+ "description": "更新角色",
+ "tags": [
+ "用户角色管理"
+ ]
+ },
+ {
+ "method": "CloudWalkerAccountAuthService.UpdateUser",
+ "service": "CloudWalkerAccountAuthService",
+ "operation": "UpdateUser",
+ "kind": "mutation",
+ "description": "更新用户",
+ "tags": [
+ "用户角色管理"
+ ]
+ },
+ {
+ "method": "CloudWalkerAccountAuthService.UpdateUserEnable",
+ "service": "CloudWalkerAccountAuthService",
+ "operation": "UpdateUserEnable",
+ "kind": "mutation",
+ "description": "启用/禁用用户",
+ "tags": [
+ "用户角色管理"
+ ]
+ },
+ {
+ "method": "CloudwalkerSettingService.ExternalLink",
+ "service": "CloudwalkerSettingService",
+ "operation": "ExternalLink",
+ "kind": "mutation",
+ "description": "外部连接",
+ "tags": [
+ "牧云设置"
+ ]
+ },
+ {
+ "method": "CloudwalkerSettingService.ExternalLinkRedirect",
+ "service": "CloudwalkerSettingService",
+ "operation": "ExternalLinkRedirect",
+ "kind": "mutation",
+ "description": "外部连接重定向",
+ "tags": [
+ "牧云设置"
+ ]
+ },
+ {
+ "method": "CloudwalkerSettingService.GetCurrentLanguage",
+ "service": "CloudwalkerSettingService",
+ "operation": "GetCurrentLanguage",
+ "kind": "readonly",
+ "description": "获取当前语言",
+ "tags": [
+ "牧云设置"
+ ]
+ },
+ {
+ "method": "CloudwalkerSettingService.GetCurrentTime",
+ "service": "CloudwalkerSettingService",
+ "operation": "GetCurrentTime",
+ "kind": "readonly",
+ "description": "获取当前系统时间",
+ "tags": [
+ "系统配置"
+ ]
+ },
+ {
+ "method": "CloudwalkerSettingService.GetDisabledFeature",
+ "service": "CloudwalkerSettingService",
+ "operation": "GetDisabledFeature",
+ "kind": "readonly",
+ "description": "获取被禁用的功能",
+ "tags": [
+ "系统配置"
+ ]
+ },
+ {
+ "method": "CloudwalkerSettingService.GetInstallationInfo",
+ "service": "CloudwalkerSettingService",
+ "operation": "GetInstallationInfo",
+ "kind": "readonly",
+ "description": "获取安装信息",
+ "tags": [
+ "牧云设置"
+ ]
+ },
+ {
+ "method": "CloudwalkerSettingService.GetProductInfo",
+ "service": "CloudwalkerSettingService",
+ "operation": "GetProductInfo",
+ "kind": "readonly",
+ "description": "获取产品信息",
+ "tags": [
+ "牧云设置"
+ ]
+ },
+ {
+ "method": "CloudwalkerSettingService.GetPublicKey",
+ "service": "CloudwalkerSettingService",
+ "operation": "GetPublicKey",
+ "kind": "readonly",
+ "description": "获取服务端公钥",
+ "tags": [
+ "系统配置"
+ ]
+ },
+ {
+ "method": "CloudwalkerSettingService.SetProductInfo",
+ "service": "CloudwalkerSettingService",
+ "operation": "SetProductInfo",
+ "kind": "mutation",
+ "description": "设置产品相关信息",
+ "tags": [
+ "牧云设置"
+ ]
+ },
+ {
+ "method": "CrontabService.CreatePlan",
+ "service": "CrontabService",
+ "operation": "CreatePlan",
+ "kind": "mutation",
+ "description": "创建任务计划",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "CrontabService.CreateWeakPasswordPlan",
+ "service": "CrontabService",
+ "operation": "CreateWeakPasswordPlan",
+ "kind": "mutation",
+ "description": "创建弱口令任务计划",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "CrontabService.DeletePlan",
+ "service": "CrontabService",
+ "operation": "DeletePlan",
+ "kind": "mutation",
+ "description": "删除任务计划",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "CrontabService.EditPlan",
+ "service": "CrontabService",
+ "operation": "EditPlan",
+ "kind": "mutation",
+ "description": "修改任务计划",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "CrontabService.EditWeakPasswordPlan",
+ "service": "CrontabService",
+ "operation": "EditWeakPasswordPlan",
+ "kind": "mutation",
+ "description": "修改弱口令任务计划",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "CrontabService.GetPlan",
+ "service": "CrontabService",
+ "operation": "GetPlan",
+ "kind": "readonly",
+ "description": "获取任务计划详情",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "CrontabService.GetPlanList",
+ "service": "CrontabService",
+ "operation": "GetPlanList",
+ "kind": "readonly",
+ "description": "获取任务计划列表",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "CrontabService.GetPlanLog",
+ "service": "CrontabService",
+ "operation": "GetPlanLog",
+ "kind": "readonly",
+ "description": "获取任务计划日志",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "CrontabService.GetTaskResult",
+ "service": "CrontabService",
+ "operation": "GetTaskResult",
+ "kind": "readonly",
+ "description": "获取任务计划结果",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "CrontabService.GetWeakPasswordPlan",
+ "service": "CrontabService",
+ "operation": "GetWeakPasswordPlan",
+ "kind": "readonly",
+ "description": "获取弱口令任务计划详情",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "CrontabService.GetWeakPasswordPlanList",
+ "service": "CrontabService",
+ "operation": "GetWeakPasswordPlanList",
+ "kind": "readonly",
+ "description": "获取弱口令任务计划列表",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "CrontabService.GetWeakPasswordTaskConfig",
+ "service": "CrontabService",
+ "operation": "GetWeakPasswordTaskConfig",
+ "kind": "readonly",
+ "description": "获取弱口令任务默认配置",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "CrontabService.RetryTaskByPlan",
+ "service": "CrontabService",
+ "operation": "RetryTaskByPlan",
+ "kind": "mutation",
+ "description": "重试任务计划中的失败的任务",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "CrontabService.SetPlanEnablement",
+ "service": "CrontabService",
+ "operation": "SetPlanEnablement",
+ "kind": "mutation",
+ "description": "设置任务计划自动执行",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "CrontabService.StartPlan",
+ "service": "CrontabService",
+ "operation": "StartPlan",
+ "kind": "mutation",
+ "description": "手动开始任务计划",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "CrontabService.StopPlan",
+ "service": "CrontabService",
+ "operation": "StopPlan",
+ "kind": "mutation",
+ "description": "手动停止执行中的任务计划",
+ "tags": [
+ "任务计划"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.CreateAbnormalLoginRule",
+ "service": "DetectionRuleService",
+ "operation": "CreateAbnormalLoginRule",
+ "kind": "mutation",
+ "description": "创建异常登陆检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.CreateHoneypotRule",
+ "service": "DetectionRuleService",
+ "operation": "CreateHoneypotRule",
+ "kind": "mutation",
+ "description": "创建蜜罐诱捕检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.CreateNetworkAuditRule",
+ "service": "DetectionRuleService",
+ "operation": "CreateNetworkAuditRule",
+ "kind": "mutation",
+ "description": "创建网络异常检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.CreateSensitiveFileRule",
+ "service": "DetectionRuleService",
+ "operation": "CreateSensitiveFileRule",
+ "kind": "mutation",
+ "description": "创建敏感文件检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.CreateSensitivePortRule",
+ "service": "DetectionRuleService",
+ "operation": "CreateSensitivePortRule",
+ "kind": "mutation",
+ "description": "创建敏感端口检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.CreateSuspiciousOperationRule",
+ "service": "DetectionRuleService",
+ "operation": "CreateSuspiciousOperationRule",
+ "kind": "mutation",
+ "description": "创建可疑命令检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.DeleteAbnormalLoginRule",
+ "service": "DetectionRuleService",
+ "operation": "DeleteAbnormalLoginRule",
+ "kind": "mutation",
+ "description": "删除异常登陆检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.DeleteHoneypotRule",
+ "service": "DetectionRuleService",
+ "operation": "DeleteHoneypotRule",
+ "kind": "mutation",
+ "description": "删除蜜罐诱捕检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.DeleteNetworkAuditRule",
+ "service": "DetectionRuleService",
+ "operation": "DeleteNetworkAuditRule",
+ "kind": "mutation",
+ "description": "删除网络异常检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.DeleteSensitiveFileRule",
+ "service": "DetectionRuleService",
+ "operation": "DeleteSensitiveFileRule",
+ "kind": "mutation",
+ "description": "删除敏感文件检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.DeleteSensitivePortRule",
+ "service": "DetectionRuleService",
+ "operation": "DeleteSensitivePortRule",
+ "kind": "mutation",
+ "description": "删除敏感端口检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.DeleteSuspiciousOperationRule",
+ "service": "DetectionRuleService",
+ "operation": "DeleteSuspiciousOperationRule",
+ "kind": "mutation",
+ "description": "删除可疑命令检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.EnablementAbnormalLoginRule",
+ "service": "DetectionRuleService",
+ "operation": "EnablementAbnormalLoginRule",
+ "kind": "mutation",
+ "description": "启禁用异常登录检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.EnablementHoneypotRule",
+ "service": "DetectionRuleService",
+ "operation": "EnablementHoneypotRule",
+ "kind": "mutation",
+ "description": "启禁用蜜罐诱捕检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.EnablementNetworkAuditRule",
+ "service": "DetectionRuleService",
+ "operation": "EnablementNetworkAuditRule",
+ "kind": "mutation",
+ "description": "启禁用网络异常检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.EnablementSensitiveFileRule",
+ "service": "DetectionRuleService",
+ "operation": "EnablementSensitiveFileRule",
+ "kind": "mutation",
+ "description": "启禁用敏感文件检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.EnablementSensitivePortRule",
+ "service": "DetectionRuleService",
+ "operation": "EnablementSensitivePortRule",
+ "kind": "mutation",
+ "description": "启禁用敏感端口检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.EnablementSuspiciousOperationRule",
+ "service": "DetectionRuleService",
+ "operation": "EnablementSuspiciousOperationRule",
+ "kind": "mutation",
+ "description": "启禁用可疑命令检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.GetBruteForceAdvCfg",
+ "service": "DetectionRuleService",
+ "operation": "GetBruteForceAdvCfg",
+ "kind": "readonly",
+ "description": "获取暴力破解高级配置",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.GetHoneypotRule",
+ "service": "DetectionRuleService",
+ "operation": "GetHoneypotRule",
+ "kind": "readonly",
+ "description": "获取蜜罐诱捕检测规则详情",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.GetMaliciousFileAdvCfg",
+ "service": "DetectionRuleService",
+ "operation": "GetMaliciousFileAdvCfg",
+ "kind": "readonly",
+ "description": "获取恶意文件高级配置",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.GetNetworkAuditAdvCfg",
+ "service": "DetectionRuleService",
+ "operation": "GetNetworkAuditAdvCfg",
+ "kind": "readonly",
+ "description": "获取网络异常高级配置",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.GetSuspiciousOperationAdvCfg",
+ "service": "DetectionRuleService",
+ "operation": "GetSuspiciousOperationAdvCfg",
+ "kind": "readonly",
+ "description": "获取可疑命令高级配置",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.GetWebshellAdvCfg",
+ "service": "DetectionRuleService",
+ "operation": "GetWebshellAdvCfg",
+ "kind": "readonly",
+ "description": "获取 Webshell 高级配置",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.ListAbnormalLoginRule",
+ "service": "DetectionRuleService",
+ "operation": "ListAbnormalLoginRule",
+ "kind": "readonly",
+ "description": "获取异常登陆检测规则列表",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.ListHoneypotRule",
+ "service": "DetectionRuleService",
+ "operation": "ListHoneypotRule",
+ "kind": "readonly",
+ "description": "获取蜜罐诱捕检测规则列表",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.ListNetworkAuditRule",
+ "service": "DetectionRuleService",
+ "operation": "ListNetworkAuditRule",
+ "kind": "readonly",
+ "description": "获取网络异常检测规则列表",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.ListSensitiveFileRule",
+ "service": "DetectionRuleService",
+ "operation": "ListSensitiveFileRule",
+ "kind": "readonly",
+ "description": "获取敏感文件检测规则列表",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.ListSensitivePortRule",
+ "service": "DetectionRuleService",
+ "operation": "ListSensitivePortRule",
+ "kind": "readonly",
+ "description": "获取敏感端口检测规则列表",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.ListSuspiciousOperationRule",
+ "service": "DetectionRuleService",
+ "operation": "ListSuspiciousOperationRule",
+ "kind": "readonly",
+ "description": "获取可疑命令检测规则列表",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.SetBruteForceAdvCfg",
+ "service": "DetectionRuleService",
+ "operation": "SetBruteForceAdvCfg",
+ "kind": "mutation",
+ "description": "设置暴力破解高级配置",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.SetMaliciousFileAdvCfg",
+ "service": "DetectionRuleService",
+ "operation": "SetMaliciousFileAdvCfg",
+ "kind": "mutation",
+ "description": "设置恶意文件高级配置",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.SetNetworkAuditAdvCfg",
+ "service": "DetectionRuleService",
+ "operation": "SetNetworkAuditAdvCfg",
+ "kind": "mutation",
+ "description": "设置网络异常高级配置",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.SetSuspiciousOperationAdvCfg",
+ "service": "DetectionRuleService",
+ "operation": "SetSuspiciousOperationAdvCfg",
+ "kind": "mutation",
+ "description": "设置可疑命令高级配置",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.SetWebshellAdvCfg",
+ "service": "DetectionRuleService",
+ "operation": "SetWebshellAdvCfg",
+ "kind": "mutation",
+ "description": "设置 Webshell 高级配置",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.UpdateAbnormalLoginRule",
+ "service": "DetectionRuleService",
+ "operation": "UpdateAbnormalLoginRule",
+ "kind": "mutation",
+ "description": "更新异常登陆检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.UpdateHoneypotRule",
+ "service": "DetectionRuleService",
+ "operation": "UpdateHoneypotRule",
+ "kind": "mutation",
+ "description": "更新蜜罐诱捕检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.UpdateNetworkAuditRule",
+ "service": "DetectionRuleService",
+ "operation": "UpdateNetworkAuditRule",
+ "kind": "mutation",
+ "description": "更新网络异常检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.UpdateSensitiveFileRule",
+ "service": "DetectionRuleService",
+ "operation": "UpdateSensitiveFileRule",
+ "kind": "mutation",
+ "description": "更新敏感文件检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.UpdateSensitivePortRule",
+ "service": "DetectionRuleService",
+ "operation": "UpdateSensitivePortRule",
+ "kind": "mutation",
+ "description": "更新敏感端口检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DetectionRuleService.UpdateSuspiciousOperationRule",
+ "service": "DetectionRuleService",
+ "operation": "UpdateSuspiciousOperationRule",
+ "kind": "mutation",
+ "description": "更新可疑命令检测规则",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "DockerContainerService.GetContainer",
+ "service": "DockerContainerService",
+ "operation": "GetContainer",
+ "kind": "readonly",
+ "description": "获取Docker容器资产详情",
+ "tags": [
+ "Docker资产"
+ ]
+ },
+ {
+ "method": "DockerContainerService.GetContainerList",
+ "service": "DockerContainerService",
+ "operation": "GetContainerList",
+ "kind": "readonly",
+ "description": "获取Docker容器资产列表",
+ "tags": [
+ "Docker资产"
+ ]
+ },
+ {
+ "method": "DockerContainerService.StatContainer",
+ "service": "DockerContainerService",
+ "operation": "StatContainer",
+ "kind": "readonly",
+ "description": "获取Docker容器统计结果",
+ "tags": [
+ "Docker资产"
+ ]
+ },
+ {
+ "method": "DockerImageService.GetImage",
+ "service": "DockerImageService",
+ "operation": "GetImage",
+ "kind": "readonly",
+ "description": "获取Docker镜像资产详情",
+ "tags": [
+ "Docker资产"
+ ]
+ },
+ {
+ "method": "DockerImageService.GetImageList",
+ "service": "DockerImageService",
+ "operation": "GetImageList",
+ "kind": "readonly",
+ "description": "获取Docker镜像资产列表",
+ "tags": [
+ "Docker资产"
+ ]
+ },
+ {
+ "method": "DockerImageService.StatImage",
+ "service": "DockerImageService",
+ "operation": "StatImage",
+ "kind": "readonly",
+ "description": "获取Docker镜像统计",
+ "tags": [
+ "Docker资产"
+ ]
+ },
+ {
+ "method": "DockerNetworkService.GetNetwork",
+ "service": "DockerNetworkService",
+ "operation": "GetNetwork",
+ "kind": "readonly",
+ "description": "获取Docker网络资产详情",
+ "tags": [
+ "Docker资产"
+ ]
+ },
+ {
+ "method": "DockerNetworkService.GetNetworkList",
+ "service": "DockerNetworkService",
+ "operation": "GetNetworkList",
+ "kind": "readonly",
+ "description": "获取Docker网络资产列表",
+ "tags": [
+ "Docker资产"
+ ]
+ },
+ {
+ "method": "DockerNetworkService.StatNetwork",
+ "service": "DockerNetworkService",
+ "operation": "StatNetwork",
+ "kind": "readonly",
+ "description": "获取Docker网络资产列表",
+ "tags": [
+ "Docker资产"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.CreateWhitelist",
+ "service": "ElevationProcessEventService",
+ "operation": "CreateWhitelist",
+ "kind": "mutation",
+ "description": "生成白名单规则",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.DeleteEvent",
+ "service": "ElevationProcessEventService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除所选的事件",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.EditEventComment",
+ "service": "ElevationProcessEventService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.EditEventState",
+ "service": "ElevationProcessEventService",
+ "operation": "EditEventState",
+ "kind": "mutation",
+ "description": "改变所选事件的处置状态",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.GetEvent",
+ "service": "ElevationProcessEventService",
+ "operation": "GetEvent",
+ "kind": "readonly",
+ "description": "获取事件详情",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.GetEventList",
+ "service": "ElevationProcessEventService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.GetEventListByExename",
+ "service": "ElevationProcessEventService",
+ "operation": "GetEventListByExename",
+ "kind": "readonly",
+ "description": "返回按进程聚合的事件列表",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.GetEventListByHost",
+ "service": "ElevationProcessEventService",
+ "operation": "GetEventListByHost",
+ "kind": "readonly",
+ "description": "返回按主机聚合的事件列表",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.GetEventListByOriginEffectUser",
+ "service": "ElevationProcessEventService",
+ "operation": "GetEventListByOriginEffectUser",
+ "kind": "readonly",
+ "description": "返回按原有效用户聚合的事件列表",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.GetWhitelist",
+ "service": "ElevationProcessEventService",
+ "operation": "GetWhitelist",
+ "kind": "readonly",
+ "description": "获取白名单规则",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.MarkAsRead",
+ "service": "ElevationProcessEventService",
+ "operation": "MarkAsRead",
+ "kind": "mutation",
+ "description": "标记事件为已读",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.ProcessKill",
+ "service": "ElevationProcessEventService",
+ "operation": "ProcessKill",
+ "kind": "mutation",
+ "description": "删除所选的事件",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.StatEventByExename",
+ "service": "ElevationProcessEventService",
+ "operation": "StatEventByExename",
+ "kind": "readonly",
+ "description": "获取按进程名聚合的统计结果",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.StatEventByHost",
+ "service": "ElevationProcessEventService",
+ "operation": "StatEventByHost",
+ "kind": "readonly",
+ "description": "获取按主机聚合的统计结果",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.StatEventByLevel",
+ "service": "ElevationProcessEventService",
+ "operation": "StatEventByLevel",
+ "kind": "readonly",
+ "description": "获取按事件风险等级聚合的统计结果",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.StatEventByOriginEffectUser",
+ "service": "ElevationProcessEventService",
+ "operation": "StatEventByOriginEffectUser",
+ "kind": "readonly",
+ "description": "获取按提权原有效用户聚合的统计结果",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.StatEventByState",
+ "service": "ElevationProcessEventService",
+ "operation": "StatEventByState",
+ "kind": "readonly",
+ "description": "获取按处置状态聚合的统计结果",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.StatEventByTime",
+ "service": "ElevationProcessEventService",
+ "operation": "StatEventByTime",
+ "kind": "readonly",
+ "description": "获取按事件发生时间聚合的统计结果",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "ElevationProcessEventService.StatEventByType",
+ "service": "ElevationProcessEventService",
+ "operation": "StatEventByType",
+ "kind": "readonly",
+ "description": "获取按提权类型聚合的统计结果",
+ "tags": [
+ "本地提权"
+ ]
+ },
+ {
+ "method": "EmergencyVulnService.CancelIgnoreEventTask",
+ "service": "EmergencyVulnService",
+ "operation": "CancelIgnoreEventTask",
+ "kind": "mutation",
+ "description": "取消忽略漏洞事件",
+ "tags": [
+ "漏洞应急"
+ ]
+ },
+ {
+ "method": "EmergencyVulnService.CreateEventTask",
+ "service": "EmergencyVulnService",
+ "operation": "CreateEventTask",
+ "kind": "mutation",
+ "description": "漏洞应急事件复测",
+ "tags": [
+ "漏洞应急"
+ ]
+ },
+ {
+ "method": "EmergencyVulnService.CreateVulnTask",
+ "service": "EmergencyVulnService",
+ "operation": "CreateVulnTask",
+ "kind": "mutation",
+ "description": "创建漏洞应急扫描任务",
+ "tags": [
+ "漏洞应急"
+ ]
+ },
+ {
+ "method": "EmergencyVulnService.GetVulnInfo",
+ "service": "EmergencyVulnService",
+ "operation": "GetVulnInfo",
+ "kind": "readonly",
+ "description": "漏洞详细信息",
+ "tags": [
+ "漏洞应急"
+ ]
+ },
+ {
+ "method": "EmergencyVulnService.IgnoreEventTask",
+ "service": "EmergencyVulnService",
+ "operation": "IgnoreEventTask",
+ "kind": "mutation",
+ "description": "忽略漏洞事件",
+ "tags": [
+ "漏洞应急"
+ ]
+ },
+ {
+ "method": "EmergencyVulnService.ListVuln",
+ "service": "EmergencyVulnService",
+ "operation": "ListVuln",
+ "kind": "readonly",
+ "description": "漏洞应急列表页",
+ "tags": [
+ "漏洞应急"
+ ]
+ },
+ {
+ "method": "EmergencyVulnService.ListVulnEvent",
+ "service": "EmergencyVulnService",
+ "operation": "ListVulnEvent",
+ "kind": "readonly",
+ "description": "漏洞应急事件列表页",
+ "tags": [
+ "漏洞应急"
+ ]
+ },
+ {
+ "method": "EndpointService.ApplyConfig",
+ "service": "EndpointService",
+ "operation": "ApplyConfig",
+ "kind": "mutation",
+ "description": "应用配置变更响应",
+ "tags": [
+ "其他系统设置"
+ ]
+ },
+ {
+ "method": "EndpointService.EditAgentConfig",
+ "service": "EndpointService",
+ "operation": "EditAgentConfig",
+ "kind": "mutation",
+ "description": "修改探针连接配置",
+ "tags": [
+ "Endpoint"
+ ]
+ },
+ {
+ "method": "EndpointService.EditAgentPort",
+ "service": "EndpointService",
+ "operation": "EditAgentPort",
+ "kind": "mutation",
+ "description": "修改探针端口配置参数",
+ "tags": [
+ "其他系统设置"
+ ]
+ },
+ {
+ "method": "EndpointService.EditServerAddress",
+ "service": "EndpointService",
+ "operation": "EditServerAddress",
+ "kind": "mutation",
+ "description": "修改服务端地址(当前仅用于判断连接方式)",
+ "tags": [
+ "其他系统设置"
+ ]
+ },
+ {
+ "method": "EndpointService.EditWebPort",
+ "service": "EndpointService",
+ "operation": "EditWebPort",
+ "kind": "mutation",
+ "description": "修改服务端端口配置参数",
+ "tags": [
+ "其他系统设置"
+ ]
+ },
+ {
+ "method": "EndpointService.GetServerAddress",
+ "service": "EndpointService",
+ "operation": "GetServerAddress",
+ "kind": "readonly",
+ "description": "获取服务端地址(当前仅用于判断连接方式)",
+ "tags": [
+ "其他系统设置"
+ ]
+ },
+ {
+ "method": "EndpointService.GetWebConfig",
+ "service": "EndpointService",
+ "operation": "GetWebConfig",
+ "kind": "readonly",
+ "description": "获取web管理配置参数",
+ "tags": [
+ "其他系统设置"
+ ]
+ },
+ {
+ "method": "EndpointService.ListServerCert",
+ "service": "EndpointService",
+ "operation": "ListServerCert",
+ "kind": "readonly",
+ "description": "获取证书列表参数",
+ "tags": [
+ "其他系统设置"
+ ]
+ },
+ {
+ "method": "EndpointService.SwitchServerCert",
+ "service": "EndpointService",
+ "operation": "SwitchServerCert",
+ "kind": "mutation",
+ "description": "切换服务端证书参数",
+ "tags": [
+ "其他系统设置"
+ ]
+ },
+ {
+ "method": "FileDisposalService.Isolation",
+ "service": "FileDisposalService",
+ "operation": "Isolation",
+ "kind": "mutation",
+ "description": "文件隔离或者文件信任",
+ "tags": [
+ "FileIsolation"
+ ]
+ },
+ {
+ "method": "FileDisposalService.ListEvent",
+ "service": "FileDisposalService",
+ "operation": "ListEvent",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "FileIsolation"
+ ]
+ },
+ {
+ "method": "FirewallService.CreateRule",
+ "service": "FirewallService",
+ "operation": "CreateRule",
+ "kind": "mutation",
+ "description": "添加规则",
+ "tags": [
+ "防火墙"
+ ]
+ },
+ {
+ "method": "FirewallService.DeleteEvent",
+ "service": "FirewallService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除事件",
+ "tags": [
+ "防火墙"
+ ]
+ },
+ {
+ "method": "FirewallService.DeleteRule",
+ "service": "FirewallService",
+ "operation": "DeleteRule",
+ "kind": "mutation",
+ "description": "删除规则",
+ "tags": [
+ "防火墙"
+ ]
+ },
+ {
+ "method": "FirewallService.GetEventList",
+ "service": "FirewallService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "防火墙"
+ ]
+ },
+ {
+ "method": "FirewallService.GetFirewallGlobalConfig",
+ "service": "FirewallService",
+ "operation": "GetFirewallGlobalConfig",
+ "kind": "readonly",
+ "description": "获取防火墙全局配置",
+ "tags": [
+ "防火墙"
+ ]
+ },
+ {
+ "method": "FirewallService.GetRule",
+ "service": "FirewallService",
+ "operation": "GetRule",
+ "kind": "readonly",
+ "description": "获取规则列表",
+ "tags": [
+ "防火墙"
+ ]
+ },
+ {
+ "method": "FirewallService.SetFirewallGlobalConfig",
+ "service": "FirewallService",
+ "operation": "SetFirewallGlobalConfig",
+ "kind": "mutation",
+ "description": "设置防火墙全局配置",
+ "tags": [
+ "防火墙"
+ ]
+ },
+ {
+ "method": "FirewallService.UpdateRule",
+ "service": "FirewallService",
+ "operation": "UpdateRule",
+ "kind": "mutation",
+ "description": "修改规则",
+ "tags": [
+ "防火墙"
+ ]
+ },
+ {
+ "method": "FullCommandService.Delete",
+ "service": "FullCommandService",
+ "operation": "Delete",
+ "kind": "mutation",
+ "description": "删除命令",
+ "tags": [
+ "全量命令"
+ ]
+ },
+ {
+ "method": "FullCommandService.EditEventComment",
+ "service": "FullCommandService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "全量命令"
+ ]
+ },
+ {
+ "method": "FullCommandService.Get",
+ "service": "FullCommandService",
+ "operation": "Get",
+ "kind": "readonly",
+ "description": "获取命令详情",
+ "tags": [
+ "全量命令"
+ ]
+ },
+ {
+ "method": "FullCommandService.GetList",
+ "service": "FullCommandService",
+ "operation": "GetList",
+ "kind": "readonly",
+ "description": "获取命令列表",
+ "tags": [
+ "全量命令"
+ ]
+ },
+ {
+ "method": "FullCommandService.GetListByHost",
+ "service": "FullCommandService",
+ "operation": "GetListByHost",
+ "kind": "readonly",
+ "description": "获取按主机聚合的事件列表",
+ "tags": [
+ "全量命令"
+ ]
+ },
+ {
+ "method": "FullCommandService.GetListByNetApp",
+ "service": "FullCommandService",
+ "operation": "GetListByNetApp",
+ "kind": "readonly",
+ "description": "获取按网络应用聚合的事件列表",
+ "tags": [
+ "全量命令"
+ ]
+ },
+ {
+ "method": "FullCommandService.GetListBySSHClientIP",
+ "service": "FullCommandService",
+ "operation": "GetListBySSHClientIP",
+ "kind": "readonly",
+ "description": "获取按SSH登录聚合的事件列表",
+ "tags": [
+ "全量命令"
+ ]
+ },
+ {
+ "method": "HoneypotService.CreateWhitelist",
+ "service": "HoneypotService",
+ "operation": "CreateWhitelist",
+ "kind": "mutation",
+ "description": "生成白名单规则",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.DeleteEvent",
+ "service": "HoneypotService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除所选 ID 的事件",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.DeleteEventByHoneypot",
+ "service": "HoneypotService",
+ "operation": "DeleteEventByHoneypot",
+ "kind": "mutation",
+ "description": "删除所选蜜罐名的事件",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.DeleteEventByHost",
+ "service": "HoneypotService",
+ "operation": "DeleteEventByHost",
+ "kind": "mutation",
+ "description": "删除所选主机 ID 的事件",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.DeleteEventBySrcIP",
+ "service": "HoneypotService",
+ "operation": "DeleteEventBySrcIP",
+ "kind": "mutation",
+ "description": "删除所选源 IP 的事件",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.EditEventComment",
+ "service": "HoneypotService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.EditState",
+ "service": "HoneypotService",
+ "operation": "EditState",
+ "kind": "mutation",
+ "description": "改变所选 ID 事件的处置状态",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.EditStateByHoneypot",
+ "service": "HoneypotService",
+ "operation": "EditStateByHoneypot",
+ "kind": "mutation",
+ "description": "改变所选蜜罐名事件的处置状态",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.EditStateByHost",
+ "service": "HoneypotService",
+ "operation": "EditStateByHost",
+ "kind": "mutation",
+ "description": "改变所选主机 ID 事件的处置状态",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.EditStateBySrcIP",
+ "service": "HoneypotService",
+ "operation": "EditStateBySrcIP",
+ "kind": "mutation",
+ "description": "改变所选源 IP 事件的处置状态",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.GetEvent",
+ "service": "HoneypotService",
+ "operation": "GetEvent",
+ "kind": "readonly",
+ "description": "获取事件详情",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.GetWhitelist",
+ "service": "HoneypotService",
+ "operation": "GetWhitelist",
+ "kind": "readonly",
+ "description": "获取白名单规则",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.List",
+ "service": "HoneypotService",
+ "operation": "List",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.ListByHoneypot",
+ "service": "HoneypotService",
+ "operation": "ListByHoneypot",
+ "kind": "readonly",
+ "description": "获取按蜜罐名聚合的事件列表",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.ListByHost",
+ "service": "HoneypotService",
+ "operation": "ListByHost",
+ "kind": "readonly",
+ "description": "获取按主机聚合的事件列表",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.ListBySrcIP",
+ "service": "HoneypotService",
+ "operation": "ListBySrcIP",
+ "kind": "readonly",
+ "description": "获取按源 IP 聚合的事件列表",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.MarkAsRead",
+ "service": "HoneypotService",
+ "operation": "MarkAsRead",
+ "kind": "mutation",
+ "description": "标记事件为已读",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HoneypotService.StatEvent",
+ "service": "HoneypotService",
+ "operation": "StatEvent",
+ "kind": "readonly",
+ "description": "获取按多种视角聚合的事件统计信息",
+ "tags": [
+ "蜜罐诱捕"
+ ]
+ },
+ {
+ "method": "HostAssetService.AddAttributes",
+ "service": "HostAssetService",
+ "operation": "AddAttributes",
+ "kind": "mutation",
+ "description": "增加主机属性字段",
+ "tags": [
+ "主机属性"
+ ]
+ },
+ {
+ "method": "HostAssetService.BatchEditHostAttribute",
+ "service": "HostAssetService",
+ "operation": "BatchEditHostAttribute",
+ "kind": "mutation",
+ "description": "批量编辑主机属性信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.CountHost",
+ "service": "HostAssetService",
+ "operation": "CountHost",
+ "kind": "readonly",
+ "description": "获取主机资产数量",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.DeleteAttributes",
+ "service": "HostAssetService",
+ "operation": "DeleteAttributes",
+ "kind": "mutation",
+ "description": "删除主机属性字段",
+ "tags": [
+ "主机属性"
+ ]
+ },
+ {
+ "method": "HostAssetService.DeleteHost",
+ "service": "HostAssetService",
+ "operation": "DeleteHost",
+ "kind": "mutation",
+ "description": "卸载探针",
+ "tags": [
+ "探针管理"
+ ]
+ },
+ {
+ "method": "HostAssetService.DisableHost",
+ "service": "HostAssetService",
+ "operation": "DisableHost",
+ "kind": "mutation",
+ "description": "停用探针",
+ "tags": [
+ "探针管理"
+ ]
+ },
+ {
+ "method": "HostAssetService.EditAgentComment",
+ "service": "HostAssetService",
+ "operation": "EditAgentComment",
+ "kind": "mutation",
+ "description": "修改主机备注",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.EditAgentOrg",
+ "service": "HostAssetService",
+ "operation": "EditAgentOrg",
+ "kind": "mutation",
+ "description": "修改主机机构",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.EditAttributes",
+ "service": "HostAssetService",
+ "operation": "EditAttributes",
+ "kind": "mutation",
+ "description": "编辑主机属性字段",
+ "tags": [
+ "主机属性"
+ ]
+ },
+ {
+ "method": "HostAssetService.EditHostAttribute",
+ "service": "HostAssetService",
+ "operation": "EditHostAttribute",
+ "kind": "mutation",
+ "description": "编辑主机属性信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GenerateInstallCommand",
+ "service": "HostAssetService",
+ "operation": "GenerateInstallCommand",
+ "kind": "mutation",
+ "description": "生成探针安装命令",
+ "tags": [
+ "探针管理"
+ ]
+ },
+ {
+ "method": "HostAssetService.GenerateInstallInstaller",
+ "service": "HostAssetService",
+ "operation": "GenerateInstallInstaller",
+ "kind": "mutation",
+ "description": "生成探针安装包",
+ "tags": [
+ "探针管理"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetAgentCloneConfig",
+ "service": "HostAssetService",
+ "operation": "GetAgentCloneConfig",
+ "kind": "readonly",
+ "description": "获取探针克隆配置",
+ "tags": [
+ "探针管理"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetAgentConfig",
+ "service": "HostAssetService",
+ "operation": "GetAgentConfig",
+ "kind": "readonly",
+ "description": "获取探针配置",
+ "tags": [
+ "探针模块"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetAgentInfo",
+ "service": "HostAssetService",
+ "operation": "GetAgentInfo",
+ "kind": "readonly",
+ "description": "获取探针信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetAllHostTag",
+ "service": "HostAssetService",
+ "operation": "GetAllHostTag",
+ "kind": "readonly",
+ "description": "获取所有已有标签",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetAntiUninstallConfig",
+ "service": "HostAssetService",
+ "operation": "GetAntiUninstallConfig",
+ "kind": "readonly",
+ "description": "获取探针防卸载配置",
+ "tags": [
+ "探针管理"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetAssetOverView",
+ "service": "HostAssetService",
+ "operation": "GetAssetOverView",
+ "kind": "readonly",
+ "description": "获取主机上的资产的统计信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetAttributes",
+ "service": "HostAssetService",
+ "operation": "GetAttributes",
+ "kind": "readonly",
+ "description": "获取主机属性字段",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetEventList",
+ "service": "HostAssetService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "获取入侵检测事件信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetEventOverView",
+ "service": "HostAssetService",
+ "operation": "GetEventOverView",
+ "kind": "readonly",
+ "description": "获取主机上的资产的统计信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetFileState",
+ "service": "HostAssetService",
+ "operation": "GetFileState",
+ "kind": "readonly",
+ "description": "获取文件状态",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetHostAssetList",
+ "service": "HostAssetService",
+ "operation": "GetHostAssetList",
+ "kind": "readonly",
+ "description": "获取主机资产列表信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetHostAttribute",
+ "service": "HostAssetService",
+ "operation": "GetHostAttribute",
+ "kind": "readonly",
+ "description": "获取主机属性信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetHostBusinessInfo",
+ "service": "HostAssetService",
+ "operation": "GetHostBusinessInfo",
+ "kind": "readonly",
+ "description": "获取业务组信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetHostEnviron",
+ "service": "HostAssetService",
+ "operation": "GetHostEnviron",
+ "kind": "readonly",
+ "description": "获取主机资产环境变量",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetHostInfoDetail",
+ "service": "HostAssetService",
+ "operation": "GetHostInfoDetail",
+ "kind": "readonly",
+ "description": "获取主机资产的详情信息, 包含软件信息,硬件信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetHostLog",
+ "service": "HostAssetService",
+ "operation": "GetHostLog",
+ "kind": "readonly",
+ "description": "获取探针端获取日志,默认忽略离线探针,默认超时时间为1min.",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetHostPhysicalInfo",
+ "service": "HostAssetService",
+ "operation": "GetHostPhysicalInfo",
+ "kind": "readonly",
+ "description": "获取主机资产物理信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetHostPprof",
+ "service": "HostAssetService",
+ "operation": "GetHostPprof",
+ "kind": "readonly",
+ "description": "探针端获取日志,默认忽略离线探针,默认超时时间为 1 min.",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetHostView",
+ "service": "HostAssetService",
+ "operation": "GetHostView",
+ "kind": "readonly",
+ "description": "获取主机信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetRiskOverView",
+ "service": "HostAssetService",
+ "operation": "GetRiskOverView",
+ "kind": "readonly",
+ "description": "获取主机上的资产的统计信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetScore",
+ "service": "HostAssetService",
+ "operation": "GetScore",
+ "kind": "readonly",
+ "description": "获取主机分数",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.GetUninstallCommand",
+ "service": "HostAssetService",
+ "operation": "GetUninstallCommand",
+ "kind": "readonly",
+ "description": "获取离线卸载 token",
+ "tags": [
+ "探针管理"
+ ]
+ },
+ {
+ "method": "HostAssetService.MultiEditTags",
+ "service": "HostAssetService",
+ "operation": "MultiEditTags",
+ "kind": "mutation",
+ "description": "更新主机的标签",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.RemoteInstallCancel",
+ "service": "HostAssetService",
+ "operation": "RemoteInstallCancel",
+ "kind": "mutation",
+ "description": "取消远程安装操作",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.RemoteInstallCurrent",
+ "service": "HostAssetService",
+ "operation": "RemoteInstallCurrent",
+ "kind": "mutation",
+ "description": "获取当前任务信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.RemoteInstallStart",
+ "service": "HostAssetService",
+ "operation": "RemoteInstallStart",
+ "kind": "mutation",
+ "description": "开始远程安装任务",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.RemoteInstallStatus",
+ "service": "HostAssetService",
+ "operation": "RemoteInstallStatus",
+ "kind": "mutation",
+ "description": "获取远程安装的状态信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.RepairHost",
+ "service": "HostAssetService",
+ "operation": "RepairHost",
+ "kind": "mutation",
+ "description": "修复探针",
+ "tags": [
+ "探针管理"
+ ]
+ },
+ {
+ "method": "HostAssetService.RestartHost",
+ "service": "HostAssetService",
+ "operation": "RestartHost",
+ "kind": "mutation",
+ "description": "重启探针",
+ "tags": [
+ "探针管理"
+ ]
+ },
+ {
+ "method": "HostAssetService.SetAgentCloneConfig",
+ "service": "HostAssetService",
+ "operation": "SetAgentCloneConfig",
+ "kind": "mutation",
+ "description": "设置探针克隆配置",
+ "tags": [
+ "探针管理"
+ ]
+ },
+ {
+ "method": "HostAssetService.SetAntiUninstallConfig",
+ "service": "HostAssetService",
+ "operation": "SetAntiUninstallConfig",
+ "kind": "mutation",
+ "description": "设置探针防卸载开关",
+ "tags": [
+ "探针管理"
+ ]
+ },
+ {
+ "method": "HostAssetService.SetGroup",
+ "service": "HostAssetService",
+ "operation": "SetGroup",
+ "kind": "mutation",
+ "description": "修改主机业务组",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.StatAgentState",
+ "service": "HostAssetService",
+ "operation": "StatAgentState",
+ "kind": "readonly",
+ "description": "获取按 探针状态 聚合的主机分布",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.StatAgentVersion",
+ "service": "HostAssetService",
+ "operation": "StatAgentVersion",
+ "kind": "readonly",
+ "description": "获取按 探针版本 聚合的主机分布",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.StatCpuCore",
+ "service": "HostAssetService",
+ "operation": "StatCpuCore",
+ "kind": "readonly",
+ "description": "获取按 cpu核数 聚合的主机分布",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.StatCpuUsage",
+ "service": "HostAssetService",
+ "operation": "StatCpuUsage",
+ "kind": "readonly",
+ "description": "获取按 CPU 用量 聚合的主机分布",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.StatHostCountByTime",
+ "service": "HostAssetService",
+ "operation": "StatHostCountByTime",
+ "kind": "readonly",
+ "description": "获取按 探针安装时间 聚合的主机分布",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.StatMemSize",
+ "service": "HostAssetService",
+ "operation": "StatMemSize",
+ "kind": "readonly",
+ "description": "获取按 内存大小 聚合的主机分布",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.StatMemUsage",
+ "service": "HostAssetService",
+ "operation": "StatMemUsage",
+ "kind": "readonly",
+ "description": "获取按 内存使用量 聚合的主机分布",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.StatOsReleaseName",
+ "service": "HostAssetService",
+ "operation": "StatOsReleaseName",
+ "kind": "readonly",
+ "description": "获取按 操作系统发行版本名称 聚合的主机分布",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.StatTag",
+ "service": "HostAssetService",
+ "operation": "StatTag",
+ "kind": "readonly",
+ "description": "获取按 主机特征(用户自定的) 聚合的主机分布",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.UpdateHostInfoDetail",
+ "service": "HostAssetService",
+ "operation": "UpdateHostInfoDetail",
+ "kind": "mutation",
+ "description": "立即更新主机详情信息。包含软件信息,硬件信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostAssetService.UpgradeHost",
+ "service": "HostAssetService",
+ "operation": "UpgradeHost",
+ "kind": "mutation",
+ "description": "升级探针",
+ "tags": [
+ "探针管理"
+ ]
+ },
+ {
+ "method": "HostDiscoveryService.DeleteHost",
+ "service": "HostDiscoveryService",
+ "operation": "DeleteHost",
+ "kind": "mutation",
+ "description": "删除未知主机资产",
+ "tags": [
+ "未知资产发现"
+ ]
+ },
+ {
+ "method": "HostDiscoveryService.ListHost",
+ "service": "HostDiscoveryService",
+ "operation": "ListHost",
+ "kind": "readonly",
+ "description": "获取未知主机资产信息",
+ "tags": [
+ "未知资产发现"
+ ]
+ },
+ {
+ "method": "HostNicAssetService.GetHostNic",
+ "service": "HostNicAssetService",
+ "operation": "GetHostNic",
+ "kind": "readonly",
+ "description": "获取主机网卡信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "HostPartitionAssetService.GetHostPartition",
+ "service": "HostPartitionAssetService",
+ "operation": "GetHostPartition",
+ "kind": "readonly",
+ "description": "获取主机分区信息",
+ "tags": [
+ "分区资产"
+ ]
+ },
+ {
+ "method": "HostPartitionAssetService.GetNetworkStorageFileSystem",
+ "service": "HostPartitionAssetService",
+ "operation": "GetNetworkStorageFileSystem",
+ "kind": "readonly",
+ "description": "获取所有主机网络存储文件系统",
+ "tags": [
+ "分区资产"
+ ]
+ },
+ {
+ "method": "HostPartitionAssetService.GetNetworkStoragePartition",
+ "service": "HostPartitionAssetService",
+ "operation": "GetNetworkStoragePartition",
+ "kind": "readonly",
+ "description": "获取主机网络存储分区信息",
+ "tags": [
+ "分区资产"
+ ]
+ },
+ {
+ "method": "HostPartitionAssetService.GetNetworkStoragePartitionByFileSystem",
+ "service": "HostPartitionAssetService",
+ "operation": "GetNetworkStoragePartitionByFileSystem",
+ "kind": "readonly",
+ "description": "获取主机网络存储分区信息,通过文件系统聚合",
+ "tags": [
+ "分区资产"
+ ]
+ },
+ {
+ "method": "HostPartitionAssetService.GetNetworkStoragePartitionByHost",
+ "service": "HostPartitionAssetService",
+ "operation": "GetNetworkStoragePartitionByHost",
+ "kind": "readonly",
+ "description": "获取主机网络存储分区信息,通过主机聚合",
+ "tags": [
+ "分区资产"
+ ]
+ },
+ {
+ "method": "HostPartitionAssetService.GetNetworkStoragePartitionByMountPoint",
+ "service": "HostPartitionAssetService",
+ "operation": "GetNetworkStoragePartitionByMountPoint",
+ "kind": "readonly",
+ "description": "获取主机网络存储分区信息,通过挂载点聚合",
+ "tags": [
+ "分区资产"
+ ]
+ },
+ {
+ "method": "HostPartitionAssetService.SetNetworkStorageScanEnablement",
+ "service": "HostPartitionAssetService",
+ "operation": "SetNetworkStorageScanEnablement",
+ "kind": "mutation",
+ "description": "设置主机网络存储分区资产扫描启用状态",
+ "tags": [
+ "分区资产"
+ ]
+ },
+ {
+ "method": "HostRouteAssetService.GetHostRoute",
+ "service": "HostRouteAssetService",
+ "operation": "GetHostRoute",
+ "kind": "readonly",
+ "description": "获取主机路由资产信息",
+ "tags": [
+ "主机资产"
+ ]
+ },
+ {
+ "method": "LighterManagerService.Apply",
+ "service": "LighterManagerService",
+ "operation": "Apply",
+ "kind": "mutation",
+ "description": "应用lighter升级包",
+ "tags": [
+ "lighter模块"
+ ]
+ },
+ {
+ "method": "LighterManagerService.GetLatestVersion",
+ "service": "LighterManagerService",
+ "operation": "GetLatestVersion",
+ "kind": "readonly",
+ "description": "获取最新的 lighter 版本",
+ "tags": [
+ "lighter模块"
+ ]
+ },
+ {
+ "method": "LighterManagerService.Upgrade",
+ "service": "LighterManagerService",
+ "operation": "Upgrade",
+ "kind": "mutation",
+ "description": "更新 lighter",
+ "tags": [
+ "lighter 管理"
+ ]
+ },
+ {
+ "method": "LogCollectService.CreateLogCollect",
+ "service": "LogCollectService",
+ "operation": "CreateLogCollect",
+ "kind": "mutation",
+ "description": "创建日志采集",
+ "tags": [
+ "日志采集"
+ ]
+ },
+ {
+ "method": "LogCollectService.DeleteLogCollect",
+ "service": "LogCollectService",
+ "operation": "DeleteLogCollect",
+ "kind": "mutation",
+ "description": "删除日志采集规则",
+ "tags": [
+ "日志采集"
+ ]
+ },
+ {
+ "method": "LogCollectService.EnablementLogCollect",
+ "service": "LogCollectService",
+ "operation": "EnablementLogCollect",
+ "kind": "mutation",
+ "description": "启禁用日志采集规则",
+ "tags": [
+ "日志采集"
+ ]
+ },
+ {
+ "method": "LogCollectService.GetLogCollectInfo",
+ "service": "LogCollectService",
+ "operation": "GetLogCollectInfo",
+ "kind": "readonly",
+ "description": "获取日志采集信息",
+ "tags": [
+ "日志采集"
+ ]
+ },
+ {
+ "method": "LogCollectService.ListLogCollect",
+ "service": "LogCollectService",
+ "operation": "ListLogCollect",
+ "kind": "readonly",
+ "description": "获取日志采集列表",
+ "tags": [
+ "日志采集"
+ ]
+ },
+ {
+ "method": "LogCollectService.UpdateLogCollect",
+ "service": "LogCollectService",
+ "operation": "UpdateLogCollect",
+ "kind": "mutation",
+ "description": "更新日志采集",
+ "tags": [
+ "日志采集"
+ ]
+ },
+ {
+ "method": "MalwareEventService.CreateWhitelist",
+ "service": "MalwareEventService",
+ "operation": "CreateWhitelist",
+ "kind": "mutation",
+ "description": "生成白名单规则",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.DeleteEvent",
+ "service": "MalwareEventService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除所选的事件",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.DeleteLibrary",
+ "service": "MalwareEventService",
+ "operation": "DeleteLibrary",
+ "kind": "mutation",
+ "description": "删除规则匹配引擎库",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.EditEventComment",
+ "service": "MalwareEventService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.EditEventState",
+ "service": "MalwareEventService",
+ "operation": "EditEventState",
+ "kind": "mutation",
+ "description": "改变所选事件的处置状态",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.GetCredibleEngineVersion",
+ "service": "MalwareEventService",
+ "operation": "GetCredibleEngineVersion",
+ "kind": "readonly",
+ "description": "获取可信引擎库版本",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.GetEvent",
+ "service": "MalwareEventService",
+ "operation": "GetEvent",
+ "kind": "readonly",
+ "description": "获取事件详情",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.GetEventList",
+ "service": "MalwareEventService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.GetLibraryList",
+ "service": "MalwareEventService",
+ "operation": "GetLibraryList",
+ "kind": "readonly",
+ "description": "获取规则匹配引擎库列表",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.GetMalwareEngineVersion",
+ "service": "MalwareEventService",
+ "operation": "GetMalwareEngineVersion",
+ "kind": "readonly",
+ "description": "获取恶意文件检测引擎版本",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.GetWhitelist",
+ "service": "MalwareEventService",
+ "operation": "GetWhitelist",
+ "kind": "readonly",
+ "description": "获取白名单规则",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.IsolateTask",
+ "service": "MalwareEventService",
+ "operation": "IsolateTask",
+ "kind": "readonly",
+ "description": "恶意文件\"隔离\"操作任务",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.MarkAsRead",
+ "service": "MalwareEventService",
+ "operation": "MarkAsRead",
+ "kind": "mutation",
+ "description": "标记事件为已读",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.ProcessKill",
+ "service": "MalwareEventService",
+ "operation": "ProcessKill",
+ "kind": "mutation",
+ "description": "进程阻断",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.RetestEvent",
+ "service": "MalwareEventService",
+ "operation": "RetestEvent",
+ "kind": "mutation",
+ "description": "恶意文件快速复测",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.StatEventByFileType",
+ "service": "MalwareEventService",
+ "operation": "StatEventByFileType",
+ "kind": "readonly",
+ "description": "获取按文件类型聚合的统计结果",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.StatEventByState",
+ "service": "MalwareEventService",
+ "operation": "StatEventByState",
+ "kind": "readonly",
+ "description": "获取按状态聚合的统计结果",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MalwareEventService.TrustTask",
+ "service": "MalwareEventService",
+ "operation": "TrustTask",
+ "kind": "mutation",
+ "description": "恶意文件 信任 操作任务",
+ "tags": [
+ "恶意文件"
+ ]
+ },
+ {
+ "method": "MessageQueueService.GetNsqSummary",
+ "service": "MessageQueueService",
+ "operation": "GetNsqSummary",
+ "kind": "readonly",
+ "description": "获取nsq消息",
+ "tags": [
+ "Nsq"
+ ]
+ },
+ {
+ "method": "MimicryService.DeleteEvent",
+ "service": "MimicryService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除事件",
+ "tags": [
+ "MimicryService"
+ ]
+ },
+ {
+ "method": "MimicryService.ListEvent",
+ "service": "MimicryService",
+ "operation": "ListEvent",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "MimicryService"
+ ]
+ },
+ {
+ "method": "MimicryService.StopMimicry",
+ "service": "MimicryService",
+ "operation": "StopMimicry",
+ "kind": "mutation",
+ "description": "停止拟态防护",
+ "tags": [
+ "MimicryService"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.CreateWhitelist",
+ "service": "NetworkAuditEventService",
+ "operation": "CreateWhitelist",
+ "kind": "mutation",
+ "description": "生成白名单规则",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.DeleteEvent",
+ "service": "NetworkAuditEventService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除所选的事件",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.EditEventComment",
+ "service": "NetworkAuditEventService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.EditEventState",
+ "service": "NetworkAuditEventService",
+ "operation": "EditEventState",
+ "kind": "mutation",
+ "description": "改变所选事件的处置状态",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.GetEvent",
+ "service": "NetworkAuditEventService",
+ "operation": "GetEvent",
+ "kind": "readonly",
+ "description": "获取事件详情",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.GetEventList",
+ "service": "NetworkAuditEventService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.GetEventListByHost",
+ "service": "NetworkAuditEventService",
+ "operation": "GetEventListByHost",
+ "kind": "readonly",
+ "description": "获取按主机聚合的事件列表",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.GetEventListByProcessName",
+ "service": "NetworkAuditEventService",
+ "operation": "GetEventListByProcessName",
+ "kind": "readonly",
+ "description": "获取按进程名聚合的事件列表",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.GetEventListByTarget",
+ "service": "NetworkAuditEventService",
+ "operation": "GetEventListByTarget",
+ "kind": "readonly",
+ "description": "获取按目标网络地址统计的事件列表",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.GetWhitelist",
+ "service": "NetworkAuditEventService",
+ "operation": "GetWhitelist",
+ "kind": "readonly",
+ "description": "获取白名单规则",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.MarkAsRead",
+ "service": "NetworkAuditEventService",
+ "operation": "MarkAsRead",
+ "kind": "mutation",
+ "description": "标记事件为已读",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.ProcessKill",
+ "service": "NetworkAuditEventService",
+ "operation": "ProcessKill",
+ "kind": "mutation",
+ "description": "进程阻断",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.StatEventByHost",
+ "service": "NetworkAuditEventService",
+ "operation": "StatEventByHost",
+ "kind": "readonly",
+ "description": "获取按主机聚合的事件列表",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.StatEventByLevelState",
+ "service": "NetworkAuditEventService",
+ "operation": "StatEventByLevelState",
+ "kind": "readonly",
+ "description": "获取按风险等级与处置状态聚合的事件列表",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.StatEventByProcessName",
+ "service": "NetworkAuditEventService",
+ "operation": "StatEventByProcessName",
+ "kind": "readonly",
+ "description": "获取按进程名聚合的事件列表",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.StatEventByTarget",
+ "service": "NetworkAuditEventService",
+ "operation": "StatEventByTarget",
+ "kind": "readonly",
+ "description": "获取按目标地址聚合的事件列表",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.StatEventByTimeState",
+ "service": "NetworkAuditEventService",
+ "operation": "StatEventByTimeState",
+ "kind": "readonly",
+ "description": "获取按事件发生时间聚合的事件列表",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkAuditEventService.StatEventByType",
+ "service": "NetworkAuditEventService",
+ "operation": "StatEventByType",
+ "kind": "readonly",
+ "description": "获取按网络外连类型聚合的事件列表",
+ "tags": [
+ "网络审计"
+ ]
+ },
+ {
+ "method": "NetworkRejectService.DeleteEvent",
+ "service": "NetworkRejectService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除事件",
+ "tags": [
+ "NetworkReject"
+ ]
+ },
+ {
+ "method": "NetworkRejectService.ListEvent",
+ "service": "NetworkRejectService",
+ "operation": "ListEvent",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "NetworkReject"
+ ]
+ },
+ {
+ "method": "NetworkRejectService.ReleaseReject",
+ "service": "NetworkRejectService",
+ "operation": "ReleaseReject",
+ "kind": "mutation",
+ "description": "解除阻断",
+ "tags": [
+ "NetworkReject"
+ ]
+ },
+ {
+ "method": "NonWhiteProcessService.CreateRule",
+ "service": "NonWhiteProcessService",
+ "operation": "CreateRule",
+ "kind": "mutation",
+ "description": "创建命令白名单规则",
+ "tags": [
+ "命令白名单"
+ ]
+ },
+ {
+ "method": "NonWhiteProcessService.DeleteEvent",
+ "service": "NonWhiteProcessService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除事件",
+ "tags": [
+ "命令白名单"
+ ]
+ },
+ {
+ "method": "NonWhiteProcessService.DeleteRule",
+ "service": "NonWhiteProcessService",
+ "operation": "DeleteRule",
+ "kind": "mutation",
+ "description": "删除命令白名单规则",
+ "tags": [
+ "命令白名单"
+ ]
+ },
+ {
+ "method": "NonWhiteProcessService.EditEventComment",
+ "service": "NonWhiteProcessService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "更新事件备注",
+ "tags": [
+ "命令白名单"
+ ]
+ },
+ {
+ "method": "NonWhiteProcessService.EditEventState",
+ "service": "NonWhiteProcessService",
+ "operation": "EditEventState",
+ "kind": "mutation",
+ "description": "编辑事件状态",
+ "tags": [
+ "命令白名单"
+ ]
+ },
+ {
+ "method": "NonWhiteProcessService.GetEventDetail",
+ "service": "NonWhiteProcessService",
+ "operation": "GetEventDetail",
+ "kind": "readonly",
+ "description": "获取事件详情",
+ "tags": [
+ "命令白名单"
+ ]
+ },
+ {
+ "method": "NonWhiteProcessService.GetEventList",
+ "service": "NonWhiteProcessService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "命令白名单"
+ ]
+ },
+ {
+ "method": "NonWhiteProcessService.GetEventListByCmdline",
+ "service": "NonWhiteProcessService",
+ "operation": "GetEventListByCmdline",
+ "kind": "readonly",
+ "description": "根据进程cmdline聚合事件列表",
+ "tags": [
+ "命令白名单"
+ ]
+ },
+ {
+ "method": "NonWhiteProcessService.GetEventListByHost",
+ "service": "NonWhiteProcessService",
+ "operation": "GetEventListByHost",
+ "kind": "readonly",
+ "description": "获取按主机聚合的事件列表",
+ "tags": [
+ "命令白名单"
+ ]
+ },
+ {
+ "method": "NonWhiteProcessService.GetEventListByName",
+ "service": "NonWhiteProcessService",
+ "operation": "GetEventListByName",
+ "kind": "readonly",
+ "description": "根据进程名称聚合事件列",
+ "tags": [
+ "命令白名单"
+ ]
+ },
+ {
+ "method": "NonWhiteProcessService.ListRule",
+ "service": "NonWhiteProcessService",
+ "operation": "ListRule",
+ "kind": "readonly",
+ "description": "获取命令白名单规则",
+ "tags": [
+ "命令白名单"
+ ]
+ },
+ {
+ "method": "NonWhiteProcessService.MarkAsRead",
+ "service": "NonWhiteProcessService",
+ "operation": "MarkAsRead",
+ "kind": "mutation",
+ "description": "标记事件为已读",
+ "tags": [
+ "命令白名单"
+ ]
+ },
+ {
+ "method": "NonWhiteProcessService.UpdateRule",
+ "service": "NonWhiteProcessService",
+ "operation": "UpdateRule",
+ "kind": "mutation",
+ "description": "更新命令白名单规则",
+ "tags": [
+ "命令白名单"
+ ]
+ },
+ {
+ "method": "NonWhiteProcessService.WhiteEvent",
+ "service": "NonWhiteProcessService",
+ "operation": "WhiteEvent",
+ "kind": "mutation",
+ "description": "加白事件",
+ "tags": [
+ "命令白名单"
+ ]
+ },
+ {
+ "method": "OrganizationService.CreateOrg",
+ "service": "OrganizationService",
+ "operation": "CreateOrg",
+ "kind": "mutation",
+ "description": "创建机构",
+ "tags": [
+ "后台:机构管理"
+ ]
+ },
+ {
+ "method": "OrganizationService.DeleteOrg",
+ "service": "OrganizationService",
+ "operation": "DeleteOrg",
+ "kind": "mutation",
+ "description": "删除机构",
+ "tags": [
+ "后台:机构管理"
+ ]
+ },
+ {
+ "method": "OrganizationService.GetOrgInfo",
+ "service": "OrganizationService",
+ "operation": "GetOrgInfo",
+ "kind": "readonly",
+ "description": "获取机构信息",
+ "tags": [
+ "后台:机构管理"
+ ]
+ },
+ {
+ "method": "OrganizationService.ListOrg",
+ "service": "OrganizationService",
+ "operation": "ListOrg",
+ "kind": "readonly",
+ "description": "用户列表",
+ "tags": [
+ "后台:机构管理"
+ ]
+ },
+ {
+ "method": "OrganizationService.ListOrgWithBizGroup",
+ "service": "OrganizationService",
+ "operation": "ListOrgWithBizGroup",
+ "kind": "readonly",
+ "description": "用户列表",
+ "tags": [
+ "后台:机构管理"
+ ]
+ },
+ {
+ "method": "OrganizationService.UpdateOrg",
+ "service": "OrganizationService",
+ "operation": "UpdateOrg",
+ "kind": "mutation",
+ "description": "更新机构",
+ "tags": [
+ "后台:机构管理"
+ ]
+ },
+ {
+ "method": "PackageService.ApplyPackage",
+ "service": "PackageService",
+ "operation": "ApplyPackage",
+ "kind": "mutation",
+ "description": "应用升级包",
+ "tags": [
+ "产品更新"
+ ]
+ },
+ {
+ "method": "PackageService.BatchApplyPackage",
+ "service": "PackageService",
+ "operation": "BatchApplyPackage",
+ "kind": "mutation",
+ "description": "批量应用升级包",
+ "tags": [
+ "产品更新"
+ ]
+ },
+ {
+ "method": "PackageService.CancelDownload",
+ "service": "PackageService",
+ "operation": "CancelDownload",
+ "kind": "mutation",
+ "description": "取消下载",
+ "tags": [
+ "产品更新"
+ ]
+ },
+ {
+ "method": "PackageService.DeletePackage",
+ "service": "PackageService",
+ "operation": "DeletePackage",
+ "kind": "mutation",
+ "description": "删除升级包",
+ "tags": [
+ "产品更新"
+ ]
+ },
+ {
+ "method": "PackageService.DownloadPackage",
+ "service": "PackageService",
+ "operation": "DownloadPackage",
+ "kind": "mutation",
+ "description": "下载升级包",
+ "tags": [
+ "产品更新"
+ ]
+ },
+ {
+ "method": "PackageService.GetAllModules",
+ "service": "PackageService",
+ "operation": "GetAllModules",
+ "kind": "readonly",
+ "description": "获取所有模块",
+ "tags": [
+ "产品更新"
+ ]
+ },
+ {
+ "method": "PackageService.GetApplyHistory",
+ "service": "PackageService",
+ "operation": "GetApplyHistory",
+ "kind": "readonly",
+ "description": "获取历史更新记录",
+ "tags": [
+ "产品更新"
+ ]
+ },
+ {
+ "method": "PackageService.GetDownloadResult",
+ "service": "PackageService",
+ "operation": "GetDownloadResult",
+ "kind": "readonly",
+ "description": "获取升级包下载结果",
+ "tags": [
+ "产品更新"
+ ]
+ },
+ {
+ "method": "PackageService.GetLatestPackages",
+ "service": "PackageService",
+ "operation": "GetLatestPackages",
+ "kind": "readonly",
+ "description": "获取最近的升级包",
+ "tags": [
+ "产品更新"
+ ]
+ },
+ {
+ "method": "PackageService.GetModules",
+ "service": "PackageService",
+ "operation": "GetModules",
+ "kind": "readonly",
+ "description": "获取模块",
+ "tags": [
+ "产品更新"
+ ]
+ },
+ {
+ "method": "PackageService.GetOverview",
+ "service": "PackageService",
+ "operation": "GetOverview",
+ "kind": "readonly",
+ "description": "获取版本信息",
+ "tags": [
+ "产品更新"
+ ]
+ },
+ {
+ "method": "PackageService.GetPackage",
+ "service": "PackageService",
+ "operation": "GetPackage",
+ "kind": "readonly",
+ "description": "获取升级包信息",
+ "tags": [
+ "产品更新"
+ ]
+ },
+ {
+ "method": "PackageService.GetProxyHost",
+ "service": "PackageService",
+ "operation": "GetProxyHost",
+ "kind": "readonly",
+ "description": "获取代理主机信息",
+ "tags": [
+ "产品更新"
+ ]
+ },
+ {
+ "method": "PackageService.ListPackages",
+ "service": "PackageService",
+ "operation": "ListPackages",
+ "kind": "readonly",
+ "description": "获取升级包列表",
+ "tags": [
+ "产品更新"
+ ]
+ },
+ {
+ "method": "PackageService.UpsertProxyHost",
+ "service": "PackageService",
+ "operation": "UpsertProxyHost",
+ "kind": "mutation",
+ "description": "更新插入代理",
+ "tags": [
+ "产品更新"
+ ]
+ },
+ {
+ "method": "PatchInfoEventService.CreateWhitelist",
+ "service": "PatchInfoEventService",
+ "operation": "CreateWhitelist",
+ "kind": "mutation",
+ "description": "创建事件加白规则",
+ "tags": [
+ "补丁风险"
+ ]
+ },
+ {
+ "method": "PatchInfoEventService.DelPatchInfoEvent",
+ "service": "PatchInfoEventService",
+ "operation": "DelPatchInfoEvent",
+ "kind": "mutation",
+ "description": "删除事件",
+ "tags": [
+ "补丁风险"
+ ]
+ },
+ {
+ "method": "PatchInfoEventService.GetPatchInfoEvent",
+ "service": "PatchInfoEventService",
+ "operation": "GetPatchInfoEvent",
+ "kind": "readonly",
+ "description": "获取事件详情",
+ "tags": [
+ "补丁风险"
+ ]
+ },
+ {
+ "method": "PatchInfoEventService.GetPatchInfoEventList",
+ "service": "PatchInfoEventService",
+ "operation": "GetPatchInfoEventList",
+ "kind": "readonly",
+ "description": "获取补丁风险列表",
+ "tags": [
+ "补丁风险"
+ ]
+ },
+ {
+ "method": "PatchInfoEventService.GetPatchInfoEventListByHost",
+ "service": "PatchInfoEventService",
+ "operation": "GetPatchInfoEventListByHost",
+ "kind": "readonly",
+ "description": "获取按 主机 聚合的事件列表",
+ "tags": [
+ "补丁风险"
+ ]
+ },
+ {
+ "method": "PatchInfoEventService.GetPatchInfoEventListByPatchInfo",
+ "service": "PatchInfoEventService",
+ "operation": "GetPatchInfoEventListByPatchInfo",
+ "kind": "readonly",
+ "description": "获取按 补丁信息 聚合的事件列表",
+ "tags": [
+ "补丁风险"
+ ]
+ },
+ {
+ "method": "PatchInfoEventService.GetWhitelist",
+ "service": "PatchInfoEventService",
+ "operation": "GetWhitelist",
+ "kind": "readonly",
+ "description": "获取白名单规则",
+ "tags": [
+ "补丁风险"
+ ]
+ },
+ {
+ "method": "PatchInfoEventService.InstallPatchInfo",
+ "service": "PatchInfoEventService",
+ "operation": "InstallPatchInfo",
+ "kind": "mutation",
+ "description": "安装补丁",
+ "tags": [
+ "补丁风险"
+ ]
+ },
+ {
+ "method": "PatchInfoEventService.RetestPatchInfo",
+ "service": "PatchInfoEventService",
+ "operation": "RetestPatchInfo",
+ "kind": "mutation",
+ "description": "复测补丁",
+ "tags": [
+ "补丁风险"
+ ]
+ },
+ {
+ "method": "PatchInfoEventService.StatPatchInfoEventByHost",
+ "service": "PatchInfoEventService",
+ "operation": "StatPatchInfoEventByHost",
+ "kind": "readonly",
+ "description": "返回按 主机 聚合的统计视图",
+ "tags": [
+ "补丁风险"
+ ]
+ },
+ {
+ "method": "PatchInfoEventService.StatPatchInfoEventByLevelPatchState",
+ "service": "PatchInfoEventService",
+ "operation": "StatPatchInfoEventByLevelPatchState",
+ "kind": "readonly",
+ "description": "返回按 补丁处置状态 聚合的统计视图",
+ "tags": [
+ "补丁风险"
+ ]
+ },
+ {
+ "method": "PatchInfoEventService.StatPatchInfoEventByPatchInfo",
+ "service": "PatchInfoEventService",
+ "operation": "StatPatchInfoEventByPatchInfo",
+ "kind": "readonly",
+ "description": "返回按 补丁信息 聚合的统计视图",
+ "tags": [
+ "补丁风险"
+ ]
+ },
+ {
+ "method": "PatchInfoEventService.StatPatchInfoEventByTime",
+ "service": "PatchInfoEventService",
+ "operation": "StatPatchInfoEventByTime",
+ "kind": "readonly",
+ "description": "返回按 时间 聚合的统计视图",
+ "tags": [
+ "补丁风险"
+ ]
+ },
+ {
+ "method": "PatchInfoEventService.UpdatePatchInfoEventComment",
+ "service": "PatchInfoEventService",
+ "operation": "UpdatePatchInfoEventComment",
+ "kind": "mutation",
+ "description": "修改事件备注",
+ "tags": [
+ "补丁风险"
+ ]
+ },
+ {
+ "method": "PatchInfoEventService.UpdatePatchInfoEventPatchState",
+ "service": "PatchInfoEventService",
+ "operation": "UpdatePatchInfoEventPatchState",
+ "kind": "mutation",
+ "description": "编辑状态",
+ "tags": [
+ "补丁风险"
+ ]
+ },
+ {
+ "method": "PatchInfoService.EditCustomSolution",
+ "service": "PatchInfoService",
+ "operation": "EditCustomSolution",
+ "kind": "mutation",
+ "description": "修改补丁修复方案",
+ "tags": [
+ "补丁管理"
+ ]
+ },
+ {
+ "method": "PatchInfoService.GetPatchInfo",
+ "service": "PatchInfoService",
+ "operation": "GetPatchInfo",
+ "kind": "readonly",
+ "description": "获取补丁详情",
+ "tags": [
+ "补丁管理"
+ ]
+ },
+ {
+ "method": "PatchInfoService.GetPatchInfoList",
+ "service": "PatchInfoService",
+ "operation": "GetPatchInfoList",
+ "kind": "readonly",
+ "description": "获取补丁风险列表",
+ "tags": [
+ "补丁管理"
+ ]
+ },
+ {
+ "method": "PortAssetService.DeletePort",
+ "service": "PortAssetService",
+ "operation": "DeletePort",
+ "kind": "mutation",
+ "description": "删除端口资产",
+ "tags": [
+ "端口资产"
+ ]
+ },
+ {
+ "method": "PortAssetService.GetPortAssetList",
+ "service": "PortAssetService",
+ "operation": "GetPortAssetList",
+ "kind": "readonly",
+ "description": "获取端口资产列表",
+ "tags": [
+ "端口资产"
+ ]
+ },
+ {
+ "method": "PortAssetService.GetPortAssetListByCmd",
+ "service": "PortAssetService",
+ "operation": "GetPortAssetListByCmd",
+ "kind": "readonly",
+ "description": "进程名数据分组,按照指定条件获取端口资产",
+ "tags": [
+ "端口资产"
+ ]
+ },
+ {
+ "method": "PortAssetService.GetPortAssetListByProtocolIPPort",
+ "service": "PortAssetService",
+ "operation": "GetPortAssetListByProtocolIPPort",
+ "kind": "readonly",
+ "description": "监听端口协议数据分组,按照指定要求获取端口",
+ "tags": [
+ "端口资产"
+ ]
+ },
+ {
+ "method": "PortAssetService.GetPortAssetListByProtocolPort",
+ "service": "PortAssetService",
+ "operation": "GetPortAssetListByProtocolPort",
+ "kind": "readonly",
+ "description": "监听端口数据分组,按照指定要求获取端口",
+ "tags": [
+ "端口资产"
+ ]
+ },
+ {
+ "method": "PortAssetService.StatPort",
+ "service": "PortAssetService",
+ "operation": "StatPort",
+ "kind": "readonly",
+ "description": "表示端口开放情况",
+ "tags": [
+ "端口资产"
+ ]
+ },
+ {
+ "method": "ProcessAssetService.GetProcess",
+ "service": "ProcessAssetService",
+ "operation": "GetProcess",
+ "kind": "readonly",
+ "description": "获取进程资产详情",
+ "tags": [
+ "进程资产"
+ ]
+ },
+ {
+ "method": "ProcessAssetService.GetProcessList",
+ "service": "ProcessAssetService",
+ "operation": "GetProcessList",
+ "kind": "readonly",
+ "description": "获取主机上进程资产列表",
+ "tags": [
+ "进程资产"
+ ]
+ },
+ {
+ "method": "ProcessAssetService.GetProcessListByHost",
+ "service": "ProcessAssetService",
+ "operation": "GetProcessListByHost",
+ "kind": "readonly",
+ "description": "主机数据分组,按照指定条件获取进程资产列表",
+ "tags": [
+ "进程资产"
+ ]
+ },
+ {
+ "method": "ProcessAssetService.GetProcessListByName",
+ "service": "ProcessAssetService",
+ "operation": "GetProcessListByName",
+ "kind": "readonly",
+ "description": "进程名数据分组,按照指定信息获取主机上进程资产列表",
+ "tags": [
+ "进程资产"
+ ]
+ },
+ {
+ "method": "ProcessAssetService.GetProcessListByPath",
+ "service": "ProcessAssetService",
+ "operation": "GetProcessListByPath",
+ "kind": "readonly",
+ "description": "获取主机上进程列表",
+ "tags": [
+ "进程资产"
+ ]
+ },
+ {
+ "method": "ProcessAssetService.GetRefreshDateTime",
+ "service": "ProcessAssetService",
+ "operation": "GetRefreshDateTime",
+ "kind": "readonly",
+ "description": "获取进程资产的更新时间",
+ "tags": [
+ "进程资产"
+ ]
+ },
+ {
+ "method": "ProcessAssetService.Refresh",
+ "service": "ProcessAssetService",
+ "operation": "Refresh",
+ "kind": "mutation",
+ "description": "更新进程资产",
+ "tags": [
+ "进程资产"
+ ]
+ },
+ {
+ "method": "ProcessAssetService.StatProcessByEffectiveUser",
+ "service": "ProcessAssetService",
+ "operation": "StatProcessByEffectiveUser",
+ "kind": "readonly",
+ "description": "有效用户数据分组下,按照指定条件返回进程资产列表",
+ "tags": [
+ "进程资产"
+ ]
+ },
+ {
+ "method": "ProcessAssetService.StatProcessBySafety",
+ "service": "ProcessAssetService",
+ "operation": "StatProcessBySafety",
+ "kind": "readonly",
+ "description": "进程安全性数据分组下,按照指定条件返回进程资产列表",
+ "tags": [
+ "进程资产"
+ ]
+ },
+ {
+ "method": "ProcessAssetService.StatProcessByStatus",
+ "service": "ProcessAssetService",
+ "operation": "StatProcessByStatus",
+ "kind": "readonly",
+ "description": "进程状态数据分组下,按照指定条件返回进程资产列表",
+ "tags": [
+ "进程资产"
+ ]
+ },
+ {
+ "method": "ProcessAssetService.WhitelistProcess",
+ "service": "ProcessAssetService",
+ "operation": "WhitelistProcess",
+ "kind": "mutation",
+ "description": "给进程加白名单",
+ "tags": [
+ "进程资产"
+ ]
+ },
+ {
+ "method": "ProcessKillService.DeleteEvent",
+ "service": "ProcessKillService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除事件",
+ "tags": [
+ "NetworkReject"
+ ]
+ },
+ {
+ "method": "ProcessKillService.ListEvent",
+ "service": "ProcessKillService",
+ "operation": "ListEvent",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "NetworkReject"
+ ]
+ },
+ {
+ "method": "ReportService.CopyReport",
+ "service": "ReportService",
+ "operation": "CopyReport",
+ "kind": "mutation",
+ "description": "复制报告",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.CopyTemplate",
+ "service": "ReportService",
+ "operation": "CopyTemplate",
+ "kind": "mutation",
+ "description": "复制模板",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.CreateReport",
+ "service": "ReportService",
+ "operation": "CreateReport",
+ "kind": "mutation",
+ "description": "添加报告",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.CreateTemplate",
+ "service": "ReportService",
+ "operation": "CreateTemplate",
+ "kind": "mutation",
+ "description": "创建模板",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.DeleteReport",
+ "service": "ReportService",
+ "operation": "DeleteReport",
+ "kind": "mutation",
+ "description": "删除报告",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.DeleteReportHistory",
+ "service": "ReportService",
+ "operation": "DeleteReportHistory",
+ "kind": "mutation",
+ "description": "删除历史报告",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.DeleteTemplate",
+ "service": "ReportService",
+ "operation": "DeleteTemplate",
+ "kind": "mutation",
+ "description": "删除模板",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.EditReport",
+ "service": "ReportService",
+ "operation": "EditReport",
+ "kind": "mutation",
+ "description": "编辑报告",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.EditTemplate",
+ "service": "ReportService",
+ "operation": "EditTemplate",
+ "kind": "mutation",
+ "description": "编辑模板",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.GenerateReport",
+ "service": "ReportService",
+ "operation": "GenerateReport",
+ "kind": "mutation",
+ "description": "生成报告",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.GetReport",
+ "service": "ReportService",
+ "operation": "GetReport",
+ "kind": "readonly",
+ "description": "获取报告详情",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.GetReportGeneratingInfo",
+ "service": "ReportService",
+ "operation": "GetReportGeneratingInfo",
+ "kind": "readonly",
+ "description": "生成报告",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.GetTemplate",
+ "service": "ReportService",
+ "operation": "GetTemplate",
+ "kind": "readonly",
+ "description": "获取模板",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.GetTemplateTree",
+ "service": "ReportService",
+ "operation": "GetTemplateTree",
+ "kind": "readonly",
+ "description": "获取模板树",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.GetTemplateTypes",
+ "service": "ReportService",
+ "operation": "GetTemplateTypes",
+ "kind": "readonly",
+ "description": "获取模板类型",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.ListReport",
+ "service": "ReportService",
+ "operation": "ListReport",
+ "kind": "readonly",
+ "description": "获取报告列表",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.ListReportHistory",
+ "service": "ReportService",
+ "operation": "ListReportHistory",
+ "kind": "readonly",
+ "description": "查阅历史报告",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "ReportService.ListTemplate",
+ "service": "ReportService",
+ "operation": "ListTemplate",
+ "kind": "readonly",
+ "description": "获取模板列表",
+ "tags": [
+ "报告管理"
+ ]
+ },
+ {
+ "method": "RevshellEventService.CreateWhitelist",
+ "service": "RevshellEventService",
+ "operation": "CreateWhitelist",
+ "kind": "mutation",
+ "description": "生成白名单规则",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.DeleteEvent",
+ "service": "RevshellEventService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除所选的事件",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.EditEventComment",
+ "service": "RevshellEventService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.EditEventState",
+ "service": "RevshellEventService",
+ "operation": "EditEventState",
+ "kind": "mutation",
+ "description": "改变所选事件的处置状态",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.GenerateEventFirewallRule",
+ "service": "RevshellEventService",
+ "operation": "GenerateEventFirewallRule",
+ "kind": "mutation",
+ "description": "根据所选事件生成网络阻断规则",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.GetEvent",
+ "service": "RevshellEventService",
+ "operation": "GetEvent",
+ "kind": "readonly",
+ "description": "获取事件详情",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.GetEventByHostList",
+ "service": "RevshellEventService",
+ "operation": "GetEventByHostList",
+ "kind": "readonly",
+ "description": "获取按主机 ID 聚合的事件列表",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.GetEventByRemoteAddrList",
+ "service": "RevshellEventService",
+ "operation": "GetEventByRemoteAddrList",
+ "kind": "readonly",
+ "description": "获取按远程 IP 聚合的事件列表",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.GetEventList",
+ "service": "RevshellEventService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.GetWhitelist",
+ "service": "RevshellEventService",
+ "operation": "GetWhitelist",
+ "kind": "readonly",
+ "description": "获取白名单规则",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.MarkAsRead",
+ "service": "RevshellEventService",
+ "operation": "MarkAsRead",
+ "kind": "mutation",
+ "description": "标记事件为已读",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.ProcessKill",
+ "service": "RevshellEventService",
+ "operation": "ProcessKill",
+ "kind": "mutation",
+ "description": "删除所选的事件",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.StatEventByAsset",
+ "service": "RevshellEventService",
+ "operation": "StatEventByAsset",
+ "kind": "readonly",
+ "description": "返回反弹shell最多的主机 top n ( n = 10 default )",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.StatEventByCmdline",
+ "service": "RevshellEventService",
+ "operation": "StatEventByCmdline",
+ "kind": "readonly",
+ "description": "返回反弹shell最多的cmdline top n ( n = 5 default )",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.StatEventByRemoteAddr",
+ "service": "RevshellEventService",
+ "operation": "StatEventByRemoteAddr",
+ "kind": "readonly",
+ "description": "返回反弹shell最多的远程地址 top n ( n = 10 default )",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.StatEventByState",
+ "service": "RevshellEventService",
+ "operation": "StatEventByState",
+ "kind": "readonly",
+ "description": "返回处置事件状态分布的统计信息",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.StatEventByTime",
+ "service": "RevshellEventService",
+ "operation": "StatEventByTime",
+ "kind": "readonly",
+ "description": "返回反弹shell按时间的趋势 top n ( n = 10 default )",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "RevshellEventService.StatEventByUname",
+ "service": "RevshellEventService",
+ "operation": "StatEventByUname",
+ "kind": "readonly",
+ "description": "返回反弹shell最多的User Name( 按shell权限 ) top n ( n = 5 default )",
+ "tags": [
+ "反弹 Shell"
+ ]
+ },
+ {
+ "method": "ScoutAgentApiService.GenerateInstallCommand",
+ "service": "ScoutAgentApiService",
+ "operation": "GenerateInstallCommand",
+ "kind": "mutation",
+ "description": "生成探针安装命令",
+ "tags": [
+ "采集探针"
+ ]
+ },
+ {
+ "method": "ScoutAgentApiService.GetAgentList",
+ "service": "ScoutAgentApiService",
+ "operation": "GetAgentList",
+ "kind": "readonly",
+ "description": "获取探针列表",
+ "tags": [
+ "采集探针"
+ ]
+ },
+ {
+ "method": "ScoutAgentApiService.SetCollectionRange",
+ "service": "ScoutAgentApiService",
+ "operation": "SetCollectionRange",
+ "kind": "mutation",
+ "description": "设置采集范围",
+ "tags": [
+ "采集探针"
+ ]
+ },
+ {
+ "method": "ScoutAgentApiService.SetKafkaAddrRange",
+ "service": "ScoutAgentApiService",
+ "operation": "SetKafkaAddrRange",
+ "kind": "mutation",
+ "description": "设置 kafka 地址",
+ "tags": [
+ "采集探针"
+ ]
+ },
+ {
+ "method": "ScoutAgentApiService.SetResourceLimit",
+ "service": "ScoutAgentApiService",
+ "operation": "SetResourceLimit",
+ "kind": "mutation",
+ "description": "设置资源配额",
+ "tags": [
+ "采集探针"
+ ]
+ },
+ {
+ "method": "ScoutAgentApiService.TestKafka",
+ "service": "ScoutAgentApiService",
+ "operation": "TestKafka",
+ "kind": "mutation",
+ "description": "测试 kafka",
+ "tags": [
+ "采集探针"
+ ]
+ },
+ {
+ "method": "ScoutAgentApiService.Uninstall",
+ "service": "ScoutAgentApiService",
+ "operation": "Uninstall",
+ "kind": "mutation",
+ "description": "卸载采集探针",
+ "tags": [
+ "采集探针"
+ ]
+ },
+ {
+ "method": "ScoutAgentApiService.Upgrade",
+ "service": "ScoutAgentApiService",
+ "operation": "Upgrade",
+ "kind": "mutation",
+ "description": "更新采集探针",
+ "tags": [
+ "采集探针"
+ ]
+ },
+ {
+ "method": "SecurityCheckService.DeleteEvent",
+ "service": "SecurityCheckService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除安全基线",
+ "tags": [
+ "安全基线"
+ ]
+ },
+ {
+ "method": "SecurityCheckService.EditEventComment",
+ "service": "SecurityCheckService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "安全基线"
+ ]
+ },
+ {
+ "method": "SecurityCheckService.EditEventState",
+ "service": "SecurityCheckService",
+ "operation": "EditEventState",
+ "kind": "mutation",
+ "description": "修改安全基线事件状态",
+ "tags": [
+ "安全基线"
+ ]
+ },
+ {
+ "method": "SecurityCheckService.GetEvent",
+ "service": "SecurityCheckService",
+ "operation": "GetEvent",
+ "kind": "readonly",
+ "description": "获取安全基线事件详情",
+ "tags": [
+ "安全基线"
+ ]
+ },
+ {
+ "method": "SecurityCheckService.GetEventList",
+ "service": "SecurityCheckService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "安全基线事件列表",
+ "tags": [
+ "安全基线"
+ ]
+ },
+ {
+ "method": "SecurityCheckService.GetEventListByHost",
+ "service": "SecurityCheckService",
+ "operation": "GetEventListByHost",
+ "kind": "readonly",
+ "description": "根据Host筛选条件获取安全基线事件列表",
+ "tags": [
+ "安全基线"
+ ]
+ },
+ {
+ "method": "SecurityCheckService.GetEventListByItemID",
+ "service": "SecurityCheckService",
+ "operation": "GetEventListByItemID",
+ "kind": "readonly",
+ "description": "根据风险筛选条件获取安全基线事件列表",
+ "tags": [
+ "安全基线"
+ ]
+ },
+ {
+ "method": "SecurityCheckService.GetPluginList",
+ "service": "SecurityCheckService",
+ "operation": "GetPluginList",
+ "kind": "readonly",
+ "description": "获取检测插件更新状态",
+ "tags": [
+ "安全基线"
+ ]
+ },
+ {
+ "method": "SecurityCheckService.RetestEvent",
+ "service": "SecurityCheckService",
+ "operation": "RetestEvent",
+ "kind": "mutation",
+ "description": "复测安全基线事件",
+ "tags": [
+ "安全基线"
+ ]
+ },
+ {
+ "method": "SecurityCheckService.StatEventByHost",
+ "service": "SecurityCheckService",
+ "operation": "StatEventByHost",
+ "kind": "readonly",
+ "description": "高风险主机",
+ "tags": [
+ "安全基线"
+ ]
+ },
+ {
+ "method": "SecurityCheckService.StatEventByItem",
+ "service": "SecurityCheckService",
+ "operation": "StatEventByItem",
+ "kind": "readonly",
+ "description": "高频风险",
+ "tags": [
+ "安全基线"
+ ]
+ },
+ {
+ "method": "SecurityCheckService.StatEventByLevelState",
+ "service": "SecurityCheckService",
+ "operation": "StatEventByLevelState",
+ "kind": "readonly",
+ "description": "时间状态分布",
+ "tags": [
+ "安全基线"
+ ]
+ },
+ {
+ "method": "SecurityCheckService.StatEventByTags",
+ "service": "SecurityCheckService",
+ "operation": "StatEventByTags",
+ "kind": "readonly",
+ "description": "风险特征分布",
+ "tags": [
+ "安全基线"
+ ]
+ },
+ {
+ "method": "SecurityCheckService.StatEventByTime",
+ "service": "SecurityCheckService",
+ "operation": "StatEventByTime",
+ "kind": "readonly",
+ "description": "风险发生趋势",
+ "tags": [
+ "安全基线"
+ ]
+ },
+ {
+ "method": "SecurityStrategyService.CreateSecurityStrategy",
+ "service": "SecurityStrategyService",
+ "operation": "CreateSecurityStrategy",
+ "kind": "mutation",
+ "description": "添加安全策略",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "SecurityStrategyService.DeleteSecurityStrategy",
+ "service": "SecurityStrategyService",
+ "operation": "DeleteSecurityStrategy",
+ "kind": "mutation",
+ "description": "删除安全策略",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "SecurityStrategyService.GetSecurityStrategyDetail",
+ "service": "SecurityStrategyService",
+ "operation": "GetSecurityStrategyDetail",
+ "kind": "readonly",
+ "description": "获取安全策略详情",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "SecurityStrategyService.GetSecurityStrategyTree",
+ "service": "SecurityStrategyService",
+ "operation": "GetSecurityStrategyTree",
+ "kind": "readonly",
+ "description": "获取安全策略树",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "SecurityStrategyService.ListSecurityStrategy",
+ "service": "SecurityStrategyService",
+ "operation": "ListSecurityStrategy",
+ "kind": "readonly",
+ "description": "获取安全策略列表",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "SecurityStrategyService.SetGroupStrategy",
+ "service": "SecurityStrategyService",
+ "operation": "SetGroupStrategy",
+ "kind": "mutation",
+ "description": "设置业务组的安全策略",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "SecurityStrategyService.UpdateSecurityStrategy",
+ "service": "SecurityStrategyService",
+ "operation": "UpdateSecurityStrategy",
+ "kind": "mutation",
+ "description": "更新安全策略",
+ "tags": [
+ "入侵检测配置"
+ ]
+ },
+ {
+ "method": "SensitiveFileService.DeleteEvent",
+ "service": "SensitiveFileService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除敏感文件事件",
+ "tags": [
+ "敏感文件"
+ ]
+ },
+ {
+ "method": "SensitiveFileService.EditEventComment",
+ "service": "SensitiveFileService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "敏感文件"
+ ]
+ },
+ {
+ "method": "SensitiveFileService.EditEventState",
+ "service": "SensitiveFileService",
+ "operation": "EditEventState",
+ "kind": "mutation",
+ "description": "修改敏感文件事件状态",
+ "tags": [
+ "敏感文件"
+ ]
+ },
+ {
+ "method": "SensitiveFileService.GetEvent",
+ "service": "SensitiveFileService",
+ "operation": "GetEvent",
+ "kind": "readonly",
+ "description": "获取敏感文件事件详情",
+ "tags": [
+ "敏感文件"
+ ]
+ },
+ {
+ "method": "SensitiveFileService.GetEventList",
+ "service": "SensitiveFileService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "获取敏感文件事件列表",
+ "tags": [
+ "敏感文件"
+ ]
+ },
+ {
+ "method": "SensitiveFileService.ResetEventState",
+ "service": "SensitiveFileService",
+ "operation": "ResetEventState",
+ "kind": "mutation",
+ "description": "重置事件状态为 'risky'",
+ "tags": [
+ "敏感文件"
+ ]
+ },
+ {
+ "method": "SensitivePortService.CreateWhitelist",
+ "service": "SensitivePortService",
+ "operation": "CreateWhitelist",
+ "kind": "mutation",
+ "description": "生成白名单规则",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "SensitivePortService.DeleteEvent",
+ "service": "SensitivePortService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除敏感端口事件",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "SensitivePortService.EditEventComment",
+ "service": "SensitivePortService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "SensitivePortService.EditEventState",
+ "service": "SensitivePortService",
+ "operation": "EditEventState",
+ "kind": "mutation",
+ "description": "修改敏感端口事件状态",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "SensitivePortService.GetEvent",
+ "service": "SensitivePortService",
+ "operation": "GetEvent",
+ "kind": "readonly",
+ "description": "获取事件详情",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "SensitivePortService.GetEventList",
+ "service": "SensitivePortService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "获取敏感端口事件列表",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "SensitivePortService.GetHostViewEventList",
+ "service": "SensitivePortService",
+ "operation": "GetHostViewEventList",
+ "kind": "readonly",
+ "description": "获取敏感端口事件列表(主机视角)",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "SensitivePortService.GetPortViewEventList",
+ "service": "SensitivePortService",
+ "operation": "GetPortViewEventList",
+ "kind": "readonly",
+ "description": "获取敏感端口事件列表(端口视角)",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "SensitivePortService.GetProcessViewEventList",
+ "service": "SensitivePortService",
+ "operation": "GetProcessViewEventList",
+ "kind": "readonly",
+ "description": "获取敏感端口事件列表(进程视角)",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "SensitivePortService.GetWhitelist",
+ "service": "SensitivePortService",
+ "operation": "GetWhitelist",
+ "kind": "readonly",
+ "description": "获取白名单规则",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "SensitivePortService.RetestEvent",
+ "service": "SensitivePortService",
+ "operation": "RetestEvent",
+ "kind": "mutation",
+ "description": "复测事件",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "SensitivePortService.StatEventByCmd",
+ "service": "SensitivePortService",
+ "operation": "StatEventByCmd",
+ "kind": "readonly",
+ "description": "敏感进程分布",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "SensitivePortService.StatEventByHost",
+ "service": "SensitivePortService",
+ "operation": "StatEventByHost",
+ "kind": "readonly",
+ "description": "敏感端口分布-主机维度",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "SensitivePortService.StatEventByPort",
+ "service": "SensitivePortService",
+ "operation": "StatEventByPort",
+ "kind": "readonly",
+ "description": "敏感端口分布",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "SensitivePortService.StatEventByState",
+ "service": "SensitivePortService",
+ "operation": "StatEventByState",
+ "kind": "readonly",
+ "description": "事件状态分布",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "SensitivePortService.StatEventByTime",
+ "service": "SensitivePortService",
+ "operation": "StatEventByTime",
+ "kind": "readonly",
+ "description": "事件时间分布",
+ "tags": [
+ "敏感端口"
+ ]
+ },
+ {
+ "method": "StatisticsService.GetEventOverview",
+ "service": "StatisticsService",
+ "operation": "GetEventOverview",
+ "kind": "readonly",
+ "description": "获取事件描述",
+ "tags": [
+ "态势感知"
+ ]
+ },
+ {
+ "method": "StatisticsService.GetHostScore",
+ "service": "StatisticsService",
+ "operation": "GetHostScore",
+ "kind": "readonly",
+ "description": "获取主机得分与事件概况",
+ "tags": [
+ "态势感知"
+ ]
+ },
+ {
+ "method": "StatisticsService.GetScanTime",
+ "service": "StatisticsService",
+ "operation": "GetScanTime",
+ "kind": "readonly",
+ "description": "获取最近一次扫描任务完成时间",
+ "tags": [
+ "态势感知"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.CreateWhitelist",
+ "service": "SuspiciousOperationService",
+ "operation": "CreateWhitelist",
+ "kind": "mutation",
+ "description": "生成白名单规则",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.DeleteEvent",
+ "service": "SuspiciousOperationService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除事件",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.EditEventComment",
+ "service": "SuspiciousOperationService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.EditEventState",
+ "service": "SuspiciousOperationService",
+ "operation": "EditEventState",
+ "kind": "mutation",
+ "description": "编辑事件状态",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.GetEvent",
+ "service": "SuspiciousOperationService",
+ "operation": "GetEvent",
+ "kind": "readonly",
+ "description": "获取命令详情",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.GetEventList",
+ "service": "SuspiciousOperationService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "获取命令列表",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.GetEventListByHost",
+ "service": "SuspiciousOperationService",
+ "operation": "GetEventListByHost",
+ "kind": "readonly",
+ "description": "返回按 主机 聚合的可疑操作列表",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.GetEventListByNetApp",
+ "service": "SuspiciousOperationService",
+ "operation": "GetEventListByNetApp",
+ "kind": "readonly",
+ "description": "返回按 网络应用 聚合的可疑操作列表",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.GetEventListByRuleName",
+ "service": "SuspiciousOperationService",
+ "operation": "GetEventListByRuleName",
+ "kind": "readonly",
+ "description": "返回按 规则 聚合的可疑操作列表",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.GetEventListBySSHClientIP",
+ "service": "SuspiciousOperationService",
+ "operation": "GetEventListBySSHClientIP",
+ "kind": "readonly",
+ "description": "返回按 SSH登录 聚合的可疑操作列表",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.GetWhitelist",
+ "service": "SuspiciousOperationService",
+ "operation": "GetWhitelist",
+ "kind": "readonly",
+ "description": "获取白名单规则",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.MarkAsRead",
+ "service": "SuspiciousOperationService",
+ "operation": "MarkAsRead",
+ "kind": "mutation",
+ "description": "标记事件为已读",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.ProcessKill",
+ "service": "SuspiciousOperationService",
+ "operation": "ProcessKill",
+ "kind": "mutation",
+ "description": "进程阻断",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.StatEventByHost",
+ "service": "SuspiciousOperationService",
+ "operation": "StatEventByHost",
+ "kind": "readonly",
+ "description": "返回按 主机 聚合的统计视图",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.StatEventByLevelState",
+ "service": "SuspiciousOperationService",
+ "operation": "StatEventByLevelState",
+ "kind": "readonly",
+ "description": "返回按 风险级别类型 聚合的统计视图",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.StatEventByNetApp",
+ "service": "SuspiciousOperationService",
+ "operation": "StatEventByNetApp",
+ "kind": "readonly",
+ "description": "返回按 网络应用 聚合的统计视图",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.StatEventByRuleName",
+ "service": "SuspiciousOperationService",
+ "operation": "StatEventByRuleName",
+ "kind": "readonly",
+ "description": "返回按 规则名称 聚合的统计视图",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.StatEventBySSHClientIP",
+ "service": "SuspiciousOperationService",
+ "operation": "StatEventBySSHClientIP",
+ "kind": "readonly",
+ "description": "返回按 SSH登录地址 聚合的统计视图",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "SuspiciousOperationService.StatEventByTime",
+ "service": "SuspiciousOperationService",
+ "operation": "StatEventByTime",
+ "kind": "readonly",
+ "description": "返回按 创建日期 聚合的统计视图",
+ "tags": [
+ "可疑命令"
+ ]
+ },
+ {
+ "method": "TamperProofService.AddRule",
+ "service": "TamperProofService",
+ "operation": "AddRule",
+ "kind": "mutation",
+ "description": "添加规则",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.DeleteEventList",
+ "service": "TamperProofService",
+ "operation": "DeleteEventList",
+ "kind": "mutation",
+ "description": "删除事件",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.DeleteRuleList",
+ "service": "TamperProofService",
+ "operation": "DeleteRuleList",
+ "kind": "mutation",
+ "description": "删除规则",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.DisableHostList",
+ "service": "TamperProofService",
+ "operation": "DisableHostList",
+ "kind": "mutation",
+ "description": "关闭多个主机的文件防篡改功能",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.EditEventListRead",
+ "service": "TamperProofService",
+ "operation": "EditEventListRead",
+ "kind": "mutation",
+ "description": "将多个事件置为已读或未读",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.EditRule",
+ "service": "TamperProofService",
+ "operation": "EditRule",
+ "kind": "mutation",
+ "description": "修改防篡改规则",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.EditRuleEnable",
+ "service": "TamperProofService",
+ "operation": "EditRuleEnable",
+ "kind": "mutation",
+ "description": "修改防篡改规则",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.EnableHostList",
+ "service": "TamperProofService",
+ "operation": "EnableHostList",
+ "kind": "mutation",
+ "description": "开启多个主机的文件防篡改功能",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.GetEventDetails",
+ "service": "TamperProofService",
+ "operation": "GetEventDetails",
+ "kind": "readonly",
+ "description": "事件的详情",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.GetEventList",
+ "service": "TamperProofService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "文件篡改事件的列表",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.GetHostList",
+ "service": "TamperProofService",
+ "operation": "GetHostList",
+ "kind": "readonly",
+ "description": "开启文件防篡改的主机列表",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.GetMaxNum",
+ "service": "TamperProofService",
+ "operation": "GetMaxNum",
+ "kind": "readonly",
+ "description": "获取最大文件防篡改探针授权数量",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.GetModuleList",
+ "service": "TamperProofService",
+ "operation": "GetModuleList",
+ "kind": "readonly",
+ "description": "文件防篡改模块的列表",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.GetRule",
+ "service": "TamperProofService",
+ "operation": "GetRule",
+ "kind": "readonly",
+ "description": "获取单个文件防篡改规则",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.GetRuleList",
+ "service": "TamperProofService",
+ "operation": "GetRuleList",
+ "kind": "readonly",
+ "description": "文件防篡改规则的列表",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.Install",
+ "service": "TamperProofService",
+ "operation": "Install",
+ "kind": "mutation",
+ "description": "给主机安装防篡改模块",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "TamperProofService.Uninstall",
+ "service": "TamperProofService",
+ "operation": "Uninstall",
+ "kind": "mutation",
+ "description": "给主机拆卸防篡改模块",
+ "tags": [
+ "TamperProof"
+ ]
+ },
+ {
+ "method": "ThreatOverviewService.GetProcessedEventInfo",
+ "service": "ThreatOverviewService",
+ "operation": "GetProcessedEventInfo",
+ "kind": "readonly",
+ "description": "事件处置情况",
+ "tags": [
+ "威胁事件"
+ ]
+ },
+ {
+ "method": "ThreatOverviewService.ListEventDetectedTrendInfo",
+ "service": "ThreatOverviewService",
+ "operation": "ListEventDetectedTrendInfo",
+ "kind": "readonly",
+ "description": "事件发生趋势",
+ "tags": [
+ "威胁事件"
+ ]
+ },
+ {
+ "method": "ThreatOverviewService.ListEventTypeDistInfo",
+ "service": "ThreatOverviewService",
+ "operation": "ListEventTypeDistInfo",
+ "kind": "readonly",
+ "description": "事件类型分布",
+ "tags": [
+ "威胁事件"
+ ]
+ },
+ {
+ "method": "ThreatOverviewService.ListGetRiskyHostInfo",
+ "service": "ThreatOverviewService",
+ "operation": "ListGetRiskyHostInfo",
+ "kind": "readonly",
+ "description": "高风险主机",
+ "tags": [
+ "威胁事件"
+ ]
+ },
+ {
+ "method": "ThreatOverviewService.ListRealTimeEvents",
+ "service": "ThreatOverviewService",
+ "operation": "ListRealTimeEvents",
+ "kind": "readonly",
+ "description": "获取事件描述",
+ "tags": [
+ "威胁事件"
+ ]
+ },
+ {
+ "method": "UserAssetService.GetUserAuthorizedKeys",
+ "service": "UserAssetService",
+ "operation": "GetUserAuthorizedKeys",
+ "kind": "readonly",
+ "description": "获取用户公钥信息",
+ "tags": [
+ "用户资产"
+ ]
+ },
+ {
+ "method": "UserAssetService.GetUserList",
+ "service": "UserAssetService",
+ "operation": "GetUserList",
+ "kind": "readonly",
+ "description": "根据指定条件获取用户资产列表",
+ "tags": [
+ "用户资产"
+ ]
+ },
+ {
+ "method": "UserAssetService.GetUserListByUsername",
+ "service": "UserAssetService",
+ "operation": "GetUserListByUsername",
+ "kind": "readonly",
+ "description": "用户名数据分组,根据指定的条件获取用户资产列表",
+ "tags": [
+ "用户资产"
+ ]
+ },
+ {
+ "method": "UserAssetService.GetWindowsDomainUserList",
+ "service": "UserAssetService",
+ "operation": "GetWindowsDomainUserList",
+ "kind": "readonly",
+ "description": "获取 windows 域用户列表",
+ "tags": [
+ "用户资产"
+ ]
+ },
+ {
+ "method": "UserAssetService.GetWindowsDomainUserListByDomain",
+ "service": "UserAssetService",
+ "operation": "GetWindowsDomainUserListByDomain",
+ "kind": "readonly",
+ "description": "获取 windows 域用户列表,按域聚合",
+ "tags": [
+ "用户资产"
+ ]
+ },
+ {
+ "method": "UserAssetService.GetWindowsUserList",
+ "service": "UserAssetService",
+ "operation": "GetWindowsUserList",
+ "kind": "readonly",
+ "description": "获取 windows 用户列表",
+ "tags": [
+ "用户资产"
+ ]
+ },
+ {
+ "method": "UserAssetService.GetWindowsUserListByHost",
+ "service": "UserAssetService",
+ "operation": "GetWindowsUserListByHost",
+ "kind": "readonly",
+ "description": "获取 windows 用户列表,按主机聚合",
+ "tags": [
+ "用户资产"
+ ]
+ },
+ {
+ "method": "UserAssetService.GetWindowsUserListByUserName",
+ "service": "UserAssetService",
+ "operation": "GetWindowsUserListByUserName",
+ "kind": "readonly",
+ "description": "取 windows 用户列表,按用户名聚合",
+ "tags": [
+ "用户资产"
+ ]
+ },
+ {
+ "method": "UserAssetService.GetWindowsUserListByUsername",
+ "service": "UserAssetService",
+ "operation": "GetWindowsUserListByUsername",
+ "kind": "readonly",
+ "description": "获取 windows 域用户列表,按用户名聚合",
+ "tags": [
+ "用户资产"
+ ]
+ },
+ {
+ "method": "UserAssetService.StatUser",
+ "service": "UserAssetService",
+ "operation": "StatUser",
+ "kind": "readonly",
+ "description": "用户统计信息",
+ "tags": [
+ "用户资产"
+ ]
+ },
+ {
+ "method": "VulnInfoService.GetVulnInfo",
+ "service": "VulnInfoService",
+ "operation": "GetVulnInfo",
+ "kind": "readonly",
+ "description": "敏感端口事件导出",
+ "tags": [
+ "漏洞情报"
+ ]
+ },
+ {
+ "method": "VulnInfoService.ListVulnInfo",
+ "service": "VulnInfoService",
+ "operation": "ListVulnInfo",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "漏洞情报"
+ ]
+ },
+ {
+ "method": "VulnInfoService.StatVulnInfoByLevel",
+ "service": "VulnInfoService",
+ "operation": "StatVulnInfoByLevel",
+ "kind": "readonly",
+ "description": "漏洞级别分布",
+ "tags": [
+ "漏洞情报"
+ ]
+ },
+ {
+ "method": "VulnInfoService.TrendVulnInfo",
+ "service": "VulnInfoService",
+ "operation": "TrendVulnInfo",
+ "kind": "readonly",
+ "description": "漏洞公布时间趋势",
+ "tags": [
+ "漏洞情报"
+ ]
+ },
+ {
+ "method": "VulnService.CreateWhitelist",
+ "service": "VulnService",
+ "operation": "CreateWhitelist",
+ "kind": "mutation",
+ "description": "生成白名单规则",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.DeleteVuln",
+ "service": "VulnService",
+ "operation": "DeleteVuln",
+ "kind": "mutation",
+ "description": "根据漏洞 ID 删除漏洞",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.EditEventComment",
+ "service": "VulnService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.EditVulnState",
+ "service": "VulnService",
+ "operation": "EditVulnState",
+ "kind": "mutation",
+ "description": "修改漏洞事件状态",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.GetVuln",
+ "service": "VulnService",
+ "operation": "GetVuln",
+ "kind": "readonly",
+ "description": "获取漏洞事件详情",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.GetVulnByAppList",
+ "service": "VulnService",
+ "operation": "GetVulnByAppList",
+ "kind": "readonly",
+ "description": "根据影响软件返回漏洞事件列表",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.GetVulnByHostList",
+ "service": "VulnService",
+ "operation": "GetVulnByHostList",
+ "kind": "readonly",
+ "description": "根据主机返回漏洞事件列表",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.GetVulnByVulnList",
+ "service": "VulnService",
+ "operation": "GetVulnByVulnList",
+ "kind": "readonly",
+ "description": "根据漏洞筛选调教返回漏洞事件列表",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.GetVulnList",
+ "service": "VulnService",
+ "operation": "GetVulnList",
+ "kind": "readonly",
+ "description": "获取通用漏洞事件列表",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.GetVulnTypes",
+ "service": "VulnService",
+ "operation": "GetVulnTypes",
+ "kind": "readonly",
+ "description": "获取漏洞类型",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.GetWhitelist",
+ "service": "VulnService",
+ "operation": "GetWhitelist",
+ "kind": "readonly",
+ "description": "获取白名单规则",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.RetestVuln",
+ "service": "VulnService",
+ "operation": "RetestVuln",
+ "kind": "mutation",
+ "description": "根据漏洞事件 ID 列表进行复测",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.StatVulnByAV",
+ "service": "VulnService",
+ "operation": "StatVulnByAV",
+ "kind": "readonly",
+ "description": "漏洞的攻击途径分布",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.StatVulnByLevelState",
+ "service": "VulnService",
+ "operation": "StatVulnByLevelState",
+ "kind": "readonly",
+ "description": "返回按 风险级别类型 聚合的统计视图",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.StatVulnByTag",
+ "service": "VulnService",
+ "operation": "StatVulnByTag",
+ "kind": "readonly",
+ "description": "漏洞的标签分布",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.StatVulnByTime",
+ "service": "VulnService",
+ "operation": "StatVulnByTime",
+ "kind": "readonly",
+ "description": "返回按 时间 聚合的统计视图",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "VulnService.StatVulnProcessByTime",
+ "service": "VulnService",
+ "operation": "StatVulnProcessByTime",
+ "kind": "readonly",
+ "description": "根据时间汇总漏洞处理详情",
+ "tags": [
+ "通用漏洞"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.CreateDict",
+ "service": "WeakPasswdService",
+ "operation": "CreateDict",
+ "kind": "mutation",
+ "description": "创建弱口令字典",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.CreateWhitelist",
+ "service": "WeakPasswdService",
+ "operation": "CreateWhitelist",
+ "kind": "mutation",
+ "description": "生成白名单规则",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.Delete",
+ "service": "WeakPasswdService",
+ "operation": "Delete",
+ "kind": "mutation",
+ "description": "删除弱口令事件",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.DeleteDict",
+ "service": "WeakPasswdService",
+ "operation": "DeleteDict",
+ "kind": "mutation",
+ "description": "删除弱口令字典",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.DictList",
+ "service": "WeakPasswdService",
+ "operation": "DictList",
+ "kind": "mutation",
+ "description": "弱口令字典列表",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.EditDict",
+ "service": "WeakPasswdService",
+ "operation": "EditDict",
+ "kind": "mutation",
+ "description": "修改弱口令字典",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.EditEventComment",
+ "service": "WeakPasswdService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.EditState",
+ "service": "WeakPasswdService",
+ "operation": "EditState",
+ "kind": "mutation",
+ "description": "修改弱口令事件状态",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.EnableDict",
+ "service": "WeakPasswdService",
+ "operation": "EnableDict",
+ "kind": "mutation",
+ "description": "启用弱口令字典",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.Get",
+ "service": "WeakPasswdService",
+ "operation": "Get",
+ "kind": "readonly",
+ "description": "获取弱口令事件详情",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.GetAggEventList",
+ "service": "WeakPasswdService",
+ "operation": "GetAggEventList",
+ "kind": "readonly",
+ "description": "获取数据分组后弱口令事件列表",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.GetDict",
+ "service": "WeakPasswdService",
+ "operation": "GetDict",
+ "kind": "readonly",
+ "description": "获取弱口令字典详情",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.GetWhitelist",
+ "service": "WeakPasswdService",
+ "operation": "GetWhitelist",
+ "kind": "readonly",
+ "description": "获取白名单规则",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.HistoryList",
+ "service": "WeakPasswdService",
+ "operation": "HistoryList",
+ "kind": "mutation",
+ "description": "弱口令事件变更记录",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.List",
+ "service": "WeakPasswdService",
+ "operation": "List",
+ "kind": "readonly",
+ "description": "弱口令事件列表",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.ListByHost",
+ "service": "WeakPasswdService",
+ "operation": "ListByHost",
+ "kind": "readonly",
+ "description": "根据Host筛选条件获取弱口令事件列表",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.ListByPlan",
+ "service": "WeakPasswdService",
+ "operation": "ListByPlan",
+ "kind": "readonly",
+ "description": "根据PlanId筛选条件获取弱口令事件列表",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.ListByService",
+ "service": "WeakPasswdService",
+ "operation": "ListByService",
+ "kind": "readonly",
+ "description": "根据服务筛选条件获取弱口令事件列表",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.RetestEvent",
+ "service": "WeakPasswdService",
+ "operation": "RetestEvent",
+ "kind": "mutation",
+ "description": "复测弱口令事件",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.StatEventByHost",
+ "service": "WeakPasswdService",
+ "operation": "StatEventByHost",
+ "kind": "readonly",
+ "description": "高风险主机",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.StatEventByPassword",
+ "service": "WeakPasswdService",
+ "operation": "StatEventByPassword",
+ "kind": "readonly",
+ "description": "高风险密码",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.StatEventByService",
+ "service": "WeakPasswdService",
+ "operation": "StatEventByService",
+ "kind": "readonly",
+ "description": "弱口令服务类型分布",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.StatEventByState",
+ "service": "WeakPasswdService",
+ "operation": "StatEventByState",
+ "kind": "readonly",
+ "description": "弱口令事件状态分布",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.StatEventByTime",
+ "service": "WeakPasswdService",
+ "operation": "StatEventByTime",
+ "kind": "readonly",
+ "description": "弱口令事件发生趋势",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.StatEventByType",
+ "service": "WeakPasswdService",
+ "operation": "StatEventByType",
+ "kind": "readonly",
+ "description": "弱口令事件状态分布",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WeakPasswdService.StatEventByUsername",
+ "service": "WeakPasswdService",
+ "operation": "StatEventByUsername",
+ "kind": "readonly",
+ "description": "高风险用户名",
+ "tags": [
+ "弱口令检测"
+ ]
+ },
+ {
+ "method": "WebshellEventService.CreateWhitelist",
+ "service": "WebshellEventService",
+ "operation": "CreateWhitelist",
+ "kind": "mutation",
+ "description": "生成白名单规则",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.DeleteEvent",
+ "service": "WebshellEventService",
+ "operation": "DeleteEvent",
+ "kind": "mutation",
+ "description": "删除所选事件",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.EditEventComment",
+ "service": "WebshellEventService",
+ "operation": "EditEventComment",
+ "kind": "mutation",
+ "description": "改变所选事件备注",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.EditEventState",
+ "service": "WebshellEventService",
+ "operation": "EditEventState",
+ "kind": "mutation",
+ "description": "改变所选事件的处置状态",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.EditMimicryConfig",
+ "service": "WebshellEventService",
+ "operation": "EditMimicryConfig",
+ "kind": "mutation",
+ "description": "用来修改全局拟态防御的配置",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.GetEvent",
+ "service": "WebshellEventService",
+ "operation": "GetEvent",
+ "kind": "readonly",
+ "description": "获取事件详情",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.GetEventByHostList",
+ "service": "WebshellEventService",
+ "operation": "GetEventByHostList",
+ "kind": "readonly",
+ "description": "根据主机获取事件列表",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.GetEventList",
+ "service": "WebshellEventService",
+ "operation": "GetEventList",
+ "kind": "readonly",
+ "description": "获取事件列表",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.GetEventListByFileName",
+ "service": "WebshellEventService",
+ "operation": "GetEventListByFileName",
+ "kind": "readonly",
+ "description": "根据文件名获取事件列表",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.GetEventListByFilePath",
+ "service": "WebshellEventService",
+ "operation": "GetEventListByFilePath",
+ "kind": "readonly",
+ "description": "根据文件路径获取事件列表",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.GetEventListByWebshellType",
+ "service": "WebshellEventService",
+ "operation": "GetEventListByWebshellType",
+ "kind": "readonly",
+ "description": "根据Webshell 类型获取事件列表",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.GetFile",
+ "service": "WebshellEventService",
+ "operation": "GetFile",
+ "kind": "readonly",
+ "description": "获取 Webshell 文件内容",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.GetMimicryConfig",
+ "service": "WebshellEventService",
+ "operation": "GetMimicryConfig",
+ "kind": "readonly",
+ "description": "用来换取拟态防御全局配置",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.GetOverview",
+ "service": "WebshellEventService",
+ "operation": "GetOverview",
+ "kind": "readonly",
+ "description": "获取 Webshell 概述信息",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.GetWhitelist",
+ "service": "WebshellEventService",
+ "operation": "GetWhitelist",
+ "kind": "readonly",
+ "description": "获取白名单规则",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.IsolateWebshell",
+ "service": "WebshellEventService",
+ "operation": "IsolateWebshell",
+ "kind": "readonly",
+ "description": "用来隔离主机上的 Webshell",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.MarkAsRead",
+ "service": "WebshellEventService",
+ "operation": "MarkAsRead",
+ "kind": "mutation",
+ "description": "标记事件为已读",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.RetestEvent",
+ "service": "WebshellEventService",
+ "operation": "RetestEvent",
+ "kind": "mutation",
+ "description": "触发一个探针端任务用来检测 Webshell 是否仍然存在",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.StatEventByFileName",
+ "service": "WebshellEventService",
+ "operation": "StatEventByFileName",
+ "kind": "readonly",
+ "description": "获取按文件名聚合的统计结果",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.StatEventByHost",
+ "service": "WebshellEventService",
+ "operation": "StatEventByHost",
+ "kind": "readonly",
+ "description": "获取按主机聚合的统计结果",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.StatEventByIsolateState",
+ "service": "WebshellEventService",
+ "operation": "StatEventByIsolateState",
+ "kind": "readonly",
+ "description": "获取按 Webshell 隔离状态聚合的统计结果",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.StatEventByLevel",
+ "service": "WebshellEventService",
+ "operation": "StatEventByLevel",
+ "kind": "readonly",
+ "description": "获取按风险等级与处置状态聚合的统计结果",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.StatEventByTime",
+ "service": "WebshellEventService",
+ "operation": "StatEventByTime",
+ "kind": "readonly",
+ "description": "获取按事件发生事件聚合的统计结果",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.StatEventByWebshellType",
+ "service": "WebshellEventService",
+ "operation": "StatEventByWebshellType",
+ "kind": "readonly",
+ "description": "获取按 Webshell 类型聚合的统计结果",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.TestMimicryToken",
+ "service": "WebshellEventService",
+ "operation": "TestMimicryToken",
+ "kind": "mutation",
+ "description": "测试拟态防御服务平台token,如果是401说明token不正确,500说明token正确",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebshellEventService.TrendWebshell",
+ "service": "WebshellEventService",
+ "operation": "TrendWebshell",
+ "kind": "readonly",
+ "description": "获取按事件发现日期(年,月,日)聚合的统计结果",
+ "tags": [
+ "WebShell"
+ ]
+ },
+ {
+ "method": "WebsiteAssetService.GetWebsite",
+ "service": "WebsiteAssetService",
+ "operation": "GetWebsite",
+ "kind": "readonly",
+ "description": "获取站点资产详情",
+ "tags": [
+ "网站资产"
+ ]
+ },
+ {
+ "method": "WebsiteAssetService.GetWebsiteList",
+ "service": "WebsiteAssetService",
+ "operation": "GetWebsiteList",
+ "kind": "readonly",
+ "description": "获取站点资产列表",
+ "tags": [
+ "网站资产"
+ ]
+ },
+ {
+ "method": "WhitelistService.CreateWhitelist",
+ "service": "WhitelistService",
+ "operation": "CreateWhitelist",
+ "kind": "mutation",
+ "description": "创建事件加白规则",
+ "tags": [
+ "事件加白规则"
+ ]
+ },
+ {
+ "method": "WhitelistService.DeleteWhitelist",
+ "service": "WhitelistService",
+ "operation": "DeleteWhitelist",
+ "kind": "mutation",
+ "description": "删除事件加白规则",
+ "tags": [
+ "事件加白规则"
+ ]
+ },
+ {
+ "method": "WhitelistService.EnablementWhitelist",
+ "service": "WhitelistService",
+ "operation": "EnablementWhitelist",
+ "kind": "mutation",
+ "description": "启禁用事件加白规则",
+ "tags": [
+ "事件加白规则"
+ ]
+ },
+ {
+ "method": "WhitelistService.ListWhitelist",
+ "service": "WhitelistService",
+ "operation": "ListWhitelist",
+ "kind": "readonly",
+ "description": "获取事件加白规则列表",
+ "tags": [
+ "事件加白规则"
+ ]
+ },
+ {
+ "method": "WhitelistService.UpdateWhitelist",
+ "service": "WhitelistService",
+ "operation": "UpdateWhitelist",
+ "kind": "mutation",
+ "description": "更新事件加白规则",
+ "tags": [
+ "事件加白规则"
+ ]
+ }
+ ]
+}
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_mutation.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_mutation.yaml
new file mode 100644
index 000000000..b5cab6d0f
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_mutation.yaml
@@ -0,0 +1,28 @@
+name: chaitin_muyun_api_mutation
+description: Chaitin Muyun documented mutation JSON-RPC caller with confirmation.
+description_cn: 长亭牧云文档内变更类 JSON-RPC 调用工具。所有调用都需要确认。
+category: custom
+enabled: true
+requires_confirmation: true
+provider: chaitin_muyun_api
+version: "API 3.0"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - api_catalog
+ - rpc_call_mutation
+ method:
+ type: string
+ description: rpc_call_mutation 使用的 JSON-RPC 方法名,必须属于 catalog 中 kind=mutation 的条目。
+ params:
+ type: object
+ description: JSON-RPC params 对象。
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_muyun.handler.py
+ function: api_mutation
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_readonly.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_readonly.yaml
new file mode 100644
index 000000000..16b2b000f
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_api_readonly.yaml
@@ -0,0 +1,47 @@
+name: chaitin_muyun_api_readonly
+description: Chaitin Muyun documented read-only JSON-RPC caller.
+description_cn: 长亭牧云文档内只读 JSON-RPC 调用工具。使用 api_catalog 查看已收录方法,再用 rpc_call_readonly 调用 kind=readonly 的方法。
+category: custom
+enabled: true
+requires_confirmation: false
+provider: chaitin_muyun_api
+version: "API 3.0"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - api_catalog
+ - rpc_call_readonly
+ - product_info
+ - current_user
+ - host_count
+ - host_list
+ - host_detail
+ - application_list
+ - website_list
+ - process_list
+ - webshell_events
+ - malware_events
+ - bruteforce_events
+ - abnormal_login_events
+ - realtime_events
+ - vuln_list
+ - vuln_detail
+ - security_check_events
+ - baseline_tasks
+ - emergency_vulns
+ - test
+ method:
+ type: string
+ description: rpc_call_readonly 使用的 JSON-RPC 方法名,例如 HostAssetService.GetHostAssetList。
+ params:
+ type: object
+ description: JSON-RPC params 对象。
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_muyun.handler.py
+ function: api_readonly
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_assets.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_assets.yaml
new file mode 100644
index 000000000..cb8175d6d
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_assets.yaml
@@ -0,0 +1,42 @@
+name: chaitin_muyun_assets
+description: Chaitin Muyun product, user, host, application, website, and process asset queries.
+description_cn: 长亭牧云产品、用户、主机、应用、网站和进程资产查询工具。
+category: custom
+enabled: true
+requires_confirmation: false
+provider: chaitin_muyun_api
+version: "API 3.0"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - product_info
+ - current_user
+ - host_count
+ - host_list
+ - host_detail
+ - application_list
+ - website_list
+ - process_list
+ - test
+ description: |
+ 资产类动作:
+ - product_info: 获取产品信息。
+ - current_user: 获取当前 Token 用户信息。
+ - host_count: 获取主机资产数量。
+ - host_list: 获取主机资产列表。
+ - host_detail: 获取主机资产详情。
+ - application_list: 获取应用/软件资产列表。
+ - website_list: 获取 Web 站点资产列表。
+ - process_list: 获取进程资产列表。
+ params:
+ type: object
+ description: JSON-RPC params 对象;字段按牧云 API 3.0 对应方法填写。
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_muyun.handler.py
+ function: assets
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_events.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_events.yaml
new file mode 100644
index 000000000..858ba528d
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_events.yaml
@@ -0,0 +1,36 @@
+name: chaitin_muyun_events
+description: Chaitin Muyun security event query tool.
+description_cn: 长亭牧云安全事件查询工具。
+category: custom
+enabled: true
+requires_confirmation: false
+provider: chaitin_muyun_api
+version: "API 3.0"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - webshell_events
+ - malware_events
+ - bruteforce_events
+ - abnormal_login_events
+ - realtime_events
+ - test
+ description: |
+ 事件类动作:
+ - webshell_events: 查询 WebShell 事件。
+ - malware_events: 查询恶意文件事件。
+ - bruteforce_events: 查询暴力破解事件。
+ - abnormal_login_events: 查询异常登录事件。
+ - realtime_events: 查询实时事件概览。
+ params:
+ type: object
+ description: JSON-RPC params 对象;建议显式传分页、时间和过滤条件。
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_muyun.handler.py
+ function: events
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_risk.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_risk.yaml
new file mode 100644
index 000000000..bf0751000
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/chaitin_muyun_risk.yaml
@@ -0,0 +1,36 @@
+name: chaitin_muyun_risk
+description: Chaitin Muyun vulnerability, baseline, and emergency vulnerability query tool.
+description_cn: 长亭牧云漏洞、安全基线和漏洞应急查询工具。
+category: custom
+enabled: true
+requires_confirmation: false
+provider: chaitin_muyun_api
+version: "API 3.0"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - vuln_list
+ - vuln_detail
+ - security_check_events
+ - baseline_tasks
+ - emergency_vulns
+ - test
+ description: |
+ 风险类动作:
+ - vuln_list: 查询通用漏洞事件列表。
+ - vuln_detail: 查询漏洞事件详情。
+ - security_check_events: 查询安全基线事件。
+ - baseline_tasks: 查询核查任务列表。
+ - emergency_vulns: 查询漏洞应急列表。
+ params:
+ type: object
+ description: JSON-RPC params 对象;字段按牧云 API 3.0 对应方法填写。
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_muyun.handler.py
+ function: risk
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/manifest.json b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/manifest.json
new file mode 100644
index 000000000..1a77cedd0
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_muyun_api_v3/manifest.json
@@ -0,0 +1,71 @@
+{
+ "schemaVersion": "hub.plugin.v1",
+ "id": "chaitin_muyun_api_v3",
+ "type": "device",
+ "name": "Chaitin Muyun",
+ "description": "Chaitin Muyun host security platform JSON-RPC API 3.0 integration.",
+ "descriptionCn": "长亭牧云主机安全平台 API 3.0 接入。",
+ "version": "3.0",
+ "author": "Flocks Team",
+ "license": "MIT",
+ "category": "integration",
+ "tags": [
+ "edr",
+ "hids",
+ "vulnerability",
+ "integration"
+ ],
+ "useCases": [
+ "integration",
+ "incident-response",
+ "vulnerability-management"
+ ],
+ "domains": [
+ "security-ops"
+ ],
+ "capabilities": [
+ "device-integration",
+ "json-rpc-api"
+ ],
+ "trust": "official",
+ "source": {
+ "kind": "bundled",
+ "path": "plugins/tools/device/chaitin_muyun_api_v3"
+ },
+ "compatibility": {
+ "flocks": ">=0.8.0",
+ "os": [
+ "darwin",
+ "linux",
+ "windows"
+ ]
+ },
+ "dependencies": {
+ "skills": [],
+ "tools": [],
+ "python": [],
+ "external": []
+ },
+ "permissions": {
+ "tools": [],
+ "network": true,
+ "shell": false,
+ "filesystem": "none"
+ },
+ "risk": {
+ "level": "low",
+ "reasons": []
+ },
+ "entrypoints": [
+ "_provider.yaml",
+ "_test.yaml",
+ "chaitin_muyun.handler.py",
+ "chaitin_muyun_api_catalog.json",
+ "chaitin_muyun_assets.yaml",
+ "chaitin_muyun_events.yaml",
+ "chaitin_muyun_risk.yaml",
+ "chaitin_muyun_api_readonly.yaml",
+ "chaitin_muyun_api_mutation.yaml"
+ ],
+ "checksums": {}
+}
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/_provider.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/_provider.yaml
new file mode 100644
index 000000000..78bd4126d
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/_provider.yaml
@@ -0,0 +1,38 @@
+name: chaitin_safeline_waf
+vendor: chaitin
+service_id: chaitin_safeline_waf
+version: "1.0"
+integration_type: device
+description: >
+ Chaitin SafeLine WAF OpenAPI integration. Configure the device URL and
+ API Token. Read-only calls and mutation calls are separated at tool level.
+description_cn: >
+ 长亭雷池 WAF OpenAPI 接入。配置设备地址和 API Token;只读查询与变更调用在工具层隔离。
+auth:
+ type: custom
+ secret: chaitin_safeline_waf_api_token
+credential_fields:
+ - key: base_url
+ label: 设备地址
+ storage: config
+ config_key: base_url
+ input_type: url
+ required: true
+ placeholder: "https://safeline.example.com"
+ - key: api_token
+ label: API Token
+ storage: secret
+ config_key: api_token
+ secret_id: chaitin_safeline_waf_api_token
+ input_type: password
+ required: true
+defaults:
+ timeout: 30
+ category: custom
+ product_version: "1.0"
+ verify_ssl: false
+notes: |
+ 认证规则来自《长亭雷池WAF》OpenAPI 文档:
+ - Token 在管理界面个人中心的 Open API 页面创建。
+ - 所有 API 请求在 Header 中携带 API-TOKEN。
+ - GET 使用 query string;POST/PUT/DELETE 使用 JSON body。
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/_test.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/_test.yaml
new file mode 100644
index 000000000..09957410d
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/_test.yaml
@@ -0,0 +1,58 @@
+schema_version: 1
+provider: chaitin_safeline_waf
+
+connectivity:
+ tool: chaitin_safeline_waf_system
+ params:
+ action: profile
+
+fixtures:
+ chaitin_safeline_waf_system:
+ - label: Query current profile
+ label_cn: 查询当前账号信息
+ tags: [smoke, auth]
+ params:
+ action: profile
+ assert:
+ success: true
+ - label: Query security overview
+ label_cn: 查询安全概览
+ tags: [dashboard]
+ params:
+ action: overview
+
+ chaitin_safeline_waf_policy:
+ - label: List ACL templates
+ label_cn: 查询访问频率限制规则
+ tags: [policy]
+ params:
+ action: acl_templates
+ count: 10
+ offset: 0
+
+ chaitin_safeline_waf_site:
+ - label: List reverse proxy sites
+ label_cn: 查询反向代理站点
+ tags: [site]
+ params:
+ action: reverse_proxy_sites
+ count: 10
+ offset: 0
+
+ chaitin_safeline_waf_api_readonly:
+ - label: Show API catalog
+ label_cn: 查看 API 目录
+ tags: [api]
+ params:
+ action: api_catalog
+ assert:
+ success: true
+
+ chaitin_safeline_waf_api_mutation:
+ - label: Show API catalog before confirmed mutation
+ label_cn: 变更调用前查看 API 目录
+ tags: [api, mutation]
+ params:
+ action: api_catalog
+ assert:
+ success: true
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf.handler.py b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf.handler.py
new file mode 100644
index 000000000..19cb8ec15
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf.handler.py
@@ -0,0 +1,339 @@
+from __future__ import annotations
+
+import asyncio
+import json
+import os
+from pathlib import Path
+from typing import Any, Callable
+
+import requests
+
+from flocks.config.config_writer import ConfigWriter
+from flocks.security import get_secret_manager
+from flocks.tool.registry import ToolContext, ToolResult
+
+
+SERVICE_ID = "chaitin_safeline_waf"
+STORAGE_KEY = "chaitin_safeline_waf_api"
+PRODUCT_VERSION = "1.0"
+DEFAULT_TIMEOUT = 30
+DEFAULT_VERIFY_SSL = False
+CATALOG_FILE = Path(__file__).with_name("chaitin_safeline_waf_api_catalog.json")
+
+
+class ChaitinWafError(RuntimeError):
+ pass
+
+
+class RuntimeConfig:
+ def __init__(
+ self,
+ *,
+ base_url: str,
+ api_token: str,
+ verify_ssl: bool,
+ timeout: int,
+ ) -> None:
+ self.base_url = base_url
+ self.api_token = api_token
+ self.verify_ssl = verify_ssl
+ self.timeout = timeout
+
+
+def _resolve_ref(value: Any) -> str:
+ if value is None:
+ return ""
+ if not isinstance(value, str):
+ return str(value)
+ if value.startswith("{secret:") and value.endswith("}"):
+ return get_secret_manager().get(value[len("{secret:") : -1]) or ""
+ if value.startswith("{env:") and value.endswith("}"):
+ return os.getenv(value[len("{env:") : -1], "")
+ return value
+
+
+def _raw_service_config() -> dict[str, Any]:
+ raw = ConfigWriter.get_api_service_raw(SERVICE_ID)
+ if not isinstance(raw, dict):
+ raw = ConfigWriter.get_api_service_raw(STORAGE_KEY)
+ return raw if isinstance(raw, dict) else {}
+
+
+def _config_value(raw: dict[str, Any], *keys: str) -> Any:
+ for key in keys:
+ if raw.get(key) is not None:
+ return raw[key]
+ custom_settings = raw.get("custom_settings")
+ if isinstance(custom_settings, dict):
+ for key in keys:
+ if custom_settings.get(key) is not None:
+ return custom_settings[key]
+ return None
+
+
+def _as_bool(value: Any, default: bool) -> bool:
+ if value is None:
+ return default
+ if isinstance(value, bool):
+ return value
+ if isinstance(value, str):
+ text = value.strip().lower()
+ if text in {"1", "true", "yes", "on"}:
+ return True
+ if text in {"0", "false", "no", "off"}:
+ return False
+ return bool(value)
+
+
+def _normalize_base_url(base_url: str) -> str:
+ return base_url.strip().rstrip("/")
+
+
+def resolve_config() -> RuntimeConfig:
+ raw = _raw_service_config()
+ base_url = (
+ _resolve_ref(_config_value(raw, "base_url", "baseUrl"))
+ or os.getenv("CHAITIN_SAFELINE_WAF_BASE_URL", "")
+ )
+ if not base_url:
+ raise ChaitinWafError("Chaitin SafeLine WAF base_url is not configured")
+
+ api_token = (
+ _resolve_ref(_config_value(raw, "api_token", "apiToken", "token"))
+ or get_secret_manager().get("chaitin_safeline_waf_api_token")
+ or get_secret_manager().get(f"{SERVICE_ID}_token")
+ or os.getenv("CHAITIN_SAFELINE_WAF_API_TOKEN", "")
+ )
+ if not api_token:
+ raise ChaitinWafError("Chaitin SafeLine WAF API token is not configured")
+
+ try:
+ timeout = int(_config_value(raw, "timeout") or DEFAULT_TIMEOUT)
+ except (TypeError, ValueError):
+ timeout = DEFAULT_TIMEOUT
+ verify_ssl = _as_bool(
+ _config_value(raw, "verify_ssl", "ssl_verify", "verifySsl")
+ if _config_value(raw, "verify_ssl", "ssl_verify", "verifySsl") is not None
+ else os.getenv("CHAITIN_SAFELINE_WAF_VERIFY_SSL"),
+ DEFAULT_VERIFY_SSL,
+ )
+ return RuntimeConfig(
+ base_url=_normalize_base_url(base_url),
+ api_token=api_token,
+ verify_ssl=verify_ssl,
+ timeout=timeout,
+ )
+
+
+def _render_path(path: str, args: dict[str, Any]) -> str:
+ rendered = path
+ path_params = args.get("path_params") if isinstance(args.get("path_params"), dict) else {}
+ for key, value in {**path_params, **args}.items():
+ if isinstance(key, str):
+ rendered = rendered.replace("{" + key + "}", str(value))
+ if "{" in rendered or "}" in rendered:
+ raise ChaitinWafError(f"Missing path parameter for {path}")
+ return rendered
+
+
+class WafClient:
+ def __init__(self, config: RuntimeConfig) -> None:
+ self.config = config
+
+ def request(
+ self,
+ method: str,
+ path: str,
+ *,
+ query: dict[str, Any] | None = None,
+ body: Any = None,
+ ) -> Any:
+ url = f"{self.config.base_url}{path}"
+ headers = {
+ "Accept": "application/json",
+ "API-TOKEN": self.config.api_token,
+ }
+ if method.upper() in {"POST", "PUT", "DELETE", "PATCH"}:
+ headers["Content-Type"] = "application/json"
+ response = requests.request(
+ method.upper(),
+ url,
+ params={k: v for k, v in (query or {}).items() if v is not None},
+ json=body if body not in (None, "") else None,
+ headers=headers,
+ timeout=self.config.timeout,
+ verify=self.config.verify_ssl,
+ )
+ return _json_response(response)
+
+
+def _json_response(response: requests.Response) -> Any:
+ try:
+ payload = response.json()
+ except ValueError as exc:
+ raise ChaitinWafError(f"Invalid JSON response: HTTP {response.status_code}") from exc
+ if response.status_code >= 400:
+ raise ChaitinWafError(f"HTTP {response.status_code}: {payload}")
+ if isinstance(payload, dict) and payload.get("err") not in (None, ""):
+ raise ChaitinWafError(str(payload.get("msg") or payload.get("err")))
+ return payload
+
+
+def _ok(data: Any, *, action: str) -> ToolResult:
+ return ToolResult(
+ success=True,
+ output=data,
+ metadata={"source": "Chaitin SafeLine WAF", "version": PRODUCT_VERSION, "action": action},
+ )
+
+
+def get_client() -> WafClient:
+ return WafClient(resolve_config())
+
+
+def _request_args(args: dict[str, Any], default_method: str, default_path: str) -> tuple[str, str, dict[str, Any], Any]:
+ method = str(args.get("method") or default_method).upper()
+ path = _render_path(str(args.get("path") or default_path), args)
+ query = args.get("query") if isinstance(args.get("query"), dict) else {}
+ body = args.get("body")
+ if method == "GET" and not query:
+ ignored = {"action", "method", "path", "query", "body", "path_params"}
+ query = {k: v for k, v in args.items() if k not in ignored and v is not None}
+ return method, path, dict(query), body
+
+
+def _load_api_catalog() -> list[dict[str, Any]]:
+ try:
+ data = json.loads(CATALOG_FILE.read_text(encoding="utf-8"))
+ except FileNotFoundError:
+ return []
+ entries = data.get("entries")
+ return entries if isinstance(entries, list) else []
+
+
+def _catalog_pairs(kind: str) -> set[tuple[str, str]]:
+ return {
+ (str(entry.get("method", "")).upper(), str(entry.get("path", "")))
+ for entry in _load_api_catalog()
+ if entry.get("kind") == kind and entry.get("method") and entry.get("path")
+ }
+
+
+READONLY_ACTIONS: dict[str, tuple[str, str]] = {
+ "profile": ("GET", "/api/ProfileAPI"),
+ "overview": ("GET", "/api/OverviewAPI"),
+ "acl_rules": ("GET", "/api/ACLRuleAPI"),
+ "acl_templates": ("GET", "/api/ACLRuleTemplateAPI"),
+ "attack_logs": ("GET", "/api/FilterV2API"),
+ "ip_groups": ("GET", "/api/IPGroupAPI"),
+ "reverse_proxy_sites": ("GET", "/api/HardwareReverseProxyWebsiteAPI"),
+ "traffic_detection_sites": ("GET", "/api/HardwareTrafficDetectionWebsiteAPI"),
+ "certificates": ("GET", "/api/CertAPI"),
+ "traffic_learning_overview": ("GET", "/api/traffic_learning/v1/Overview"),
+}
+
+
+SYSTEM_ACTIONS = {"profile", "overview"}
+POLICY_ACTIONS = {"acl_rules", "acl_templates", "ip_groups"}
+SITE_ACTIONS = {"reverse_proxy_sites", "traffic_detection_sites", "certificates"}
+LOG_ACTIONS = {"attack_logs", "traffic_learning_overview"}
+
+
+def call_rest(action: str, args: dict[str, Any]) -> ToolResult:
+ method, path = READONLY_ACTIONS[action]
+ req_method, req_path, query, body = _request_args(args, method, path)
+ return _ok(get_client().request(req_method, req_path, query=query, body=body), action=action)
+
+
+def api_catalog(args: dict[str, Any]) -> ToolResult:
+ del args
+ catalog = _load_api_catalog()
+ return _ok(
+ {
+ "catalog_counts": {
+ "total": len(catalog),
+ "readonly": sum(1 for entry in catalog if entry.get("kind") == "readonly"),
+ "mutation": sum(1 for entry in catalog if entry.get("kind") == "mutation"),
+ },
+ "documented_api_catalog": catalog,
+ "common_actions": {
+ "system": sorted(SYSTEM_ACTIONS),
+ "policy": sorted(POLICY_ACTIONS),
+ "site": sorted(SITE_ACTIONS),
+ "logs": sorted(LOG_ACTIONS),
+ },
+ },
+ action="api_catalog",
+ )
+
+
+def rest_call_readonly(args: dict[str, Any]) -> ToolResult:
+ method, path, query, body = _request_args(args, "GET", "")
+ if (method, path) not in _catalog_pairs("readonly"):
+ raise ChaitinWafError("Only documented read-only REST method/path pairs are allowed")
+ return _ok(get_client().request(method, path, query=query, body=body), action="rest_call_readonly")
+
+
+def rest_call_mutation(args: dict[str, Any]) -> ToolResult:
+ method, path, query, body = _request_args(args, "POST", "")
+ if (method, path) not in _catalog_pairs("mutation"):
+ raise ChaitinWafError("Only documented mutation REST method/path pairs are allowed")
+ return _ok(get_client().request(method, path, query=query, body=body), action="rest_call_mutation")
+
+
+ACTION_HANDLERS: dict[str, Callable[[dict[str, Any]], ToolResult]] = {
+ "api_catalog": api_catalog,
+ "rest_call_readonly": rest_call_readonly,
+ "rest_call_mutation": rest_call_mutation,
+}
+for _action in READONLY_ACTIONS:
+ ACTION_HANDLERS[_action] = lambda args, action=_action: call_rest(action, args)
+
+
+async def _dispatch(ctx: ToolContext, allowed: set[str], action: str, **params: Any) -> ToolResult:
+ del ctx
+ if action == "test":
+ action = "profile"
+ if action not in allowed:
+ return ToolResult(
+ success=False,
+ error=f"Unsupported Chaitin SafeLine WAF action: {action}. Available: {', '.join(sorted(allowed))}",
+ )
+ try:
+ return await asyncio.to_thread(ACTION_HANDLERS[action], params)
+ except ChaitinWafError as exc:
+ return ToolResult(
+ success=False,
+ error=str(exc),
+ metadata={"source": "Chaitin SafeLine WAF", "version": PRODUCT_VERSION, "action": action},
+ )
+ except Exception as exc:
+ return ToolResult(
+ success=False,
+ error=f"Unexpected Chaitin SafeLine WAF error: {exc}",
+ metadata={"source": "Chaitin SafeLine WAF", "version": PRODUCT_VERSION, "action": action},
+ )
+
+
+async def system(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, SYSTEM_ACTIONS | {"test"}, action, **params)
+
+
+async def policy(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, POLICY_ACTIONS | {"test"}, action, **params)
+
+
+async def site(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, SITE_ACTIONS | {"test"}, action, **params)
+
+
+async def logs(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, LOG_ACTIONS | {"test"}, action, **params)
+
+
+async def api_readonly(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, {"api_catalog", "rest_call_readonly", *READONLY_ACTIONS.keys(), "test"}, action, **params)
+
+
+async def api_mutation(ctx: ToolContext, action: str, **params: Any) -> ToolResult:
+ return await _dispatch(ctx, {"api_catalog", "rest_call_mutation"}, action, **params)
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_catalog.json b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_catalog.json
new file mode 100644
index 000000000..1d55cf883
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_catalog.json
@@ -0,0 +1,498 @@
+{
+ "schema_version": 1,
+ "source": "长亭雷池WAF/长亭雷池WAF.docx",
+ "entries": [
+ {
+ "method": "DELETE",
+ "path": "/api/ACLRuleAPI",
+ "kind": "mutation",
+ "description": "删除指定 ID 的 ACL Rule,并可通过参数指定加入白名单"
+ },
+ {
+ "method": "GET",
+ "path": "/api/ACLRuleAPI",
+ "kind": "readonly",
+ "description": "根据 ID 查找指定 ACL Rule Template,返回其所包含的所有 ACL Rule"
+ },
+ {
+ "method": "POST",
+ "path": "/api/ACLRuleAPI",
+ "kind": "mutation",
+ "description": "新建一条包含指定内容的 ACL Rule,并加入指定 Template"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/ACLRuleExecutionLogAPI",
+ "kind": "mutation",
+ "description": "删除日志"
+ },
+ {
+ "method": "GET",
+ "path": "/api/ACLRuleExecutionLogAPI",
+ "kind": "readonly",
+ "description": "查询 ACL 执行日志的统计数据,以 5 分钟为间隔,按时间顺序排列"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/ACLRuleTemplateAPI",
+ "kind": "mutation",
+ "description": "删除频率限制规则"
+ },
+ {
+ "method": "GET",
+ "path": "/api/ACLRuleTemplateAPI",
+ "kind": "readonly",
+ "description": "查看频率限制规则"
+ },
+ {
+ "method": "POST",
+ "path": "/api/ACLRuleTemplateAPI",
+ "kind": "mutation",
+ "description": "新建频率限制规则"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/ACLRuleTemplateAPI",
+ "kind": "mutation",
+ "description": "编辑指定 ID 的 ACLRuleTemplate"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/ACLWhiteListAPI",
+ "kind": "mutation",
+ "description": "删除指定 ID 对应的 ACL White List"
+ },
+ {
+ "method": "GET",
+ "path": "/api/ACLWhiteListAPI",
+ "kind": "readonly",
+ "description": "根据参数过滤已有的 ACL White List,并返回所有符合条件的项目"
+ },
+ {
+ "method": "POST",
+ "path": "/api/ACLWhiteListAPI",
+ "kind": "mutation",
+ "description": "新建 ACL 白名单"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/ClearACLRuleAPI",
+ "kind": "mutation",
+ "description": "清空 ACL Rule Template 的所有用户,并可通过参数指定加入白名单"
+ },
+ {
+ "method": "POST",
+ "path": "/api/ESDownloadIndices",
+ "kind": "mutation",
+ "description": "新建「下载索引归档」日志下载任务,需要到日志下载管理界面下载归档"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/ESIndexLifecycle",
+ "kind": "mutation",
+ "description": "修改索引生命周期"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/ESIndices",
+ "kind": "mutation",
+ "description": "删除归档"
+ },
+ {
+ "method": "GET",
+ "path": "/api/ESIndices",
+ "kind": "readonly",
+ "description": "查看索引信息"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/ESIndices",
+ "kind": "mutation",
+ "description": "恢复归档"
+ },
+ {
+ "method": "GET",
+ "path": "/api/FilterV2API",
+ "kind": "readonly",
+ "description": "限制用户列表-满足条件的用户; 查询限制用户列表-已知用户; 查询访问频率限制规则; 查询攻击检测日志列表页和详情页; 查询 IP 组; 查询防护策略"
+ },
+ {
+ "method": "GET",
+ "path": "/api/FilterHistory",
+ "kind": "readonly",
+ "description": "查看攻击检测日志筛选历史"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/SavedFilter",
+ "kind": "mutation",
+ "description": "删除筛选器"
+ },
+ {
+ "method": "GET",
+ "path": "/api/SavedFilter",
+ "kind": "readonly",
+ "description": "获取筛选器"
+ },
+ {
+ "method": "POST",
+ "path": "/api/SavedFilter",
+ "kind": "mutation",
+ "description": "新建筛选器"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/SavedFilter",
+ "kind": "mutation",
+ "description": "编辑筛选器"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/EditIPGroupItem",
+ "kind": "mutation",
+ "description": "IP 列表删除 IP"
+ },
+ {
+ "method": "POST",
+ "path": "/api/EditIPGroupItem",
+ "kind": "mutation",
+ "description": "IP 列表添加 IP"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/IPGroupAPI",
+ "kind": "mutation",
+ "description": "删除 IP 组"
+ },
+ {
+ "method": "GET",
+ "path": "/api/IPGroupAPI",
+ "kind": "readonly",
+ "description": "获取 IP 组信息"
+ },
+ {
+ "method": "POST",
+ "path": "/api/IPGroupAPI",
+ "kind": "mutation",
+ "description": "新建 IP 组"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/IPGroupAPI",
+ "kind": "mutation",
+ "description": "编辑 IP 组名称和备注"
+ },
+ {
+ "method": "GET",
+ "path": "/api/LogFlagConfig",
+ "kind": "readonly",
+ "description": "获取标记"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/LogFlagConfig",
+ "kind": "mutation",
+ "description": "修改标记"
+ },
+ {
+ "method": "GET",
+ "path": "/_api/DashboardConfigAPI",
+ "kind": "readonly",
+ "description": "获取配置"
+ },
+ {
+ "method": "POST",
+ "path": "/_api/DashboardConfigAPI",
+ "kind": "mutation",
+ "description": "修改配置"
+ },
+ {
+ "method": "POST",
+ "path": "/api/HTTPReplayAPI",
+ "kind": "mutation",
+ "description": "重放请求"
+ },
+ {
+ "method": "GET",
+ "path": "/api/LogAggregationConfigAPI",
+ "kind": "readonly",
+ "description": "获取配置"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/LogAggregationConfigAPI",
+ "kind": "mutation",
+ "description": "修改配置"
+ },
+ {
+ "method": "GET",
+ "path": "/api/OverviewAPI",
+ "kind": "readonly",
+ "description": "统计信息"
+ },
+ {
+ "method": "POST",
+ "path": "/api/report/v2/ReportTask",
+ "kind": "mutation",
+ "description": "手动生成节点状态报告"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/report/v2/ReportTask",
+ "kind": "mutation",
+ "description": "编辑定时报告任务"
+ },
+ {
+ "method": "POST",
+ "path": "/api/report/v2/SendReport",
+ "kind": "mutation",
+ "description": "报告外发"
+ },
+ {
+ "method": "GET",
+ "path": "/api/SoftwareReverseProxyWebsiteAPI",
+ "kind": "readonly",
+ "description": "手动生成一个报告"
+ },
+ {
+ "method": "GET",
+ "path": "/api/traffic_learning/v1/AutoIntf",
+ "kind": "readonly",
+ "description": "获取自动发现业务列表"
+ },
+ {
+ "method": "POST",
+ "path": "/api/traffic_learning/v1/AutoIntf",
+ "kind": "mutation",
+ "description": "自动发现业务移入业务建模"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/traffic_learning/v1/Intf",
+ "kind": "mutation",
+ "description": "编辑智学习业务信息,支持批量"
+ },
+ {
+ "method": "POST",
+ "path": "/api/traffic_learning/v1/Intf",
+ "kind": "mutation",
+ "description": "手动创建智学习业务"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/traffic_learning/v1/Intf",
+ "kind": "mutation",
+ "description": "编辑智学习业务信息"
+ },
+ {
+ "method": "GET",
+ "path": "/api/traffic_learning/v1/IntfConfig",
+ "kind": "readonly",
+ "description": "获取某个站点的业务配置信息"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/traffic_learning/v1/IntfConfig",
+ "kind": "mutation",
+ "description": "编辑某个站点的业务配置信息"
+ },
+ {
+ "method": "GET",
+ "path": "/api/traffic_learning/v1/Overview",
+ "kind": "readonly",
+ "description": "获取智学习总览信息"
+ },
+ {
+ "method": "POST",
+ "path": "/api/traffic_learning/v1/ToggleIntf",
+ "kind": "mutation",
+ "description": "修改业务模型状态,包括开始/停止检测,开始/结束/重新开始业务学习,支持批量操作"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/CertAPI",
+ "kind": "mutation",
+ "description": "根据指定的 ID 删除证书"
+ },
+ {
+ "method": "GET",
+ "path": "/api/CertAPI",
+ "kind": "readonly",
+ "description": "获取已经上传的所有证书"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/HardwareReverseProxyWebsiteAPI",
+ "kind": "mutation",
+ "description": "批量删除指定 ID 对应的站点配置"
+ },
+ {
+ "method": "GET",
+ "path": "/api/HardwareReverseProxyWebsiteAPI",
+ "kind": "readonly",
+ "description": "根据查询条件,过滤并返回已经存在的站点配置"
+ },
+ {
+ "method": "POST",
+ "path": "/api/HardwareReverseProxyWebsiteAPI",
+ "kind": "mutation",
+ "description": "新建站点"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/HardwareReverseProxyWebsiteAPI",
+ "kind": "mutation",
+ "description": "编辑站点"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/HardwareTrafficDetectionWebsiteAPI",
+ "kind": "mutation",
+ "description": "编辑站点"
+ },
+ {
+ "method": "GET",
+ "path": "/api/HardwareTrafficDetectionWebsiteAPI",
+ "kind": "readonly",
+ "description": "根据查询条件,过滤并返回已经存在的站点配置,在使用工作于流量监测模式下的硬件版时调用"
+ },
+ {
+ "method": "POST",
+ "path": "/api/HardwareTrafficDetectionWebsiteAPI",
+ "kind": "mutation",
+ "description": "新建站点"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/HardwareTrafficDetectionWebsiteAPI",
+ "kind": "mutation",
+ "description": "编辑站点"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/HardwareTransparentBridgingWebsiteAPI",
+ "kind": "mutation",
+ "description": "批量删除指定 ID 对应的站点配置"
+ },
+ {
+ "method": "GET",
+ "path": "/api/HardwareTransparentBridgingWebsiteAPI",
+ "kind": "readonly",
+ "description": "根据查询条件,过滤并返回已经存在的站点配置"
+ },
+ {
+ "method": "POST",
+ "path": "/api/HardwareTransparentBridgingWebsiteAPI",
+ "kind": "mutation",
+ "description": "新建站点"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/HardwareTransparentBridgingWebsiteAPI",
+ "kind": "mutation",
+ "description": "编辑站点"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/HardwareTransparentProxyWebsiteAPI",
+ "kind": "mutation",
+ "description": "批量删除指定 ID 对应的站点配置"
+ },
+ {
+ "method": "GET",
+ "path": "/api/HardwareTransparentProxyWebsiteAPI",
+ "kind": "readonly",
+ "description": "根据查询条件,过滤并返回已经存在的站点配置"
+ },
+ {
+ "method": "POST",
+ "path": "/api/HardwareTransparentProxyWebsiteAPI",
+ "kind": "mutation",
+ "description": "新建站点"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/HardwareTransparentProxyWebsiteAPI",
+ "kind": "mutation",
+ "description": "编辑站点"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/SoftwareClusterReverseProxyWebsiteAPI",
+ "kind": "mutation",
+ "description": "批量删除指定 ID 对应的站点配置"
+ },
+ {
+ "method": "GET",
+ "path": "/api/SoftwareClusterReverseProxyWebsiteAPI",
+ "kind": "readonly",
+ "description": "根据查询条件,过滤并返回已经存在的站点配置"
+ },
+ {
+ "method": "POST",
+ "path": "/api/SoftwareClusterReverseProxyWebsiteAPI",
+ "kind": "mutation",
+ "description": "新建站点"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/SoftwareClusterReverseProxyWebsiteAPI",
+ "kind": "mutation",
+ "description": "编辑站点"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/SoftwarePortMirroringWebsiteAPI",
+ "kind": "mutation",
+ "description": "批量删除指定 ID 对应的站点配置"
+ },
+ {
+ "method": "GET",
+ "path": "/api/SoftwarePortMirroringWebsiteAPI",
+ "kind": "readonly",
+ "description": "根据查询条件,过滤并返回已经存在的站点配置"
+ },
+ {
+ "method": "POST",
+ "path": "/api/SoftwarePortMirroringWebsiteAPI",
+ "kind": "mutation",
+ "description": "新建站点"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/SoftwarePortMirroringWebsiteAPI",
+ "kind": "mutation",
+ "description": "编辑站点"
+ },
+ {
+ "method": "DELETE",
+ "path": "/api/SoftwareReverseProxyWebsiteAPI",
+ "kind": "mutation",
+ "description": "批量删除指定 ID 对应的站点配置"
+ },
+ {
+ "method": "POST",
+ "path": "/api/SoftwareReverseProxyWebsiteAPI",
+ "kind": "mutation",
+ "description": "新建站点"
+ },
+ {
+ "method": "PUT",
+ "path": "/api/SoftwareReverseProxyWebsiteAPI",
+ "kind": "mutation",
+ "description": "编辑站点"
+ },
+ {
+ "method": "POST",
+ "path": "/api/UploadForbiddenPageAPI",
+ "kind": "mutation",
+ "description": "上传访问被拦截时,所返回响应页面"
+ },
+ {
+ "method": "POST",
+ "path": "/api/UploadSSLCertAPI",
+ "kind": "mutation",
+ "description": "当为站点开启 SSL时,使用此 API 上传证书 - name 参数如果不传,则会使用证书的域名拼接作为名字(可能会很长) - id 参数如果不传代表新建,否则为编辑这个 ID 的证书"
+ }
+ ]
+}
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_mutation.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_mutation.yaml
new file mode 100644
index 000000000..5da0bf023
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_mutation.yaml
@@ -0,0 +1,33 @@
+name: chaitin_safeline_waf_api_mutation
+description: Chaitin SafeLine WAF documented mutation REST caller with confirmation.
+description_cn: 长亭雷池 WAF 文档内变更类 REST 调用工具。所有调用都需要确认。
+category: custom
+enabled: true
+requires_confirmation: true
+provider: chaitin_safeline_waf
+version: "1.0"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - api_catalog
+ - rest_call_mutation
+ method:
+ type: string
+ description: HTTP 方法,必须和 catalog 中 kind=mutation 的 method/path 匹配。
+ path:
+ type: string
+ description: REST 路径,例如 /api/ACLRuleAPI。
+ query:
+ type: object
+ description: Query string 参数。
+ body:
+ description: JSON body,按雷池 WAF 文档对应接口填写。
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_safeline_waf.handler.py
+ function: api_mutation
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_readonly.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_readonly.yaml
new file mode 100644
index 000000000..ca13bb563
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_api_readonly.yaml
@@ -0,0 +1,44 @@
+name: chaitin_safeline_waf_api_readonly
+description: Chaitin SafeLine WAF documented read-only REST caller.
+description_cn: 长亭雷池 WAF 文档内只读 REST 调用工具。使用 api_catalog 查看已收录 API,再用 rest_call_readonly 调用 kind=readonly 的 method/path。
+category: custom
+enabled: true
+requires_confirmation: false
+provider: chaitin_safeline_waf
+version: "1.0"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - api_catalog
+ - rest_call_readonly
+ - profile
+ - overview
+ - acl_rules
+ - acl_templates
+ - attack_logs
+ - ip_groups
+ - reverse_proxy_sites
+ - traffic_detection_sites
+ - certificates
+ - traffic_learning_overview
+ - test
+ method:
+ type: string
+ description: rest_call_readonly 使用的 HTTP 方法,通常为 GET。
+ path:
+ type: string
+ description: REST 路径,例如 /api/ProfileAPI,必须属于 catalog 中 kind=readonly 的条目。
+ query:
+ type: object
+ description: Query string 参数。
+ body:
+ description: 请求 body;只读调用通常不需要。
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_safeline_waf.handler.py
+ function: api_readonly
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_logs.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_logs.yaml
new file mode 100644
index 000000000..eb8d56223
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_logs.yaml
@@ -0,0 +1,33 @@
+name: chaitin_safeline_waf_logs
+description: Chaitin SafeLine WAF attack log and traffic-learning read-only queries.
+description_cn: 长亭雷池 WAF 攻击日志与智学习只读查询工具。
+category: custom
+enabled: true
+requires_confirmation: false
+provider: chaitin_safeline_waf
+version: "1.0"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - attack_logs
+ - traffic_learning_overview
+ - test
+ description: |
+ - attack_logs: GET /api/FilterV2API,查询攻击检测日志列表页/详情页等筛选数据。
+ - traffic_learning_overview: GET /api/traffic_learning/v1/Overview,查询智学习总览。
+ query:
+ type: object
+ description: GET query 参数。
+ count:
+ type: integer
+ offset:
+ type: integer
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_safeline_waf.handler.py
+ function: logs
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_policy.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_policy.yaml
new file mode 100644
index 000000000..d04a22476
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_policy.yaml
@@ -0,0 +1,37 @@
+name: chaitin_safeline_waf_policy
+description: Chaitin SafeLine WAF ACL, rate-limit, and IP group read-only queries.
+description_cn: 长亭雷池 WAF 访问频率限制、ACL 和 IP 组只读查询工具。
+category: custom
+enabled: true
+requires_confirmation: false
+provider: chaitin_safeline_waf
+version: "1.0"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - acl_rules
+ - acl_templates
+ - ip_groups
+ - test
+ description: |
+ - acl_rules: GET /api/ACLRuleAPI,查询 ACL Rule。
+ - acl_templates: GET /api/ACLRuleTemplateAPI,查询访问频率限制规则。
+ - ip_groups: GET /api/IPGroupAPI,查询 IP 组。
+ query:
+ type: object
+ description: GET query 参数。
+ count:
+ type: integer
+ description: 分页数量。
+ offset:
+ type: integer
+ description: 分页偏移量。
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_safeline_waf.handler.py
+ function: policy
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_site.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_site.yaml
new file mode 100644
index 000000000..a4cc53593
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_site.yaml
@@ -0,0 +1,35 @@
+name: chaitin_safeline_waf_site
+description: Chaitin SafeLine WAF protected site and certificate read-only queries.
+description_cn: 长亭雷池 WAF 防护站点与证书只读查询工具。
+category: custom
+enabled: true
+requires_confirmation: false
+provider: chaitin_safeline_waf
+version: "1.0"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - reverse_proxy_sites
+ - traffic_detection_sites
+ - certificates
+ - test
+ description: |
+ - reverse_proxy_sites: GET /api/HardwareReverseProxyWebsiteAPI,查询反向代理站点。
+ - traffic_detection_sites: GET /api/HardwareTrafficDetectionWebsiteAPI,查询流量检测站点。
+ - certificates: GET /api/CertAPI,查询证书列表。
+ query:
+ type: object
+ description: GET query 参数。
+ count:
+ type: integer
+ offset:
+ type: integer
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_safeline_waf.handler.py
+ function: site
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_system.yaml b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_system.yaml
new file mode 100644
index 000000000..16a6e0a2f
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/chaitin_safeline_waf_system.yaml
@@ -0,0 +1,29 @@
+name: chaitin_safeline_waf_system
+description: Chaitin SafeLine WAF profile and overview queries.
+description_cn: 长亭雷池 WAF 账号信息与概览查询工具。
+category: custom
+enabled: true
+requires_confirmation: false
+provider: chaitin_safeline_waf
+version: "1.0"
+inputSchema:
+ type: object
+ properties:
+ action:
+ type: string
+ enum:
+ - profile
+ - overview
+ - test
+ description: |
+ - profile: GET /api/ProfileAPI,查询当前账号/API Token 可见的账号信息。
+ - overview: GET /api/OverviewAPI,查询 WAF 统计概览。
+ query:
+ type: object
+ description: GET query 参数;也可直接传 count、offset 等简单字段。
+ required:
+ - action
+handler:
+ type: script
+ script_file: chaitin_safeline_waf.handler.py
+ function: system
diff --git a/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/manifest.json b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/manifest.json
new file mode 100644
index 000000000..065286060
--- /dev/null
+++ b/.flocks/flockshub/plugins/tools/device/chaitin_safeline_waf_v1_0_0/manifest.json
@@ -0,0 +1,71 @@
+{
+ "schemaVersion": "hub.plugin.v1",
+ "id": "chaitin_safeline_waf_v1_0_0",
+ "type": "device",
+ "name": "Chaitin SafeLine WAF",
+ "description": "Chaitin SafeLine WAF OpenAPI integration.",
+ "descriptionCn": "长亭雷池 WAF OpenAPI 接入。",
+ "version": "1.0.0",
+ "author": "Flocks Team",
+ "license": "MIT",
+ "category": "integration",
+ "tags": [
+ "waf",
+ "web-security",
+ "integration"
+ ],
+ "useCases": [
+ "integration",
+ "threat-detection",
+ "log-analysis"
+ ],
+ "domains": [
+ "security-ops"
+ ],
+ "capabilities": [
+ "device-integration",
+ "rest-api"
+ ],
+ "trust": "official",
+ "source": {
+ "kind": "bundled",
+ "path": "plugins/tools/device/chaitin_safeline_waf_v1_0_0"
+ },
+ "compatibility": {
+ "flocks": ">=0.8.0",
+ "os": [
+ "darwin",
+ "linux",
+ "windows"
+ ]
+ },
+ "dependencies": {
+ "skills": [],
+ "tools": [],
+ "python": [],
+ "external": []
+ },
+ "permissions": {
+ "tools": [],
+ "network": true,
+ "shell": false,
+ "filesystem": "none"
+ },
+ "risk": {
+ "level": "low",
+ "reasons": []
+ },
+ "entrypoints": [
+ "_provider.yaml",
+ "_test.yaml",
+ "chaitin_safeline_waf.handler.py",
+ "chaitin_safeline_waf_api_catalog.json",
+ "chaitin_safeline_waf_system.yaml",
+ "chaitin_safeline_waf_policy.yaml",
+ "chaitin_safeline_waf_site.yaml",
+ "chaitin_safeline_waf_logs.yaml",
+ "chaitin_safeline_waf_api_readonly.yaml",
+ "chaitin_safeline_waf_api_mutation.yaml"
+ ],
+ "checksums": {}
+}
diff --git a/webui/public/vendor-logos/chaitin.png b/webui/public/vendor-logos/chaitin.png
new file mode 100644
index 000000000..c412e8d64
Binary files /dev/null and b/webui/public/vendor-logos/chaitin.png differ
diff --git a/webui/src/pages/DeviceIntegration/index.test.tsx b/webui/src/pages/DeviceIntegration/index.test.tsx
index 35c00de2b..4d4a93474 100644
--- a/webui/src/pages/DeviceIntegration/index.test.tsx
+++ b/webui/src/pages/DeviceIntegration/index.test.tsx
@@ -586,6 +586,71 @@ describe('DeviceIntegrationPage', () => {
expect(mocks.toastSuccess).toHaveBeenCalledWith('已填充设备配置表单');
});
+ it('does not fill the device address from account-like Rex draft values', async () => {
+ const user = userEvent.setup();
+ mocks.sessionId = 'session-1';
+ mocks.listTemplates.mockResolvedValue({
+ data: [
+ buildTemplate({
+ storage_key: 'chaitin_safeline_waf',
+ service_id: 'chaitin_safeline_waf',
+ name: '长亭雷池 WAF',
+ vendor: 'chaitin',
+ credential_schema: [
+ {
+ key: 'base_url',
+ label: '设备地址',
+ storage: 'config',
+ sensitive: false,
+ required: true,
+ input_type: 'url',
+ config_key: 'base_url',
+ },
+ {
+ key: 'api_token',
+ label: 'API Token',
+ storage: 'secret',
+ sensitive: true,
+ required: true,
+ input_type: 'password',
+ config_key: 'api_token',
+ },
+ ],
+ }),
+ ],
+ });
+ mocks.getSessionMessagesPage.mockResolvedValue({
+ items: [
+ {
+ info: { role: 'assistant' },
+ parts: [
+ {
+ type: 'text',
+ text: '```json\n{"storage_key":"chaitin_safeline_waf","device_name":"长亭雷池","fields":{"url":"admin","api_token":"token-from-user"},"verify_ssl":false}\n```',
+ },
+ ],
+ },
+ ],
+ });
+
+ render();
+
+ await user.click(await screen.findByRole('button', { name: /立即添加设备/ }));
+ await user.click(await screen.findByRole('button', { name: /mock stream done/ }));
+ await user.click(await screen.findByRole('button', { name: /^填充表单$/ }));
+
+ expect(await screen.findByDisplayValue('长亭雷池')).toBeInTheDocument();
+ expect(screen.getByText(/设备地址/)).toBeInTheDocument();
+ expect(screen.getByText(/API Token/)).toBeInTheDocument();
+ expect(screen.queryByText(/管理端地址/)).toBeNull();
+ expect(screen.queryByText(/OpenAPI Token/)).toBeNull();
+ expect(screen.queryByDisplayValue('admin')).toBeNull();
+ expect(screen.getByDisplayValue('token-from-user')).toBeInTheDocument();
+ const blankTextInputs = screen.getAllByRole('textbox')
+ .filter((input) => (input as HTMLInputElement).value === '');
+ expect(blankTextInputs.length).toBeGreaterThan(0);
+ });
+
it('returns to the Rex session and asks for testing guidance after confirming integration', async () => {
const user = userEvent.setup();
mocks.sessionId = 'session-1';
@@ -851,6 +916,13 @@ describe('DeviceIntegrationPage', () => {
name: '360 WAF',
vendor: '360',
}),
+ buildTemplate({
+ plugin_id: 'chaitin_safeline_waf_v1_0_0',
+ storage_key: 'chaitin_safeline_waf',
+ service_id: 'chaitin_safeline_waf',
+ name: '长亭雷池 WAF',
+ vendor: 'chaitin',
+ }),
],
});
const { container } = render();
@@ -859,14 +931,17 @@ describe('DeviceIntegrationPage', () => {
expect(screen.getByText('火绒')).toBeInTheDocument();
expect(screen.getByText('华为云')).toBeInTheDocument();
+ expect(screen.getByText('长亭')).toBeInTheDocument();
expect(screen.getAllByText('360').length).toBeGreaterThan(0);
expect(screen.queryByText('huorong')).toBeNull();
expect(screen.queryByText('huaweicloud')).toBeNull();
+ expect(screen.queryByText('chaitin')).toBeNull();
const huorongLogo = container.querySelector('img[src="/vendor-logos/huorong.png"]');
expect(huorongLogo).not.toBeNull();
expect(container.querySelector('img[src="/vendor-logos/huaweicloud.png"]')).not.toBeNull();
expect(container.querySelector('img[src="/vendor-logos/360.png"]')).not.toBeNull();
+ expect(container.querySelector('img[src="/vendor-logos/chaitin.png"]')).not.toBeNull();
fireEvent.error(huorongLogo as Element);
await waitFor(() => expect(screen.getByText('火')).toBeInTheDocument());
diff --git a/webui/src/pages/DeviceIntegration/index.tsx b/webui/src/pages/DeviceIntegration/index.tsx
index 5f2da06c6..1538bdc89 100644
--- a/webui/src/pages/DeviceIntegration/index.tsx
+++ b/webui/src/pages/DeviceIntegration/index.tsx
@@ -67,6 +67,7 @@ const VENDOR_PRESENTATION: Record> = {
threatbook: { nameCn: '微步', nameEn: 'ThreatBook', color: 'bg-orange-100 text-orange-800', mark: '微', logoSrc: '/vendor-logos/threatbook.png' },
qingteng: { nameCn: '青藤', nameEn: 'Qingteng', color: 'bg-teal-100 text-teal-800', mark: '青', logoSrc: '/vendor-logos/qingteng.png' },
nsfocus: { nameCn: '绿盟', nameEn: 'NSFOCUS', color: 'bg-green-100 text-green-800', mark: '绿', logoSrc: '/vendor-logos/nsfocus.png' },
+ chaitin: { nameCn: '长亭', nameEn: 'Chaitin', color: 'bg-lime-100 text-lime-800', mark: '长', logoSrc: '/vendor-logos/chaitin.png' },
};
function vendorPresentation(vendorKey: string): DeviceVendor {
@@ -240,6 +241,7 @@ function buildDeviceAddSessionContext(templates: DeviceTemplate[]): string {
buildCustomDeviceModeRoutingPrompt(),
'信息足够时,不要只输出表格或操作步骤;必须在回复末尾输出一个 ```json 代码块,页面只会读取这个 JSON 草稿用于一键回填。',
'JSON 草稿格式为 {"storage_key":"...","device_name":"...","fields":{"base_url":"..."},"verify_ssl":false}。',
+ 'fields 只能使用设备模板列出的字段;账号/用户名只有模板包含 username/user/account 字段时才填写,不能写入 base_url 或 url。',
'不要把真实密码、Token、Secret、API Key 写入 JSON;这些密钥字段留空或省略,并提示用户稍后在设备接入表单中填写。',
'',
'当前可见设备模板:',
@@ -254,6 +256,17 @@ function normalizeExtractedValue(value: unknown): string | undefined {
return text.replace(/^`|`$/g, '').trim();
}
+function looksLikeDeviceAddress(value: string): boolean {
+ const text = value.trim();
+ if (!text) return false;
+ if (/^[a-z][a-z0-9+.-]*:\/\//i.test(text)) return true;
+ if (/^localhost(?::\d+)?(?:\/.*)?$/i.test(text)) return true;
+ if (/^(?:\d{1,3}\.){3}\d{1,3}(?::\d+)?(?:\/.*)?$/.test(text)) return true;
+ if (/^[a-z0-9-]+(?:\.[a-z0-9-]+)+(?::\d+)?(?:\/.*)?$/i.test(text)) return true;
+ if (/^[a-z0-9-]+:\d+(?:\/.*)?$/i.test(text)) return true;
+ return false;
+}
+
function parseJsonDraft(text: string): ExtractedDeviceDraft | null {
const trimmed = text.trim();
const candidates = Array.from(text.matchAll(/```json\s*([\s\S]*?)```/gi)).map((match) => match[1]);
@@ -342,6 +355,9 @@ function normalizeDraftFields(template: DeviceTemplate, fields: Record