|
下面是访问PostgreSQL数据库的SQL请求示例。访问其他数据库所使用的申请可能因数据库本身特点以及具体使用情况而有所区别。
|
SQL语言无法兼顾组和工作站的级别
|
直接向数据库发出的请求
1.打开您的Dr.Web服务器的管理中心。 2.转至管理 → SQL控制台。 3.输入相应的SQL请求,请求示例见下。 4.点击执行按钮。 SQL请求示例
1.搜索安装有OS Windows服务器版本且病毒库早于2019.07.04-00:00:00 UTC (12.0)的工作站。
SELECT
stations.name Station,
groups_list.name OS,
station_products.crev Bases
FROM
stations
INNER JOIN groups_list ON groups_list.platform =(
CAST(stations.lastos AS INTEGER) & ~15728640
)
AND (
(
CAST(stations.lastos AS INTEGER) & 2130706560
) = 33554560
)
INNER JOIN station_products ON station_products.id = stations.id
AND station_products.product = '10-drwbases'
AND station_products.crev < 12020190704000000;
|
2.搜索其在反病毒网络→统计信息→状态部分的记录严重性为高或最高的工作站。
SELECT
stations.name Station
FROM
stations
WHERE
id IN (
SELECT
DISTINCT id
FROM
station_status
WHERE
severity >= 1342177280
);
|
3.提取状态符合的工作站以及具备这些状态的工作站的数量。
SELECT
code Code,
COUNT(code) Num
FROM
(
SELECT
DISTINCT id,
code
FROM
station_status
) AS t
GROUP BY
Code
ORDER BY
Code;
|
4.提取2019.06.01至2019.07.01期间识别码为'373a9afb-9c9a-4d4d-b9b1-de817b96bcc5'的组或其所有内嵌组所包含的工作站上发现最多的10个威胁。
SELECT
cat_virus.str Threat,
COUNT(cat_virus.str) Num
FROM
station_infection
INNER JOIN cat_virus ON cat_virus.id = station_infection.virus
WHERE
station_infection.infectiontime BETWEEN 20190601000000000
AND 20190701000000000
AND station_infection.id IN (
SELECT
sid
FROM
station_groups
WHERE
gid = '373a9afb-9c9a-4d4d-b9b1-de817b96bcc5'
OR gid IN (
SELECT
child
FROM
group_children
WHERE
id = '373a9afb-9c9a-4d4d-b9b1-de817b96bcc5'
)
)
GROUP BY
cat_virus.str
ORDER BY
Num DESC
LIMIT
10;
|
5.提取10个感染最严重的工作站。
SELECT
Station,
Grp,
Num
FROM
(
SELECT
stations.id,
groups_list.id,
stations.name Station,
groups_list.name Grp,
COUNT(stations.id) Num
FROM
station_infection
INNER JOIN stations ON station_infection.id = stations.id
INNER JOIN groups_list ON groups_list.id = stations.gid
GROUP BY
stations.id,
groups_list.id,
stations.name,
groups_list.name
ORDER BY
Num DESC
LIMIT
10
) AS t;
|
6.如用户组不是其所含工作站的基组,则从这些用户组删除所有工作站。
DELETE FROM
station_groups;
INSERT INTO station_groups(sid, gid)
SELECT
stations.id,
groups_list.id
FROM
stations
INNER JOIN groups_list ON stations.gid = groups_list.id
AND groups_list.type NOT IN(1, 4);
|
7.搜索反病毒网络中其域名包含于SpIDer Gate白名单自身设置的对象。
SELECT
stations.name Station
FROM
station_cfg
INNER JOIN stations ON stations.id = station_cfg.id
WHERE
station_cfg.component = 38
AND station_cfg.name = 'WhiteVirUrlList'
AND station_cfg.value = 'domain.tld';
SELECT
groups_list.name Grp
FROM
group_cfg
INNER JOIN groups_list ON groups_list.id = group_cfg.id
WHERE
group_cfg.component = 38
AND group_cfg.name = 'WhiteVirUrlList'
AND group_cfg.value = 'domain.tld';
SELECT
policy_list.name Policy
FROM
policy_cfg
INNER JOIN policy_list ON policy_list.id = policy_cfg.id
WHERE
policy_cfg.component = 38
AND policy_cfg.name = 'WhiteVirUrlList'
AND policy_cfg.value = 'domain.tld';
|
8.从管理员登录管理中心失败审计事件中提取错误登录及其代码。
SELECT
admin_activity.login Login,
admin_activity.address Address,
activity_data.value ErrorCode,
admin_activity.createtime EventTimestamp
FROM
admin_activity
INNER JOIN activity_data ON admin_activity.record = activity_data.record
WHERE
admin_activity.oper = 10100
AND admin_activity.status != 1
AND activity_data.item = 'Error';
|
9.搜索未安装必要安全补丁的OS Windows工作站。
SELECT
stations.name Station
FROM
stations
WHERE
id NOT IN (
SELECT
station_env_kb.id
FROM
station_env_kb
INNER JOIN stations ON stations.id = station_env_kb.id
WHERE
(
CAST(stations.lastos AS INTEGER) & 2130706432
)= 33554432
AND station_env_kb.name IN (
SELECT
id
FROM
env_strings
WHERE
str IN(
'KB4012212', 'KB4012213', 'KB4012214',
'KB4012215', 'KB4012216', 'KB4012217',
'KB4012598'
)
)
);
|
|