+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| e |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| [:edge_attack "10.2.29.88"->"25.25.206.75" @1681634791835 {app_proto: "TLS", attacker_port: "443", event_time: 1681634791835, flow_id: 847095156684521, name: "发现疑似TLS加密反弹shell", phase: "control", proto: "TCP", result: "unknown", severity: "其他", tag: "其他", tool: "", victim_port: "44134"}] |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Got 1 rows (time spent 3.546249s/3.550905648s)
Execution Plan (optimize time 215 us)
-----+----------------+--------------+--------------------------------------------+---------------------------------
| id | name | dependencies | profiling data | operator info |
-----+----------------+--------------+--------------------------------------------+---------------------------------
| 11 | Project | 10 | { | outputVar: { |
| | | | "execTime": "28(us)", | "colNames": [ |
| | | | "rows": 1, | "e" |
| | | | "totalTime": "32(us)", | ], |
| | | | "version": 0 | "type": "DATASET", |
| | | | } | "name": "__Limit_8" |
| | | | | } |
| | | | | inputVar: __Limit_10 |
| | | | | columns: [ |
| | | | | "$-.e[0]" |
| | | | | ] |
-----+----------------+--------------+--------------------------------------------+---------------------------------
| 10 | Limit | 5 | { | outputVar: { |
| | | | "execTime": "19(us)", | "colNames": [ |
| | | | "rows": 1, | "v", |
| | | | "totalTime": "28(us)", | "e", |
| | | | "version": 0 | "__VAR_0" |
| | | | } | ], |
| | | | | "type": "DATASET", |
| | | | | "name": "__Limit_10" |
| | | | | } |
| | | | | inputVar: __AppendVertices_5 |
| | | | | offset: 0 |
| | | | | count: 20 |
-----+----------------+--------------+--------------------------------------------+---------------------------------
| 5 | AppendVertices | 4 | { | outputVar: { |
| | | | "execTime": "266399(us)", | "colNames": [ |
| | | | "resp[0]": { | "v", |
| | | | "exec": "606(us)", | "e", |
| | | | "host": "storaged:9779", | "__VAR_0" |
| | | | "total": "1075(us)" | ], |
| | | | }, | "type": "DATASET", |
| | | | "rows": 1, | "name": "__AppendVertices_5" |
| | | | "totalTime": "267479(us)", | } |
| | | | "total_rpc": "1133(us)", | inputVar: __Traverse_4 |
| | | | "version": 0 | space: 375 |
| | | | } | dedup: true |
| | | | | limit: -1 |
| | | | | filter: |
| | | | | orderBy: [] |
| | | | | src: none_direct_dst($-.e) |
| | | | | props: [ |
| | | | | { |
| | | | | "props": [ |
| | | | | "_tag" |
| | | | | ], |
| | | | | "tagId": 377 |
| | | | | }, |
| | | | | { |
| | | | | "props": [ |
| | | | | "_tag" |
| | | | | ], |
| | | | | "tagId": 376 |
| | | | | } |
| | | | | ] |
| | | | | exprs: |
| | | | | vertex_filter: |
| | | | | if_track_previous_path: true |
-----+----------------+--------------+--------------------------------------------+---------------------------------
| 4 | Traverse | 2 | { | outputVar: { |
| | | | "execTime": "1532684(us)", | "colNames": [ |
| | | | "rows": 217975, | "v", |
| | | | "step[1]": [ | "e" |
| | | | { | ], |
| | | | "exec": "1027952(us)", | "type": "DATASET", |
| | | | "host": "storaged:9779", | "name": "__Traverse_4" |
| | | | "storage_detail": { | } |
| | | | "GetNeighborsNode": "1027590(us)", | inputVar: __Dedup_2 |
| | | | "HashJoinNode": "177(us)", | space: 375 |
| | | | "RelNode": "1027591(us)", | dedup: true |
| | | | "SingleEdgeNode": "174(us)" | limit: -1 |
| | | | }, | filter: |
| | | | "total": "1744970(us)", | orderBy: [] |
| | | | "total_rpc_time": "1745105(us)", | src: $-._vid |
| | | | "vertices": 1 | edgeTypes: [] |
| | | | } | edgeDirection: OUT_EDGE |
| | | | ], | vertexProps: |
| | | | "totalTime": "3277837(us)", | edgeProps: [ |
| | | | "version": 0 | { |
| | | | } | "props": [ |
| | | | | "_src", |
| | | | | "_type", |
| | | | | "_rank", |
| | | | | "_dst", |
| | | | | "event_time" |
| | | | | ], |
| | | | | "type": 379 |
| | | | | }, |
| | | | | { |
| | | | | "props": [ |
| | | | | "_src", |
| | | | | "_type", |
| | | | | "_rank", |
| | | | | "_dst", |
| | | | | "name", |
| | | | | "proto", |
| | | | | "app_proto", |
| | | | | "tool", |
| | | | | "attacker_port", |
| | | | | "victim_port", |
| | | | | "phase", |
| | | | | "result", |
| | | | | "tag", |
| | | | | "severity", |
| | | | | "event_time", |
| | | | | "flow_id" |
| | | | | ], |
| | | | | "type": 378 |
| | | | | } |
| | | | | ] |
| | | | | statProps: |
| | | | | exprs: |
| | | | | random: false |
| | | | | steps: 1..1 |
| | | | | vertex filter: |
| | | | | edge filter: |
| | | | | if_track_previous_path: false |
| | | | | first step filter: |
| | | | | tag filter: |
-----+----------------+--------------+--------------------------------------------+---------------------------------
| 2 | Dedup | 1 | { | outputVar: { |
| | | | "execTime": "8(us)", | "colNames": [ |
| | | | "rows": 1, | "_vid" |
| | | | "totalTime": "10(us)", | ], |
| | | | "version": 0 | "type": "DATASET", |
| | | | } | "name": "__Dedup_2" |
| | | | | } |
| | | | | inputVar: __VAR_1 |
-----+----------------+--------------+--------------------------------------------+---------------------------------
| 1 | PassThrough | 3 | { | outputVar: { |
| | | | "execTime": "13(us)", | "colNames": [ |
| | | | "rows": 0, | "_vid" |
| | | | "totalTime": "24(us)", | ], |
| | | | "version": 0 | "type": "DATASET", |
| | | | } | "name": "__VAR_1" |
| | | | | } |
| | | | | inputVar: |
-----+----------------+--------------+--------------------------------------------+---------------------------------
| 3 | Start | | { | outputVar: { |
| | | | "execTime": "0(us)", | "colNames": [], |
| | | | "rows": 0, | "type": "DATASET", |
| | | | "totalTime": "18(us)", | "name": "__Start_3" |
| | | | "version": 0 | } |
| | | | } | |
-----+----------------+--------------+--------------------------------------------+---------------------------------
Wed, 19 Apr 2023 11:16:33 UTC