60ee38a3c2
feat(protocol): 添加补丁管理和行为指标协议类型 feat(client): 实现补丁管理插件采集功能 feat(server): 添加补丁管理和异常检测API feat(database): 新增补丁状态和异常检测相关表 feat(web): 添加补丁管理和异常检测前端页面 fix(security): 增强输入验证和防注入保护 refactor(auth): 重构认证检查逻辑 perf(service): 优化Windows服务恢复策略 style: 统一健康评分显示样式 docs: 更新知识库文档
60 lines
2.7 KiB
SQL
60 lines
2.7 KiB
SQL
-- 018_patch_management.sql: Patch management system
|
|
|
|
CREATE TABLE IF NOT EXISTS patch_status (
|
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
device_uid TEXT NOT NULL REFERENCES devices(device_uid) ON DELETE CASCADE,
|
|
kb_id TEXT NOT NULL,
|
|
title TEXT NOT NULL,
|
|
severity TEXT,
|
|
is_installed INTEGER NOT NULL DEFAULT 0,
|
|
discovered_at TEXT NOT NULL DEFAULT (datetime('now')),
|
|
installed_at TEXT,
|
|
updated_at TEXT NOT NULL DEFAULT (datetime('now')),
|
|
UNIQUE(device_uid, kb_id)
|
|
);
|
|
|
|
CREATE TABLE IF NOT EXISTS patch_policies (
|
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
target_type TEXT NOT NULL DEFAULT 'global' CHECK(target_type IN ('global', 'device', 'group')),
|
|
target_id TEXT,
|
|
auto_approve INTEGER NOT NULL DEFAULT 0,
|
|
severity_filter TEXT NOT NULL DEFAULT 'important',
|
|
enabled INTEGER NOT NULL DEFAULT 1,
|
|
created_at TEXT NOT NULL DEFAULT (datetime('now')),
|
|
updated_at TEXT NOT NULL DEFAULT (datetime('now'))
|
|
);
|
|
|
|
-- Behavior metrics for anomaly detection
|
|
CREATE TABLE IF NOT EXISTS behavior_metrics (
|
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
device_uid TEXT NOT NULL REFERENCES devices(device_uid) ON DELETE CASCADE,
|
|
clipboard_ops_count INTEGER NOT NULL DEFAULT 0,
|
|
clipboard_ops_night INTEGER NOT NULL DEFAULT 0,
|
|
print_jobs_count INTEGER NOT NULL DEFAULT 0,
|
|
usb_file_ops_count INTEGER NOT NULL DEFAULT 0,
|
|
new_processes_count INTEGER NOT NULL DEFAULT 0,
|
|
period_secs INTEGER NOT NULL DEFAULT 3600,
|
|
reported_at TEXT NOT NULL DEFAULT (datetime('now'))
|
|
);
|
|
|
|
-- Anomaly alerts generated by the detection engine
|
|
CREATE TABLE IF NOT EXISTS anomaly_alerts (
|
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
device_uid TEXT NOT NULL REFERENCES devices(device_uid) ON DELETE CASCADE,
|
|
anomaly_type TEXT NOT NULL,
|
|
severity TEXT NOT NULL DEFAULT 'medium' CHECK(severity IN ('low', 'medium', 'high', 'critical')),
|
|
detail TEXT NOT NULL,
|
|
metric_value REAL,
|
|
baseline_value REAL,
|
|
handled INTEGER NOT NULL DEFAULT 0,
|
|
handled_by TEXT,
|
|
handled_at TEXT,
|
|
triggered_at TEXT NOT NULL DEFAULT (datetime('now'))
|
|
);
|
|
|
|
CREATE INDEX IF NOT EXISTS idx_patch_status_device ON patch_status(device_uid);
|
|
CREATE INDEX IF NOT EXISTS idx_patch_status_severity ON patch_status(severity, is_installed);
|
|
CREATE INDEX IF NOT EXISTS idx_behavior_metrics_device_time ON behavior_metrics(device_uid, reported_at);
|
|
CREATE INDEX IF NOT EXISTS idx_anomaly_alerts_device ON anomaly_alerts(device_uid);
|
|
CREATE INDEX IF NOT EXISTS idx_anomaly_alerts_unhandled ON anomaly_alerts(handled) WHERE handled = 0;
|