{ "module": { "id": "33", "key": "infosec-audit", "name": "信息安全管理", "capabilityName": "信息安全访问审计与合规证据", "priority": "P1", "source": [ "信息安全管理" ] }, "generatedAt": "2026-06-23T15:54:56.420Z", "records": [ { "account_id": "ACC-001", "account_code": "user1", "account_type": "服务账号", "resource_type": "报表", "action": "export", "risk_score": 86, "status": "可疑", "audit_id": "AUD-SEC-1" }, { "account_id": "ACC-002", "account_code": "user2", "account_type": "内部账号", "resource_type": "API", "action": "view", "risk_score": 28, "status": "生效中", "audit_id": "AUD-SEC-2" }, { "account_id": "ACC-003", "account_code": "user3", "account_type": "内部账号", "resource_type": "API", "action": "view", "risk_score": 28, "status": "生效中", "audit_id": "AUD-SEC-3" }, { "account_id": "ACC-004", "account_code": "user4", "account_type": "内部账号", "resource_type": "报表", "action": "view", "risk_score": 28, "status": "生效中", "audit_id": "AUD-SEC-4" }, { "account_id": "ACC-005", "account_code": "user5", "account_type": "内部账号", "resource_type": "API", "action": "export", "risk_score": 86, "status": "可疑", "audit_id": "AUD-SEC-5" }, { "account_id": "ACC-006", "account_code": "user6", "account_type": "服务账号", "resource_type": "API", "action": "view", "risk_score": 28, "status": "生效中", "audit_id": "AUD-SEC-6" }, { "account_id": "ACC-007", "account_code": "user7", "account_type": "内部账号", "resource_type": "报表", "action": "view", "risk_score": 28, "status": "生效中", "audit_id": "AUD-SEC-7" }, { "account_id": "ACC-008", "account_code": "user8", "account_type": "内部账号", "resource_type": "API", "action": "view", "risk_score": 28, "status": "生效中", "audit_id": "AUD-SEC-8" }, { "account_id": "ACC-009", "account_code": "user9", "account_type": "内部账号", "resource_type": "API", "action": "export", "risk_score": 86, "status": "可疑", "audit_id": "AUD-SEC-9" }, { "account_id": "ACC-010", "account_code": "user10", "account_type": "内部账号", "resource_type": "报表", "action": "view", "risk_score": 28, "status": "生效中", "audit_id": "AUD-SEC-10" }, { "account_id": "ACC-011", "account_code": "user11", "account_type": "服务账号", "resource_type": "API", "action": "view", "risk_score": 28, "status": "生效中", "audit_id": "AUD-SEC-11" }, { "account_id": "ACC-012", "account_code": "user12", "account_type": "内部账号", "resource_type": "API", "action": "view", "risk_score": 28, "status": "生效中", "audit_id": "AUD-SEC-12" }, { "account_id": "ACC-013", "account_code": "user13", "account_type": "内部账号", "resource_type": "报表", "action": "export", "risk_score": 86, "status": "可疑", "audit_id": "AUD-SEC-13" }, { "account_id": "ACC-014", "account_code": "user14", "account_type": "内部账号", "resource_type": "API", "action": "view", "risk_score": 28, "status": "生效中", "audit_id": "AUD-SEC-14" }, { "account_id": "ACC-015", "account_code": "user15", "account_type": "内部账号", "resource_type": "API", "action": "view", "risk_score": 28, "status": "生效中", "audit_id": "AUD-SEC-15" }, { "account_id": "ACC-016", "account_code": "user16", "account_type": "服务账号", "resource_type": "报表", "action": "view", "risk_score": 28, "status": "生效中", "audit_id": "AUD-SEC-16" }, { "account_id": "ACC-017", "account_code": "user17", "account_type": "内部账号", "resource_type": "API", "action": "export", "risk_score": 86, "status": "可疑", "audit_id": "AUD-SEC-17" }, { "account_id": "ACC-018", "account_code": "user18", "account_type": "内部账号", "resource_type": "API", "action": "view", "risk_score": 28, "status": "生效中", "audit_id": "AUD-SEC-18" } ], "workflows": [ { "id": "WF-SEC-001", "name": "高危权限审批", "status": "reviewing", "owner": "安全负责人", "nextAction": "复核资源范围" }, { "id": "WF-SEC-002", "name": "敏感导出申请", "status": "submitted", "owner": "审计员", "nextAction": "补充用途说明" }, { "id": "WF-SEC-003", "name": "API密钥轮换", "status": "temporary", "owner": "平台管理员", "nextAction": "执行轮换并通知负责人" }, { "id": "WF-SEC-004", "name": "异常访问处置", "status": "incident", "owner": "安全运营", "nextAction": "阻断账号并保留证据" }, { "id": "WF-SEC-005", "name": "合规证据生成", "status": "active", "owner": "合规经理", "nextAction": "生成证据包" }, { "id": "WF-SEC-006", "name": "临时授权回收", "status": "expired", "owner": "权限管理员", "nextAction": "自动撤销权限" } ], "pages": [ [ "overview", "信息安全态势驾驶舱", "/infosec/overview", "安全负责人", "查看账号、权限、访问、导出、API、异常和合规证据态势" ], [ "identity", "账号身份与目录同步", "/infosec/identities", "身份管理员", "管理内部、外包、供应商、客户和系统账号身份" ], [ "access", "权限策略与最小授权", "/infosec/access-policies", "权限管理员", "维护角色、菜单、数据范围、API、导出和控制权限策略" ], [ "session", "登录会话与访问行为", "/infosec/sessions", "安全运营", "分析登录、会话、IP、设备、地理位置和异常访问" ], [ "api-token", "API 密钥与服务账号", "/infosec/api-tokens", "平台管理员", "管理服务账号、API token、密钥轮换、调用范围和过期" ], [ "export", "数据导出与敏感操作审计", "/infosec/exports", "审计员", "审计报表导出、批量查询、敏感字段查看和高危操作" ], [ "risk", "异常访问与风险事件", "/infosec/risks", "安全运营", "处置越权、暴力尝试、异常导出、非工作时间访问和策略冲突" ], [ "compliance", "合规控制项与证据库", "/infosec/compliance", "合规经理", "维护等保、ISO、客户审计和内部控制项证据" ], [ "workflow", "安全审批与例外放行", "/infosec/workflow", "安全负责人", "审批高危权限、临时授权、导出申请和例外放行" ], [ "report", "安全审计报表中心", "/infosec/reports", "审计员", "导出账号、权限、访问、API、导出、事件和证据报表" ] ], "dbTables": [ [ "sec_identity_account", "身份账号表", [ "account_id PK", "account_code", "account_type", "person_id", "org_id", "party_type", "party_id", "account_status", "source_system", "last_sync_at" ] ], [ "sec_role_permission", "角色权限表", [ "role_perm_id PK", "role_id", "permission_code", "permission_type", "resource_scope", "data_scope", "export_allowed", "control_allowed", "enabled_flag" ] ], [ "sec_access_policy", "访问策略表", [ "policy_id PK", "policy_name", "policy_type", "subject_type", "subject_id", "resource_type", "resource_scope", "condition_expr", "risk_level", "policy_status" ] ], [ "sec_session_log", "登录会话日志表", [ "session_id PK", "account_id", "login_at", "logout_at", "ip_addr", "device_id", "geo_location", "mfa_result", "session_status" ] ], [ "sec_access_event", "访问行为事件表", [ "event_id PK", "account_id", "resource_type", "resource_id", "action", "request_id", "ip_addr", "risk_score", "event_time" ] ], [ "sec_api_token", "API密钥表", [ "token_id PK", "service_account_id", "token_name", "token_hash", "scope_set", "valid_from", "valid_to", "rotation_status", "token_status" ] ], [ "sec_export_audit", "数据导出审计表", [ "export_id PK", "account_id", "export_type", "object_type", "object_id", "field_set", "row_count", "watermark_id", "export_status" ] ], [ "sec_sensitive_operation", "敏感操作表", [ "operation_id PK", "account_id", "operation_type", "business_module", "object_id", "before_state", "after_state", "approval_required", "operation_time" ] ], [ "sec_risk_event", "风险事件表", [ "risk_id PK", "risk_type", "severity", "account_id", "source_event_id", "risk_reason", "risk_status", "owner_id", "sla_due_at" ] ], [ "sec_compliance_control", "合规控制项表", [ "control_id PK", "framework", "control_code", "control_name", "control_owner", "evidence_rule", "control_status", "last_review_at" ] ], [ "sec_evidence_package", "合规证据包表", [ "evidence_id PK", "control_id", "object_type", "object_id", "file_id", "file_hash", "source_hash", "retention_until" ] ], [ "sec_workflow_task", "安全审批任务表", [ "task_id PK", "object_type", "object_id", "node_code", "node_name", "assignee_id", "task_status", "decision", "comment", "sla_due_at" ] ], [ "sec_metric_daily", "安全指标日表", [ "metric_id PK", "metric_date", "active_account_count", "privilege_account_count", "risk_event_count", "export_count", "token_expire_count", "compliance_pass_rate" ] ], [ "sec_audit_log", "安全审计日志表", [ "audit_id PK", "object_type", "object_id", "actor_id", "actor_role", "action", "before_state", "after_state", "request_id", "ip_addr", "created_at" ] ] ], "apiItems": [ [ "GET", "/api/dcim/security/identities", "账号身份查询", "accountType,orgId,status,partyType,page,pageSize", "账号、人员、组织、来源、状态和风险摘要" ], [ "POST", "/api/dcim/security/identities/sync", "同步账号身份", "sourceSystem,accountList,fullSyncFlag,traceId", "syncBatchId,created,updated,disabled,auditId" ], [ "GET", "/api/dcim/security/access-policies", "访问策略查询", "policyType,subjectId,resourceType,riskLevel,status", "策略、范围、条件、风险和状态" ], [ "POST", "/api/dcim/security/access-policies", "创建访问策略", "policyName,policyType,subjectType,resourceScope,conditionExpr,riskLevel", "policyId,workflowTaskId" ], [ "POST", "/api/dcim/security/access-policies/{policyId}/simulate", "权限策略模拟", "accountId,resourceType,action,context", "allowFlag,hitPolicies,riskReasons" ], [ "GET", "/api/dcim/security/sessions", "登录会话查询", "accountId,ipAddr,dateRange,sessionStatus,riskOnly", "会话列表、MFA、IP、设备和风险分" ], [ "GET", "/api/dcim/security/access-events", "访问行为查询", "accountId,resourceType,action,dateRange,riskScoreMin", "访问日志、请求、风险和审计ID" ], [ "POST", "/api/dcim/security/api-tokens", "创建 API token", "serviceAccountId,tokenName,scopeSet,validTo,rotationPolicy", "tokenId,tokenPreview,workflowTaskId" ], [ "POST", "/api/dcim/security/api-tokens/{tokenId}/rotate", "密钥轮换", "reason,evidenceIds,notifyOwner", "rotationStatus,newTokenPreview,auditId" ], [ "POST", "/api/dcim/security/api-tokens/{tokenId}/revoke", "撤销密钥", "reason,forceFlag,evidenceIds", "tokenStatus,auditId" ], [ "GET", "/api/dcim/security/exports", "导出审计查询", "accountId,objectType,dateRange,rowCountMin,watermarkId", "导出记录、字段、行数、水印和状态" ], [ "POST", "/api/dcim/security/exports/apply", "提交敏感导出申请", "objectType,filter,fieldSet,purpose,retentionDays", "exportApplyId,workflowTaskId" ], [ "GET", "/api/dcim/security/risk-events", "风险事件查询", "riskType,severity,status,ownerId,dateRange", "风险事件、来源、原因、SLA和处置状态" ], [ "POST", "/api/dcim/security/risk-events/{riskId}/resolve", "处置风险事件", "decision,rootCause,actions,evidenceIds", "riskStatus,auditId" ], [ "GET", "/api/dcim/security/compliance-controls", "合规控制项查询", "framework,status,ownerId", "控制项、负责人、证据规则和复核结果" ], [ "POST", "/api/dcim/security/evidence-packages/generate", "生成合规证据包", "controlId,period,objectScope,watermark", "evidenceId,fileId,sourceHash" ], [ "POST", "/api/dcim/security/workflow/tasks/{taskId}/decision", "安全审批决策", "decision,comment,delegateTo,evidenceIds", "nextNode,nextState,auditId" ], [ "GET", "/api/dcim/security/metrics/operation", "安全运营指标", "siteId,dateRange,framework", "账号、权限、导出、风险、密钥和合规指标" ], [ "GET", "/api/dcim/security/audit-logs", "安全审计日志查询", "objectType,objectId,actorId,action,dateRange", "审计日志分页" ], [ "POST", "/api/dcim/security/reports/export", "导出安全审计报表", "reportType,period,framework,watermark", "fileId,auditId" ] ], "trackingEvents": [ [ "security_overview_view", "查看信息安全驾驶舱", "site_id/user_role/date_range", "分析安全入口" ], [ "security_identity_create", "创建账号身份", "account_type/party_type/source_system", "统计账号治理" ], [ "security_identity_submit", "提交账号审批", "account_id/account_type/risk_level", "追踪账号流程" ], [ "security_policy_create", "创建访问策略", "policy_type/resource_type/risk_level", "统计策略变更" ], [ "security_policy_review", "访问策略复核", "policy_id/decision/reviewer_role", "分析策略审批" ], [ "security_policy_verify", "权限策略模拟", "account_id/resource_type/action/allow_flag", "评估策略有效性" ], [ "security_session_view", "查看登录会话", "account_id/ip_addr/mfa_result/risk_score", "追踪访问行为" ], [ "security_token_create", "创建 API token", "service_account_id/scope_count/valid_to", "统计密钥新增" ], [ "security_token_review", "API token 复核", "token_id/decision/scope_count", "分析密钥审批" ], [ "security_token_resolved", "API token 轮换或撤销完成", "token_id/action/result", "统计密钥处置" ], [ "security_export_submit", "提交敏感导出申请", "object_type/field_count/row_count/purpose", "追踪导出风险" ], [ "security_export_complete", "数据导出完成", "export_id/export_type/row_count/watermark_id", "审计导出行为" ], [ "security_risk_resolved", "风险事件处置完成", "risk_id/risk_type/severity/sla_status", "统计风险闭环" ], [ "security_evidence_verify", "生成合规证据包", "control_id/framework/source_hash/file_hash", "审计证据完整性" ], [ "security_report_export", "导出安全报表", "report_type/framework/export_format/watermark", "审计报表导出" ], [ "security_cli_command", "CLI 调用", "command/user/result/trace_id", "审计自动化调用" ], [ "security_agent_suggest", "智能体建议", "intent/source_count/accepted", "评估 AI 建议采纳" ] ] }