Snort_AIPreproc/TODO

======================
AVERAGE/HIGH PRIORITY:
======================

- Comment all the code!!!
- Support for more logs
- True bayesian temporal correlation

=============
LOW PRIORITY:
=============

- Managing clusters for addresses, timestamps (and more?)
- Splitting the distinct subgraphs of the output graph

=====
DONE:
=====

+ PostgreSQL support
+ Regex comp cache
+ Managing hyperalert graph connection inside the alert structure itself
+ Keeping track of all the streams and alerts even after clustered
+ Dynamic cluster_min_size algorithm
+ Add alerts' history serialization to db.c as well
+ Bayesian learning among alerts in alert log
+ Split bayesian correlation out of correlation.c
+ Clustering alerts with time constraints
+ Save clusters and correlations to db
+ Uniformed error messages format
+ Full PostgreSQL support for output db
+ Web interface
+ Function names (private functions with _ or __ ?)
+ Saving packet flows as .pcap
+ Manual alert correlation from the web interface
+ Neural network for alert correlation
+ Supporting extra modules for alert correlation
+ Testing more scenarios, making more hyperalert models
+ Code profiling
+ Geographical IP localization and visualization
Grouped alert info inside the cluster, better graph management in hyperalerts 2010-09-16 23:21:38 +02:00			`======================`
			`AVERAGE/HIGH PRIORITY:`
			`======================`

Now supporting clustering with time constraints 2010-09-29 12:24:30 +02:00			`- Comment all the code!!!`
Integration with GeoIP and GMaps in web interface 2010-12-01 23:25:41 +01:00			`- Support for more logs`
			`- True bayesian temporal correlation`
Grouped alert info inside the cluster, better graph management in hyperalerts 2010-09-16 23:21:38 +02:00
			`=============`
			`LOW PRIORITY:`
			`=============`
Sept 11 2010 commit 2010-09-11 12:45:30 +02:00
First commit for spp_ai 2010-08-14 14:30:41 +02:00			`- Managing clusters for addresses, timestamps (and more?)`
Keeping bayesian correlation in bayesian.c 2010-09-28 21:36:58 +02:00			`- Splitting the distinct subgraphs of the output graph`
First commit for spp_ai 2010-08-14 14:30:41 +02:00
Grouped alert info inside the cluster, better graph management in hyperalerts 2010-09-16 23:21:38 +02:00			`=====`
			`DONE:`
			`=====`

			`+ PostgreSQL support`
			`+ Regex comp cache`
			`+ Managing hyperalert graph connection inside the alert structure itself`
			`+ Keeping track of all the streams and alerts even after clustered`
Clustering now improved 2010-09-18 16:42:11 +02:00			`+ Dynamic cluster_min_size algorithm`
Bayesian correlation now working 2010-09-23 21:57:20 +02:00			`+ Add alerts' history serialization to db.c as well`
			`+ Bayesian learning among alerts in alert log`
Keeping bayesian correlation in bayesian.c 2010-09-28 21:36:58 +02:00			`+ Split bayesian correlation out of correlation.c`
Now supporting clustering with time constraints 2010-09-29 12:24:30 +02:00			`+ Clustering alerts with time constraints`
Output database support (for MySQL) now complete 2010-10-02 17:46:15 +02:00			`+ Save clusters and correlations to db`
Starting to support PostgreSQL for logging output 2010-10-04 17:48:07 +02:00			`+ Uniformed error messages format`
Adding webserver features 2010-10-07 12:19:21 +02:00			`+ Full PostgreSQL support for output db`
Web interface done, web server fixed, pcap support 2010-10-11 17:00:03 +02:00			`+ Web interface`
			`+ Function names (private functions with _ or __ ?)`
Updated documentation and Makefile 2010-10-12 03:12:11 +02:00			`+ Saving packet flows as .pcap`
Updating the documentation 2010-10-14 02:53:17 +02:00			`+ Manual alert correlation from the web interface`
SOM neural network support for alert correlation 2010-10-25 17:39:44 +02:00			`+ Neural network for alert correlation`
Plugin support, README updated 2010-10-26 21:58:34 +02:00			`+ Supporting extra modules for alert correlation`
Integration with GeoIP and GMaps in web interface 2010-12-01 23:25:41 +01:00			`+ Testing more scenarios, making more hyperalert models`
Changing TODO 2010-12-01 23:27:16 +01:00			`+ Code profiling`
			`+ Geographical IP localization and visualization`
Grouped alert info inside the cluster, better graph management in hyperalerts 2010-09-16 23:21:38 +02:00