Snort_AIPreproc/doc/latex/correlation_8c.tex

\hypertarget{correlation_8c}{
\section{correlation.c File Reference}
\label{correlation_8c}\index{correlation.c@{correlation.c}}
}
{\ttfamily \#include \char`\"{}spp\_\-ai.h\char`\"{}}\par
{\ttfamily \#include $<$unistd.h$>$}\par
{\ttfamily \#include $<$sys/stat.h$>$}\par
{\ttfamily \#include $<$pthread.h$>$}\par
{\ttfamily \#include $<$libxml/xmlreader.h$>$}\par
\subsection*{Data Structures}
\begin{DoxyCompactItemize}
\item 
struct \hyperlink{structAI__alert__correlation}{AI\_\-alert\_\-correlation}
\end{DoxyCompactItemize}
\subsection*{Enumerations}
\begin{DoxyCompactItemize}
\item 
enum \{ \par
\hyperlink{group__correlation_gga06fc87d81c62e9abb8790b6e5713c55ba0b3b5f651ab0c6355666ff7b1c778af8}{inHyperAlert}, 
\hyperlink{group__correlation_gga06fc87d81c62e9abb8790b6e5713c55ba52d913c46f650f89a5da3ff4bfb7a45d}{inSnortIdTag}, 
\hyperlink{group__correlation_gga06fc87d81c62e9abb8790b6e5713c55ba828f2ec4acb20bae9b9c9fb0c5e0881f}{inPreTag}, 
\hyperlink{group__correlation_gga06fc87d81c62e9abb8790b6e5713c55baf6430d8e5b9791cca74ec3b325a8339f}{inPostTag}, 
\par
\hyperlink{group__correlation_gga06fc87d81c62e9abb8790b6e5713c55ba551d1861515058fbfe34955d4170ae67}{TAG\_\-NUM}
 \}
\end{DoxyCompactItemize}
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item 
double \hyperlink{group__correlation_ga130e82017fc0abcb76b1a7740ae2f4df}{\_\-AI\_\-correlation\_\-coefficient} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a, \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$b)
\begin{DoxyCompactList}\small\item\em Compute the correlation coefficient between two alerts, as INTERSECTION(pre(B), post(A) / UNION(pre(B), post(A)). \item\end{DoxyCompactList}\item 
void \hyperlink{group__correlation_ga0d094eae1d014d89a2de21263fa747da}{\_\-AI\_\-macro\_\-subst} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$$\ast$alert)
\begin{DoxyCompactList}\small\item\em Substitute the macros in hyperalert pre-\/conditions and post-\/conditions with their associated values. \item\end{DoxyCompactList}\item 
PRIVATE \hyperlink{structAI__hyperalert__info}{AI\_\-hyperalert\_\-info} $\ast$ \hyperlink{group__correlation_ga929e5c17fdb247a998d83ed6a4ae5a65}{\_\-AI\_\-hyperalert\_\-from\_\-XML} (\hyperlink{structAI__hyperalert__key}{AI\_\-hyperalert\_\-key} key)
\begin{DoxyCompactList}\small\item\em Parse info about a hyperalert from a correlation XML file, if it exists. \item\end{DoxyCompactList}\item 
void $\ast$ \hyperlink{group__correlation_ga939353a4e15de7a8f4145ab986f584be}{AI\_\-alert\_\-correlation\_\-thread} (void $\ast$arg)
\begin{DoxyCompactList}\small\item\em Thread for correlating clustered alerts. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item 
PRIVATE \hyperlink{structAI__hyperalert__info}{AI\_\-hyperalert\_\-info} $\ast$ \hyperlink{group__correlation_gae56c79aa018caaeebeeb709a9e51c9c2}{hyperalerts} = NULL
\item 
PRIVATE \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{group__correlation_gaad7a982b6016390e7cd1164bd7db8bca}{conf} = NULL
\item 
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__correlation_gae837fc04e61c0eb052f997c54b4fd9fe}{alerts} = NULL
\item 
PRIVATE \hyperlink{structAI__alert__correlation}{AI\_\-alert\_\-correlation} $\ast$ \hyperlink{group__correlation_ga701934a296c51f2397d24e8bf4a9f021}{correlation\_\-table} = NULL
\item 
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__correlation_gafebc81c042a632dc987e113b7f390274}{lock\_\-flag} = false
\end{DoxyCompactItemize}
10 sept 2010 commit 2010-09-11 02:12:39 +02:00			`\hypertarget{correlation_8c}{`
			`\section{correlation.c File Reference}`
			`\label{correlation_8c}\index{correlation.c@{correlation.c}}`
			`}`
			{\ttfamily \#include \char`\"{}spp\_\-ai.h\char`\"{}}\par
			`{\ttfamily \#include $<$unistd.h$>$}\par`
			`{\ttfamily \#include $<$sys/stat.h$>$}\par`
			`{\ttfamily \#include $<$pthread.h$>$}\par`
			`{\ttfamily \#include $<$libxml/xmlreader.h$>$}\par`
			`\subsection*{Data Structures}`
			`\begin{DoxyCompactItemize}`
			`\item`
Sept 11 2010 commit 2010-09-11 12:45:30 +02:00			`struct \hyperlink{structAI__alert__correlation}{AI\_\-alert\_\-correlation}`
10 sept 2010 commit 2010-09-11 02:12:39 +02:00			`\end{DoxyCompactItemize}`
			`\subsection*{Enumerations}`
			`\begin{DoxyCompactItemize}`
			`\item`
			`enum \{ \par`
			`\hyperlink{group__correlation_gga06fc87d81c62e9abb8790b6e5713c55ba0b3b5f651ab0c6355666ff7b1c778af8}{inHyperAlert},`
			`\hyperlink{group__correlation_gga06fc87d81c62e9abb8790b6e5713c55ba52d913c46f650f89a5da3ff4bfb7a45d}{inSnortIdTag},`
			`\hyperlink{group__correlation_gga06fc87d81c62e9abb8790b6e5713c55ba828f2ec4acb20bae9b9c9fb0c5e0881f}{inPreTag},`
			`\hyperlink{group__correlation_gga06fc87d81c62e9abb8790b6e5713c55baf6430d8e5b9791cca74ec3b325a8339f}{inPostTag},`
			`\par`
			`\hyperlink{group__correlation_gga06fc87d81c62e9abb8790b6e5713c55ba551d1861515058fbfe34955d4170ae67}{TAG\_\-NUM}`
			`\}`
			`\end{DoxyCompactItemize}`
			`\subsection*{Functions}`
			`\begin{DoxyCompactItemize}`
			`\item`
Sept 11 2010 commit 2010-09-11 12:45:30 +02:00			`double \hyperlink{group__correlation_ga130e82017fc0abcb76b1a7740ae2f4df}{\_\-AI\_\-correlation\_\-coefficient} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a, \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$b)`
			`\begin{DoxyCompactList}\small\item\em Compute the correlation coefficient between two alerts, as INTERSECTION(pre(B), post(A) / UNION(pre(B), post(A)). \item\end{DoxyCompactList}\item`
			`void \hyperlink{group__correlation_ga0d094eae1d014d89a2de21263fa747da}{\_\-AI\_\-macro\_\-subst} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$$\ast$alert)`
			`\begin{DoxyCompactList}\small\item\em Substitute the macros in hyperalert pre-\/conditions and post-\/conditions with their associated values. \item\end{DoxyCompactList}\item`
			`PRIVATE \hyperlink{structAI__hyperalert__info}{AI\_\-hyperalert\_\-info} $\ast$ \hyperlink{group__correlation_ga929e5c17fdb247a998d83ed6a4ae5a65}{\_\-AI\_\-hyperalert\_\-from\_\-XML} (\hyperlink{structAI__hyperalert__key}{AI\_\-hyperalert\_\-key} key)`
10 sept 2010 commit 2010-09-11 02:12:39 +02:00			`\begin{DoxyCompactList}\small\item\em Parse info about a hyperalert from a correlation XML file, if it exists. \item\end{DoxyCompactList}\item`
			`void $\ast$ \hyperlink{group__correlation_ga939353a4e15de7a8f4145ab986f584be}{AI\_\-alert\_\-correlation\_\-thread} (void $\ast$arg)`
			`\begin{DoxyCompactList}\small\item\em Thread for correlating clustered alerts. \item\end{DoxyCompactList}\end{DoxyCompactItemize}`
			`\subsection*{Variables}`
			`\begin{DoxyCompactItemize}`
			`\item`
Sept 11 2010 commit 2010-09-11 12:45:30 +02:00			`PRIVATE \hyperlink{structAI__hyperalert__info}{AI\_\-hyperalert\_\-info} $\ast$ \hyperlink{group__correlation_gae56c79aa018caaeebeeb709a9e51c9c2}{hyperalerts} = NULL`
10 sept 2010 commit 2010-09-11 02:12:39 +02:00			`\item`
			`PRIVATE \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{group__correlation_gaad7a982b6016390e7cd1164bd7db8bca}{conf} = NULL`
Sept 11 2010 commit 2010-09-11 12:45:30 +02:00			`\item`
			`PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__correlation_gae837fc04e61c0eb052f997c54b4fd9fe}{alerts} = NULL`
			`\item`
			`PRIVATE \hyperlink{structAI__alert__correlation}{AI\_\-alert\_\-correlation} $\ast$ \hyperlink{group__correlation_ga701934a296c51f2397d24e8bf4a9f021}{correlation\_\-table} = NULL`
			`\item`
			`PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__correlation_gafebc81c042a632dc987e113b7f390274}{lock\_\-flag} = false`
10 sept 2010 commit 2010-09-11 02:12:39 +02:00			`\end{DoxyCompactItemize}`