2010-09-16 23:21:38 +02:00
|
|
|
======================
|
|
|
|
|
AVERAGE/HIGH PRIORITY:
|
|
|
|
|
======================
|
|
|
|
|
|
2010-10-07 12:19:21 +02:00
|
|
|
- Modules for correlation coefficients
|
2010-09-28 21:36:58 +02:00
|
|
|
- Code profiling
|
2010-09-29 12:24:30 +02:00
|
|
|
- Comment all the code!!!
|
2010-09-28 21:36:58 +02:00
|
|
|
- Neural network for computing k
|
2010-09-16 23:21:38 +02:00
|
|
|
- Testing more scenarios, making more hyperalert models
|
|
|
|
|
|
|
|
|
|
=============
|
|
|
|
|
LOW PRIORITY:
|
|
|
|
|
=============
|
2010-09-11 12:45:30 +02:00
|
|
|
|
2010-08-14 14:30:41 +02:00
|
|
|
- Managing clusters for addresses, timestamps (and more?)
|
2010-09-28 21:36:58 +02:00
|
|
|
- Splitting the distinct subgraphs of the output graph
|
2010-08-14 14:30:41 +02:00
|
|
|
|
2010-09-16 23:21:38 +02:00
|
|
|
=====
|
|
|
|
|
DONE:
|
|
|
|
|
=====
|
|
|
|
|
|
|
|
|
|
+ PostgreSQL support
|
|
|
|
|
+ Regex comp cache
|
|
|
|
|
+ Managing hyperalert graph connection inside the alert structure itself
|
|
|
|
|
+ Keeping track of all the streams and alerts even after clustered
|
2010-09-18 16:42:11 +02:00
|
|
|
+ Dynamic cluster_min_size algorithm
|
2010-09-23 21:57:20 +02:00
|
|
|
+ Add alerts' history serialization to db.c as well
|
|
|
|
|
+ Bayesian learning among alerts in alert log
|
2010-09-28 21:36:58 +02:00
|
|
|
+ Split bayesian correlation out of correlation.c
|
2010-09-29 12:24:30 +02:00
|
|
|
+ Clustering alerts with time constraints
|
2010-10-02 17:46:15 +02:00
|
|
|
+ Save clusters and correlations to db
|
2010-10-04 17:48:07 +02:00
|
|
|
+ Uniformed error messages format
|
2010-10-07 12:19:21 +02:00
|
|
|
+ Full PostgreSQL support for output db
|
2010-10-11 17:00:03 +02:00
|
|
|
+ Web interface
|
|
|
|
|
+ Function names (private functions with _ or __ ?)
|
2010-10-12 03:12:11 +02:00
|
|
|
+ Saving packet flows as .pcap
|
2010-10-14 02:53:17 +02:00
|
|
|
+ Manual alert correlation from the web interface
|
2010-09-16 23:21:38 +02:00
|
|
|
|
