Snort_AIPreproc/schemas/postgresql.sql

70 lines
2.1 KiB
MySQL
Raw Normal View History

DROP TABLE IF EXISTS ca_ipv4_headers CASCADE;
CREATE TABLE ca_ipv4_headers (
ip_hdr_id serial primary key,
ip_tos integer,
ip_len integer,
ip_id integer,
ip_ttl integer,
ip_proto integer,
ip_src_addr varchar(32),
ip_dst_addr varchar(32)
);
2010-10-05 04:01:35 +02:00
INSERT INTO ca_ipv4_headers ( ip_hdr_id ) VALUES ( 0 );
DROP TABLE IF EXISTS ca_tcp_headers CASCADE;
CREATE TABLE ca_tcp_headers (
tcp_hdr_id serial primary key,
tcp_src_port integer,
tcp_dst_port integer,
2010-10-05 04:01:35 +02:00
tcp_seq bigint,
tcp_ack bigint,
tcp_flags integer,
tcp_window integer,
tcp_len integer
);
2010-10-05 04:01:35 +02:00
INSERT INTO ca_tcp_headers ( tcp_hdr_id ) VALUES ( 0 );
DROP TABLE IF EXISTS ca_clustered_alerts CASCADE;
CREATE TABLE ca_clustered_alerts (
cluster_id serial primary key,
clustered_srcip varchar(255) default null,
clustered_dstip varchar(255) default null,
clustered_srcport varchar(255) default null,
clustered_dstport varchar(255) default null
);
2010-10-05 04:01:35 +02:00
INSERT INTO ca_clustered_alerts ( cluster_id ) VALUES ( 0 );
DROP TABLE IF EXISTS ca_alerts CASCADE;
CREATE TABLE ca_alerts (
alert_id serial primary key,
gid integer,
sid integer,
rev integer,
priority integer,
description varchar(255),
classification varchar(255),
timestamp timestamp,
2010-10-05 04:01:35 +02:00
ip_hdr integer default 0 references ca_ipv4_headers(ip_hdr_id),
tcp_hdr integer default 0 references ca_tcp_headers(tcp_hdr_id),
cluster_id integer default 0 references ca_clustered_alerts(cluster_id)
);
DROP TABLE IF EXISTS ca_packet_streams CASCADE;
CREATE TABLE ca_packet_streams (
pkt_id serial primary key,
alert_id integer references ca_alerts(alert_id),
pkt_len integer,
timestamp timestamp,
2010-10-05 04:01:35 +02:00
content bytea
);
DROP TABLE IF EXISTS ca_correlated_alerts CASCADE;
CREATE TABLE ca_correlated_alerts (
alert1 integer references ca_alerts(alert_id),
alert2 integer references ca_alerts(alert_id),
correlation_coeff real,
primary key(alert1, alert2)
);