2010-08-16 22:09:34 +02:00
\hypertarget { structAI_ _ config} {
\section { AI\_ \- config Struct Reference}
\label { structAI_ _ config} \index { AI\_ \- config@{ AI\_ \- config} }
}
{ \ttfamily \# include $ < $ spp\_ \- ai.h$ > $ }
\subsection * { Data Fields}
\begin { DoxyCompactItemize}
\item
unsigned long \hyperlink { structAI_ _ config_ a9f7680615027d4fb74b4aa144a7028a4} { hashCleanupInterval}
\item
unsigned long \hyperlink { structAI_ _ config_ abbe77d5f94b8c5164bea47acba09c98b} { streamExpireInterval}
\item
unsigned long \hyperlink { structAI_ _ config_ a7d0d098b8263aa3d8415b11d1ec7f93d} { alertClusteringInterval}
\item
2010-09-04 21:33:53 +02:00
unsigned long \hyperlink { structAI_ _ config_ ae6ca715cab1d90b70c3aad443133c263} { databaseParsingInterval}
\item
2010-09-11 02:12:39 +02:00
unsigned long \hyperlink { structAI_ _ config_ aa736375e57a59936e2e782b7cd200e41} { correlationGraphInterval}
\item
2010-09-14 19:24:03 +02:00
double \hyperlink { structAI_ _ config_ adf6ef0faedfb4dea0a1353e781b14883} { correlationThresholdCoefficient}
\item
2010-08-16 22:09:34 +02:00
char \hyperlink { structAI_ _ config_ a2efa9590d7eea6dce8b5dd9aa76ed8ca} { alertfile} \mbox { [} 1024\mbox { ]}
\item
char \hyperlink { structAI_ _ config_ a6da02a3f7116fd3810a41b738e8883a3} { clusterfile} \mbox { [} 1024\mbox { ]}
2010-09-04 21:33:53 +02:00
\item
2010-09-11 02:12:39 +02:00
char \hyperlink { structAI_ _ config_ ab7ea93bbe72b85c4019b4f5656ad62fc} { corr\_ \- rules\_ \- dir} \mbox { [} 1024\mbox { ]}
\item
2010-09-14 19:24:03 +02:00
char \hyperlink { structAI_ _ config_ ae68f5489e2ec9ea1408f98fe36d050c9} { corr\_ \- alerts\_ \- dir} \mbox { [} 1024\mbox { ]}
\item
2010-09-04 21:33:53 +02:00
char \hyperlink { structAI_ _ config_ ac8a93607f12106e2f5c9b43af27107da} { dbname} \mbox { [} 256\mbox { ]}
\item
char \hyperlink { structAI_ _ config_ aa004adebfdafb6d14092aecd7f4912b0} { dbuser} \mbox { [} 256\mbox { ]}
\item
char \hyperlink { structAI_ _ config_ aa1cda349763faf60b2ebdbf2d187ae7d} { dbpass} \mbox { [} 256\mbox { ]}
\item
char \hyperlink { structAI_ _ config_ a8e56f1a1b2095d3d329c8068ea0f3aab} { dbhost} \mbox { [} 256\mbox { ]}
2010-08-16 22:09:34 +02:00
\end { DoxyCompactItemize}
\subsection { Field Documentation}
\hypertarget { structAI_ _ config_ a7d0d098b8263aa3d8415b11d1ec7f93d} {
\index { AI\_ \- config@{ AI\_ \- config} !alertClusteringInterval@{ alertClusteringInterval} }
\index { alertClusteringInterval@{ alertClusteringInterval} !AI_ config@{ AI\_ \- config} }
\subsubsection [{alertClusteringInterval}] { \setlength { \rightskip } { 0pt plus 5cm} unsigned long { \bf AI\_ \- config::alertClusteringInterval} } }
\label { structAI_ _ config_ a7d0d098b8263aa3d8415b11d1ec7f93d}
2010-09-04 21:33:53 +02:00
Interval in seconds for the alert clustering thread \hypertarget { structAI_ _ config_ a2efa9590d7eea6dce8b5dd9aa76ed8ca} {
2010-08-16 22:09:34 +02:00
\index { AI\_ \- config@{ AI\_ \- config} !alertfile@{ alertfile} }
\index { alertfile@{ alertfile} !AI_ config@{ AI\_ \- config} }
\subsubsection [{alertfile}] { \setlength { \rightskip } { 0pt plus 5cm} char { \bf AI\_ \- config::alertfile} \mbox { [} 1024\mbox { ]} } }
\label { structAI_ _ config_ a2efa9590d7eea6dce8b5dd9aa76ed8ca}
2010-09-04 21:33:53 +02:00
Alert file \hypertarget { structAI_ _ config_ a6da02a3f7116fd3810a41b738e8883a3} {
2010-08-16 22:09:34 +02:00
\index { AI\_ \- config@{ AI\_ \- config} !clusterfile@{ clusterfile} }
\index { clusterfile@{ clusterfile} !AI_ config@{ AI\_ \- config} }
\subsubsection [{clusterfile}] { \setlength { \rightskip } { 0pt plus 5cm} char { \bf AI\_ \- config::clusterfile} \mbox { [} 1024\mbox { ]} } }
\label { structAI_ _ config_ a6da02a3f7116fd3810a41b738e8883a3}
2010-09-14 19:24:03 +02:00
Clustered alerts file \hypertarget { structAI_ _ config_ ae68f5489e2ec9ea1408f98fe36d050c9} {
\index { AI\_ \- config@{ AI\_ \- config} !corr\_ \- alerts\_ \- dir@{ corr\_ \- alerts\_ \- dir} }
\index { corr\_ \- alerts\_ \- dir@{ corr\_ \- alerts\_ \- dir} !AI_ config@{ AI\_ \- config} }
\subsubsection [{corr\_\-alerts\_\-dir}] { \setlength { \rightskip } { 0pt plus 5cm} char { \bf AI\_ \- config::corr\_ \- alerts\_ \- dir} \mbox { [} 1024\mbox { ]} } }
\label { structAI_ _ config_ ae68f5489e2ec9ea1408f98fe36d050c9}
Directory where the correlated alerts' information will be placed \hypertarget { structAI_ _ config_ ab7ea93bbe72b85c4019b4f5656ad62fc} {
2010-09-11 02:12:39 +02:00
\index { AI\_ \- config@{ AI\_ \- config} !corr\_ \- rules\_ \- dir@{ corr\_ \- rules\_ \- dir} }
\index { corr\_ \- rules\_ \- dir@{ corr\_ \- rules\_ \- dir} !AI_ config@{ AI\_ \- config} }
\subsubsection [{corr\_\-rules\_\-dir}] { \setlength { \rightskip } { 0pt plus 5cm} char { \bf AI\_ \- config::corr\_ \- rules\_ \- dir} \mbox { [} 1024\mbox { ]} } }
\label { structAI_ _ config_ ab7ea93bbe72b85c4019b4f5656ad62fc}
Correlation rules path \hypertarget { structAI_ _ config_ aa736375e57a59936e2e782b7cd200e41} {
\index { AI\_ \- config@{ AI\_ \- config} !correlationGraphInterval@{ correlationGraphInterval} }
\index { correlationGraphInterval@{ correlationGraphInterval} !AI_ config@{ AI\_ \- config} }
\subsubsection [{correlationGraphInterval}] { \setlength { \rightskip } { 0pt plus 5cm} unsigned long { \bf AI\_ \- config::correlationGraphInterval} } }
\label { structAI_ _ config_ aa736375e57a59936e2e782b7cd200e41}
2010-09-14 19:24:03 +02:00
Interval in seconds for running the thread for building alert correlation graphs \hypertarget { structAI_ _ config_ adf6ef0faedfb4dea0a1353e781b14883} {
\index { AI\_ \- config@{ AI\_ \- config} !correlationThresholdCoefficient@{ correlationThresholdCoefficient} }
\index { correlationThresholdCoefficient@{ correlationThresholdCoefficient} !AI_ config@{ AI\_ \- config} }
\subsubsection [{correlationThresholdCoefficient}] { \setlength { \rightskip } { 0pt plus 5cm} double { \bf AI\_ \- config::correlationThresholdCoefficient} } }
\label { structAI_ _ config_ adf6ef0faedfb4dea0a1353e781b14883}
Correlation threshold coefficient for correlating two hyperalerts. Two hyperalerts are 'correlated' to each other in a multi-\/ step attack graph if and only if their correlation value is $ > $ = m + ks, where m is the average correlation coefficient, s is the standard deviation over this coefficient, and k is this threshold coefficient. Its value can be $ > $ = 0. A value in \mbox { [} 0,1\mbox { ]} is strongly suggested, but this value mostly depends on how accurate the correlation rules where defined. Be careful, defining a correlation coefficient $ > $ or $ > $ $ > $ 1 no correlation may occur at all! \hypertarget { structAI_ _ config_ ae6ca715cab1d90b70c3aad443133c263} {
2010-09-04 21:33:53 +02:00
\index { AI\_ \- config@{ AI\_ \- config} !databaseParsingInterval@{ databaseParsingInterval} }
\index { databaseParsingInterval@{ databaseParsingInterval} !AI_ config@{ AI\_ \- config} }
\subsubsection [{databaseParsingInterval}] { \setlength { \rightskip } { 0pt plus 5cm} unsigned long { \bf AI\_ \- config::databaseParsingInterval} } }
\label { structAI_ _ config_ ae6ca715cab1d90b70c3aad443133c263}
Interval in seconds for reading the alert database, if database logging is used \hypertarget { structAI_ _ config_ a8e56f1a1b2095d3d329c8068ea0f3aab} {
\index { AI\_ \- config@{ AI\_ \- config} !dbhost@{ dbhost} }
\index { dbhost@{ dbhost} !AI_ config@{ AI\_ \- config} }
\subsubsection [{dbhost}] { \setlength { \rightskip } { 0pt plus 5cm} char { \bf AI\_ \- config::dbhost} \mbox { [} 256\mbox { ]} } }
\label { structAI_ _ config_ a8e56f1a1b2095d3d329c8068ea0f3aab}
Database host, if database logging is used \hypertarget { structAI_ _ config_ ac8a93607f12106e2f5c9b43af27107da} {
\index { AI\_ \- config@{ AI\_ \- config} !dbname@{ dbname} }
\index { dbname@{ dbname} !AI_ config@{ AI\_ \- config} }
\subsubsection [{dbname}] { \setlength { \rightskip } { 0pt plus 5cm} char { \bf AI\_ \- config::dbname} \mbox { [} 256\mbox { ]} } }
\label { structAI_ _ config_ ac8a93607f12106e2f5c9b43af27107da}
Database name, if database logging is used \hypertarget { structAI_ _ config_ aa1cda349763faf60b2ebdbf2d187ae7d} {
\index { AI\_ \- config@{ AI\_ \- config} !dbpass@{ dbpass} }
\index { dbpass@{ dbpass} !AI_ config@{ AI\_ \- config} }
\subsubsection [{dbpass}] { \setlength { \rightskip } { 0pt plus 5cm} char { \bf AI\_ \- config::dbpass} \mbox { [} 256\mbox { ]} } }
\label { structAI_ _ config_ aa1cda349763faf60b2ebdbf2d187ae7d}
Database password, if database logging is used \hypertarget { structAI_ _ config_ aa004adebfdafb6d14092aecd7f4912b0} {
\index { AI\_ \- config@{ AI\_ \- config} !dbuser@{ dbuser} }
\index { dbuser@{ dbuser} !AI_ config@{ AI\_ \- config} }
\subsubsection [{dbuser}] { \setlength { \rightskip } { 0pt plus 5cm} char { \bf AI\_ \- config::dbuser} \mbox { [} 256\mbox { ]} } }
\label { structAI_ _ config_ aa004adebfdafb6d14092aecd7f4912b0}
Database user, if database logging is used \hypertarget { structAI_ _ config_ a9f7680615027d4fb74b4aa144a7028a4} {
2010-08-16 22:09:34 +02:00
\index { AI\_ \- config@{ AI\_ \- config} !hashCleanupInterval@{ hashCleanupInterval} }
\index { hashCleanupInterval@{ hashCleanupInterval} !AI_ config@{ AI\_ \- config} }
\subsubsection [{hashCleanupInterval}] { \setlength { \rightskip } { 0pt plus 5cm} unsigned long { \bf AI\_ \- config::hashCleanupInterval} } }
\label { structAI_ _ config_ a9f7680615027d4fb74b4aa144a7028a4}
2010-09-04 21:33:53 +02:00
Interval in seconds for the stream cleanup thread \hypertarget { structAI_ _ config_ abbe77d5f94b8c5164bea47acba09c98b} {
2010-08-16 22:09:34 +02:00
\index { AI\_ \- config@{ AI\_ \- config} !streamExpireInterval@{ streamExpireInterval} }
\index { streamExpireInterval@{ streamExpireInterval} !AI_ config@{ AI\_ \- config} }
\subsubsection [{streamExpireInterval}] { \setlength { \rightskip } { 0pt plus 5cm} unsigned long { \bf AI\_ \- config::streamExpireInterval} } }
\label { structAI_ _ config_ abbe77d5f94b8c5164bea47acba09c98b}
2010-09-04 21:33:53 +02:00
Interval in seconds for considering an idle stream timed out
2010-08-16 22:09:34 +02:00
The documentation for this struct was generated from the following file:\begin { DoxyCompactItemize}
\item
\hyperlink { spp_ _ ai_ 8h} { spp\_ \- ai.h} \end { DoxyCompactItemize}