Updating the documentation

INSTALL

@@ -0,0 +1,21 @@
+The installation procedure is the usual one:
+
+$ ./configure
+$ make
+$ make install
+
+If  you did not install Snort in /usr directory you may need to use the --prefix
+option with configure for selecting the directory where you installed Snort (for
+ example    ./configure   --prefix=$HOME/local/snort).   If   the   prefix   was
+specified  correctly,  and  it  actually  points to the location where Snort was
+installed,      the      module     binaries     should     be     placed     in
+$SNORT_DIR/lib/snort_dynamicpreprocessor    after    the    installation,    and
+automatically  loaded  by  Snort  at  the  next start. Moreover, a new directory
+named  corr_rules  will  be  created, in /etc/snort if the prefix was /usr or in
+$SNORT_DIR/etc  otherwise,  containing  XML files describing default correlation
+rules provided by the developer. This set can be enriched in any moment with new
+XML  files,  provided  by  third parts or created by the user itself, describing
+more hyperalerts.
+
+For more details, see the README file.
+

README

@@ -125,10 +125,15 @@ install libpq-dev.
 clusters,  correlations  and  packet  streams  information on a DBMS, making the
 analysis                                                                 easier.
 
-- Perl  (OPTIONAL),  used  for  the CGI script in the web interface that saves a
-packet  stream  associated  to an alert in .pcap format, to be analyzed by tools
-like                   tcpdump                   and                  Wireshark.
+- Perl  (RECOMMANDED),  used  for  the  CGI  script  in  the  web interface that
+saves  a  packet  stream  associated to an alert in .pcap format, to be analyzed
+by            tools           like             tcpdump         and     Wireshark.
 
+- XML::Simple  Perl module (RECOMMANDED), used by 'correlate.cgi' CGI script for
+reading  and  writing  manual  (un)correlations  XML  files.  A  quick  way  for
+installing     it     on     a     Unix     system    is    by    using    CPAN:
+
+# cpan XML::Simple
 
 =====================
 3.2 Configure options
@@ -453,6 +458,14 @@ your  documents  and  files  inside.  You can moreover place some CGI scripts or
 applications  made  in  the  language  you  prefer,  as  long  as they are files
 executable    by    any    users   and   they   have   the   extension   ".cgi".
 
+A powerful featured offered by the web interface is the one that allows the user
+to manually "mark" two alerts as correlated, if the system didn't do that, or as
+not  correlated,  if  the  system  made  a  mistake correlating two uncorrelated
+alerts.  These decisions are made simply by clicking the right button on the web
+page  and  clicking  the two alerts to mark as correlated or uncorrelated. After
+that,  all  the  alerts  of  those  types  will  be  marted  as  correlated,  or
+uncorrelated.
+
 
 ===========================
 8. Additional documentation

TODO

@@ -2,8 +2,6 @@
 AVERAGE/HIGH PRIORITY:
 ======================
 
-- XML::Simple dependancy
-- Manual alert correlation from the web interface
 - Bayesian network
 - Modules for correlation coefficients
 - Code profiling
@@ -17,7 +15,6 @@ LOW PRIORITY:
 
 - Managing clusters for addresses, timestamps (and more?)
 - Splitting the distinct subgraphs of the output graph
-- libgc support
 
 =====
 DONE:
@@ -38,4 +35,5 @@ DONE:
 + Web interface
 + Function names (private functions with _ or __ ?)
 + Saving packet flows as .pcap
++ Manual alert correlation from the web interface