====================== AVERAGE/HIGH PRIORITY: ====================== - XML::Simple dependancy - Manual alert correlation from the web interface - Bayesian network - Modules for correlation coefficients - Code profiling - Comment all the code!!! - Neural network for computing k - Testing more scenarios, making more hyperalert models ============= LOW PRIORITY: ============= - Managing clusters for addresses, timestamps (and more?) - Splitting the distinct subgraphs of the output graph - libgc support ===== DONE: ===== + PostgreSQL support + Regex comp cache + Managing hyperalert graph connection inside the alert structure itself + Keeping track of all the streams and alerts even after clustered + Dynamic cluster_min_size algorithm + Add alerts' history serialization to db.c as well + Bayesian learning among alerts in alert log + Split bayesian correlation out of correlation.c + Clustering alerts with time constraints + Save clusters and correlations to db + Uniformed error messages format + Full PostgreSQL support for output db + Web interface + Function names (private functions with _ or __ ?) + Saving packet flows as .pcap