#include "spp_ai.h"#include <unistd.h>#include <sys/stat.h>#include <pthread.h>#include <libxml/xmlreader.h>Data Structures | |
| struct | AI_alert_correlation |
Enumerations | |
| enum | { inHyperAlert, inSnortIdTag, inPreTag, inPostTag, TAG_NUM } |
Functions | |
| double | _AI_correlation_coefficient (AI_snort_alert *a, AI_snort_alert *b) |
| Compute the correlation coefficient between two alerts, as INTERSECTION(pre(B), post(A) / UNION(pre(B), post(A)). | |
| void | _AI_macro_subst (AI_snort_alert **alert) |
| Substitute the macros in hyperalert pre-conditions and post-conditions with their associated values. | |
| PRIVATE AI_hyperalert_info * | _AI_hyperalert_from_XML (AI_hyperalert_key key) |
| Parse info about a hyperalert from a correlation XML file, if it exists. | |
| void * | AI_alert_correlation_thread (void *arg) |
| Thread for correlating clustered alerts. | |
Variables | |
| PRIVATE AI_hyperalert_info * | hyperalerts = NULL |
| PRIVATE AI_config * | conf = NULL |
| PRIVATE AI_snort_alert * | alerts = NULL |
| PRIVATE AI_alert_correlation * | correlation_table = NULL |
| PRIVATE BOOL | lock_flag = false |
1.7.1