#include "spp_ai.h"#include <stdio.h>#include <stdlib.h>#include <string.h>#include <unistd.h>#include <time.h>#include <math.h>#include <alloca.h>#include <sys/stat.h>#include <pthread.h>#include <libxml/xmlreader.h>Data Structures | |
| struct | AI_alert_correlation_key |
| struct | AI_alert_correlation |
Enumerations | |
| enum | { inHyperAlert, inSnortIdTag, inPreTag, inPostTag, TAG_NUM } |
Functions | |
| PRIVATE void | _AI_correlation_table_cleanup () |
| Clean up the correlation hash table. | |
| PRIVATE void | _AI_print_correlated_alerts (AI_alert_correlation *corr, FILE *fp) |
| Recursively write a flow of correlated alerts to a .dot file, ready for being rendered as graph. | |
| PRIVATE char * | _AI_get_function_name (const char *orig_stmt) |
| Get the name of the function called by a pre-condition or post-condition predicate. | |
| PRIVATE char ** | _AI_get_function_arguments (char *orig_stmt, int *n_args) |
| Get the arguments passed to a function predicate in a pre-condition or post-condition (comma-separated values). | |
| PRIVATE double | _AI_correlation_coefficient (AI_snort_alert *a, AI_snort_alert *b) |
| Compute the correlation coefficient between two alerts, as INTERSECTION(pre(B), post(A) / UNION(pre(B), post(A)). | |
| PRIVATE void | _AI_macro_subst (AI_snort_alert **alert) |
| Substitute the macros in hyperalert pre-conditions and post-conditions with their associated values. | |
| PRIVATE AI_hyperalert_info * | _AI_hyperalert_from_XML (AI_hyperalert_key key) |
| Parse info about a hyperalert from a correlation XML file, if it exists. | |
| void * | AI_alert_correlation_thread (void *arg) |
| Thread for correlating clustered alerts. | |
Variables | |
| PRIVATE AI_hyperalert_info * | hyperalerts = NULL |
| PRIVATE AI_config * | conf = NULL |
| PRIVATE AI_snort_alert * | alerts = NULL |
| PRIVATE AI_alert_correlation * | correlation_table = NULL |
| PRIVATE BOOL | lock_flag = false |
1.7.1