Data Structures |
| struct | pkt_key |
| struct | pkt_info |
| struct | AI_config |
| struct | _hierarchy_node |
| struct | AI_hyperalert_key |
| struct | AI_hyperalert_info |
| struct | _AI_snort_alert |
Defines |
| #define | PRIVATE static |
| #define | DEFAULT_HASH_CLEANUP_INTERVAL 300 |
| #define | DEFAULT_STREAM_EXPIRE_INTERVAL 300 |
| #define | DEFAULT_DATABASE_INTERVAL 30 |
| #define | DEFAULT_ALERT_CLUSTERING_INTERVAL 3600 |
| #define | DEFAULT_ALERT_CORRELATION_INTERVAL 300 |
| #define | DEFAULT_ALERT_LOG_FILE "/var/log/snort/alert" |
| #define | DEFAULT_CLUSTER_LOG_FILE "/var/log/snort/cluster_alert" |
| #define | DEFAULT_CORR_RULES_DIR "/etc/snort/corr_rules" |
| #define | DEFAULT_CORR_ALERTS_DIR "/var/log/snort/correlated_alerts" |
| #define | DEFAULT_CORR_THRESHOLD 0.5 |
Typedefs |
| typedef unsigned char | uint8_t |
| typedef unsigned short | uint16_t |
| typedef unsigned int | uint32_t |
| typedef struct _hierarchy_node | hierarchy_node |
| typedef struct _AI_snort_alert | AI_snort_alert |
Enumerations |
| enum | BOOL { false,
true
} |
| enum | cluster_type {
none,
src_addr,
dst_addr,
src_port,
dst_port,
CLUSTER_TYPES
} |
Functions |
| int | preg_match (const char *, char *, char ***, int *) |
| | Check if a string matches a regular expression.
|
| char * | str_replace (char *str, char *orig, char *rep) |
| | Replace the content of 'orig' in 'str' with 'rep'.
|
| char * | str_replace_all (char *str, char *orig, char *rep) |
| | Replace all of the occurrences of 'orig' in 'str' with 'rep'.
|
| void * | AI_hashcleanup_thread (void *) |
| | Thread called for cleaning up the hash table from the traffic streams older than a certain threshold.
|
| void * | AI_file_alertparser_thread (void *) |
| | Thread for parsing Snort's alert file.
|
| void * | AI_alert_correlation_thread (void *) |
| | Thread for correlating clustered alerts.
|
| void | AI_pkt_enqueue (SFSnortPacket *) |
| | Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream.
|
| void | AI_set_stream_observed (struct pkt_key key) |
| | Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table.
|
| void | AI_hierarchies_build (AI_config *, hierarchy_node **, int) |
| | Build the clustering hierarchy trees.
|
| void | AI_free_alerts (AI_snort_alert *node) |
| | Deallocate the memory of a log alert linked list.
|
| struct pkt_info * | AI_get_stream_by_key (struct pkt_key) |
| | Get a TCP stream by key.
|
| AI_snort_alert * | AI_get_alerts (void) |
| | Return the alerts parsed so far as a linked list.
|
| AI_snort_alert * | AI_get_clustered_alerts (void) |
| | Return the alerts parsed so far as a linked list.
|
Variables |
| DynamicPreprocessorData | _dpd |
| AI_snort_alert *(* | get_alerts )(void) |
1.7.1