Data Fields

AI_config Struct Reference

#include <spp_ai.h>

Data Fields

unsigned long hashCleanupInterval
unsigned long streamExpireInterval
unsigned long alertClusteringInterval
unsigned long databaseParsingInterval
unsigned long correlationGraphInterval
double correlationThresholdCoefficient
char alertfile [1024]
char clusterfile [1024]
char corr_rules_dir [1024]
char corr_alerts_dir [1024]
char dbname [256]
char dbuser [256]
char dbpass [256]
char dbhost [256]

Field Documentation

unsigned long AI_config::alertClusteringInterval

Interval in seconds for the alert clustering thread

char AI_config::alertfile[1024]

Alert file

char AI_config::clusterfile[1024]

Clustered alerts file

char AI_config::corr_alerts_dir[1024]

Directory where the correlated alerts' information will be placed

char AI_config::corr_rules_dir[1024]

Correlation rules path

unsigned long AI_config::correlationGraphInterval

Interval in seconds for running the thread for building alert correlation graphs

double AI_config::correlationThresholdCoefficient

Correlation threshold coefficient for correlating two hyperalerts. Two hyperalerts are 'correlated' to each other in a multi-step attack graph if and only if their correlation value is >= m + ks, where m is the average correlation coefficient, s is the standard deviation over this coefficient, and k is this threshold coefficient. Its value can be >= 0. A value in [0,1] is strongly suggested, but this value mostly depends on how accurate the correlation rules where defined. Be careful, defining a correlation coefficient > or >> 1 no correlation may occur at all!

unsigned long AI_config::databaseParsingInterval

Interval in seconds for reading the alert database, if database logging is used

char AI_config::dbhost[256]

Database host, if database logging is used

char AI_config::dbname[256]

Database name, if database logging is used

char AI_config::dbpass[256]

Database password, if database logging is used

char AI_config::dbuser[256]

Database user, if database logging is used

unsigned long AI_config::hashCleanupInterval

Interval in seconds for the stream cleanup thread

unsigned long AI_config::streamExpireInterval

Interval in seconds for considering an idle stream timed out

The documentation for this struct was generated from the following file:
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Defines
Generated on Tue Sep 14 2010 19:23:42 for Snort AI preprocessor module by  doxygen 1.7.1