#include <spp_ai.h>
Data Fields | |
| unsigned int | gid |
| unsigned int | sid |
| unsigned int | rev |
| unsigned short | priority |
| char * | desc |
| char * | classification |
| time_t | timestamp |
| uint8_t | ip_tos |
| uint16_t | ip_len |
| uint16_t | ip_id |
| uint8_t | ip_ttl |
| uint8_t | ip_proto |
| uint32_t | ip_src_addr |
| uint32_t | ip_dst_addr |
| uint16_t | tcp_src_port |
| uint16_t | tcp_dst_port |
| uint32_t | tcp_seq |
| uint32_t | tcp_ack |
| uint8_t | tcp_flags |
| uint16_t | tcp_window |
| uint16_t | tcp_len |
| struct pkt_info * | stream |
| struct _AI_snort_alert * | next |
| hierarchy_node * | h_node [CLUSTER_TYPES] |
| unsigned int | grouped_alarms_count |
| AI_hyperalert_info * | hyperalert |
| struct _AI_snort_alert * | previous_correlated |
| struct _AI_snort_alert ** | derived_alerts |
| unsigned int | n_derived_alerts |
Data type for Snort alerts
Array of directly correlated 'derived' alerts from the current one, if any
| char* _AI_snort_alert::desc |
| unsigned int _AI_snort_alert::gid |
| unsigned int _AI_snort_alert::grouped_alarms_count |
If the clustering algorithm is used, we also count how many alerts this single alert groups
| hierarchy_node* _AI_snort_alert::h_node[CLUSTER_TYPES] |
Hierarchies for addresses and ports, if the clustering algorithm is used
Hyperalert information, pre-conditions and post-conditions
| unsigned int _AI_snort_alert::n_derived_alerts |
Number of derived alerts
| struct _AI_snort_alert* _AI_snort_alert::next |
Pointer to the next alert in the log, if any
| unsigned short _AI_snort_alert::priority |
| unsigned int _AI_snort_alert::rev |
| unsigned int _AI_snort_alert::sid |
| struct pkt_info* _AI_snort_alert::stream |
Reference to the TCP stream associated to the alert, if any
| time_t _AI_snort_alert::timestamp |
1.7.1
