mirror of
https://github.com/BlackLight/Snort_AIPreproc.git
synced 2024-12-27 11:35:11 +01:00
82 lines
2.1 KiB
SQL
82 lines
2.1 KiB
SQL
DROP TABLE IF EXISTS ca_ipv4_headers;
|
|
CREATE TABLE ca_ipv4_headers (
|
|
ip_hdr_id integer auto_increment,
|
|
ip_tos integer,
|
|
ip_len integer,
|
|
ip_id integer,
|
|
ip_ttl integer,
|
|
ip_proto integer,
|
|
ip_src_addr varchar(32),
|
|
ip_dst_addr varchar(32),
|
|
|
|
primary key(ip_hdr_id)
|
|
);
|
|
|
|
DROP TABLE IF EXISTS ca_tcp_headers;
|
|
CREATE TABLE ca_tcp_headers (
|
|
tcp_hdr_id integer auto_increment,
|
|
tcp_src_port integer,
|
|
tcp_dst_port integer,
|
|
tcp_seq integer,
|
|
tcp_ack integer,
|
|
tcp_flags integer,
|
|
tcp_window integer,
|
|
tcp_len integer,
|
|
|
|
primary key(tcp_hdr_id)
|
|
);
|
|
|
|
DROP TABLE IF EXISTS ca_clustered_alerts;
|
|
CREATE TABLE ca_clustered_alerts (
|
|
cluster_id integer auto_increment,
|
|
clustered_srcip varchar(255) default null,
|
|
clustered_dstip varchar(255) default null,
|
|
clustered_srcport varchar(255) default null,
|
|
clustered_dstport varchar(255) default null,
|
|
|
|
primary key(cluster_id)
|
|
);
|
|
|
|
DROP TABLE IF EXISTS ca_alerts;
|
|
CREATE TABLE ca_alerts (
|
|
alert_id integer auto_increment,
|
|
gid integer,
|
|
sid integer,
|
|
rev integer,
|
|
priority integer,
|
|
description varchar(255),
|
|
classification varchar(255),
|
|
timestamp datetime,
|
|
ip_hdr integer default 0,
|
|
tcp_hdr integer default 0,
|
|
cluster_id integer default 0,
|
|
|
|
primary key(alert_id),
|
|
foreign key(ip_hdr) references ca_ip_headers(ip_hdr_id),
|
|
foreign key(tcp_hdr) references ca_tcp_headers(tcp_hdr_id),
|
|
foreign key(cluster_id) references ca_clustered_alerts(cluster_id)
|
|
);
|
|
|
|
DROP TABLE IF EXISTS ca_packet_streams;
|
|
CREATE TABLE ca_packet_streams (
|
|
pkt_id integer auto_increment,
|
|
alert_id integer,
|
|
pkt_len integer,
|
|
timestamp datetime,
|
|
content longblob,
|
|
|
|
primary key(pkt_id),
|
|
foreign key(alert_id) references ca_alerts(alert_id)
|
|
);
|
|
|
|
DROP TABLE IF EXISTS ca_correlated_alerts;
|
|
CREATE TABLE ca_correlated_alerts (
|
|
alert1 integer,
|
|
alert2 integer,
|
|
correlation_coeff double,
|
|
|
|
primary key(alert1, alert2),
|
|
foreign key(alert1) references ca_alerts(alert_id),
|
|
foreign key(alert2) references ca_alerts(alert_id)
|
|
);
|
|
|