mirror of
https://github.com/BlackLight/Snort_AIPreproc.git
synced 2024-12-26 19:25:10 +01:00
33 lines
893 B
Text
33 lines
893 B
Text
======================
|
|
AVERAGE/HIGH PRIORITY:
|
|
======================
|
|
|
|
- Clustering alerts with time constraints
|
|
- Web interface
|
|
- Code profiling
|
|
- Saving packet flows as .pcap
|
|
- Neural network for computing k
|
|
- Isolating independant subgraphs from hyperalert correlation graphs
|
|
- Testing more scenarios, making more hyperalert models
|
|
|
|
=============
|
|
LOW PRIORITY:
|
|
=============
|
|
|
|
- Managing clusters for addresses, timestamps (and more?)
|
|
- Splitting the distinct subgraphs of the output graph
|
|
- libgc support
|
|
|
|
=====
|
|
DONE:
|
|
=====
|
|
|
|
+ PostgreSQL support
|
|
+ Regex comp cache
|
|
+ Managing hyperalert graph connection inside the alert structure itself
|
|
+ Keeping track of all the streams and alerts even after clustered
|
|
+ Dynamic cluster_min_size algorithm
|
|
+ Add alerts' history serialization to db.c as well
|
|
+ Bayesian learning among alerts in alert log
|
|
+ Split bayesian correlation out of correlation.c
|
|
|