mirror of
https://github.com/BlackLight/Snort_AIPreproc.git
synced 2024-11-16 21:37:15 +01:00
69 lines
2.1 KiB
SQL
69 lines
2.1 KiB
SQL
DROP TABLE IF EXISTS ca_ipv4_headers CASCADE;
|
|
CREATE TABLE ca_ipv4_headers (
|
|
ip_hdr_id serial primary key,
|
|
ip_tos integer,
|
|
ip_len integer,
|
|
ip_id integer,
|
|
ip_ttl integer,
|
|
ip_proto integer,
|
|
ip_src_addr varchar(32),
|
|
ip_dst_addr varchar(32)
|
|
);
|
|
INSERT INTO ca_ipv4_headers ( ip_hdr_id ) VALUES ( 0 );
|
|
|
|
DROP TABLE IF EXISTS ca_tcp_headers CASCADE;
|
|
CREATE TABLE ca_tcp_headers (
|
|
tcp_hdr_id serial primary key,
|
|
tcp_src_port integer,
|
|
tcp_dst_port integer,
|
|
tcp_seq bigint,
|
|
tcp_ack bigint,
|
|
tcp_flags integer,
|
|
tcp_window integer,
|
|
tcp_len integer
|
|
);
|
|
INSERT INTO ca_tcp_headers ( tcp_hdr_id ) VALUES ( 0 );
|
|
|
|
DROP TABLE IF EXISTS ca_clustered_alerts CASCADE;
|
|
CREATE TABLE ca_clustered_alerts (
|
|
cluster_id serial primary key,
|
|
clustered_srcip varchar(255) default null,
|
|
clustered_dstip varchar(255) default null,
|
|
clustered_srcport varchar(255) default null,
|
|
clustered_dstport varchar(255) default null
|
|
);
|
|
INSERT INTO ca_clustered_alerts ( cluster_id ) VALUES ( 0 );
|
|
|
|
DROP TABLE IF EXISTS ca_alerts CASCADE;
|
|
CREATE TABLE ca_alerts (
|
|
alert_id serial primary key,
|
|
gid integer,
|
|
sid integer,
|
|
rev integer,
|
|
priority integer,
|
|
description varchar(255),
|
|
classification varchar(255),
|
|
timestamp timestamp,
|
|
ip_hdr integer default 0 references ca_ipv4_headers(ip_hdr_id),
|
|
tcp_hdr integer default 0 references ca_tcp_headers(tcp_hdr_id),
|
|
cluster_id integer default 0 references ca_clustered_alerts(cluster_id)
|
|
);
|
|
|
|
DROP TABLE IF EXISTS ca_packet_streams CASCADE;
|
|
CREATE TABLE ca_packet_streams (
|
|
pkt_id serial primary key,
|
|
alert_id integer references ca_alerts(alert_id),
|
|
pkt_len integer,
|
|
timestamp timestamp,
|
|
content bytea
|
|
);
|
|
|
|
DROP TABLE IF EXISTS ca_correlated_alerts CASCADE;
|
|
CREATE TABLE ca_correlated_alerts (
|
|
alert1 integer references ca_alerts(alert_id),
|
|
alert2 integer references ca_alerts(alert_id),
|
|
correlation_coeff real,
|
|
|
|
primary key(alert1, alert2)
|
|
);
|
|
|