blacklight
/
Snort_AIPreproc
mirror of https://github.com/BlackLight/Snort_AIPreproc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Snort_AIPreproc/doc/html/group__correlation.html

446 lines
25 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: Module for the correlation of hyperalerts</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#nested-classes">Data Structures</a> &#124;
<a href="#enum-members">Enumerations</a> &#124;
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
<div class="headertitle">
<h1>Module for the correlation of hyperalerts</h1> </div>
</div>
<div class="contents">
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="nested-classes"></a>
Data Structures</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__alert__correlation__key.html">AI_alert_correlation_key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__alert__correlation.html">AI_alert_correlation</a></td></tr>
<tr><td colspan="2"><h2><a name="enum-members"></a>
Enumerations</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">enum &nbsp;</td><td class="memItemRight" valign="bottom">{ <br/>
&nbsp;&nbsp;<a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba0b3b5f651ab0c6355666ff7b1c778af8">inHyperAlert</a>,
<a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba52d913c46f650f89a5da3ff4bfb7a45d">inSnortIdTag</a>,
<a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba828f2ec4acb20bae9b9c9fb0c5e0881f">inPreTag</a>,
<a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55baf6430d8e5b9791cca74ec3b325a8339f">inPostTag</a>,
<br/>
&nbsp;&nbsp;<a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba551d1861515058fbfe34955d4170ae67">TAG_NUM</a>
<br/>
}</td></tr>
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga9bcb94264ffe30f113f3fb7287b774e3">_AI_correlation_table_cleanup</a> ()</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Clean up the correlation hash table. <a href="#ga9bcb94264ffe30f113f3fb7287b774e3"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga4267a39fa1a5ac035015823bca43288e">_AI_print_correlated_alerts</a> (<a class="el" href="structAI__alert__correlation.html">AI_alert_correlation</a> *corr, FILE *fp)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Recursively write a flow of correlated alerts to a .dot file, ready for being rendered as graph. <a href="#ga4267a39fa1a5ac035015823bca43288e"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE char *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga7a1b2d01f526f24ea91d7f08bdefd4fe">_AI_get_function_name</a> (const char *orig_stmt)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get the name of the function called by a pre-condition or post-condition predicate. <a href="#ga7a1b2d01f526f24ea91d7f08bdefd4fe"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE char **&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gab716702cd226ab2ad957234a92da6e4a">_AI_get_function_arguments</a> (char *orig_stmt, int *n_args)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get the arguments passed to a function predicate in a pre-condition or post-condition (comma-separated values). <a href="#gab716702cd226ab2ad957234a92da6e4a"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE double&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga9cb283b28a66829574add58a251b93c6">_AI_correlation_coefficient</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *a, <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *b)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Compute the correlation coefficient between two alerts, as INTERSECTION(pre(B), post(A) / UNION(pre(B), post(A)). <a href="#ga9cb283b28a66829574add58a251b93c6"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga70a4aaf8b689472dad62ba7a9bbde1a6">_AI_macro_subst</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> **alert)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Substitute the macros in hyperalert pre-conditions and post-conditions with their associated values. <a href="#ga70a4aaf8b689472dad62ba7a9bbde1a6"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga929e5c17fdb247a998d83ed6a4ae5a65">_AI_hyperalert_from_XML</a> (<a class="el" href="structAI__hyperalert__key.html">AI_hyperalert_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Parse info about a hyperalert from a correlation XML file, if it exists. <a href="#ga929e5c17fdb247a998d83ed6a4ae5a65"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be">AI_alert_correlation_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for correlating clustered alerts. <a href="#ga939353a4e15de7a8f4145ab986f584be"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gae56c79aa018caaeebeeb709a9e51c9c2">hyperalerts</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca">conf</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__alert__correlation.html">AI_alert_correlation</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga701934a296c51f2397d24e8bf4a9f021">correlation_table</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gafebc81c042a632dc987e113b7f390274">lock_flag</a> = false</td></tr>
</table>
<hr/><h2>Enumeration Type Documentation</h2>
<a class="anchor" id="ga06fc87d81c62e9abb8790b6e5713c55b"></a><!-- doxytag: member="correlation.c::@0" ref="ga06fc87d81c62e9abb8790b6e5713c55b" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">anonymous enum</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Enumeration for the types of XML tags </p>
<dl><dt><b>Enumerator: </b></dt><dd><table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"><em><a class="anchor" id="gga06fc87d81c62e9abb8790b6e5713c55ba0b3b5f651ab0c6355666ff7b1c778af8"></a><!-- doxytag: member="inHyperAlert" ref="gga06fc87d81c62e9abb8790b6e5713c55ba0b3b5f651ab0c6355666ff7b1c778af8" args="" -->inHyperAlert</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="gga06fc87d81c62e9abb8790b6e5713c55ba52d913c46f650f89a5da3ff4bfb7a45d"></a><!-- doxytag: member="inSnortIdTag" ref="gga06fc87d81c62e9abb8790b6e5713c55ba52d913c46f650f89a5da3ff4bfb7a45d" args="" -->inSnortIdTag</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="gga06fc87d81c62e9abb8790b6e5713c55ba828f2ec4acb20bae9b9c9fb0c5e0881f"></a><!-- doxytag: member="inPreTag" ref="gga06fc87d81c62e9abb8790b6e5713c55ba828f2ec4acb20bae9b9c9fb0c5e0881f" args="" -->inPreTag</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="gga06fc87d81c62e9abb8790b6e5713c55baf6430d8e5b9791cca74ec3b325a8339f"></a><!-- doxytag: member="inPostTag" ref="gga06fc87d81c62e9abb8790b6e5713c55baf6430d8e5b9791cca74ec3b325a8339f" args="" -->inPostTag</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="gga06fc87d81c62e9abb8790b6e5713c55ba551d1861515058fbfe34955d4170ae67"></a><!-- doxytag: member="TAG_NUM" ref="gga06fc87d81c62e9abb8790b6e5713c55ba551d1861515058fbfe34955d4170ae67" args="" -->TAG_NUM</em>&nbsp;</td><td>
</td></tr>
</table>
</dd>
</dl>
</div>
</div>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="ga9cb283b28a66829574add58a251b93c6"></a><!-- doxytag: member="correlation.c::_AI_correlation_coefficient" ref="ga9cb283b28a66829574add58a251b93c6" args="(AI_snort_alert *a, AI_snort_alert *b)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE double _AI_correlation_coefficient </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>a</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>b</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Compute the correlation coefficient between two alerts, as INTERSECTION(pre(B), post(A) / UNION(pre(B), post(A)). </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>a</em>&nbsp;</td><td>Alert a </td></tr>
<tr><td valign="top"></td><td valign="top"><em>b</em>&nbsp;</td><td>Alert b </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The correlation coefficient between A and B as coefficient in [0,1] </dd></dl>
</div>
</div>
<a class="anchor" id="ga9bcb94264ffe30f113f3fb7287b774e3"></a><!-- doxytag: member="correlation.c::_AI_correlation_table_cleanup" ref="ga9bcb94264ffe30f113f3fb7287b774e3" args="()" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE void _AI_correlation_table_cleanup </td>
<td>(</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Clean up the correlation hash table. </p>
</div>
</div>
<a class="anchor" id="gab716702cd226ab2ad957234a92da6e4a"></a><!-- doxytag: member="correlation.c::_AI_get_function_arguments" ref="gab716702cd226ab2ad957234a92da6e4a" args="(char *orig_stmt, int *n_args)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE char** _AI_get_function_arguments </td>
<td>(</td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>orig_stmt</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int *&nbsp;</td>
<td class="paramname"> <em>n_args</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Get the arguments passed to a function predicate in a pre-condition or post-condition (comma-separated values). </p>
<p>FUNCTION: _AI_get_function_arguments </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>origstmt</em>&nbsp;</td><td>Statement representing a pre-condition or post-condition </td></tr>
<tr><td valign="top"></td><td valign="top"><em>n_args</em>&nbsp;</td><td>Reference to an integer that will contain the number of arguments read </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>An array of strings containing the arguments of the function </dd></dl>
</div>
</div>
<a class="anchor" id="ga7a1b2d01f526f24ea91d7f08bdefd4fe"></a><!-- doxytag: member="correlation.c::_AI_get_function_name" ref="ga7a1b2d01f526f24ea91d7f08bdefd4fe" args="(const char *orig_stmt)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE char* _AI_get_function_name </td>
<td>(</td>
<td class="paramtype">const char *&nbsp;</td>
<td class="paramname"> <em>orig_stmt</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Get the name of the function called by a pre-condition or post-condition predicate. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>orig_stmt</em>&nbsp;</td><td>Statement representing a pre-condition or post-condition </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The name of the function called by that statement </dd></dl>
</div>
</div>
<a class="anchor" id="ga929e5c17fdb247a998d83ed6a4ae5a65"></a><!-- doxytag: member="correlation.c::_AI_hyperalert_from_XML" ref="ga929e5c17fdb247a998d83ed6a4ae5a65" args="(AI_hyperalert_key key)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a>* _AI_hyperalert_from_XML </td>
<td>(</td>
<td class="paramtype"><a class="el" href="structAI__hyperalert__key.html">AI_hyperalert_key</a>&nbsp;</td>
<td class="paramname"> <em>key</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Parse info about a hyperalert from a correlation XML file, if it exists. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>key</em>&nbsp;</td><td>Key (gid, sid, rev) identifying the alert </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>A hyperalert structure containing the info about the current alert, if the XML file was found </dd></dl>
</div>
</div>
<a class="anchor" id="ga70a4aaf8b689472dad62ba7a9bbde1a6"></a><!-- doxytag: member="correlation.c::_AI_macro_subst" ref="ga70a4aaf8b689472dad62ba7a9bbde1a6" args="(AI_snort_alert **alert)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE void _AI_macro_subst </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> **&nbsp;</td>
<td class="paramname"> <em>alert</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Substitute the macros in hyperalert pre-conditions and post-conditions with their associated values. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>alert</em>&nbsp;</td><td>Reference to the hyperalert to work on </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="ga4267a39fa1a5ac035015823bca43288e"></a><!-- doxytag: member="correlation.c::_AI_print_correlated_alerts" ref="ga4267a39fa1a5ac035015823bca43288e" args="(AI_alert_correlation *corr, FILE *fp)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE void _AI_print_correlated_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="structAI__alert__correlation.html">AI_alert_correlation</a> *&nbsp;</td>
<td class="paramname"> <em>corr</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">FILE *&nbsp;</td>
<td class="paramname"> <em>fp</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Recursively write a flow of correlated alerts to a .dot file, ready for being rendered as graph. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>corr_alerts</em>&nbsp;</td><td>Correlated alerts </td></tr>
<tr><td valign="top"></td><td valign="top"><em>fp</em>&nbsp;</td><td>File pointer </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="ga939353a4e15de7a8f4145ab986f584be"></a><!-- doxytag: member="correlation.c::AI_alert_correlation_thread" ref="ga939353a4e15de7a8f4145ab986f584be" args="(void *arg)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void* AI_alert_correlation_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread for correlating clustered alerts. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>Void pointer to module's configuration </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="gae837fc04e61c0eb052f997c54b4fd9fe"></a><!-- doxytag: member="correlation.c::alerts" ref="gae837fc04e61c0eb052f997c54b4fd9fe" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="el" href="group__correlation.html#gae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="gaad7a982b6016390e7cd1164bd7db8bca"></a><!-- doxytag: member="correlation.c::conf" ref="gaad7a982b6016390e7cd1164bd7db8bca" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="structAI__config.html">AI_config</a>* <a class="el" href="group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca">conf</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ga701934a296c51f2397d24e8bf4a9f021"></a><!-- doxytag: member="correlation.c::correlation_table" ref="ga701934a296c51f2397d24e8bf4a9f021" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="structAI__alert__correlation.html">AI_alert_correlation</a>* <a class="el" href="group__correlation.html#ga701934a296c51f2397d24e8bf4a9f021">correlation_table</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="gae56c79aa018caaeebeeb709a9e51c9c2"></a><!-- doxytag: member="correlation.c::hyperalerts" ref="gae56c79aa018caaeebeeb709a9e51c9c2" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a>* <a class="el" href="group__correlation.html#gae56c79aa018caaeebeeb709a9e51c9c2">hyperalerts</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="gafebc81c042a632dc987e113b7f390274"></a><!-- doxytag: member="correlation.c::lock_flag" ref="gafebc81c042a632dc987e113b7f390274" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> <a class="el" href="group__correlation.html#gafebc81c042a632dc987e113b7f390274">lock_flag</a> = false</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Tue Sep 14 2010 19:23:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink