OSSIM主要数据库表结构

OSSIM主要数据库表结构

对于从事OSSIM开发的技术人员，最主要的需要知道OSSIM库里的多种表结构，下面举几个典型事例：

/* ======== config表 ======== */

DROP TABLE IF EXISTS conf;

CREATE TABLE conf (

recovery int NOT NULL,

threshold int NOT NULL,

graph_threshold int NOT NULL,

bar_length_left int NOT NULL,

bar_length_right int NOT NULL,

PRIMARY KEY (recovery, threshold, graph_threshold,

bar_length_left, bar_length_right)

);

/* ======== hosts & nets表 ======== */

DROP TABLE IF EXISTS host;

CREATE TABLE host (

ip varchar(15) UNIQUE NOT NULL,

hostname varchar(128) NOT NULL,

asset smallint(6) NOT NULL,

threshold_c int NOT NULL,

threshold_a int NOT NULL,

alert int NOT NULL,

persistence int NOT NULL,

nat varchar(15),

descr varchar(255),

PRIMARY KEY (ip)

);

DROP TABLE IF EXISTS scan;

CREATE TABLE scan (

ip varchar(15) UNIQUE NOT NULL,

active int NOT NULL,

PRIMARY KEY (ip)

);

DROP TABLE IF EXISTS net;

CREATE TABLE net (

name varchar(128) UNIQUE NOT NULL,

ips varchar(255) NOT NULL,

priority int NOT NULL,

threshold_c int NOT NULL,

threshold_a int NOT NULL,

alert int NOT NULL,

persistence int NOT NULL,

descr varchar(255),

PRIMARY KEY (name)

);

DROP TABLE IF EXISTS net_host_reference;

CREATE TABLE net_host_reference (

net_name varchar(128) NOT NULL,

host_ip varchar(15) NOT NULL,

PRIMARY KEY (net_name,host_ip)

);

/* ======== signatures表 ======== */

DROP TABLE IF EXISTS signature_group;

CREATE TABLE signature_group (

name varchar(64) NOT NULL,

descr varchar(255),

PRIMARY KEY (name)

);

DROP TABLE IF EXISTS signature;

CREATE TABLE signature (

name varchar(64) NOT NULL,

PRIMARY KEY (name)

);

DROP TABLE IF EXISTS signature_group_reference;

CREATE TABLE signature_group_reference (

sig_group_name varchar(64) NOT NULL,

sig_name varchar(64) NOT NULL,

PRIMARY KEY (sig_group_name, sig_name)

);

/* ======== ports表 ======== */

DROP TABLE IF EXISTS port_group;

CREATE TABLE port_group (

name varchar(64) NOT NULL,

descr varchar(255),

PRIMARY KEY (name)

);

DROP TABLE IF EXISTS port;

CREATE TABLE port (

port_number int NOT NULL,

protocol_name varchar(12) NOT NULL,

service varchar(64),

descr varchar(255),

PRIMARY KEY (port_number,protocol_name)

);

DROP TABLE IF EXISTS port_group_reference;

CREATE TABLE port_group_reference (

port_group_name varchar(64) NOT NULL,

port_number int NOT NULL,

protocol_name varchar(12) NOT NULL,

PRIMARY KEY (port_group_name, port_number, protocol_name)

);

DROP TABLE IF EXISTS protocol;

CREATE TABLE protocol (

id int NOT NULL,

name varchar(24) NOT NULL,

alias varchar(24),

descr varchar(255) NOT NULL,

PRIMARY KEY (id)

);

/* ======== sensors表 ======== */

DROP TABLE IF EXISTS sensor;

CREATE TABLE sensor (

name varchar(64) NOT NULL,

ip varchar(15) NOT NULL,

priority smallint NOT NULL,

port int NOT NULL,

connect smallint NOT NULL,

/* sig_group_id int NOT NULL, */

descr varchar(255) NOT NULL,

PRIMARY KEY (name)

);

DROP TABLE IF EXISTS host_sensor_reference;

CREATE TABLE host_sensor_reference (

host_ip varchar(15) NOT NULL,

sensor_name varchar(64) NOT NULL,

PRIMARY KEY (host_ip, sensor_name)

);

DROP TABLE IF EXISTS net_sensor_reference;

CREATE TABLE net_sensor_reference (

net_name varchar(15) NOT NULL,

sensor_name varchar(64) NOT NULL,

PRIMARY KEY (net_name, sensor_name)

);

/* ======== policy 表======== */

DROP TABLE IF EXISTS policy;

CREATE TABLE policy (

id int NOT NULL auto_increment,

priority smallint NOT NULL,

descr varchar(255),

PRIMARY KEY (id)

);

DROP TABLE IF EXISTS policy_port_reference;

CREATE TABLE policy_port_reference (

policy_id int NOT NULL,

port_group_name varchar(64) NOT NULL,

PRIMARY KEY (policy_id, port_group_name)

);

DROP TABLE IF EXISTS policy_host_reference;

CREATE TABLE policy_host_reference (

policy_id int NOT NULL,

host_ip varchar(15) NOT NULL,

direction enum (‘source‘, ‘dest‘) NOT NULL,

PRIMARY KEY (policy_id, host_ip, direction)

);

DROP TABLE IF EXISTS policy_net_reference;

CREATE TABLE policy_net_reference (

policy_id int NOT NULL,

net_name varchar(64) NOT NULL,

direction enum (‘source‘, ‘dest‘) NOT NULL,

PRIMARY KEY (policy_id, net_name, direction)

);

DROP TABLE IF EXISTS policy_sensor_reference;

CREATE TABLE policy_sensor_reference (

policy_id int NOT NULL,

sensor_name varchar(64) NOT NULL,

PRIMARY KEY (policy_id, sensor_name)

);

DROP TABLE IF EXISTS policy_sig_reference;

CREATE TABLE policy_sig_reference (

policy_id int NOT NULL,

sig_group_name varchar(64) NOT NULL,

PRIMARY KEY (policy_id, sig_group_name)

);

DROP TABLE IF EXISTS policy_time;

CREATE TABLE policy_time (

policy_id int NOT NULL,

begin_hour smallint NOT NULL,

end_hour smallint NOT NULL,

begin_day smallint NOT NULL,

end_day smallint NOT NULL,

PRIMARY KEY (policy_id)

);

/* ======== qualification表 ======== */

DROP TABLE IF EXISTS host_qualification;

CREATE TABLE host_qualification (

host_ip varchar(15) NOT NULL,

compromise int NOT NULL DEFAULT 1,

attack int NOT NULL DEFAULT 1,

PRIMARY KEY (host_ip)

);

DROP TABLE IF EXISTS net_qualification;

CREATE TABLE net_qualification (

net_name varchar(64) NOT NULL,

compromise int NOT NULL DEFAULT 1,

attack int NOT NULL DEFAULT 1,

PRIMARY KEY (net_name)

);

DROP TABLE IF EXISTS host_vulnerability;

CREATE TABLE host_vulnerability (

ip varchar(15) NOT NULL,

vulnerability int NOT NULL DEFAULT 1,

PRIMARY KEY (ip)

);

DROP TABLE IF EXISTS net_vulnerability;

CREATE TABLE net_vulnerability (

net varchar(15) NOT NULL,

vulnerability int NOT NULL DEFAULT 1,

PRIMARY KEY (net)

);

DROP TABLE IF EXISTS control_panel_host;

CREATE TABLE control_panel_host (

host_ip varchar(15) NOT NULL,

time_range varchar(5) NOT NULL DEFAULT ‘day‘,

max_c int NOT NULL,

max_a int NOT NULL,

max_c_date datetime,

max_a_date datetime,

avg_c int NOT NULL,

avg_a int NOT NULL,

PRIMARY KEY (host_ip, time_range)

);

DROP TABLE IF EXISTS control_panel_net;

CREATE TABLE control_panel_net (

net_name varchar(15) NOT NULL,

time_range varchar(5) NOT NULL DEFAULT ‘day‘,

max_c int NOT NULL,

max_a int NOT NULL,

max_c_date datetime,

max_a_date datetime,

avg_c int NOT NULL,

avg_a int NOT NULL,

PRIMARY KEY (net_name, time_range)

);

DROP TABLE IF EXISTS host_mac;

CREATE TABLE host_mac (

ip varchar(15) UNIQUE NOT NULL,

mac varchar(255) NOT NULL,

previous varchar(255) NOT NULL,

anom int NOT NULL,

mac_time varchar(100) NOT NULL,

PRIMARY KEY (ip)

);

DROP TABLE IF EXISTS host_os;

CREATE TABLE host_os (

ip varchar(15) UNIQUE NOT NULL,

os varchar(255) NOT NULL,

previous varchar(255) NOT NULL,

anom int NOT NULL,

os_time varchar(100) NOT NULL,

PRIMARY KEY (ip)

);

DROP TABLE IF EXISTS host_services;

CREATE TABLE host_services (

ip varchar(15) NOT NULL,

service varchar(128) NOT NULL,

version varchar(255) NOT NULL,

PRIMARY KEY (ip, service, version)

);

DROP TABLE IF EXISTS host_netbios;

CREATE TABLE host_netbios (

ip varchar(15) NOT NULL,

name varchar(128) NOT NULL,

wgroup varchar(128),

PRIMARY KEY (ip)

);

DROP TABLE IF EXISTS rrd_conf;

CREATE TABLE rrd_conf (

ip varchar(15) UNIQUE NOT NULL,

pkt_sent varchar(60) NOT NULL,

pkt_rcvd varchar(60) NOT NULL,

bytes_sent varchar(60) NOT NULL,

bytes_rcvd varchar(60) NOT NULL,

tot_contacted_sent_peersvarchar(60) NOT NULL,

tot_contacted_rcvd_peersvarchar(60) NOT NULL,

ip_dns_sent_bytes varchar(60) NOT NULL,

ip_dns_rcvd_bytes varchar(60) NOT NULL,

ip_nbios_ip_sent_bytesvarchar(60) NOT NULL,

ip_nbios_ip_rcvd_bytesvarchar(60) NOT NULL,

ip_mail_sent_bytes varchar(60) NOT NULL,

ip_mail_rcvd_bytes varchar(60) NOT NULL,

mrtg_a varchar(60) NOT NULL,

mrtg_c varchar(60) NOT NULL,

PRIMARY KEY (ip)

);

DROP TABLE IF EXISTS rrd_anomalies;

CREATE TABLE rrd_anomalies (

ip varchar(15) NOT NULL,

what varchar(100) NOT NULL,

count int NOT NULL,

anomaly_time varchar(40) NOT NULL,

range varchar(30) NOT NULL,

over int NOT NULL,

acked int DEFAULT 0

);

DROP TABLE IF EXISTS rrd_conf_global;

CREATE TABLE rrd_conf_global (

active_host_senders_num VARCHAR(60) NOT NULL,

arp_rarp_bytes VARCHAR(60) NOT NULL,

broadcast_pkts VARCHAR(60) NOT NULL,

ethernet_bytes VARCHAR(60) NOT NULL,

ethernet_pkts VARCHAR(60) NOT NULL,

icmp_bytes VARCHAR(60) NOT NULL,

igmp_bytes VARCHAR(60) NOT NULL,

ip_bytes VARCHAR(60) NOT NULL,

ip_dhcp_bootp_bytes VARCHAR(60) NOT NULL,

ip_dns_bytes VARCHAR(60) NOT NULL,

ip_edonkey_bytes VARCHAR(60) NOT NULL,

ip_ftp_bytes VARCHAR(60) NOT NULL,

ip_gnutella_bytes VARCHAR(60) NOT NULL,

ip_http_bytes VARCHAR(60) NOT NULL,

ip_kazaa_bytes VARCHAR(60) NOT NULL,

ip_mail_bytes VARCHAR(60) NOT NULL,

ip_messenger_bytes VARCHAR(60) NOT NULL,

ip_nbios_ip_bytes VARCHAR(60) NOT NULL,

ip_nfs_bytes VARCHAR(60) NOT NULL,

ip_nttp_bytes VARCHAR(60) NOT NULL,

ip_snmp_bytes VARCHAR(60) NOT NULL,

ip_ssh_bytes VARCHAR(60) NOT NULL,

ip_telnet_bytes VARCHAR(60) NOT NULL,

ip_winmx_bytes VARCHAR(60) NOT NULL,

ip_x11_bytes VARCHAR(60) NOT NULL,

ipx_bytes VARCHAR(60) NOT NULL,

known_hosts_num VARCHAR(60) NOT NULL,

multicast_pkts VARCHAR(60) NOT NULL,

ospf_bytes VARCHAR(60) NOT NULL,

other_bytes VARCHAR(60) NOT NULL,

tcp_bytes VARCHAR(60) NOT NULL,

udp_bytes VARCHAR(60) NOT NULL,

up_to_1024_pkts VARCHAR(60) NOT NULL,

up_to_128_pkts VARCHAR(60) NOT NULL,

up_to_1518_pkts VARCHAR(60) NOT NULL,

up_to_512_pkts VARCHAR(60) NOT NULL,

up_to_64_pkts VARCHAR(60) NOT NULL

);

DROP TABLE IF EXISTS rrd_anomalies_global;

CREATE TABLE rrd_anomalies_global (

what varchar(100) NOT NULL,

count int NOT NULL,

anomaly_time varchar(40) NOT NULL,

range varchar(30) NOT NULL,

over int NOT NULL,

acked int DEFAULT 0

);

-- Table: Category表

DROP TABLE IF EXISTS category;

CREATE TABLE category (

idINTEGER NOT NULL,

nameVARCHAR (100) NOT NULL,

PRIMARY KEY (id)

);

-- Table: Classification表

DROP TABLE IF EXISTS classification;

CREATE TABLE classification (

idINTEGER NOT NULL,

nameVARCHAR (100) NOT NULL,

descriptionTEXT,

priorityINTEGER,

PRIMARY KEY (id)

);

-- Table: Plugin表

DROP TABLE IF EXISTS plugin;

CREATE TABLE plugin (

idINTEGER NOT NULL,

typeSMALLINT NOT NULL,

nameVARCHAR (100) NOT NULL,

descriptionTEXT,

PRIMARY KEY (id)

);

-- Table: Plugin Sid表

DROP TABLE IF EXISTS plugin_sid;

CREATE TABLE plugin_sid (

plugin_idINTEGER NOT NULL,

sidINTEGER NOT NULL,

category_idINTEGER,

class_idINTEGER,

reliabilityINTEGER DEFAULT 1,

priorityINTEGER DEFAULT 1,

nameVARCHAR (255) NOT NULL,

PRIMARY KEY (plugin_id, sid)

);

-- Table: Alert表

DROP TABLE IF EXISTS alert;

CREATE TABLE alert (

idBIGINT NOT NULL AUTO_INCREMENT,

timestampTIMESTAMP,

sensorTEXT NOT NULL,

interfaceTEXT NOT NULL,

typeINTEGER NOT NULL,

plugin_idINTEGER NOT NULL,

plugin_sidINTEGER,

protocolINTEGER,

src_ipINTEGER UNSIGNED,

dst_ipINTEGER UNSIGNED,

src_portINTEGER,

dst_portINTEGER,

conditionINTEGER,

valueTEXT,

time_intervalINTEGER,

absoluteTINYINT,

priorityINTEGER DEFAULT 1,

reliabilityINTEGER DEFAULT 1,

asset_srcINTEGER DEFAULT 1,

asset_dstINTEGER DEFAULT 1,

risk_aINTEGER DEFAULT 1,

risk_cINTEGER DEFAULT 1,

alarm TINYINT DEFAULT 1,

PRIMARY KEY (id)

);

-- Table: Backlog表

DROP TABLE IF EXISTS backlog;

CREATE TABLE backlog (

utimeBIGINT NOT NULL,

idINTEGER NOT NULL,

nameTEXT,

rule_levelINTEGER,

rule_typeTINYINT,

rule_nameTEXT,

occurrence INTEGER,

time_outINTEGER,

matchedTINYINT,

plugin_idINTEGER,

plugin_sidINTEGER,

src_ipINTEGER UNSIGNED,

dst_ipINTEGER UNSIGNED,

src_portINTEGER,

dst_portINTEGER,

condition INTEGER,

valueTEXT,

time_intervalINTEGER,

absoluteTINYINT,

priorityINTEGER,

reliability INTEGER,

PRIMARY KEY (utime, id)

);

-- Table: plugin_reference表

DROP TABLE IF EXISTS plugin_reference;

CREATE TABLE plugin_reference (

plugin_idINTEGER NOT NULL,

plugin_sidINTEGER NOT NULL,

reference_idINTEGER NOT NULL,

reference_sidINTEGER NOT NULL,

PRIMARY KEY (plugin_id, plugin_sid, reference_id, reference_sid)

);

-- Table: Host plugin sid表

DROP TABLE IF EXISTS host_plugin_sid;

CREATE TABLE host_plugin_sid (

host_ip INTEGER UNSIGNED NOT NULL,

plugin_idINTEGER NOT NULL,

plugin_sidINTEGER NOT NULL,

PRIMARY KEY (host_ip, plugin_id, plugin_sid)

);

-- Table: Host scan表

DROP TABLE IF EXISTS host_scan;

CREATE TABLE host_scan (

host_ip INTEGER UNSIGNED NOT NULL,

plugin_idINTEGER NOT NULL,

plugin_sidINTEGER NOT NULL,

PRIMARY KEY (host_ip, plugin_id, plugin_sid)

);

有关OSSIM更多内容请参阅《开源安全运维平台-OSSIM最佳实践》一书。

时间： 2024-10-05 12:08:40

OSSIM主要数据库表结构的相关文章

请设计一套图书馆借书管理系统的数据库表结构

请设计一套图书馆借书管理系统的数据库表结构:可以记录基本的用户信息.图书信息.借还书信息:数据表的个数不超过6个:请画表格描述表结构(需要说明每个字段的字段名.字段类型.字段含义描述): 在数据库设计中应: 1．保证每个用户的唯一性: 2．保证每种图书的唯一性:每种图书对应不等本数的多本图书:保证每本图书的唯一性: 3．借书信息表中,应同时考虑借书行为与还书行为,考虑借书期限: 4．保证借书信息表与用户表.图书信息表之间的参照完整性: 5．限制每个用户最大可借书的本数 6．若有新用户注册或新书入

关系型数据库表结构设计规范-浅谈（转）

数据库表结构设计规范-浅谈,为啥是浅谈呢,因为主要的观点还是来自原微信公共账号的一篇文章,稍微加了一些自己的看法. 谁来进行数据库的设计? 肯定是具体的开发工程师来进行,开发同学的话,第一业务熟悉度比较高,第二结合OO和ORM的思想,能有比较好的运用关系型数据库的特性.如果是DBA同学的话,虽然对于数据库本身了解比较多,但是对于业务了解较少,很难有比较客观的设计.但是业务上线或者运行期间,需要DBA同学能够重度的加入进来,针对一些性能点和不合理的点进行优化,同事也可以在上线前,针对SQL进行re

Activiti数据库表结构(表详细版)

http://blog.csdn.net/hj7jay/article/details/51302829 1 Activiti数据库表结构 1.1 数据库表名说明 Activiti工作流总共包含23张数据表,所有的表名默认以“ACT_”开头. 并且表名的第二部分用两个字母表明表的用例,而这个用例也基本上跟Service API匹配. u ACT_GE_* : “GE”代表“General”(通用),用在各种情况下: u ACT_HI_* : “HI”代表“History”(历史)

activiti数据库表结构全貌解析

下面本人介绍一些activiti这款开源流程设计引擎的数据库表结构,首先阐述:我们刚开始接触或者使用一个新的东西(技术)时我们首先多问一下自己几个为什么?为什么activiti在工作流程领域这么流行呢?仅仅是因为开源么?实现如此强大的流程引擎,activiti底层设计是如何进行的?activiti中依赖哪些技术等?这些可能应该是那些刚接触这个开源流程引擎产品的人应该有的疑问.我们在用开源产品的都是其实应该多问自己为什么?这样才能有所进步,不是么?兴许你一时兴起,“起笔”就把一款属于你自己的开源作

开源一个适用iOS的数据库表结构更新机制的代码

将前段时间开源的代码,发布一下: ARDBConfig On the iOS, provide a database table structure update mechanism, ensure that the user in any version of the installer, the database structure to ensure adapter. (在iOS上,提供一个数据库表结构更新的机制,保证用户无论从哪个版本安装程序,数据库结构保证适配.) 如:用户A的数据库版

ECshop 数据库表结构

ECshop 数据库表结构 -- 表的结构 `ecs_account_log`CREATE TABLE IF NOT EXISTS `ecs_account_log` (`log_id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增ID号',`user_id` mediumint(8) unsigned NOT NULL COMMENT '用户登录后保存在session中的id号,跟users表中的user_id对应',`us

ThinkPHP 数据库表结构处理类(简单实用)

<?php /* * mysql表结构处理类 * 创建数据表,增加,编辑,删除表中字段 * */ class MysqlManage{ /* * 创建数据库,并且主键是aid * table 要查询的表名 */ function createTable($table){ $sql="CREATE TABLE IF NOT EXISTS `$table` (`aid` INT NOT NULL primary key)ENGINE = InnoDB;"; M()-&g

magereverse - Magento数据库表结构

Magento数据库表结构相当复杂,250多张表包含了非常多的表关联关系,让刚刚接触Magento的开发者来说真的非常头疼.往往是看到一个产品的各种属性分散在非常多的表中,找不到任何办法来取出它们的数据. 实际上,国外有一个非常出色的Magento数据库表结构维护社区,从1.3.2.1时代就开始制作并更新Magento数据库表结构,目前已经随官方同步更新到了1.6.1版本.该社区维护的Magento数据库表结构相当出色,可以查看任意一张表的表结构,以及关联表,表外键及SQL代码!如下图所示,通过

微赞微擎手动增加模块数据库表结构详解

微赞微擎手动增加模块数据库表结构详解有时候微擎或微赞的模块没有安装模块的xml文件,那我们先想安装到自己的系统上,要怎么处理呢,下面我们详细的介绍下步骤,个人能力有限,如有不正确之处,敬请谅解~ 1.模块的代码复制这个就不用多说了吧,当然需要把相应的addons文件夹里的模块复制到自己系统的目录里,不然不要做一下的事情了 2.数据库表结构修改代码复制过来,如果有相应的xml安装包或者install.php文件,可以直接安装,但是我们这里讲的是没有,那只能把原来要复制的表结构记录复制过来,插