溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務(wù)條款》

alienvault庫的報警、事件表結(jié)構(gòu)

發(fā)布時間:2020-07-09 19:38:59 來源:網(wǎng)絡(luò) 閱讀:10290 作者:李晨光 欄目:安全技術(shù)

alienvault庫的報警、事件表結(jié)構(gòu)

作為OSSIM數(shù)據(jù)庫開發(fā)者,以下alienvault庫的報警、事件表結(jié)構(gòu),需要了解。

 alienvault庫的報警、事件表結(jié)構(gòu)

1.alarm
FieldTypeAllow NullDefault Value
backlog_idbinary(16)No
event_idbinary(16)No
corr_engine_ctxbinary(16)No
timestamptimestampYes
statusenum('open','closed')Yes'open'
plugin_idint(11)No
plugin_sidint(11)No
protocolint(11)Yes
src_ipvarbinary(16)Yes
dst_ipvarbinary(16)Yes
src_portint(11)Yes
dst_portint(11)Yes
riskint(11)Yes
efrint(11)No0
similarvarchar(40)No'0000000000000000000000000000000000000000'
statsmediumtextNo
removabletinyint(1)No0
in_filetinyint(1)No0

 

2.alarm_groups
FieldTypeAllow NullDefault Value
group_idvarchar(255)No
descriptiontextNo
statusenum('open','closed')No
timestamptimestampNoCURRENT_TIMESTAMP
ownervarchar(64)No

 

3.alarm_hosts
FieldTypeAllow NullDefault Value
id_alarmbinary(16)No
id_hostbinary(16)No

 

4.alarm_kingdoms
FieldTypeAllow NullDefault Value
idint(11)No
namevarchar(128)No

 

5.alarm_nets
FieldTypeAllow NullDefault Value
id_alarmbinary(16)No
id_netbinary(16)No

 

6.alarm_tags
FieldTypeAllow NullDefault Value
id_alarmbinary(16)No
id_tagint(11)No

 

alarm_taxonomy
FieldTypeAllow NullDefault Value
sidint(11)No
engine_idbinary(16)No'\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0'
kingdomint(11)No
categoryint(11)No
subcategorytextNo
7.databases
FieldTypeAllow NullDefault Value
idint(10) UNSIGNEDNo
ctxbinary(16)No
namevarchar(64)No
ipvarbinary(16)No
portint(11)No3306
uservarchar(64)No
passvarchar(64)No
iconmediumblobNo

 

8.device_types
FieldTypeAllow NullDefault Value
idint(11)No
namevarchar(64)No
classint(11)No

 

9.event
FieldTypeAllow NullDefault Value
idbinary(16)No
agent_ctxbinary(16)No
timestamptimestampNoCURRENT_TIMESTAMP
tzonefloatNo0
sensor_idbinary(16)Yes
interfacevarchar(32)No
typeint(11)No
plugin_idint(11)No
plugin_sidint(11)No
protocolint(11)Yes
src_ipvarbinary(16)Yes
dst_ipvarbinary(16)Yes
src_portint(11)Yes
dst_portint(11)Yes
event_conditionint(11)Yes
valuetextYes
time_intervalint(11)Yes
absolutetinyint(4)Yes
priorityint(11)Yes1
reliabilityint(11)Yes1
asset_srcint(11)Yes1
asset_dstint(11)Yes1
risk_aint(11)Yes0
risk_cint(11)Yes0
alarmtinyint(4)Yes0
filenamevarchar(256)Yes
usernamevarchar(64)Yes
passwordvarchar(64)Yes
userdata1varchar(1024)Yes
userdata2varchar(1024)Yes
userdata3varchar(1024)Yes
userdata4varchar(1024)Yes
userdata5varchar(1024)Yes
userdata6varchar(1024)Yes
userdata7varchar(1024)Yes
userdata8varchar(1024)Yes
userdata9varchar(1024)Yes
rulenametextYes
rep_prio_srcint(10) UNSIGNEDYes
rep_prio_dstint(10) UNSIGNEDYes
rep_rel_srcint(10) UNSIGNEDYes
rep_rel_dstint(10) UNSIGNEDYes
rep_act_srcvarchar(64)Yes
rep_act_dstvarchar(64)Yes
src_hostnamevarchar(64)Yes
dst_hostnamevarchar(64)Yes
src_macbinary(6)Yes
dst_macbinary(6)Yes
src_hostbinary(16)Yes
dst_hostbinary(16)Yes
src_netbinary(16)Yes
dst_netbinary(16)Yes
refsint(11)Yes

 

10.extra_data
FieldTypeAllow NullDefault Value
event_idbinary(16)No
data_payloadtextYes
binary_datablobYes

 

11.host
FieldTypeAllow NullDefault Value
idbinary(16)No
ctxbinary(16)No
hostnamevarchar(128)No
fqdnsvarchar(255)No
assetsmallint(6)No
threshold_cint(11)No
threshold_aint(11)No
alertint(11)No
persistenceint(11)No
natvarchar(15)Yes
rrd_profilevarchar(64)Yes
descrvarchar(255)Yes
latvarchar(255)Yes'0'
lonvarchar(255)Yes'0'
iconmediumblobYes
countryvarchar(64)Yes
external_hosttinyint(1)No0
permissionsbinary(8)No'\0\0\0\0\0\0\0\0'
av_componenttinyint(1)No0
createddatetimeYes
updateddatetimeYes
12.incident
FieldTypeAllow NullDefault Value
idint(11)No
uuidbinary(16)No
ctxbinary(16)No
titlevarchar(512)No
datedatetimeNo0000-00-00 00:00:00
refenum('Alarm','Alert','Event','Metric','Anomaly','Vulnerability','Custom')No'Alarm'
type_idvarchar(64)No'0'
priorityint(11)No
statusenum('Open','Assigned','Studying','Waiting','Testing','Closed')No'Open'
last_updatedatetimeNo0000-00-00 00:00:00
in_chargevarchar(64)No
submittervarchar(64)No
event_startdatetimeNo0000-00-00 00:00:00
event_enddatetimeNo0000-00-00 00:00:00

 

13.incident_alarm
FieldTypeAllow NullDefault Value
idint(11)No
incident_idint(11)No
src_ipsvarchar(255)No
src_portsvarchar(255)No
dst_ipsvarchar(255)No
dst_portsvarchar(255)No
backlog_idbinary(16)No
event_idbinary(16)No
alarm_group_idbinary(16)Yes

 

14.incident_anomaly
FieldTypeAllow NullDefault Value
idint(11)No
incident_idint(11)No
anom_typeenum('mac','service','os')No'mac'
ipvarchar(255)No
data_origvarchar(255)No
data_newvarchar(255)No

 

15.plugin_sid
FieldTypeAllow NullDefault Value
plugin_ctxbinary(16)No
plugin_idint(11)No
sidint(11)No
class_idint(11)Yes
reliabilityint(11)Yes1
priorityint(11)Yes1
namevarchar(512)No
arodecimal(11,4)No0.0000
subcategory_idint(11)Yes
category_idint(11)Yes

 通常我們一個線上OSSIM系統(tǒng),另一個開發(fā)系統(tǒng),現(xiàn)在要把開發(fā)系統(tǒng)更新到線上,但是開發(fā)系統(tǒng)的數(shù)據(jù)庫結(jié)構(gòu)與線上的略有差異,所以需要找出兩個數(shù)據(jù)庫的表結(jié)構(gòu)差異,數(shù)據(jù)庫表結(jié)構(gòu)的差異。我們利用mysqldump和diff兩個命令組合完成。

 

導(dǎo)出表結(jié)構(gòu)
mysqldump -uroot -p -d alienvault >/home/db1.sql

mysqldump -uroot -p -d alienvault >/home/db2.sql

 

比較
diff db1.sql db2.sql>diff

alienvault庫的報警、事件表結(jié)構(gòu)

向AI問一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報,并提供相關(guān)證據(jù),一經(jīng)查實,將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI