OSSIM主要数据库表结构
OSSIM主要数据库表结构
对于从事OSSIM开发的技术人员,最主要的需要知道OSSIM库里的多种表结构,下面举几个典型事例:
/* ======== config表 ======== */
DROP TABLE IF EXISTS conf;
CREATE TABLE conf (
recovery int NOT NULL,
threshold int NOT NULL,
graph_threshold int NOT NULL,
bar_length_left int NOT NULL,
bar_length_right int NOT NULL,
PRIMARY KEY (recovery, threshold, graph_threshold,
bar_length_left, bar_length_right)
);
/* ======== hosts & nets表 ======== */
DROP TABLE IF EXISTS host;
CREATE TABLE host (
ip varchar(15) UNIQUE NOT NULL,
hostname varchar(128) NOT NULL,
asset smallint(6) NOT NULL,
threshold_c int NOT NULL,
threshold_a int NOT NULL,
alert int NOT NULL,
persistence int NOT NULL,
nat varchar(15),
descr varchar(255),
PRIMARY KEY (ip)
);
DROP TABLE IF EXISTS scan;
CREATE TABLE scan (
ip varchar(15) UNIQUE NOT NULL,
active int NOT NULL,
PRIMARY KEY (ip)
);
DROP TABLE IF EXISTS net;
CREATE TABLE net (
name varchar(128) UNIQUE NOT NULL,
ips varchar(255) NOT NULL,
priority int NOT NULL,
threshold_c int NOT NULL,
threshold_a int NOT NULL,
alert int NOT NULL,
persistence int NOT NULL,
descr varchar(255),
PRIMARY KEY (name)
);
DROP TABLE IF EXISTS net_host_reference;
CREATE TABLE net_host_reference (
net_name varchar(128) NOT NULL,
host_ip varchar(15) NOT NULL,
PRIMARY KEY (net_name,host_ip)
);
/* ======== signatures表 ======== */
DROP TABLE IF EXISTS signature_group;
CREATE TABLE signature_group (
name varchar(64) NOT NULL,
descr varchar(255),
PRIMARY KEY (name)
);
DROP TABLE IF EXISTS signature;
CREATE TABLE signature (
name varchar(64) NOT NULL,
PRIMARY KEY (name)
);
DROP TABLE IF EXISTS signature_group_reference;
CREATE TABLE signature_group_reference (
sig_group_name varchar(64) NOT NULL,
sig_name varchar(64) NOT NULL,
PRIMARY KEY (sig_group_name, sig_name)
);
/* ======== ports表 ======== */
DROP TABLE IF EXISTS port_group;
CREATE TABLE port_group (
name varchar(64) NOT NULL,
descr varchar(255),
PRIMARY KEY (name)
);
DROP TABLE IF EXISTS port;
CREATE TABLE port (
port_number int NOT NULL,
protocol_name varchar(12) NOT NULL,
service varchar(64),
descr varchar(255),
PRIMARY KEY (port_number,protocol_name)
);
DROP TABLE IF EXISTS port_group_reference;
CREATE TABLE port_group_reference (
port_group_name varchar(64) NOT NULL,
port_number int NOT NULL,
protocol_name varchar(12) NOT NULL,
PRIMARY KEY (port_group_name, port_number, protocol_name)
);
DROP TABLE IF EXISTS protocol;
CREATE TABLE protocol (
id int NOT NULL,
name varchar(24) NOT NULL,
alias varchar(24),
descr varchar(255) NOT NULL,
PRIMARY KEY (id)
);
/* ======== sensors表 ======== */
DROP TABLE IF EXISTS sensor;
CREATE TABLE sensor (
name varchar(64) NOT NULL,
ip varchar(15) NOT NULL,
priority smallint NOT NULL,
port int NOT NULL,
connect smallint NOT NULL,
/* sig_group_id int NOT NULL, */
descr varchar(255) NOT NULL,
PRIMARY KEY (name)
);
DROP TABLE IF EXISTS host_sensor_reference;
CREATE TABLE host_sensor_reference (
host_ip varchar(15) NOT NULL,
sensor_name varchar(64) NOT NULL,
PRIMARY KEY (host_ip, sensor_name)
);
DROP TABLE IF EXISTS net_sensor_reference;
CREATE TABLE net_sensor_reference (
net_name varchar(15) NOT NULL,
sensor_name varchar(64) NOT NULL,
PRIMARY KEY (net_name, sensor_name)
);
/* ======== policy 表======== */
DROP TABLE IF EXISTS policy;
CREATE TABLE policy (
id int NOT NULL auto_increment,
priority smallint NOT NULL,
descr varchar(255),
PRIMARY KEY (id)
);
DROP TABLE IF EXISTS policy_port_reference;
CREATE TABLE policy_port_reference (
policy_id int NOT NULL,
port_group_name varchar(64) NOT NULL,
PRIMARY KEY (policy_id, port_group_name)
);
DROP TABLE IF EXISTS policy_host_reference;
CREATE TABLE policy_host_reference (
policy_id int NOT NULL,
host_ip varchar(15) NOT NULL,
direction enum ('source', 'dest') NOT NULL,
PRIMARY KEY (policy_id, host_ip, direction)
);
DROP TABLE IF EXISTS policy_net_reference;
CREATE TABLE policy_net_reference (
policy_id int NOT NULL,
net_name varchar(64) NOT NULL,
direction enum ('source', 'dest') NOT NULL,
PRIMARY KEY (policy_id, net_name, direction)
);
DROP TABLE IF EXISTS policy_sensor_reference;
CREATE TABLE policy_sensor_reference (
policy_id int NOT NULL,
sensor_name varchar(64) NOT NULL,
PRIMARY KEY (policy_id, sensor_name)
);
DROP TABLE IF EXISTS policy_sig_reference;
CREATE TABLE policy_sig_reference (
policy_id int NOT NULL,
sig_group_name varchar(64) NOT NULL,
PRIMARY KEY (policy_id, sig_group_name)
);
DROP TABLE IF EXISTS policy_time;
CREATE TABLE policy_time (
policy_id int NOT NULL,
begin_hour smallint NOT NULL,
end_hour smallint NOT NULL,
begin_day smallint NOT NULL,
end_day smallint NOT NULL,
PRIMARY KEY (policy_id)
);
/* ======== qualification表 ======== */
DROP TABLE IF EXISTS host_qualification;
CREATE TABLE host_qualification (
host_ip varchar(15) NOT NULL,
compromise int NOT NULL DEFAULT 1,
attack int NOT NULL DEFAULT 1,
PRIMARY KEY (host_ip)
);
DROP TABLE IF EXISTS net_qualification;
CREATE TABLE net_qualification (
net_name varchar(64) NOT NULL,
compromise int NOT NULL DEFAULT 1,
attack int NOT NULL DEFAULT 1,
PRIMARY KEY (net_name)
);
DROP TABLE IF EXISTS host_vulnerability;
CREATE TABLE host_vulnerability (
ip varchar(15) NOT NULL,
vulnerability int NOT NULL DEFAULT 1,
PRIMARY KEY (ip)
);
DROP TABLE IF EXISTS net_vulnerability;
CREATE TABLE net_vulnerability (
net varchar(15) NOT NULL,
vulnerability int NOT NULL DEFAULT 1,
PRIMARY KEY (net)
);
DROP TABLE IF EXISTS control_panel_host;
CREATE TABLE control_panel_host (
host_ip varchar(15) NOT NULL,
time_range varchar(5) NOT NULL DEFAULT 'day',
max_c int NOT NULL,
max_a int NOT NULL,
max_c_date datetime,
max_a_date datetime,
avg_c int NOT NULL,
avg_a int NOT NULL,
PRIMARY KEY (host_ip, time_range)
);
DROP TABLE IF EXISTS control_panel_net;
CREATE TABLE control_panel_net (
net_name varchar(15) NOT NULL,
time_range varchar(5) NOT NULL DEFAULT 'day',
max_c int NOT NULL,
max_a int NOT NULL,
max_c_date datetime,
max_a_date datetime,
avg_c int NOT NULL,
avg_a int NOT NULL,
PRIMARY KEY (net_name, time_range)
);
DROP TABLE IF EXISTS host_mac;
CREATE TABLE host_mac (
ip varchar(15) UNIQUE NOT NULL,
mac varchar(255) NOT NULL,
previous varchar(255) NOT NULL,
anom int NOT NULL,
mac_time varchar(100) NOT NULL,
PRIMARY KEY (ip)
);
DROP TABLE IF EXISTS host_os;
CREATE TABLE host_os (
ip varchar(15) UNIQUE NOT NULL,
os varchar(255) NOT NULL,
previous varchar(255) NOT NULL,
anom int NOT NULL,
os_time varchar(100) NOT NULL,
PRIMARY KEY (ip)
);
DROP TABLE IF EXISTS host_services;
CREATE TABLE host_services (
ip varchar(15) NOT NULL,
service varchar(128) NOT NULL,
version varchar(255) NOT NULL,
PRIMARY KEY (ip, service, version)
);
DROP TABLE IF EXISTS host_netbios;
CREATE TABLE host_netbios (
ip varchar(15) NOT NULL,
name varchar(128) NOT NULL,
wgroup varchar(128),
PRIMARY KEY (ip)
);
DROP TABLE IF EXISTS rrd_conf;
CREATE TABLE rrd_conf (
ip varchar(15) UNIQUE NOT NULL,
pkt_sent varchar(60) NOT NULL,
pkt_rcvd varchar(60) NOT NULL,
bytes_sent varchar(60) NOT NULL,
bytes_rcvd varchar(60) NOT NULL,
tot_contacted_sent_peersvarchar(60) NOT NULL,
tot_contacted_rcvd_peersvarchar(60) NOT NULL,
ip_dns_sent_bytes varchar(60) NOT NULL,
ip_dns_rcvd_bytes varchar(60) NOT NULL,
ip_nbios_ip_sent_bytesvarchar(60) NOT NULL,
ip_nbios_ip_rcvd_bytesvarchar(60) NOT NULL,
ip_mail_sent_bytes varchar(60) NOT NULL,
ip_mail_rcvd_bytes varchar(60) NOT NULL,
mrtg_a varchar(60) NOT NULL,
mrtg_c varchar(60) NOT NULL,
PRIMARY KEY (ip)
);
DROP TABLE IF EXISTS rrd_anomalies;
CREATE TABLE rrd_anomalies (
ip varchar(15) NOT NULL,
what varchar(100) NOT NULL,
count int NOT NULL,
anomaly_time varchar(40) NOT NULL,
range varchar(30) NOT NULL,
over int NOT NULL,
acked int DEFAULT 0
);
DROP TABLE IF EXISTS rrd_conf_global;
CREATE TABLE rrd_conf_global (
active_host_senders_num VARCHAR(60) NOT NULL,
arp_rarp_bytes VARCHAR(60) NOT NULL,
broadcast_pkts VARCHAR(60) NOT NULL,
ethernet_bytes VARCHAR(60) NOT NULL,
ethernet_pkts VARCHAR(60) NOT NULL,
icmp_bytes VARCHAR(60) NOT NULL,
igmp_bytes VARCHAR(60) NOT NULL,
ip_bytes VARCHAR(60) NOT NULL,
ip_dhcp_bootp_bytes VARCHAR(60) NOT NULL,
ip_dns_bytes VARCHAR(60) NOT NULL,
ip_edonkey_bytes VARCHAR(60) NOT NULL,
ip_ftp_bytes VARCHAR(60) NOT NULL,
ip_gnutella_bytes VARCHAR(60) NOT NULL,
ip_http_bytes VARCHAR(60) NOT NULL,
ip_kazaa_bytes VARCHAR(60) NOT NULL,
ip_mail_bytes VARCHAR(60) NOT NULL,
ip_messenger_bytes VARCHAR(60) NOT NULL,
ip_nbios_ip_bytes VARCHAR(60) NOT NULL,
ip_nfs_bytes VARCHAR(60) NOT NULL,
ip_nttp_bytes VARCHAR(60) NOT NULL,
ip_snmp_bytes VARCHAR(60) NOT NULL,
ip_ssh_bytes VARCHAR(60) NOT NULL,
ip_telnet_bytes VARCHAR(60) NOT NULL,
ip_winmx_bytes VARCHAR(60) NOT NULL,
ip_x11_bytes VARCHAR(60) NOT NULL,
ipx_bytes VARCHAR(60) NOT NULL,
known_hosts_num VARCHAR(60) NOT NULL,
multicast_pkts VARCHAR(60) NOT NULL,
ospf_bytes VARCHAR(60) NOT NULL,
other_bytes VARCHAR(60) NOT NULL,
tcp_bytes VARCHAR(60) NOT NULL,
udp_bytes VARCHAR(60) NOT NULL,
up_to_1024_pkts VARCHAR(60) NOT NULL,
up_to_128_pkts VARCHAR(60) NOT NULL,
up_to_1518_pkts VARCHAR(60) NOT NULL,
up_to_512_pkts VARCHAR(60) NOT NULL,
up_to_64_pkts VARCHAR(60) NOT NULL
);
DROP TABLE IF EXISTS rrd_anomalies_global;
CREATE TABLE rrd_anomalies_global (
what varchar(100) NOT NULL,
count int NOT NULL,
anomaly_time varchar(40) NOT NULL,
range varchar(30) NOT NULL,
over int NOT NULL,
acked int DEFAULT 0
);
--
-- Table: Category表
--
DROP TABLE IF EXISTS category;
CREATE TABLE category (
idINTEGER NOT NULL,
nameVARCHAR (100) NOT NULL,
PRIMARY KEY (id)
);
--
-- Table: Classification表
--
DROP TABLE IF EXISTS classification;
CREATE TABLE classification (
idINTEGER NOT NULL,
nameVARCHAR (100) NOT NULL,
descriptionTEXT,
priorityINTEGER,
PRIMARY KEY (id)
);
--
-- Table: Plugin表
--
DROP TABLE IF EXISTS plugin;
CREATE TABLE plugin (
idINTEGER NOT NULL,
typeSMALLINT NOT NULL,
nameVARCHAR (100) NOT NULL,
descriptionTEXT,
PRIMARY KEY (id)
);
--
-- Table: Plugin Sid表
--
DROP TABLE IF EXISTS plugin_sid;
CREATE TABLE plugin_sid (
plugin_idINTEGER NOT NULL,
sidINTEGER NOT NULL,
category_idINTEGER,
class_idINTEGER,
reliabilityINTEGER DEFAULT 1,
priorityINTEGER DEFAULT 1,
nameVARCHAR (255) NOT NULL,
PRIMARY KEY (plugin_id, sid)
);
--
-- Table: Alert表
--
DROP TABLE IF EXISTS alert;
CREATE TABLE alert (
idBIGINT NOT NULL AUTO_INCREMENT,
timestampTIMESTAMP,
sensorTEXT NOT NULL,
interfaceTEXT NOT NULL,
typeINTEGER NOT NULL,
plugin_idINTEGER NOT NULL,
plugin_sidINTEGER,
protocolINTEGER,
src_ipINTEGER UNSIGNED,
dst_ipINTEGER UNSIGNED,
src_portINTEGER,
dst_portINTEGER,
conditionINTEGER,
valueTEXT,
time_intervalINTEGER,
absoluteTINYINT,
priorityINTEGER DEFAULT 1,
reliabilityINTEGER DEFAULT 1,
asset_srcINTEGER DEFAULT 1,
asset_dstINTEGER DEFAULT 1,
risk_aINTEGER DEFAULT 1,
risk_cINTEGER DEFAULT 1,
alarm TINYINT DEFAULT 1,
PRIMARY KEY (id)
);
--
-- Table: Backlog表
--
DROP TABLE IF EXISTS backlog;
CREATE TABLE backlog (
utimeBIGINT NOT NULL,
idINTEGER NOT NULL,
nameTEXT,
rule_levelINTEGER,
rule_typeTINYINT,
rule_nameTEXT,
occurrence INTEGER,
time_outINTEGER,
matchedTINYINT,
plugin_idINTEGER,
plugin_sidINTEGER,
src_ipINTEGER UNSIGNED,
dst_ipINTEGER UNSIGNED,
src_portINTEGER,
dst_portINTEGER,
condition INTEGER,
valueTEXT,
time_intervalINTEGER,
absoluteTINYINT,
priorityINTEGER,
reliability INTEGER,
PRIMARY KEY (utime, id)
);
--
-- Table: plugin_reference表
--
DROP TABLE IF EXISTS plugin_reference;
CREATE TABLE plugin_reference (
plugin_idINTEGER NOT NULL,
plugin_sidINTEGER NOT NULL,
reference_idINTEGER NOT NULL,
reference_sidINTEGER NOT NULL,
PRIMARY KEY (plugin_id, plugin_sid, reference_id, reference_sid)
);
--
-- Table: Host plugin sid表
--
DROP TABLE IF EXISTS host_plugin_sid;
CREATE TABLE host_plugin_sid (
host_ip INTEGER UNSIGNED NOT NULL,
plugin_idINTEGER NOT NULL,
plugin_sidINTEGER NOT NULL,
PRIMARY KEY (host_ip, plugin_id, plugin_sid)
);
--
-- Table: Host scan表
--
DROP TABLE IF EXISTS host_scan;
CREATE TABLE host_scan (
host_ip INTEGER UNSIGNED NOT NULL,
plugin_idINTEGER NOT NULL,
plugin_sidINTEGER NOT NULL,
PRIMARY KEY (host_ip, plugin_id, plugin_sid)
);
有关OSSIM更多内容请参阅《开源安全运维平台-OSSIM最佳实践》一书。
OSSIM主要数据库表结构相关推荐
- 简洁好用的数据库表结构文档生成工具!
在企业级开发中.我们经常会有编写数据库表结构文档的时间付出,从业以来,待过几家企业,关于数据库表结构文档状态:要么没有.要么有.但都是手写.后期运维开发,需要手动进行维护到文档中,很是繁琐.如果忘记一 ...
- zabbix数据库表结构简单解析
zabbix数据库表结构-持续更新 时间 2014-06-11 21:59:08 furion's blog 原文 http://www.furion.info/623.html 主题 MySQL ...
- 【工具篇】利用DBExportDoc V1.0 For MySQL自动生成数据库表结构文档(转
对于DBA或开发来说,如何规范化你的数据库表结构文档是灰常之重要的一件事情.但是当你的库,你的表排山倒海滴多的时候,你就会很头疼了. 推荐一款工具DBExportDoc V1.0 For MySQL( ...
- 比较数据库表结构之间的差异
在工作中常常会遇到升级的事情,对于不同的用户,有时所使用的数据库的表结构也会有一些不同,时间长了,往往就需要一份各版本数据库表结构的差异报告了.当你需要一份这样的报告时,你会怎么做?一个个的比较每个库 ...
- Java实现数据库表结构导出到Excel
2019独角兽企业重金招聘Python工程师标准>>> 本人自己写的一个工具,界面化,稍微配置即可数据库中的表的结构导出到Excel. 源码地址数据库表结构导出到Excel一键式工具 ...
- 开源数据库表结构文档生成器
大家好,我是TJ 一个励志推荐10000款开源项目与工具的程序员 TJ君前几天和一个在银行科技部上班的同学聚会,同学跟TJ君吐槽,一些小银行的科技表面看上去专业,实际各种马虎不负责. 打个比方,有一次 ...
- 关系型数据库表结构的两个设计技巧
关系型数据库表结构的设计,有下面两个设计技巧: 物理主键作为关联的外键 关系型数据库,由多个数据表构成.每一个数据表的结构是相同的,不同表之间可能存在关联关系.表之间的关联关系,正是关系型数据库得名的 ...
- python同步两张数据表_Python 如何实现数据库表结构同步
近日,某个QQ 群里的一个朋友提出一个问题,如何将一个DB 的表结构同步给另一个DB. 针对这个问题,我进行了思考与实践,具体的实现代码如下所示: # coding:utf-8 import pymy ...
- dbeaver导出表结构和数据_mall数据库表结构概览
mall是一套电商系统,后台系统主要包括商品管理.订单管理.营销管理(运营管理+促销管理).内容管理.用户管理等模块,本文主要对这些模块的数据库表结构及功能做大概的介绍. 商品管理 数据库表结构 功能 ...
最新文章
- 阿里云 mysql 无缘无故挂掉
- DB2 V8,V9并存在同一 server 的处理
- 实战sqlmap绕过WAF
- 《Python Cookbook 3rd》笔记(5.16):增加或改变已打开文件的编码
- 剑指Offer - 面试题59 - II. 队列的最大值(deque模拟单调栈)
- AgileEAS.NET SOA 中间件平台.Net Socket通信框架-完整应用例子-在线聊天室系统-代码解析...
- 读余华《活着》,你好,我叫福贵
- 计算机WIN7安装,教您win7旗舰版安装教程
- LIN雨量传感器:吉利雨量感应器拆解 MLX75308开发与应用
- 不用PyScript,网页端运行的Python编辑器
- 第5章第17节:案例:使两张幻灯片中的图片进行平滑切换 [PowerPoint精美幻灯片实战教程]
- Z-Turn-Lite Board Linux开发-u-boot开篇
- Linux配置网络服务
- 第5章分数的位置及标准化分布
- python用来初始化对象属性的是_猪行天下之Python基础——8.1 类与对象
- python3爬虫实战二:股票信息抓取及存储
- 小红书品牌营销-千瓜品牌自动结案报告数据分析
- 全志R16 checklist(PCB部分)
- html 获得控件,js获取控件名称、及内容
- 鲁豫有约80后创业新贵(下)