alienvault库的报警、事件表结构
alienvault库的报警、事件表结构
作为OSSIM数据库开发者,以下alienvault库的报警、事件表结构,需要了解。
1.alarm
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| backlog_id | binary(16) | No | |
| event_id | binary(16) | No | |
| corr_engine_ctx | binary(16) | No | |
| timestamp | timestamp | Yes | |
| status | enum('open','closed') | Yes | 'open' |
| plugin_id | int(11) | No | |
| plugin_sid | int(11) | No | |
| protocol | int(11) | Yes | |
| src_ip | varbinary(16) | Yes | |
| dst_ip | varbinary(16) | Yes | |
| src_port | int(11) | Yes | |
| dst_port | int(11) | Yes | |
| risk | int(11) | Yes | |
| efr | int(11) | No | 0 |
| similar | varchar(40) | No | '0000000000000000000000000000000000000000' |
| stats | mediumtext | No | |
| removable | tinyint(1) | No | 0 |
| in_file | tinyint(1) | No | 0 |
2.alarm_groups
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| group_id | varchar(255) | No | |
| description | text | No | |
| status | enum('open','closed') | No | |
| timestamp | timestamp | No | CURRENT_TIMESTAMP |
| owner | varchar(64) | No |
3.alarm_hosts
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| id_alarm | binary(16) | No | |
| id_host | binary(16) | No |
4.alarm_kingdoms
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| id | int(11) | No | |
| name | varchar(128) | No |
5.alarm_nets
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| id_alarm | binary(16) | No | |
| id_net | binary(16) | No |
6.alarm_tags
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| id_alarm | binary(16) | No | |
| id_tag | int(11) | No |
alarm_taxonomy
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| sid | int(11) | No | |
| engine_id | binary(16) | No | '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0' |
| kingdom | int(11) | No | |
| category | int(11) | No | |
| subcategory | text | No |
7.databases
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| id | int(10) UNSIGNED | No | |
| ctx | binary(16) | No | |
| name | varchar(64) | No | |
| ip | varbinary(16) | No | |
| port | int(11) | No | 3306 |
| user | varchar(64) | No | |
| pass | varchar(64) | No | |
| icon | mediumblob | No |
8.device_types
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| id | int(11) | No | |
| name | varchar(64) | No | |
| class | int(11) | No |
9.event
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| id | binary(16) | No | |
| agent_ctx | binary(16) | No | |
| timestamp | timestamp | No | CURRENT_TIMESTAMP |
| tzone | float | No | 0 |
| sensor_id | binary(16) | Yes | |
| interface | varchar(32) | No | |
| type | int(11) | No | |
| plugin_id | int(11) | No | |
| plugin_sid | int(11) | No | |
| protocol | int(11) | Yes | |
| src_ip | varbinary(16) | Yes | |
| dst_ip | varbinary(16) | Yes | |
| src_port | int(11) | Yes | |
| dst_port | int(11) | Yes | |
| event_condition | int(11) | Yes | |
| value | text | Yes | |
| time_interval | int(11) | Yes | |
| absolute | tinyint(4) | Yes | |
| priority | int(11) | Yes | 1 |
| reliability | int(11) | Yes | 1 |
| asset_src | int(11) | Yes | 1 |
| asset_dst | int(11) | Yes | 1 |
| risk_a | int(11) | Yes | 0 |
| risk_c | int(11) | Yes | 0 |
| alarm | tinyint(4) | Yes | 0 |
| filename | varchar(256) | Yes | |
| username | varchar(64) | Yes | |
| password | varchar(64) | Yes | |
| userdata1 | varchar(1024) | Yes | |
| userdata2 | varchar(1024) | Yes | |
| userdata3 | varchar(1024) | Yes | |
| userdata4 | varchar(1024) | Yes | |
| userdata5 | varchar(1024) | Yes | |
| userdata6 | varchar(1024) | Yes | |
| userdata7 | varchar(1024) | Yes | |
| userdata8 | varchar(1024) | Yes | |
| userdata9 | varchar(1024) | Yes | |
| rulename | text | Yes | |
| rep_prio_src | int(10) UNSIGNED | Yes | |
| rep_prio_dst | int(10) UNSIGNED | Yes | |
| rep_rel_src | int(10) UNSIGNED | Yes | |
| rep_rel_dst | int(10) UNSIGNED | Yes | |
| rep_act_src | varchar(64) | Yes | |
| rep_act_dst | varchar(64) | Yes | |
| src_hostname | varchar(64) | Yes | |
| dst_hostname | varchar(64) | Yes | |
| src_mac | binary(6) | Yes | |
| dst_mac | binary(6) | Yes | |
| src_host | binary(16) | Yes | |
| dst_host | binary(16) | Yes | |
| src_net | binary(16) | Yes | |
| dst_net | binary(16) | Yes | |
| refs | int(11) | Yes |
10.extra_data
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| event_id | binary(16) | No | |
| data_payload | text | Yes | |
| binary_data | blob | Yes |
11.host
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| id | binary(16) | No | |
| ctx | binary(16) | No | |
| hostname | varchar(128) | No | |
| fqdns | varchar(255) | No | |
| asset | smallint(6) | No | |
| threshold_c | int(11) | No | |
| threshold_a | int(11) | No | |
| alert | int(11) | No | |
| persistence | int(11) | No | |
| nat | varchar(15) | Yes | |
| rrd_profile | varchar(64) | Yes | |
| descr | varchar(255) | Yes | |
| lat | varchar(255) | Yes | '0' |
| lon | varchar(255) | Yes | '0' |
| icon | mediumblob | Yes | |
| country | varchar(64) | Yes | |
| external_host | tinyint(1) | No | 0 |
| permissions | binary(8) | No | '\0\0\0\0\0\0\0\0' |
| av_component | tinyint(1) | No | 0 |
| created | datetime | Yes | |
| updated | datetime | Yes |
12.incident
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| id | int(11) | No | |
| uuid | binary(16) | No | |
| ctx | binary(16) | No | |
| title | varchar(512) | No | |
| date | datetime | No | 0000-00-00 00:00:00 |
| ref | enum('Alarm','Alert','Event','Metric','Anomaly','Vulnerability','Custom') | No | 'Alarm' |
| type_id | varchar(64) | No | '0' |
| priority | int(11) | No | |
| status | enum('Open','Assigned','Studying','Waiting','Testing','Closed') | No | 'Open' |
| last_update | datetime | No | 0000-00-00 00:00:00 |
| in_charge | varchar(64) | No | |
| submitter | varchar(64) | No | |
| event_start | datetime | No | 0000-00-00 00:00:00 |
| event_end | datetime | No | 0000-00-00 00:00:00 |
13.incident_alarm
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| id | int(11) | No | |
| incident_id | int(11) | No | |
| src_ips | varchar(255) | No | |
| src_ports | varchar(255) | No | |
| dst_ips | varchar(255) | No | |
| dst_ports | varchar(255) | No | |
| backlog_id | binary(16) | No | |
| event_id | binary(16) | No | |
| alarm_group_id | binary(16) | Yes |
14.incident_anomaly
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| id | int(11) | No | |
| incident_id | int(11) | No | |
| anom_type | enum('mac','service','os') | No | 'mac' |
| ip | varchar(255) | No | |
| data_orig | varchar(255) | No | |
| data_new | varchar(255) | No |
15.plugin_sid
| Field | Type | Allow Null | Default Value |
|---|---|---|---|
| plugin_ctx | binary(16) | No | |
| plugin_id | int(11) | No | |
| sid | int(11) | No | |
| class_id | int(11) | Yes | |
| reliability | int(11) | Yes | 1 |
| priority | int(11) | Yes | 1 |
| name | varchar(512) | No | |
| aro | decimal(11,4) | No | 0.0000 |
| subcategory_id | int(11) | Yes | |
| category_id | int(11) | Yes |
通常我们一个线上OSSIM系统,另一个开发系统,现在要把开发系统更新到线上,但是开发系统的数据库结构与线上的略有差异,所以需要找出两个数据库的表结构差异,数据库表结构的差异。我们利用mysqldump和diff两个命令组合完成。
导出表结构
mysqldump -uroot -p -d alienvault >/home/db1.sql
mysqldump -uroot -p -d alienvault >/home/db2.sql
比较
diff db1.sql db2.sql>diff