OSSIM主要數(shù)據(jù)庫(kù)表結(jié)構(gòu)

對(duì)于從事OSSIM開(kāi)發(fā)的技術(shù)人員，最主要的需要知道OSSIM庫(kù)里的多種表結(jié)構(gòu)，下面舉幾個(gè)典型事例：

/* ======== config表 ======== */

DROP TABLE IF EXISTS conf;

CREATE TABLE conf (

? ? recovery ? ? ? ?int NOT NULL,

? ? threshold ? ? ? int NOT NULL,

? ? graph_threshold int NOT NULL,

? ? bar_length_left int NOT NULL,

? ? bar_length_right int NOT NULL,

? ? PRIMARY KEY (recovery, threshold, graph_threshold,?

? ? ? ? ? ? ? ? ?bar_length_left, bar_length_right)

);

/* ======== hosts & nets表 ======== */

DROP TABLE IF EXISTS host;

CREATE TABLE host (

? ip ? ? ? ? ? ? ? ?varchar(15) UNIQUE NOT NULL,

? hostname ? ? ? ? ?varchar(128) NOT NULL,

? asset ? ? ? ? ? ? smallint(6) NOT NULL,

? threshold_c ? ? ? int NOT NULL,

? threshold_a ? ? ? int NOT NULL,

? alert ? ? ? ? ? ? int NOT NULL,

? persistence ? ? ? int NOT NULL,

? nat ? ? ? ? ? ? ? varchar(15),

? descr ? ? ? ? ? ? varchar(255),

? PRIMARY KEY ? ? ? (ip)

);

DROP TABLE IF EXISTS scan;

CREATE TABLE scan (

? ? ip ? ? ? ? ? ? ?varchar(15) UNIQUE NOT NULL,

? ? active ? ? ? ? ?int NOT NULL,

? ? PRIMARY KEY ? ? (ip)

);

DROP TABLE IF EXISTS net;

CREATE TABLE net (

? name ? ? ? ? ? ? ?varchar(128) UNIQUE NOT NULL,

? ips ? ? ? ? ? ? ? varchar(255) NOT NULL,

? priority ? ? ? ? ?int NOT NULL,

? threshold_c ? ? ? int NOT NULL,

? threshold_a ? ? ? int NOT NULL,

? alert ? ? ? ? ? ? int NOT NULL,

? persistence ? ? ? int NOT NULL,

? descr ? ? ? ? ? ? varchar(255),

? PRIMARY KEY ? ? ? (name)

);

DROP TABLE IF EXISTS net_host_reference;

CREATE TABLE net_host_reference (

? net_name ? ? ? ? ?varchar(128) NOT NULL,

? host_ip ? ? ? ? ? varchar(15) NOT NULL,

? PRIMARY KEY ? ? ? (net_name,host_ip)

);

/* ======== signatures表 ======== */

DROP TABLE IF EXISTS signature_group;

CREATE TABLE signature_group (

? name ? ? ? ? ? ? ?varchar(64) NOT NULL,

? descr ? ? ? ? ? ? varchar(255),

? PRIMARY KEY ? ? ? (name)

);

DROP TABLE IF EXISTS signature;

CREATE TABLE signature (

? name ? ? ? ? ? ? ?varchar(64) NOT NULL,

? PRIMARY KEY ? ? ? (name)

);

DROP TABLE IF EXISTS signature_group_reference;

CREATE TABLE signature_group_reference (

? ? sig_group_name ? ?varchar(64) NOT NULL,

? ? sig_name ? ? ? ? ?varchar(64) NOT NULL,

? ? PRIMARY KEY ? ? ?(sig_group_name, sig_name)

);

/* ======== ports表 ======== */

DROP TABLE IF EXISTS port_group;

CREATE TABLE port_group (

? ? name ? ? ? ? ? ?varchar(64) NOT NULL,

? ? descr ? ? ? ? ? varchar(255),

? ? PRIMARY KEY ? ? (name)

);

DROP TABLE IF EXISTS port;

CREATE TABLE port (

? port_number ? ? ? int NOT NULL,

? protocol_name ? ? varchar(12) NOT NULL,

? service ? ? ? ? ? varchar(64),

? descr ? ? ? ? ? ? varchar(255),

? PRIMARY KEY ? ? ? (port_number,protocol_name)

);

DROP TABLE IF EXISTS port_group_reference;

CREATE TABLE port_group_reference (

? ? port_group_name varchar(64) NOT NULL,

? ? port_number ? ? int NOT NULL,

? ? protocol_name ? varchar(12) NOT NULL,

? ? PRIMARY KEY ? ? (port_group_name, port_number, protocol_name)

);

DROP TABLE IF EXISTS protocol;

CREATE TABLE protocol (

? id ? ? ? ? ? ? ? ?int NOT NULL,

? name ? ? ? ? ? ? ?varchar(24) NOT NULL,

? alias ? ? ? ? ? ? varchar(24),

? descr ? ? ? ? ? ? varchar(255) NOT NULL,

? PRIMARY KEY ? ? ? (id)

);

/* ======== sensors表 ======== */

DROP TABLE IF EXISTS sensor;

CREATE TABLE sensor (

? ? name ? ? ? ? ? ?varchar(64) NOT NULL,

? ? ip ? ? ? ? ? ? ?varchar(15) NOT NULL,

? ? priority ? ? ? ?smallint NOT NULL,

? ? port ? ? ? ? ? ?int NOT NULL,

? ? connect ? ? ? ? smallint NOT NULL,

/* ? ?sig_group_id ? ?int ?NOT NULL, */

? ? descr ? ? ? ? ? varchar(255) NOT NULL,

? ? PRIMARY KEY ? ? (name)

);

DROP TABLE IF EXISTS host_sensor_reference;

CREATE TABLE host_sensor_reference (

? ? host_ip ? ? ? ? varchar(15) NOT NULL,

? ? sensor_name ? ? varchar(64) NOT NULL,

? ? PRIMARY KEY ? ? (host_ip, sensor_name)

);

DROP TABLE IF EXISTS net_sensor_reference;

CREATE TABLE net_sensor_reference (

? ? net_name ? ? ? ?varchar(15) NOT NULL,

? ? sensor_name ? ? varchar(64) NOT NULL,

? ? PRIMARY KEY ? ? (net_name, sensor_name)

);

/* ======== policy 表======== */

DROP TABLE IF EXISTS policy;

CREATE TABLE policy (

? ? id ? ? ? ? ? ? ?int NOT NULL auto_increment,

? ? priority ? ? ? ?smallint NOT NULL,

? ? descr ? ? ? ? ? varchar(255),

? ? PRIMARY KEY ? ? (id)

);

DROP TABLE IF EXISTS policy_port_reference;

CREATE TABLE policy_port_reference (

? ? policy_id ? ? ? int NOT NULL,

? ? port_group_name varchar(64) NOT NULL,

? ? PRIMARY KEY ? ? (policy_id, port_group_name)

);

DROP TABLE IF EXISTS policy_host_reference;

CREATE TABLE policy_host_reference (

? ? policy_id ? ? ? int NOT NULL,

? ? host_ip ? ? ? ? varchar(15) NOT NULL,

? ? direction ? ? ? enum ('source', 'dest') NOT NULL,

? ? PRIMARY KEY (policy_id, host_ip, direction)

);

DROP TABLE IF EXISTS policy_net_reference;

CREATE TABLE policy_net_reference (

? ? policy_id ? ? ? int NOT NULL,

? ? net_name ? ? ? ?varchar(64) NOT NULL,

? ? direction ? ? ? enum ('source', 'dest') NOT NULL,

? ? PRIMARY KEY (policy_id, net_name, direction)

);

DROP TABLE IF EXISTS policy_sensor_reference;

CREATE TABLE policy_sensor_reference (

? ? policy_id ? ? ? int NOT NULL,

? ? sensor_name ? ? varchar(64) NOT NULL,

? ? PRIMARY KEY ? ? (policy_id, sensor_name)

);

DROP TABLE IF EXISTS policy_sig_reference;

CREATE TABLE policy_sig_reference (

? ? policy_id ? ? ? int NOT NULL,

? ? sig_group_name ?varchar(64) NOT NULL,

? ? PRIMARY KEY ? ? (policy_id, sig_group_name)

);

DROP TABLE IF EXISTS policy_time;

CREATE TABLE policy_time (

? ? policy_id ? ? ? int NOT NULL,

? ? begin_hour ? ? ?smallint NOT NULL,

? ? end_hour ? ? ? ?smallint NOT NULL,

? ? begin_day ? ? ? smallint NOT NULL,

? ? end_day ? ? ? ? smallint NOT NULL,

? ? PRIMARY KEY ? ? (policy_id)

);

/* ======== qualification表 ======== */

DROP TABLE IF EXISTS host_qualification;

CREATE TABLE host_qualification (

? ? host_ip ? ? ? ? varchar(15) NOT NULL,

? ? compromise ? ? ?int NOT NULL DEFAULT 1,

? ? attack ? ? ? ? ?int NOT NULL DEFAULT 1,

? ? PRIMARY KEY ? ? (host_ip)

);

DROP TABLE IF EXISTS net_qualification;

CREATE TABLE net_qualification (

? ? net_name ? ? ? ?varchar(64) NOT NULL,

? ? compromise ? ? ?int NOT NULL DEFAULT 1,

? ? attack ? ? ? ? ?int NOT NULL DEFAULT 1,

? ? PRIMARY KEY ? ? (net_name)

);

DROP TABLE IF EXISTS host_vulnerability;

CREATE TABLE host_vulnerability (

? ? ip ? ? ? ? ? ? ?varchar(15) NOT NULL,

? ? vulnerability ? int NOT NULL DEFAULT 1,

? ? PRIMARY KEY ? ? (ip)

);

DROP TABLE IF EXISTS net_vulnerability;

CREATE TABLE net_vulnerability (

? ? net ? ? ? ? ? ? varchar(15) NOT NULL,

? ? vulnerability ? int NOT NULL DEFAULT 1,

? ? PRIMARY KEY ? ? (net)

);

DROP TABLE IF EXISTS control_panel_host;

CREATE TABLE control_panel_host (

? ? host_ip ? ? ? ? varchar(15) NOT NULL,

? ? time_range ? ? ?varchar(5) NOT NULL DEFAULT 'day',

? ? max_c ? ? ? ? ? int NOT NULL,

? ? max_a ? ? ? ? ? int NOT NULL,

? ? max_c_date ? ? ?datetime,

? ? max_a_date ? ? ?datetime,

? ? avg_c ? ? ? ? ? int NOT NULL,

? ? avg_a ? ? ? ? ? int NOT NULL,

? ? PRIMARY KEY ? ? (host_ip, time_range)

);

DROP TABLE IF EXISTS control_panel_net;

CREATE TABLE control_panel_net (

? ? net_name ? ? ? ?varchar(15) NOT NULL,

? ? time_range ? ? ?varchar(5) NOT NULL DEFAULT 'day',

? ? max_c ? ? ? ? ? int NOT NULL,

? ? max_a ? ? ? ? ? int NOT NULL,

? ? max_c_date ? ? ?datetime,

? ? max_a_date ? ? ?datetime,

? ? avg_c ? ? ? ? ? int NOT NULL,

? ? avg_a ? ? ? ? ? int NOT NULL,

? ? PRIMARY KEY ? ? (net_name, time_range)

);

DROP TABLE IF EXISTS host_mac;

CREATE TABLE host_mac (

? ip ? ? ? ? ? ? ? ? ? ? ? ?varchar(15) UNIQUE NOT NULL,

? mac?? ? ? ? ? ? ? ? ? ?varchar(255) NOT NULL,

? previous?? ? ? ? ? ? ? ?varchar(255) NOT NULL,

? anom ? ? ? ? ? ? ? ? ? ? ?int NOT NULL,

? mac_time ? ? ? ? ? ? ? ? varchar(100) NOT NULL,

? PRIMARY KEY ? ? ? (ip)

);

DROP TABLE IF EXISTS host_os;

CREATE TABLE host_os (

? ip ? ? ? ? ? ? ? ? ? ? ? ?varchar(15) UNIQUE NOT NULL,

? os?? ? ? ? ? ? ? ? ? ?varchar(255) NOT NULL,

? previous?? ? ? ? ? ? ? ?varchar(255) NOT NULL,

? anom ? ? ? ? ? ? ? ? ? ? ?int NOT NULL,

? os_time ? ? ? ? ? ? ? ? varchar(100) NOT NULL,

? PRIMARY KEY ? ? ? (ip)

);

DROP TABLE IF EXISTS host_services;

CREATE TABLE host_services (

? ? ip ? ? ?varchar(15) NOT NULL,

? ? service varchar(128) NOT NULL,

? ? version varchar(255) NOT NULL,

? ? PRIMARY KEY (ip, service, version)

);

DROP TABLE IF EXISTS host_netbios;

CREATE TABLE host_netbios (

? ? ip ? ? ?varchar(15) NOT NULL,

? ? name ? ?varchar(128) NOT NULL,

? ? wgroup ?varchar(128),

? ? PRIMARY KEY (ip)

);

DROP TABLE IF EXISTS rrd_conf;

CREATE TABLE rrd_conf (

? ip ? ? ? ? ? ? ? ? ? ? ? ?varchar(15) UNIQUE NOT NULL,

? pkt_sent?? ? ? ? ? ? ? ?varchar(60) NOT NULL,

? pkt_rcvd ? ? ???? ? ? ?varchar(60) NOT NULL,

? bytes_sent?? ? ? ? ? ?varchar(60) NOT NULL,

? bytes_rcvd?? ? ? ? ? ?varchar(60) NOT NULL,

? tot_contacted_sent_peersvarchar(60) NOT NULL,

? tot_contacted_rcvd_peersvarchar(60) NOT NULL,

? ip_dns_sent_bytes?? ? ? ?varchar(60) NOT NULL,

? ip_dns_rcvd_bytes?? ? ? ?varchar(60) NOT NULL,

? ip_nbios_ip_sent_bytesvarchar(60) NOT NULL,

? ip_nbios_ip_rcvd_bytesvarchar(60) NOT NULL,

? ip_mail_sent_bytes?? ?varchar(60) NOT NULL,

? ip_mail_rcvd_bytes?? ?varchar(60) NOT NULL,

? mrtg_a?? ? ? ? ? ? ? ?varchar(60) NOT NULL,

? mrtg_c?? ? ? ? ? ? ? ?varchar(60) NOT NULL,

? PRIMARY KEY ? ? ? (ip)

);

DROP TABLE IF EXISTS rrd_anomalies;

CREATE TABLE rrd_anomalies (

? ? ip ? ? ? ? ? ? ? ? ? ? ?varchar(15) NOT NULL,

? ? what ? ? ? ? ? ? ? ? ? ?varchar(100) NOT NULL,

? ? count ? ? ? ? ? ? ? ? ? int NOT NULL,

? ? anomaly_time ? ? ? ? ? ?varchar(40) NOT NULL,

? ? range ? ? ? ? ? ? ? ? ? varchar(30) NOT NULL,

? ? over ? ? ? ? ? ? ? ? ? ?int NOT NULL,

? ? acked ? ? ? ? ? ? ? ? ? int DEFAULT 0

);

DROP TABLE IF EXISTS rrd_conf_global;

CREATE TABLE rrd_conf_global (

active_host_senders_num VARCHAR(60) NOT NULL,

arp_rarp_bytes ? ?VARCHAR(60) NOT NULL,

broadcast_pkts ? ?VARCHAR(60) NOT NULL,

ethernet_bytes ? ?VARCHAR(60) NOT NULL,?

ethernet_pkts ? ? VARCHAR(60) NOT NULL,?

icmp_bytes ? ? ? ?VARCHAR(60) NOT NULL,?

igmp_bytes ? ? ? ?VARCHAR(60) NOT NULL,?

ip_bytes ? ? ? ? ?VARCHAR(60) NOT NULL,?

ip_dhcp_bootp_bytes VARCHAR(60) NOT NULL,?

ip_dns_bytes ? ? ?VARCHAR(60) NOT NULL,

ip_edonkey_bytes ?VARCHAR(60) NOT NULL,?

ip_ftp_bytes ? ? ?VARCHAR(60) NOT NULL,?

ip_gnutella_bytes VARCHAR(60) NOT NULL,?

ip_http_bytes ? ? VARCHAR(60) NOT NULL,?

ip_kazaa_bytes ? ?VARCHAR(60) NOT NULL,?

ip_mail_bytes ? ? VARCHAR(60) NOT NULL,?

ip_messenger_bytes VARCHAR(60) NOT NULL,

ip_nbios_ip_bytes VARCHAR(60) NOT NULL,?

ip_nfs_bytes ? ? ?VARCHAR(60) NOT NULL,?

ip_nttp_bytes ? ? VARCHAR(60) NOT NULL,?

ip_snmp_bytes ? ? VARCHAR(60) NOT NULL,?

ip_ssh_bytes ? ? ?VARCHAR(60) NOT NULL,?

ip_telnet_bytes ? VARCHAR(60) NOT NULL,?

ip_winmx_bytes ? ?VARCHAR(60) NOT NULL,?

ip_x11_bytes ? ? ?VARCHAR(60) NOT NULL,?

ipx_bytes ? ? ? ? VARCHAR(60) NOT NULL,

known_hosts_num ? VARCHAR(60) NOT NULL,

multicast_pkts ? ?VARCHAR(60) NOT NULL,

ospf_bytes ? ? ? ?VARCHAR(60) NOT NULL,

other_bytes ? ? ? VARCHAR(60) NOT NULL,

tcp_bytes ? ? ? ? VARCHAR(60) NOT NULL,

udp_bytes ? ? ? ? VARCHAR(60) NOT NULL,

up_to_1024_pkts ? VARCHAR(60) NOT NULL,

up_to_128_pkts ? ?VARCHAR(60) NOT NULL,

up_to_1518_pkts ? VARCHAR(60) NOT NULL,

up_to_512_pkts ? ?VARCHAR(60) NOT NULL,

up_to_64_pkts ? ? VARCHAR(60) NOT NULL

);

DROP TABLE IF EXISTS rrd_anomalies_global;

CREATE TABLE rrd_anomalies_global (

? ? what ? ? ? ? ? ? ? ? ? ?varchar(100) NOT NULL,

? ? count ? ? ? ? ? ? ? ? ? int NOT NULL,

? ? anomaly_time ? ? ? ? ? ?varchar(40) NOT NULL,

? ? range ? ? ? ? ? ? ? ? ? varchar(30) NOT NULL,

? ? over ? ? ? ? ? ? ? ? ? ?int NOT NULL,

? ? acked ? ? ? ? ? ? ? ? ? int DEFAULT 0

);

--

-- Table: Category表

--

DROP TABLE IF EXISTS category;

CREATE TABLE category (

idINTEGER NOT NULL,

nameVARCHAR (100) NOT NULL,

PRIMARY KEY (id)

);

--

-- Table: Classification表

--

DROP TABLE IF EXISTS classification;

CREATE TABLE classification (

idINTEGER NOT NULL,

nameVARCHAR (100) NOT NULL,

descriptionTEXT,

priorityINTEGER,

PRIMARY KEY (id)

);

--

-- Table: Plugin表

--

DROP TABLE IF EXISTS plugin;

CREATE TABLE plugin (

idINTEGER NOT NULL,

typeSMALLINT NOT NULL,

nameVARCHAR (100) NOT NULL,

descriptionTEXT,

PRIMARY KEY (id)

);

--

-- Table: Plugin Sid表

--

DROP TABLE IF EXISTS plugin_sid;

CREATE TABLE plugin_sid (

plugin_idINTEGER NOT NULL,

sidINTEGER NOT NULL,

category_idINTEGER,

class_idINTEGER,

reliabilityINTEGER DEFAULT 1,

priorityINTEGER DEFAULT 1,

nameVARCHAR (255) NOT NULL,

PRIMARY KEY (plugin_id, sid)

);

--

-- Table: Alert表

--

DROP TABLE IF EXISTS alert;

CREATE TABLE alert (

idBIGINT NOT NULL AUTO_INCREMENT,

timestampTIMESTAMP,

sensorTEXT NOT NULL,

interfaceTEXT NOT NULL,

typeINTEGER NOT NULL,

plugin_idINTEGER NOT NULL,

plugin_sidINTEGER,

protocolINTEGER,

src_ipINTEGER UNSIGNED,

dst_ipINTEGER UNSIGNED,

src_portINTEGER,

dst_portINTEGER,

conditionINTEGER,

valueTEXT,

time_intervalINTEGER,

absoluteTINYINT,

priorityINTEGER DEFAULT 1,

reliabilityINTEGER DEFAULT 1,

asset_srcINTEGER DEFAULT 1,

asset_dstINTEGER DEFAULT 1,

risk_aINTEGER DEFAULT 1,

risk_cINTEGER DEFAULT 1,

alarm ? ? ? ? ? TINYINT DEFAULT 1,

PRIMARY KEY (id)

);

--

-- Table: Backlog表

--

DROP TABLE IF EXISTS backlog;

CREATE TABLE backlog (

utimeBIGINT NOT NULL,

idINTEGER NOT NULL,

nameTEXT,

rule_levelINTEGER,

rule_typeTINYINT,

rule_nameTEXT,

occurrence ? ? ?INTEGER,

time_outINTEGER,

matchedTINYINT,

plugin_idINTEGER,

plugin_sidINTEGER,

src_ipINTEGER UNSIGNED,

dst_ipINTEGER UNSIGNED,

src_portINTEGER,

dst_portINTEGER,

condition ? ? ? INTEGER,

valueTEXT,

time_intervalINTEGER,

absoluteTINYINT,

priorityINTEGER,

reliability ? ? INTEGER,

PRIMARY KEY (utime, id)

);

--

-- Table: plugin_reference表

--

DROP TABLE IF EXISTS plugin_reference;

CREATE TABLE plugin_reference (

plugin_idINTEGER NOT NULL,

plugin_sidINTEGER NOT NULL,

reference_idINTEGER NOT NULL,

reference_sidINTEGER NOT NULL,

PRIMARY KEY (plugin_id, plugin_sid, reference_id, reference_sid)

);

--

-- Table: Host plugin sid表

--

DROP TABLE IF EXISTS host_plugin_sid;

CREATE TABLE host_plugin_sid (

host_ip ? ? ? ? INTEGER UNSIGNED NOT NULL,

plugin_idINTEGER NOT NULL,

plugin_sidINTEGER NOT NULL,

PRIMARY KEY (host_ip, plugin_id, plugin_sid)

);

--

-- Table: Host scan表

--

DROP TABLE IF EXISTS host_scan;

CREATE TABLE host_scan (

host_ip ? ? ? ? INTEGER UNSIGNED NOT NULL,

plugin_idINTEGER NOT NULL,

plugin_sidINTEGER NOT NULL,

PRIMARY KEY (host_ip, plugin_id, plugin_sid)

);

有關(guān)OSSIM更多內(nèi)容請(qǐng)參閱《開(kāi)源安全運(yùn)維平臺(tái)-OSSIM最佳實(shí)踐》一書。

總結(jié)

以上是生活随笔為你收集整理的OSSIM主要数据库表结构的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。