From: An approach to the correlation of security events based on machine learning techniques
Attribute | Type | Description |
---|---|---|
meta_alert_id | Integer | Unique identification of a meta-alert |
analyzer_id_list | String | List of sensors that generated the alerts of this meta-alert |
analyzer_count | Integer | Number of sensors that detected the alerts |
init_time | Date | Timestamp of the oldest event in this meta-alert |
end_time | Date | Timestamp of the most recent event in this meta-alert |
time_window_len | Integer | Number of seconds between end_time e init_time |
src_network_addr | String | Base address of the network that originatd the alerts |
src_node_addr_list | LongText | List of the addresses that originated the alerts |
src_node_count | Integer | Number of different addresses that originated the alerts |
src_user_id_list | String | List of user identifications that originated the alerts |
src_user_count | Integer | Number of users that originated the alerts |
src_proc_id_list | String | List of process identifications that originated the alerts |
src_proc_count | Integer | Number of processes that originated the alerts |
tgt_node_addr_list | LongText | List of target addresses |
tgt_node_count | Integer | Number of different target addresses |
tgt_port_list | LongText | List of target ports |
tgt_port_count | Integer | Number of different target ports |
tgt_user_id_list | String | List of target user ids |
tgt_user_count | Integer | Number of different target user ids |
tgt_proc_id_list | String | List of target process ids |
tgt_proc_count | Integer | Number of different target process ids |
tgt_file_name_list | LongText | List of target file names |
tgt_file_count | Integer | Number of different target file names |
ext_class | String | Attack class of the meta-alert |
ext_max_priority | Integer | Highest priority amongst the alerts in the meta-alert |
alert_count | Integer | Number of alerts in the meta-alert |
alert_taxonomy_set | BitArray | One bit set per alert type present in meta-alert |