Table 1 Meta-Alert record

meta_alert_id

Integer

Unique identification of a meta-alert

analyzer_id_list

String

List of sensors that generated the alerts of this meta-alert

analyzer_count

Integer

Number of sensors that detected the alerts

init_time

Date

Timestamp of the oldest event in this meta-alert

end_time

Date

Timestamp of the most recent event in this meta-alert

time_window_len

Integer

Number of seconds between end_time e init_time

src_network_addr

String

Base address of the network that originatd the alerts

src_node_addr_list

LongText

List of the addresses that originated the alerts

src_node_count

Integer

Number of different addresses that originated the alerts

src_user_id_list

String

List of user identifications that originated the alerts

src_user_count

Integer

Number of users that originated the alerts

src_proc_id_list

String

List of process identifications that originated the alerts

src_proc_count

Integer

Number of processes that originated the alerts

tgt_node_addr_list

LongText

List of target addresses

tgt_node_count

Integer

Number of different target addresses

tgt_port_list

LongText

List of target ports

tgt_port_count

Integer

Number of different target ports

tgt_user_id_list

String

List of target user ids

tgt_user_count

Integer

Number of different target user ids

tgt_proc_id_list

String

List of target process ids

tgt_proc_count

Integer

Number of different target process ids

tgt_file_name_list

LongText

List of target file names

tgt_file_count

Integer

Number of different target file names

ext_class

String

Attack class of the meta-alert

ext_max_priority

Integer

Highest priority amongst the alerts in the meta-alert

alert_count

Integer

Number of alerts in the meta-alert

alert_taxonomy_set

BitArray

One bit set per alert type present in meta-alert