Skip to main content

Advertisement

Table 1 Meta-Alert record

From: An approach to the correlation of security events based on machine learning techniques

Attribute Type Description
meta_alert_id Integer Unique identification of a meta-alert
analyzer_id_list String List of sensors that generated the alerts of this meta-alert
analyzer_count Integer Number of sensors that detected the alerts
init_time Date Timestamp of the oldest event in this meta-alert
end_time Date Timestamp of the most recent event in this meta-alert
time_window_len Integer Number of seconds between end_time e init_time
src_network_addr String Base address of the network that originatd the alerts
src_node_addr_list LongText List of the addresses that originated the alerts
src_node_count Integer Number of different addresses that originated the alerts
src_user_id_list String List of user identifications that originated the alerts
src_user_count Integer Number of users that originated the alerts
src_proc_id_list String List of process identifications that originated the alerts
src_proc_count Integer Number of processes that originated the alerts
tgt_node_addr_list LongText List of target addresses
tgt_node_count Integer Number of different target addresses
tgt_port_list LongText List of target ports
tgt_port_count Integer Number of different target ports
tgt_user_id_list String List of target user ids
tgt_user_count Integer Number of different target user ids
tgt_proc_id_list String List of target process ids
tgt_proc_count Integer Number of different target process ids
tgt_file_name_list LongText List of target file names
tgt_file_count Integer Number of different target file names
ext_class String Attack class of the meta-alert
ext_max_priority Integer Highest priority amongst the alerts in the meta-alert
alert_count Integer Number of alerts in the meta-alert
alert_taxonomy_set BitArray One bit set per alert type present in meta-alert