Материал: Розробка підсистеми взаємодії адміністратора безпеки з системою виявлення вторгнень Prelude

);

/*=============================================*/

/* Table: Prewikka_Permission */

/*=============================================*/table Prewikka_Permission

(_p bigint not null,varchar(32) not null,varchar(32) not null,key (id_p)

);

/*=============================================*/

/* Table: Prewikka_Session */

/*=============================================*/table Prewikka_Session

(_id bigint not null,varchar(32) not null,datetime not null,key (session_id)

);

/*=============================================*/

/* Table: Prewikka_User */

/*=============================================*/table Prewikka_User

(varchar(32) not null,varchar(32) not null,varchar(32) not null,varchar(64) not null,key (login)

);

/*=============================================*/

/* Table: Prewikka_Version */

/*=============================================*/table Prewikka_Version

(varchar(32) not null

);

table Prewikka_Filter add constraint FK_Relationship_1 foreign key (login)Prewikka_User (login) on delete restrict on update restrict;

table Prewikka_Filter_Criterion add constraint FK_Relationship_5 foreign key (id_f)Prewikka_Filter (id_f) on delete restrict on update restrict;table Prewikka_Permission add constraint FK_Relationship_3 foreign key (login)Prewikka_User (login) on delete restrict on update restrict;table Prewikka_Session add constraint FK_Relationship_2 foreign key (login)

references Prewikka_User (login) on delete restrict on update restrict;

Додаток В

Вкладка підказка

import re

import timestructsocketurllibprewikka import view, User, utils, resolvebuildProcess(self, process):.beginTable().newTableEntry(_("Process"), process["name"]).newTableEntry(_("Process Path"), process["path"]).newTableEntry(_("Process PID"), process["pid"]).endTable()buildNode(self, node):not node:.newTableEntry(_("Node location"), node["location"])_list = None_name = Noneaddr in node["address"]:= addr["address"]not address:_name = resolve.AddressResolve(address)addr_list:_list += "<br/>":_list = ""addr["category"] in ("ipv4-addr", "ipv6-addr", "ipv4-net", "ipv6-net") and self.env.enable_details:_list += self.getUrlLink(address, "%s?host=%s" %(self.env.host_details_url, address)):_list += addressnode["name"]:.newTableEntry(_("Node name"), node["name"])node_name.resolveSucceed():.newTableEntry(_("Node name (resolved)"), node_name).newTableEntry(_("Node address"), addr_list)buildAnalyzer(self, analyzer):.beginTable(cl="message_summary_no_border").beginTable().newTableEntry(_("Model"), analyzer["model"], cl="section_alert_ entry_value_emphasis").newTableEntry(_("Name"), analyzer["name"], cl="section_alert_ entry_value_emphasis").newTableEntry(_("Analyzerid"), analyzer["analyzerid"]).newTableEntry(_("Version"), analyzer["version"]).newTableEntry(_("Class"), analyzer["class"]).newTableEntry(_("Manufacturer"), self.getUrlLink(analyzer["manufacturer"])).endTable().newTableRow().beginTable().buildNode(analyzer["node"])analyzer["ostype"] or analyzer["osversion"]:.newTableEntry(_("Operating System"), "%s %s" % (analyzer["ostype"] or "", analyzer["osversion"] or "")).endTable().newTableRow()analyzer["process"]:.buildProcess(analyzer["process"]).newTableRow().endTable()buildAnalyzerList(self, alert):= []analyzer in alert["analyzer"]:.insert(0, analyzer).pop(0).beginSection(_("Analyzer Path (%d not shown)") % len(l), display="none").beginTable(cl="message_summary_no_border")= 1= len(l) - 1analyzer in l:.newTableCol(i - 1, _("Analyzer #%d") % index, None, header=True).buildAnalyzer(analyzer).newTableRow()+= 1-= 1.endTable().endSection()

…buildClassification(self, alert):not alert["classification.text"]:.newTableEntry(_("Text"), alert["classification.text"],="section_alert_entry_value_emphasis impact_severity_%s" % alert["assessment.impact.severity"]).newTableEntry(_("Ident"), alert["classification.ident"])

… def buildSource(self, alert):= 0source in alert["source"]:.beginSection(_("Source(%d)") % i).buildDirection(source).endSection()+= 1buildTarget(self, alert):= 0target in alert["target"]:.beginSection(_("Target(%d)") % i).buildDirection(target)f in target["file"]:.buildFile(f).endSection()+= 1

Вкладка статистикиsystimecopyurllibdatetimeprewikka import User, view, Chart, utils, resolveDistributionStatsParameters(view.Parameters):register(self):.optional("timeline_type", str, default="hour", save=True).optional("from_year", int, save=True).optional("from_month", int, save=True).optional("from_day", int, save=True).optional("from_hour", int, save=True).optional("from_min", int, save=True).optional("to_year", int, save=True).optional("to_month", int, save=True).optional("to_day", int, save=True).optional("to_hour", int, save=True).optional("to_min", int, save=True).optional("filter", str, save=True).optional("idmef_filter", str).optional("apply", str)_processTimeCriteria(self):= time.time()._period_end = time.localtime(now)self.parameters["timeline_type"] == "hour":.dataset["timeline_hour_selected"] = "selected=\"selected\""._period_start = time.localtime(now - 3600)self.parameters["timeline_type"] == "day":.dataset["timeline_day_selected"] = "selected=\"selected\""= time.localtime(now - 24 * 3600)._period_start = time.localtime(now - 24 * 3600)self.parameters["timeline_type"] == "month":.dataset["timeline_month_selected"] = "selected=\"selected\""= list(time.localtime(now))[1] -= 1._period_start = time.localtime(time.mktime(tm)):.dataset["timeline_custom_selected"] = "selected=\"selected\""._period_start = time.struct_time((self.parameters["from_year"], self.parameters["from_month"],.parameters["from_day"], self.parameters["from_hour"],.parameters["from_min"], 0, 0, 0, -1))._period_end = time.struct_time((self.parameters["to_year"], self.parameters["to_month"],.parameters["to_day"], self.parameters["to_hour"],.parameters["to_min"], 0, 0, 0, -1)).dataset["from_year"] = "%.4d" % self._period_start.tm_year.dataset["from_month"] = "%.2d" % self._period_start.tm_mon.dataset["from_day"] = "%.2d" % self._period_start.tm_mday.dataset["from_hour"] = "%.2d" % self._period_start.tm_hour.dataset["from_min"] = "%.2d" % self._period_start.tm_min.dataset["to_year"] = "%.4d" % self._period_end.tm_year.dataset["to_month"] = "%.2d" % self._period_end.tm_mon.dataset["to_day"] = "%.2d" % self._period_end.tm_mday.dataset["to_hour"] = "%.2d" % self._period_end.tm_hour.dataset["to_min"] = "%.2d" % self._period_end.tm_min= [ "alert.create_time >= '%d-%d-%d %d:%d:%d' && alert.create_time < '%d-%d-%d %d:%d:%d'" % \

(self._period_start.tm_year, self._period_start.tm_mon, self._period_start.tm_mday,._period_start.tm_hour, self._period_start.tm_min, self._period_start.tm_sec,._period_end.tm_year, self._period_end.tm_mon, self._period_end.tm_mday,._period_end.tm_hour, self._period_end.tm_min, self._period_end.tm_sec) ]criteria_setTimelineZoom(self, base_parameters, start, end):

#tm = time.localtime(start)_parameters["from_year"] = start.year_parameters["from_month"] = start.month_parameters["from_day"] = start.day_parameters["from_hour"] = start.hour_parameters["from_min"] = start.minute

#tm = time.localtime(end)_parameters["to_year"] = end.year_parameters["to_month"] = end.month_parameters["to_day"] = end.day_parameters["to_hour"] = end.hour_parameters["to_min"] = end.minute