Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.martealert
Class martealertDetailedReport

java.lang.Object
  extended bycom.martealert.martealertDetailedReport
All Implemented Interfaces:
martealertConstants, martealertLevelInterface, martealertRealTimeInterface
public class martealertDetailedReport
extends java.lang.Object
implements martealertConstants, martealertLevelInterface, martealertRealTimeInterface

This public class makes an object with a Vector for group names and a Vector of Vector for each group. Basic structure of a preludeDetailedAlert object:

preludeDetailedAlert hierarchic structure:
  • Groups (3D Vector) It's a vector of 2D vectors.
  • Group names (Vector)

    Field Summary
     java.util.Vector groupNames
               
     java.util.Vector groups
               
     
    Fields inherited from interface com.martealert.martealertConstants
    AMBIGUOUS_FIELDS, ANALYZER, CLASSIFICATION, COMPLETION, FTS, FTSTZ, HOUR_IN_MILLIS, INTERVAL, IPADDRS, LASTJOIN, LTS, LTSTZ, MAXMSGID, MAXSEVERITY, MFTS, MLTS, MSGID, MSOURCEPORT, NALERTS, NOTNULL_FIELDS, NULL_FIELDS, NXCLASSIFICATION, ORDER_BY_ALERTS, ORDER_BY_MAXTIME, ORDER_BY_TIME, PRELUDE_TABLES, PROTOCOL, SENSOR, SEVERITY, SEVERITY_COMPLETION, SOURCE, SOURCEIP, SOURCEPORT, SOURCEUID, TARGET, TARGETIP, TARGETPORT, TARGETPORT_PROTOCOL, TARGETUID, TERMINAL, TIME, TIMETZ, TLAST, TOP, TOTALTIME
     
    Fields inherited from interface com.martealert.martealertLevelInterface
    FIRST_CLASSIFICATION, FIRST_FTS, FIRST_LTS, FIRST_MAX_LIMIT, FIRST_SENSOR, FIRST_SEVERITY, FIRST_SOURCE_ADDR, FIRST_TARGET_ADDR, FIRST_TERMINAL, SECOND_CLASSIFICATION, SECOND_COMPLETION, SECOND_FTS, SECOND_LTS, SECOND_MAX_LIMIT, SECOND_PROTOCOL, SECOND_SENSOR, SECOND_SEVERITY, SECOND_SOURCE_ADDR, SECOND_SOURCEPORT, SECOND_TARGET_ADDR, SECOND_TARGETPORT, SECOND_TERMINAL, THIRD_CLASSIFICATION, THIRD_COMPLETION, THIRD_MESSAGEID, THIRD_PROTOCOL, THIRD_SENSOR, THIRD_SEVERITY, THIRD_SOURCE_ADDR, THIRD_SOURCEPORT, THIRD_TARGET_ADDR, THIRD_TARGETPORT, THIRD_TERMINAL, THIRD_TIME
     
    Fields inherited from interface com.martealert.martealertRealTimeInterface
    REAL_TIME_CLASSIFICATION, REAL_TIME_COMPLETION, REAL_TIME_MSGID, REAL_TIME_SEVERITY, REAL_TIME_SOURCEIP, REAL_TIME_TARGETIP, REAL_TIME_TIME
     
    Constructor Summary
    martealertDetailedReport()
              Creates a new instance of preludeDetailedAlert
     
    Method Summary
    static java.util.Vector getAdditionalInfoGroup(java.sql.Connection con, java.lang.String msgid)
              Returns Additional Info group data vector.
    static java.util.Vector getAnalyzerGroup(java.sql.Connection con, java.lang.String msgid, int n)
              Returns Analyzer group data vector.
    static java.util.Vector getClassGroup(java.sql.Connection con, java.lang.String msgid)
              Returns Classification group data vector
    static java.util.Vector getDatesGroup(java.sql.Connection con, java.lang.String msgid)
              Returns Dates group data vector
    static martealertDetailedReport getDetailedAlert(java.sql.Connection con, martealertRealTime single, int row)
               
    static martealertDetailedReport getDetailedAlert(java.sql.Connection con, martealertThirdLevel single, int row)
              Get a preludeDetailedAlert object with detailed information of a single event, with the next structure:
    preludeDetailedAlert hierarchic structure:
    Groups (3D Vector) It's a vector of 2D vectors.
    static martealertDetailedReport getDetailedAlert(java.sql.Connection con, java.lang.String msgid)
              Returns a report of a event/log given by its message identifier.
    static java.util.Vector getImpactGroup(java.sql.Connection con, java.lang.String msgid)
              Returns Impact group data vector
    static java.util.Vector getSourceGroup(java.sql.Connection con, java.lang.String msgid)
              Returns Source group data vector.
    static java.util.Vector getTargetFileCurrent(java.sql.Connection con, java.lang.String msgid)
              Returns Target File Current group data vector.
    static java.util.Vector getTargetGroup(java.sql.Connection con, java.lang.String msgid)
              Returns Target group data vector.
    static java.util.Vector numAnalyzerPid(java.sql.Connection con, java.lang.String msgid)
              Returns a vector with whose size is the number of analyzers.
     void printReport()
              Prints a report of a message given in a this.groups 3D Vector and this.groupNames Vector.
     void setDetailedAlert(java.util.Vector groups, java.util.Vector groupNames)
              Store groups data and names into preludeDetailedAlert structure
     
    Methods inherited from class java.lang.Object
    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
     

    Field Detail

    groups

    public java.util.Vector groups

    groupNames

    public java.util.Vector groupNames
    Constructor Detail

    martealertDetailedReport

    public martealertDetailedReport()
    Creates a new instance of preludeDetailedAlert

    Method Detail

    getDetailedAlert

    public static martealertDetailedReport getDetailedAlert(java.sql.Connection con,
                                                        martealertThirdLevel single,
                                                        int row)
                                                 throws java.sql.SQLException
    Get a preludeDetailedAlert object with detailed information of a single event, with the next structure:
    preludeDetailedAlert hierarchic structure:
  • Groups (3D Vector) It's a vector of 2D vectors.
    • Dates group (2D Vector)
      • Row titles column (Vector)
      • Data column (Vector)
    • Classification group (2D Vector)
    •   [...] Rest of groups
  • Group names (Vector)

    Parameters:
    con - Connection variable to access PostgreSQL database Connection variable to access PostgreSQL database
    single - preludeSingleAlert object
    row - Row vector of preludeSingleAlert selected to get log info.
    Returns:
    a preludeDetailedAlert object as a 3D vector.
    Throws:
    java.sql.SQLException - SQL syntax error.

    • getDetailedAlert

    public static martealertDetailedReport getDetailedAlert(java.sql.Connection con,
                                                        martealertRealTime single,
                                                        int row)
                                                 throws java.sql.SQLException
    Throws:
    java.sql.SQLException

    getDetailedAlert

    public static martealertDetailedReport getDetailedAlert(java.sql.Connection con,
                                                        java.lang.String msgid)
                                                 throws java.sql.SQLException
    Returns a report of a event/log given by its message identifier. preludeDetailedAlert has next structure: preludeDetailedAlert hierarchic structure:
  • Groups (3D Vector) It's a vector of 2D vectors.
    • Dates group (2D Vector)
      • Row titles column (Vector)
      • Data column (Vector)
    • Classification group (2D Vector)
    •   [...] Rest of groups
  • Group names (Vector) Possible groups are: Dates, Classification, Impact, Source, Target, Target File Current, Analyzer and Additional Info, but not all among them are compatibles.

    Parameters:
    con - Connection variable to access PostgreSQL database Connection variable to access PostgreSQL database
    msgid - Message Identifier.
    Returns:
    a preludeDetailedAlert object as a 3D vector.
    Throws:
    java.sql.SQLException

    • setDetailedAlert

    public void setDetailedAlert(java.util.Vector groups,
                             java.util.Vector groupNames)
    Store groups data and names into preludeDetailedAlert structure

    Parameters:
    groups - vector of vectors
    groupNames - Vector of String with group names. preludeDetailedAlert hierarchic structure:
  • Groups (3D Vector) It's a vector of 2D vectors.
    • Dates group (2D Vector)
      • Row titles column (Vector)
      • Data column (Vector)
    • Classification group (2D Vector)
    •   [...] Rest of groups
  • Group names (Vector)

    • getDatesGroup

    public static java.util.Vector getDatesGroup(java.sql.Connection con,
                                             java.lang.String msgid)
                                      throws java.sql.SQLException
    Returns Dates group data vector

    Parameters:
    con - Connection variable for PostgreSQL database
    msgid - Message identifier
    Returns:
    Vector with times of creation, detection and analysis, but group name is not returned. Returned vector example:
    Dates
    Create time2005-12-12 17:56:42.032086
    Detect time2005-12-12 17:56:42.0
    Analyzer time2005-12-12 17:56:42.032194

    Structure: preludeDetailedAlert hierarchic structure:
  • Groups (3D Vector) It's a vector of 2D vectors.
    • Dates group (2D Vector)
      • Row titles column (Vector)
      • Data column (Vector)
    • Classification group (2D Vector)
    •   [...] Rest of groups
  • Group names (Vector)
    Throws:
    java.sql.SQLException - syntax error calculating Dates group data vector.

    • getClassGroup

    public static java.util.Vector getClassGroup(java.sql.Connection con,
                                             java.lang.String msgid)
                                      throws java.sql.SQLException
    Returns Classification group data vector

    Parameters:
    con - Connection variable for PostgreSQL database.
    msgid - Message identifier
    Returns:
    Vector with one row showing event type, but group name is not returned. Returned vector example:
    Classification
    ClassificationUser login successful

    Structure: preludeDetailedAlert hierarchic structure:
  • Groups (3D Vector) It's a vector of 2D vectors.
    • Dates group (2D Vector)
      • Row titles column (Vector)
      • Data column (Vector)
    • Classification group (2D Vector)
    •   [...] Rest of groups
  • Group names (Vector)
    Throws:
    java.sql.SQLException - syntax error calculating Classification group data vector.

    • getImpactGroup

    public static java.util.Vector getImpactGroup(java.sql.Connection con,
                                              java.lang.String msgid)
                                       throws java.sql.SQLException
    Returns Impact group data vector

    Parameters:
    con - Connection variable for PostgreSQL database.
    msgid - Message identifier
    Returns:
    Vector with "description", "severity", "type" and "completion" (succeeded or not), but group name is not returned. Returned vector example:
    Impact
    DescriptionAn attacker might have modified the logfile in order to remove the trace he left.
    Severityhigh
    Typefile
    Completionsucceeded

    Structure: preludeDetailedAlert hierarchic structure:
  • Groups (3D Vector) It's a vector of 2D vectors.
    • Dates group (2D Vector)
      • Row titles column (Vector)
      • Data column (Vector)
    • Classification group (2D Vector)
    • Impact group (2D Vector)
    •   [...] Rest of groups
  • Group names (Vector)
    Throws:
    java.sql.SQLException - syntax error calculating Impact group data vector.

    • getSourceGroup

    public static java.util.Vector getSourceGroup(java.sql.Connection con,
                                              java.lang.String msgid)
                                       throws java.sql.SQLException
    Returns Source group data vector.

    Parameters:
    con - Connection variable for PostgreSQL database.
    msgid - Message identifier
    Returns:
    vector with, at maximum, (all of them are optional) next fields; "IP_address:port (protocol)", "category" and "current user on tty". Group name is not returned. Returned vector example: ------------------------------------------- Address 192.168.100.61:41595 (tcp) MAC 00:06:71:0b:99:d5 Category os-device Current-user ssh
    Throws:
    java.sql.SQLException - SQL syntax error invoking statement.executeQuery(String sql_query);

    getTargetGroup

    public static java.util.Vector getTargetGroup(java.sql.Connection con,
                                              java.lang.String msgid)
                                       throws java.sql.SQLException
    Returns Target group data vector.

    Parameters:
    con - Connection variable for PostgreSQL database.
    msgid - Message identifier
    Returns:
    vector with, at maximum (all of them are optional), next fields: "IP_address:port (protocol)", "category", target user, process name and process pid. Group name is not returned. Returned vector example: ------------------------------- Address 127.0.0.1:22 (tcp) Category os-device Target-user root Process sshd Pid 11210
    Throws:
    java.sql.SQLException - syntax error calculating Target group data vector.

    getTargetFileCurrent

    public static java.util.Vector getTargetFileCurrent(java.sql.Connection con,
                                                    java.lang.String msgid)
                                             throws java.sql.SQLException
    Returns Target File Current group data vector.

    Parameters:
    con - Connection variable for PostgreSQL database.
    msgid - Message identifier
    Returns:
    vector with file name, path, modify and access time, data size and i-node number. Normally, if Source and Target don't exist, this group is not empty and vice versa. Returned vector example: -------------------------------------- Name messages Path /var/log/messages Modify_time 2005-12-12 17:56:42.0 Access_time 2005-11-29 18:41:14.0 Data_size 11284882 Inode Number 186970
    Throws:
    java.sql.SQLException - syntax error calculating Target File Current group data vector.

    numAnalyzerPid

    public static java.util.Vector numAnalyzerPid(java.sql.Connection con,
                                              java.lang.String msgid)
                                       throws java.sql.SQLException
    Returns a vector with whose size is the number of analyzers. There are always at least two analyzers: prelude-lml and prelude-manager, but more ofently there are at least three: the ones called before and sensor of this log.

    Parameters:
    con - Connection variable for PostgreSQL database.
    msgid - Message identifier
    Returns:
    a vector whose size is useful for curl in getDetailedAlert method before invoking getAnalyzerGroup. Return example: ------ 9246 (for prelude-manager analyzer, always) 9458 (for prelude-lml analyzer, always) 10246 (for sensor PAM, for example)
    Throws:
    java.sql.SQLException - syntax error calculating Target File Current group data vector.

    getAnalyzerGroup

    public static java.util.Vector getAnalyzerGroup(java.sql.Connection con,
                                                java.lang.String msgid,
                                                int n)
                                         throws java.sql.SQLException
    Returns Analyzer group data vector.

    Parameters:
    con - Connection variable for PostgreSQL database.
    msgid - Message identifier
    n - Size of vector returned by numAnalyzerGroup. This method will be invoked n times in getDetailedAlert.
    Returns:
    a vector with analyzer id, name, model, version, class, manufacturer and O.S. version, process name, path and pid. Return example: ------------------------------------------- Analyzerid 1180318276865163 Name prelude-manager Model Prelude Manager Version 0.9.1 Class Concentrator Manufacturer http://www.prelude-ids.com Osversion 2.6.14-gentoo-r2 Name prelude-manager Path /usr/bin/prelude-manager Pid 9246
    Throws:
    java.sql.SQLException - syntax error calculating Analyzer group data vector.

    getAdditionalInfoGroup

    public static java.util.Vector getAdditionalInfoGroup(java.sql.Connection con,
                                                      java.lang.String msgid)
                                               throws java.sql.SQLException
    Returns Additional Info group data vector.

    Parameters:
    con - Connection variable for PostgreSQL database.
    msgid - Message identifier
    Returns:
    a vector with Original Log and path where was received. Return example: ------------------------------------------------------------------------------------------------------------------------------------------------ Log received from /var/log/messages Original Log Dec 15 13:47:11 palocortado sshd[16708]: Accepted keyboard-interactive/pam for aledavid from 192.168.100.61 port 56729 ssh2
    Throws:
    java.sql.SQLException - syntax error calculating Additional Info group data vector.

    printReport

    public void printReport()
    Prints a report of a message given in a this.groups 3D Vector and this.groupNames Vector.

    Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
     PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
    SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
    e-REdING. Biblioteca de la Escuela Superior de Ingenieros de Sevilla.


    DISEÑO DE UNA PLATAFORMA DE GESTIÓN Y MONITORIZACIÓN DE EVENTOS DE SEGURIDAD

    : Galera Ruiz, Alejandro David
    : Ingeniería Telecomunicación
    Contenido del proyecto:
    Directorio raíz  >  Javadoc  >  com  >  martealert  >  martealertDetailedReport.html