com.martealert
Class martealertTopStats

java.lang.Object
  com.martealert.martealertTable
      com.martealert.martealertTopStats

All Implemented Interfaces:

martealertConstants, martealertLevelInterface, martealertRealTimeInterface, martealertTopInterface

Direct Known Subclasses:

martealertTopConnection, martealertTopLogInfo

public abstract class martealertTopStats

extends martealertTable

implements martealertConstants, martealertLevelInterface, martealertTopInterface

Class for generating top stats.

Field Summary

protected java.lang.String

limit

Fields inherited from class com.martealert.martealertTable

_, ALIASVAR, columnNames, data, DEFAULT, GROUPBY, IDENT, INDEX, INDEXSEARCH, NAMEDVAR, RELATION, SELECT, TX, UNNAMEDVAR, VAR

Fields inherited from interface com.martealert.martealertConstants

AMBIGUOUS_FIELDS, ANALYZER, CLASSIFICATION, COMPLETION, FTS, FTSTZ, HOUR_IN_MILLIS, INTERVAL, IPADDRS, LASTJOIN, LTS, LTSTZ, MAXMSGID, MAXSEVERITY, MFTS, MLTS, MSGID, MSOURCEPORT, NALERTS, NOTNULL_FIELDS, NULL_FIELDS, NXCLASSIFICATION, ORDER_BY_ALERTS, ORDER_BY_MAXTIME, ORDER_BY_TIME, PRELUDE_TABLES, PROTOCOL, SENSOR, SEVERITY, SEVERITY_COMPLETION, SOURCE, SOURCEIP, SOURCEPORT, SOURCEUID, TARGET, TARGETIP, TARGETPORT, TARGETPORT_PROTOCOL, TARGETUID, TERMINAL, TIME, TIMETZ, TLAST, TOP, TOTALTIME

Fields inherited from interface com.martealert.martealertLevelInterface

FIRST_CLASSIFICATION, FIRST_FTS, FIRST_LTS, FIRST_MAX_LIMIT, FIRST_SENSOR, FIRST_SEVERITY, FIRST_SOURCE_ADDR, FIRST_TARGET_ADDR, FIRST_TERMINAL, SECOND_CLASSIFICATION, SECOND_COMPLETION, SECOND_FTS, SECOND_LTS, SECOND_MAX_LIMIT, SECOND_PROTOCOL, SECOND_SENSOR, SECOND_SEVERITY, SECOND_SOURCE_ADDR, SECOND_SOURCEPORT, SECOND_TARGET_ADDR, SECOND_TARGETPORT, SECOND_TERMINAL, THIRD_CLASSIFICATION, THIRD_COMPLETION, THIRD_MESSAGEID, THIRD_PROTOCOL, THIRD_SENSOR, THIRD_SEVERITY, THIRD_SOURCE_ADDR, THIRD_SOURCEPORT, THIRD_TARGET_ADDR, THIRD_TARGETPORT, THIRD_TERMINAL, THIRD_TIME

Fields inherited from interface com.martealert.martealertTopInterface

ONE_DAY, ONE_HOUR, ONE_MINUTE, ONE_SECOND, TEN_DAYS, TEN_HOURS, TEN_MINUTES, TEN_SECONDS, TOP_CONNECTION_ALERTS, TOP_CONNECTION_FTS, TOP_CONNECTION_LTS, TOP_CONNECTION_NAME, TOP_CONNECTION_NUMBER, TOP_CONNECTION_PERCENT, TOP_LOGINFO_ALERTS, TOP_LOGINFO_FTS, TOP_LOGINFO_LTS, TOP_LOGINFO_NAME, TOP_LOGINFO_PERCENT, TOP_MAX_NUMBER

Fields inherited from interface com.martealert.martealertRealTimeInterface

REAL_TIME_CLASSIFICATION, REAL_TIME_COMPLETION, REAL_TIME_MSGID, REAL_TIME_SEVERITY, REAL_TIME_SOURCEIP, REAL_TIME_TARGETIP, REAL_TIME_TIME

Constructor Summary

martealertTopStats()
Creates a new instance of martealertTopStats with limit of 25 rows

martealertTopStats(int limit)
Creates a new instance of martealertTopStats with limit specified in constructor.

Method Summary

protected java.lang.String	calcPercent(java.sql.Connection con, int total) Calculate % percent variable giving total number of alerts.
abstract int	getAlertColumn() Get index position for column in table this with number of alerts.
java.lang.String	getCommand(martealertHashFilter filter) Get SQL command for calculate martealertTopStats, from "FROM" clause until the end of the command.
protected abstract java.lang.String	getDefaultValue() Get default value for a top stats table.
protected static java.lang.String	getDefaultValue(java.lang.String field)
abstract java.lang.String	getField()
protected abstract java.lang.String	getField(martealertHashFilter hf)
static java.lang.String	getFilter(java.lang.Object singleFilter, java.lang.String field) Return a filter to be added to a SQL-WHERE clause in String format.
int[]	getIpColumns() Get array with number of IP columns.
int[]	getMultilineColumns() Get array with number of columns which rows can store multiline values (sub-rows).
abstract int[]	getPercentColumns() Get index position for Percent (%) column in table this.
int[]	getPortColumns() Get array with number of port columns, to be solved from services table in database.
protected static java.lang.String	getPrecisionVar(int precision, java.lang.String title) Get precision variable for SQL command.
int[]	getProtocolColumns() Get array with number of protocol columns, to be solved from protocol table in database.
java.lang.String	getSqlFilteredTime(martealertHashFilter filter, int precision) Get list of dates and events in a rounded time, for representing in a temporal graph.
protected java.lang.String	getSqlFilteredTime(martealertHashFilter filter, int precision, java.lang.String title) Get list of dates and events in a rounded time, for representing in a temporal graph.
protected abstract java.lang.String	getSqlGroupedBy()
protected abstract java.lang.String	getSqlOrderBy()
java.lang.String[]	getSqlTime(martealertHashFilter filter, int prec) Get a String array with SQL commands for generating graphics with time axe.
protected java.lang.String[]	getSqlTime(martealertHashFilter filter, int prec, int stam) Get a String array with SQL commands for generating graphics with time axe.
java.lang.String	getSqlTotalTime(java.sql.Connection con, martealertHashFilter filter, int precision) Return a SQL command to generate alerts graph into time interval specified by first time sign (FTS) and last time sign (LTS) into hashFilter.
protected abstract java.lang.String	getSqlVars(int tot)
void	getStat(java.sql.Connection con, martealertHashFilter filter) Get top stats table and store it in this
protected java.lang.String	getTopVar() Get var name of Prelude Table, for each top.
protected java.lang.String	getTopVar(java.lang.String field) Get var name of Prelude Table, for each top.
static int	getTotalLogs(java.sql.Connection con, martealertHashFilter hf) Get total number of logs ocurred between FTS and LTS specified.
void	reload(java.sql.Connection con, martealertHashFilter filter) Reload top Stats martealertTable, removing last elements.
void	setLimit(int limit) Set a limit for number of rows.

Methods inherited from class com.martealert.martealertTable

clear, getColumn, getColumnNames, getColumnSize, getData, getFTSColumn, getIgnoredColumnsPdf, getLTSColumn, getRow, getRowSize, getSeverityColumn, getSqlRelation, getTableVector, getValue, getValue, getValue, printTable, setColumnNames, setDataVector, setDataVector, setValue

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

limit

protected java.lang.String limit

Constructor Detail

martealertTopStats

public martealertTopStats()

Creates a new instance of martealertTopStats with limit of 25 rows

martealertTopStats

public martealertTopStats(int limit)

Creates a new instance of martealertTopStats with limit specified in constructor.

Parameters:

limit - integer with maximum number of rows for each top table. In order to obtain unlimited rows for a TopStat object, specify limit <= 0.

Method Detail

setLimit

public void setLimit(int limit)

Set a limit for number of rows.

Parameters:

limit - for top stats table number of rows.

getTotalLogs

public static int getTotalLogs(java.sql.Connection con,
                               martealertHashFilter hf)
                        throws java.sql.SQLException

Get total number of logs ocurred between FTS and LTS specified.

Parameters:

con - Connection variable to access PostgreSQL database.

hf - martealertHashFilter to obtain top stats filtered.

Returns:

int with total number of alerts filtered by martealertHashFilter hf.

Throws:

java.sql.SQLException - SQL syntax error executing query.

getStat

public void getStat(java.sql.Connection con,
                    martealertHashFilter filter)
             throws java.sql.SQLException

Get top stats table and store it in this

Parameters:

con - Connection variable to access PostgreSQL database.

filter - martealertHashFilter to obtain top stats filtered.

Throws:

java.sql.SQLException - Sql error querying for obtain top stats.

getCommand

public java.lang.String getCommand(martealertHashFilter filter)

Get SQL command for calculate martealertTopStats, from "FROM" clause until the end of the command.

Parameters:

filter - martealertHashFilter to obtain top stats filtered.

Returns:

String with complete SQL command except "SELECT "+sqlVars.

reload

public void reload(java.sql.Connection con,
                   martealertHashFilter filter)
            throws java.sql.SQLException

Reload top Stats martealertTable, removing last elements.

Overrides:

reload in class martealertTable

Parameters:

con - Connection to the database

filter - martealertHashFilter for filter values of topStats table.

Throws:

java.sql.SQLException - SQL error querying the database.

calcPercent

protected java.lang.String calcPercent(java.sql.Connection con,
                                       int total)
                                throws java.sql.SQLException

Calculate % percent variable giving total number of alerts.

Parameters:

con - Connection to the database.

total - number of alerts.

Returns:

String with ROUND(100*var/total) for tops sql vars.

Throws:

java.sql.SQLException

getIpColumns

public int[] getIpColumns()

Get array with number of IP columns.

Overrides:

getIpColumns in class martealertTable

Returns:

Number of columns which store an ip address or null if any is found.

getPortColumns

public int[] getPortColumns()

Get array with number of port columns, to be solved from services table in database.

Overrides:

getPortColumns in class martealertTable

Returns:

Number of columns which store a port or null if any is found.

getProtocolColumns

public int[] getProtocolColumns()

Get array with number of protocol columns, to be solved from protocol table in database.

Overrides:

getProtocolColumns in class martealertTable

Returns:

Number of columns which store a protocol or null if any is found.

getMultilineColumns

public int[] getMultilineColumns()

Get array with number of columns which rows can store multiline values (sub-rows). It's quite useful for front-end to represent correctly martealertFirstLevel.

Overrides:

getMultilineColumns in class martealertTable

Returns:

Number of columns with multiline columns or null if any is found.

getSqlVars

protected abstract java.lang.String getSqlVars(int tot)

getSqlGroupedBy

protected abstract java.lang.String getSqlGroupedBy()

getSqlOrderBy

protected abstract java.lang.String getSqlOrderBy()

getField

public abstract java.lang.String getField()

getField

protected abstract java.lang.String getField(martealertHashFilter hf)

getTopVar

protected java.lang.String getTopVar()

Get var name of Prelude Table, for each top.

Returns:

String with address from t2.address, name from t6.name, and so.

getTopVar

protected java.lang.String getTopVar(java.lang.String field)

Get var name of Prelude Table, for each top.

Parameters:

field - String which variable name is wanted.

Returns:

String with address from t2.address, name from t6.name, and so.

getAlertColumn

public abstract int getAlertColumn()

Get index position for column in table this with number of alerts.

Returns:

int for column with number of alerts.

getPercentColumns

public abstract int[] getPercentColumns()

Get index position for Percent (%) column in table this.

Overrides:

getPercentColumns in class martealertTable

Returns:

int with %-column index.

getSqlTotalTime

public java.lang.String getSqlTotalTime(java.sql.Connection con,
                                        martealertHashFilter filter,
                                        int precision)
                                 throws java.sql.SQLException

Return a SQL command to generate alerts graph into time interval specified by first time sign (FTS) and last time sign (LTS) into hashFilter.

Parameters:

con - Connection variable to access the database.

filter - martealertHashFilter which includes FTS, LTS furthermore the rest of filter conditions.

precision - int constant to get optimal number of points to represent graph according to interval lengh (LTS - FTS). They can be ONE_SECOND, TEN_SECONDS, ONE_MINUTE, TEN_MINUTES, ONE_HOUR, TEN_HOURS, ONE_DAY

Returns:

String with SQL command to get two columns: one with number of alerts and the another one with interval time when they happened.

Throws:

java.sql.SQLException

getSqlFilteredTime

public java.lang.String getSqlFilteredTime(martealertHashFilter filter,
                                           int precision)

Get list of dates and events in a rounded time, for representing in a temporal graph.

Parameters:

filter - martealertHashFilter to filter alerts in temporal graph.

precision - constant from top interface to determinate precision.

Returns:

String with command to generate filtered temporal graph.

getPrecisionVar

protected static java.lang.String getPrecisionVar(int precision,
                                                  java.lang.String title)

Get precision variable for SQL command.

Parameters:

precision - constant from top interface to determinate precision.

title - String with title of graph.

Returns:

Variable for SQL precision in temporal filters.

getSqlFilteredTime

protected java.lang.String getSqlFilteredTime(martealertHashFilter filter,
                                              int precision,
                                              java.lang.String title)

Get list of dates and events in a rounded time, for representing in a temporal graph. It has been solved with ale-sql-0.7.2

Parameters:

filter - martealertHashFilter to filter alerts in temporal graph.

precision - constant from top interface to determinate precision.

title - Title for temporal graph.

Returns:

String with command to generate filtered temporal graph.

getSqlTime

public java.lang.String[] getSqlTime(martealertHashFilter filter,
                                     int prec)

Get a String array with SQL commands for generating graphics with time axe.

Parameters:

filter - String with sql filter. It has to be added after WHERE clause begining with " AND "

prec - integer constants for precision defined in martealertTopStats.

Returns:

Array of 5 SQL commands for generate temporal graphics.

getSqlTime

protected java.lang.String[] getSqlTime(martealertHashFilter filter,
                                        int prec,
                                        int stam)

Get a String array with SQL commands for generating graphics with time axe.

Parameters:

filter - String with sql filter. It has to be added after WHERE clause begining with " AND "

prec - integer constants for precision defined in martealertTopStats.

stam - int with returned String[] size.

Returns:

Array of SQL commands for generate temporal graphics.

getDefaultValue

protected abstract java.lang.String getDefaultValue()

Get default value for a top stats table.

Returns:

String with content of martealertTable.DEFAULT.get(getField())

getFilter

public static java.lang.String getFilter(java.lang.Object singleFilter,
                                         java.lang.String field)

Return a filter to be added to a SQL-WHERE clause in String format.

Parameters:

singleFilter - Object value to be filtered by.

field - Top stats to obtain default value.

Returns:

String with filter according to object value.
return examples:

" t1.text = 'Promiscuous mode detected' "

" t5.port = '22' "

" t2.address IS NULL "

All variables have been obtained from martealertConstants definition.
When source address is localhost (127.0.0.1), protocol is 0, or target port is 0, NULL is returned. Se le pasa "t5.port = '0' AND " y devuelve "t5.port IS NULL"

getDefaultValue

protected static java.lang.String getDefaultValue(java.lang.String field)