OSSIM4主要数据库及表分布

OSSIM 4 主要数据库及表分布

    从OSSIM数据库的表结构,大家可以了解资源的数据结构,了解OSSIM数据库结构对于二次开发的用户、数据库性能调优尤为重要,在表1中列出了Alienvault OSSIM 4.8版系统的数据库结构,在更高的OSSIM版本中数据库主要结构依然不变,仅供参考。

表1

alienvaut库 

acl_assetsacl_entitiesacl_entities_assetsacl_entities_statsacl_entities_usersacl_login_sensorsacl_permacl_sensorsacl_templates

acl_templates_perms

actionaction_emailaction_execaction_riskaction_types

alarmalarm_categoriesalarm_ctxsalarm_groupsalarm_hostsalarm_kingdoms

alarm_netsalarm_tagsalarm_taxonomy

asset_filter_typesasset_filters

backlogbacklog_event

bp_asset_memberbp_member_status

categorycategory_changes

classification

config

control_panel

corr_engine_contexts

credential_typecredentials

custom_report_profilescustom_report_schedulercustom_report_types

dashboard_custom_typedashboard_tab_configdashboard_tab_optionsdashboard_widget_confing

databagses

device_types

event

extra_data

hosthost_agentlesshost_agentless_entrieshost_grouphost_group_history

host_ group_referencehost_ group_scanhost_iphost_mac_vendorshost_net_referencehost_plugin_sidhost_propertieshost_property_reference

host_qualificationhost_scanhost_sensor_referencehost_serviceshost_software

host_source_referencehost_typeshost_vulnerability

idm_data

incidentincident_alarmincident_anomalyincident_customincident_sustom_types

incident_eventincident_fileincident_metricincident_subscripincident_tag

incident_tag_descrincident_tag_descr_seqincident_ticketincident_ticket_seq

incident_typeincident_vulnsincident_vulns_seqinventory_search

location_sensor_referencelocations

log_actionlog_config

mapmap_elementmap_element_seqmap_seq

netnet_cidrsnet_groupnet_group_referencenet_group_scannet_qualification

net_scannet_sensor_referencenet_vnlnerability

notes

pass_history

pluginplugin_groupplugin_group_descrplugin_referenceplugin_scheduler

plugin_scheduler_host_replugin_scheduler_hostgrplugin_scheduler_net_ref

plugin_scheduler_netgroplugin_scheduler_sensor_plugin_scheduler_seqplugin_sidplugin_sid_changesplugin_sid_orig

policypolicy_actionspolicy_extra_data_referencepolicy_forward_reference

policy_grouppolicy_host_group_referepolicy_host_referencepolicy_idm_referencepolicy_net_group_referencepolicy_net_reference

policy_plugin_group_refepolicy_port_referencepolicy_reputation_referen

policy_risk_referencepolicy_role_referencepolicy_sensor_reference

policy_target_referencepolicy_taxonomy_referencepolicy_time_reference

portport_groupport_group_referenceproduct_type

protocol

repositoryrepository_attachmentsrepository_relationshipsreputation_activities

restored_log

risk_indicatorsrisk_maps

rrd_anomaliesrrd_anomalies_globalrrd_config

sensorsensor_interfacessensor_propertiessensor_stats

serverserver_forward_roleserver_hierarchyserver_role

sessions

signaturesignature_groupsignature_group_reference

software_cpesoftware_cpe_links

subcategorysubcategory_changes

tags_alarmtask_inventory

user_configuser_host_filteruser_host_permuser_net_permusres

vuln_hostsvuln_job_schedulevuln_jobsvuln_nessus_categoryvuln_nessus_category_feedvuln_nessus_familyvuln_nessus_family_feed

vuln_nessus_latest_reportsvuln_nessus_latest_resultsvuln_nessus_plugins

vuln_nessus_plugins_feedvuln_nessus_preferencesvuln_nessus_preferences_feed

vuln_nessus_report_statsvuln_nessus_reportsvuln_nessus_resultsvuln_nessus_serversvuln_nessus_settingsvuln_nessus_settings_cat

vuln_nessus_settings_famvuln_nessus_settings_piuvuln_nessus_settings_prevuln_settings

web_interfaceswebservicewebservice_defaultwebservice_operation

说明:

alienvault_siem      

ac_acid_event、acid_event、ah_acid_event

device、extra_data、idm_data

last_update

reference、reference_syst...

reputation_data、schema

sig_reference

 

说明:

alienvault_asec

Alarm_coincidence

Data_sources

Envent_fields

Notification

Suggestion_pattern

suggestions

说明:

alienvault_api 

celery_job

current_status

deployment_status_messages

logged_actions

monitor_data

status_actions

status_message

status_message

 

说明:

datawarehouse 

apn_sfr

category

geo

incidents_ssi

incidents_ssi_user

ip2country

ip2service

iso27001sid

report_data

report_data_type

ssissi_user

说明:

ocsweb库

accesslog

accountinfo

biosblacklist_macaddressesblacklist_serials

configconntrackcontrollers

deleted_equiv

deploy

devicesdevicetype

dico_ignoreddico_soft

download_affect_rulesdownload_availabledownload_enabledownload_history

download_servers

drives

engine_mutexengine_persistent

files

groupsgroups_cache

hardwarehardware_osname_cache

inputs

locks

memories

modems

monitors

netmapnetwork_devices

networks

operators

ports

printers

prolog_conntrack

regconfig

registryregistry_name_cacheregistry_regvalue_cache

slots

softwaressoftwares_name_cache

sounds

storages

subnettags

说明:

PCI 

R01_FW_Config

R02_Vendor_default

R03_Stored_cardholder

R04_Data_encryption

R05_Antivirus

R06_System_app

R07_Access_control

R08_uniqueID

R09_Physical_Access

R10_Monitoring

R11_Security_test

R12_IS_Policy

说明:

ISO 27001An 

A05_Security_Plolicy

A06_IS_Organization

A07_Asset_Mgnt

A08_Human_Resources

A09_Physical_security

A10_Com_OP_Mgnt

A11_Access_control

A12_Is_acquistition

A13_IS_incident_mgnt

A14_BCM

A15_Compliance



有关OSSIM更多详细内容请大家参考《UNIX/Linux网络日志分析与流量监控》一书。

你可能感兴趣的:(ossim数据库)