OSSIM 4 主要数据库及表分布
从OSSIM数据库的表结构,大家可以了解资源的数据结构,了解OSSIM数据库结构对于二次开发的用户、数据库性能调优尤为重要,在表1中列出了Alienvault OSSIM 4.8版系统的数据库结构,在更高的OSSIM版本中数据库主要结构依然不变,仅供参考。
表1
alienvaut库 |
acl_assets、acl_entities、acl_entities_assets、acl_entities_stats、acl_entities_users、acl_login_sensors、acl_perm、acl_sensors、acl_templates、 acl_templates_perms action、action_email、action_exec、action_risk、action_types alarm、alarm_categories、alarm_ctxs、alarm_groups、alarm_hosts、alarm_kingdoms alarm_nets、alarm_tags、alarm_taxonomy asset_filter_types、asset_filters backlog、backlog_event bp_asset_member、bp_member_status category、category_changes classification config control_panel corr_engine_contexts credential_type、credentials custom_report_profiles、custom_report_scheduler、custom_report_types dashboard_custom_type、dashboard_tab_config、dashboard_tab_options、dashboard_widget_confing databagses device_types event extra_data host、host_agentless、host_agentless_entries、host_group、host_group_history host_ group_reference、host_ group_scan、host_ip、host_mac_vendors、host_net_reference、host_plugin_sid、host_properties、host_property_reference host_qualification、host_scan、host_sensor_reference、host_services、host_software host_source_reference、host_types、host_vulnerability idm_data incident、incident_alarm、incident_anomaly、incident_custom、incident_sustom_types incident_event、incident_file、incident_metric、incident_subscrip、incident_tag incident_tag_descr、incident_tag_descr_seq、incident_ticket、incident_ticket_seq incident_type、incident_vulns、incident_vulns_seq、inventory_search location_sensor_reference、locations log_action、log_config map、map_element、map_element_seq、map_seq net、net_cidrs、net_group、net_group_reference、net_group_scan、net_qualification net_scan、net_sensor_reference、net_vnlnerability notes pass_history plugin、plugin_group、plugin_group_descr、plugin_reference、plugin_scheduler plugin_scheduler_host_re、plugin_scheduler_hostgr、plugin_scheduler_net_ref plugin_scheduler_netgro、plugin_scheduler_sensor_、plugin_scheduler_seq、plugin_sid、plugin_sid_changes、plugin_sid_orig policy、policy_actions、policy_extra_data_reference、policy_forward_reference policy_group、policy_host_group_refere、policy_host_reference、policy_idm_reference、policy_net_group_reference、policy_net_reference policy_plugin_group_refe、policy_port_reference、policy_reputation_referen policy_risk_reference、policy_role_reference、policy_sensor_reference policy_target_reference、policy_taxonomy_reference、policy_time_reference port、port_group、port_group_reference、product_type protocol repository、repository_attachments、repository_relationships、reputation_activities restored_log risk_indicators、risk_maps rrd_anomalies、rrd_anomalies_global、rrd_config sensor、sensor_interfaces、sensor_properties、sensor_stats server、server_forward_role、server_hierarchy、server_role sessions signature、signature_group、signature_group_reference software_cpe、software_cpe_links subcategory、subcategory_changes tags_alarm、task_inventory user_config、user_host_filter、user_host_perm、user_net_perm、usres vuln_hosts、vuln_job_schedule、vuln_jobs、vuln_nessus_category、vuln_nessus_category_feed、vuln_nessus_family、vuln_nessus_family_feed vuln_nessus_latest_reports、vuln_nessus_latest_results、vuln_nessus_plugins vuln_nessus_plugins_feed、vuln_nessus_preferences、vuln_nessus_preferences_feed vuln_nessus_report_stats、vuln_nessus_reports、vuln_nessus_results、vuln_nessus_servers、vuln_nessus_settings、vuln_nessus_settings_cat vuln_nessus_settings_fam…、vuln_nessus_settings_piu…、vuln_nessus_settings_pre…、vuln_settings web_interfaceswebservice、webservice_default、webservice_operation |
说明:
alienvault_siem库 |
ac_acid_event、acid_event、ah_acid_event device、extra_data、idm_data last_update reference、reference_syst... reputation_data、schema sig_reference
|
说明:
alienvault_asec库 |
Alarm_coincidence Data_sources Envent_fields Notification Suggestion_pattern suggestions |
说明:
alienvault_api库 |
celery_job current_status deployment_status_messages logged_actions monitor_data status_actions status_message status_message
|
说明:
datawarehouse库 |
apn_sfr category geo incidents_ssi incidents_ssi_user ip2country ip2service iso27001sid report_data report_data_type ssi、ssi_user |
说明:
ocsweb库 |
accesslog accountinfo bios、blacklist_macaddresses、blacklist_serials config、conntrack、controllers deleted_equiv deploy devices、devicetype dico_ignored、dico_soft download_affect_rules、download_available、download_enable、download_history download_servers drives engine_mutex、engine_persistent files groups、groups_cache hardware、hardware_osname_cache inputs locks memories modems monitors netmap、network_devices networks operators ports printers prolog_conntrack regconfig registry、registry_name_cache、registry_regvalue_cache slots softwares、softwares_name_cache sounds storages subnet、tags |
说明:
PCI 库 |
R01_FW_Config R02_Vendor_default R03_Stored_cardholder R04_Data_encryption R05_Antivirus R06_System_app R07_Access_control R08_uniqueID R09_Physical_Access R10_Monitoring R11_Security_test R12_IS_Policy |
说明:
ISO 27001An 库 |
A05_Security_Plolicy A06_IS_Organization A07_Asset_Mgnt A08_Human_Resources A09_Physical_security A10_Com_OP_Mgnt A11_Access_control A12_Is_acquistition A13_IS_incident_mgnt A14_BCM A15_Compliance |
有关OSSIM更多详细内容请大家参考《UNIX/Linux网络日志分析与流量监控》一书。