***** tables for prelude database **************************************************************************************** *************************** prelude show tables; +---------------------------------+ | Tables_in_prelude | +---------------------------------+ | Prelude_Action | | Prelude_AdditionalData | | Prelude_Address | | Prelude_Alert | | Prelude_Analyzer | | Prelude_AnalyzerTime | | Prelude_Assessment | | Prelude_Classification | | Prelude_Confidence | | Prelude_CorrelationAlert | | Prelude_CorrelationAlert_Alerts | | Prelude_CreateTime | | Prelude_DetectTime | | Prelude_File | | Prelude_FileAccess | | Prelude_FileList | | Prelude_Heartbeat | | Prelude_Impact | | Prelude_Inode | | Prelude_Linkage | | Prelude_Node | | Prelude_OverflowAlert | | Prelude_Process | | Prelude_ProcessArg | | Prelude_ProcessEnv | | Prelude_SNMPService | | Prelude_Service | | Prelude_ServicePortlist | | Prelude_Source | | Prelude_Target | | Prelude_ToolAlert | | Prelude_User | | Prelude_UserId | | Prelude_WebService | | Prelude_WebServiceArg | +---------------------------------+ describe Prelude_Action; +-------------+---------------------------------------------------------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+---------------------------------------------------------------------+------+-----+---------+-------+ | alert_ident | int(8) | | PRI | 0 | | | description | text | YES | | NULL | | | category | enum('block-installed','notification-sent','taken-offline','other') | | | other | | +-------------+---------------------------------------------------------------------+------+-----+---------+-------+ describe Prelude_AdditionalData; +--------------+------------------------------------------------------------------------------------------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+------------------------------------------------------------------------------------------------------+------+-----+---------+-------+ | parent_ident | int(8) | | MUL | 0 | | | parent_type | char(1) | | | | | | type | enum('boolean','byte','character','date-time','integer','ntpstamp','portlist','real','string','xml') | | | string | | | meaning | varchar(255) | YES | | NULL | | | data | text | YES | | NULL | | +--------------+------------------------------------------------------------------------------------------------------+------+-----+---------+-------+ describe Prelude_Address; +--------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------+-----+---------+-------+ | alert_ident | int(8) | | MUL | 0 | | | parent_type | char(1) | | | | | | parent_ident | int(8) | | | 0 | | | category | enum('unknown','atm','e-mail','lotus-notes','mac','sna','vm','ipv4-addr','ipv4-addr-hex','ipv4-net','ipv4-net-mask','ipv6-addr','ipv6-addr-hex','ipv6-net','ipv6-net-mask') | YES | | unknown | | | vlan_name | varchar(255) | YES | | NULL | | | vlan_num | int(11) | YES | | NULL | | | address | varchar(255) | | MUL | | | | netmask | varchar(255) | YES | | NULL | | +--------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------+-----+---------+-------+ describe Prelude_Alert; +-------+--------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------+--------+------+-----+---------+-------+ | ident | int(8) | | PRI | 0 | | +-------+--------+------+-----+---------+-------+ describe Prelude_Analyzer; +--------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+--------------+------+-----+---------+-------+ | parent_ident | int(8) | | PRI | 0 | | | parent_type | char(1) | | PRI | | | | ident | int(8) | | PRI | 1 | | | analyzerid | varchar(255) | | MUL | | | | manufacturer | varchar(255) | YES | | NULL | | | model | varchar(255) | YES | | NULL | | | version | varchar(255) | YES | | NULL | | | class | varchar(255) | YES | | NULL | | | ostype | varchar(255) | YES | | NULL | | | osversion | varchar(255) | YES | | NULL | | +--------------+--------------+------+-----+---------+-------+ describe Prelude_AnalyzerTime; +--------------+-------------+------+-----+---------------------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+-------------+------+-----+---------------------+-------+ | parent_ident | int(8) | | PRI | 0 | | | parent_type | char(1) | | PRI | | | | time | datetime | | | 0000-00-00 00:00:00 | | | ntpstamp | varchar(21) | | | | | +--------------+-------------+------+-----+---------------------+-------+ describe Prelude_Assessment; +-------------+--------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+--------+------+-----+---------+-------+ | alert_ident | int(8) | | PRI | 0 | | +-------------+--------+------+-----+---------+-------+ describe Prelude_Classification; +-------------+-----------------------------------------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+-----------------------------------------------------+------+-----+---------+-------+ | alert_ident | int(8) | | MUL | 0 | | | origin | enum('unknown','bugtraqid','cve','vendor-specific') | | | unknown | | | name | varchar(255) | | MUL | | | | url | varchar(255) | | | | | +-------------+-----------------------------------------------------+------+-----+---------+-------+ describe Prelude_Confidence; +-------------+---------------------------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+---------------------------------------+------+-----+---------+-------+ | alert_ident | int(8) | | PRI | 0 | | | confidence | float | YES | | NULL | | | rating | enum('low','medium','high','numeric') | | | numeric | | +-------------+---------------------------------------+------+-----+---------+-------+ describe Prelude_CorrelationAlert; +-------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------+--------------+------+-----+---------+-------+ | ident | int(8) | | PRI | 0 | | | name | varchar(255) | | | | | +-------+--------------+------+-----+---------+-------+ describe Prelude_CorrelationAlert_Alerts; +-------------+--------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+--------+------+-----+---------+-------+ | ident | int(8) | | PRI | 0 | | | alert_ident | int(8) | | PRI | 0 | | +-------------+--------+------+-----+---------+-------+ describe Prelude_CreateTime; +--------------+-------------+------+-----+---------------------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+-------------+------+-----+---------------------+-------+ | parent_ident | int(8) | | PRI | 0 | | | parent_type | char(1) | | PRI | | | | time | datetime | | MUL | 0000-00-00 00:00:00 | | | ntpstamp | varchar(21) | | | | | +--------------+-------------+------+-----+---------------------+-------+ describe Prelude_DetectTime; +-------------+-------------+------+-----+---------------------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+-------------+------+-----+---------------------+-------+ | alert_ident | int(8) | | PRI | 0 | | | time | datetime | | MUL | 0000-00-00 00:00:00 | | | ntpstamp | varchar(21) | | | | | +-------------+-------------+------+-----+---------------------+-------+ describe Prelude_File; +--------------+----------------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+----------------------------+------+-----+---------+-------+ | ident | int(8) | | | 0 | | | alert_ident | int(8) | | MUL | 0 | | | target_ident | int(8) | | | 0 | | | path | varchar(255) | | | | | | name | varchar(255) | | | | | | category | enum('current','original') | YES | | NULL | | | create_time | datetime | YES | | NULL | | | modify_time | datetime | YES | | NULL | | | access_time | datetime | YES | | NULL | | | data_size | int(11) | YES | | NULL | | | disk_size | int(11) | YES | | NULL | | +--------------+----------------------------+------+-----+---------+-------+ describe Prelude_FileAccess; +--------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+--------------+------+-----+---------+-------+ | alert_ident | int(8) | | MUL | 0 | | | target_ident | int(8) | | | 0 | | | file_ident | int(8) | | | 0 | | | path_file | varchar(255) | | | | | | name_file | varchar(255) | | | | | | userId_ident | int(8) | | | 0 | | | permission | varchar(255) | YES | | NULL | | +--------------+--------------+------+-----+---------+-------+ describe Prelude_FileList; +--------------+--------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+--------+------+-----+---------+-------+ | alert_ident | int(8) | | PRI | 0 | | | target_ident | int(8) | | PRI | 0 | | +--------------+--------+------+-----+---------+-------+ describe Prelude_Heartbeat; +-------+--------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------+--------+------+-----+---------+-------+ | ident | int(8) | | PRI | 0 | | +-------+--------+------+-----+---------+-------+ describe Prelude_Impact; +-------------+---------------------------------------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+---------------------------------------------------+------+-----+---------+-------+ | alert_ident | int(8) | | PRI | 0 | | | description | text | YES | | NULL | | | severity | enum('low','medium','high') | YES | MUL | NULL | | | completion | enum('failed','succeeded') | YES | | NULL | | | type | enum('admin','dos','file','recon','user','other') | YES | | other | | +-------------+---------------------------------------------------+------+-----+---------+-------+ describe Prelude_Inode; +----------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +----------------+--------------+------+-----+---------+-------+ | alert_ident | int(8) | | MUL | 0 | | | target_ident | int(8) | | | 0 | | | file_ident | int(8) | | | 0 | | | path_file | varchar(255) | | | | | | name_file | varchar(255) | | | | | | change_time | datetime | YES | | NULL | | | number | int(11) | YES | | NULL | | | major_device | int(11) | YES | | NULL | | | minor_device | int(11) | YES | | NULL | | | c_major_device | int(11) | YES | | NULL | | | c_minor_device | int(11) | YES | | NULL | | +----------------+--------------+------+-----+---------+-------+ describe Prelude_Linkage; +--------------+-------------------------------------------------------------------------------------+------+-----+-----------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+-------------------------------------------------------------------------------------+------+-----+-----------+-------+ | alert_ident | int(8) | | MUL | 0 | | | target_ident | int(8) | | | 0 | | | file_ident | int(8) | | | 0 | | | name | varchar(255) | | | | | | path | varchar(255) | | | | | | category | enum('hard-link','mount-point','reparse-point','shortcut','stream','symbolic-link') | | | hard-link | | +--------------+-------------------------------------------------------------------------------------+------+-----+-----------+-------+ describe Prelude_Node; +--------------+----------------------------------------------------------------------------------------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+----------------------------------------------------------------------------------------------------+------+-----+---------+-------+ | alert_ident | int(8) | | PRI | 0 | | | parent_type | char(1) | | PRI | | | | parent_ident | int(8) | | PRI | 0 | | | category | enum('unknown','ads','afs','coda','dfs','dns','hosts','kerberos','nds','nis','nisplus','nt','wfw') | YES | | unknown | | | location | varchar(255) | YES | | NULL | | | name | varchar(255) | YES | | NULL | | +--------------+----------------------------------------------------------------------------------------------------+------+-----+---------+-------+ describe Prelude_OverflowAlert; +-------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+--------------+------+-----+---------+-------+ | alert_ident | int(8) | | PRI | 0 | | | program | varchar(255) | | | | | | size | int(11) | YES | | NULL | | | buffer | text | YES | | NULL | | +-------------+--------------+------+-----+---------+-------+ describe Prelude_Process; +--------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+--------------+------+-----+---------+-------+ | alert_ident | int(8) | | PRI | 0 | | | parent_type | char(1) | | PRI | | | | parent_ident | int(8) | | PRI | 0 | | | name | varchar(255) | | MUL | | | | pid | int(11) | YES | | NULL | | | path | varchar(255) | YES | | NULL | | +--------------+--------------+------+-----+---------+-------+ describe Prelude_ProcessArg; +--------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+--------------+------+-----+---------+-------+ | alert_ident | int(8) | | MUL | 0 | | | parent_type | char(1) | | | | | | parent_ident | int(8) | | | 0 | | | arg | varchar(255) | YES | | NULL | | +--------------+--------------+------+-----+---------+-------+ describe Prelude_ProcessEnv; +--------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+--------------+------+-----+---------+-------+ | alert_ident | int(8) | | MUL | 0 | | | parent_type | char(1) | | | | | | parent_ident | int(8) | | | 0 | | | env | varchar(255) | YES | | NULL | | +--------------+--------------+------+-----+---------+-------+ describe Prelude_SNMPService; +--------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+--------------+------+-----+---------+-------+ | alert_ident | int(8) | | PRI | 0 | | | parent_type | char(1) | | PRI | | | | parent_ident | int(8) | | PRI | 0 | | | oid | varchar(255) | YES | | NULL | | | community | varchar(255) | YES | | NULL | | | command | varchar(255) | YES | | NULL | | +--------------+--------------+------+-----+---------+-------+ describe Prelude_Service; +--------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+--------------+------+-----+---------+-------+ | alert_ident | int(8) | | PRI | 0 | | | parent_type | char(1) | | PRI | | | | parent_ident | int(8) | | PRI | 0 | | | name | varchar(255) | YES | MUL | NULL | | | port | int(11) | YES | | NULL | | | protocol | varchar(255) | YES | | NULL | | +--------------+--------------+------+-----+---------+-------+ describe Prelude_ServicePortlist; +--------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+--------------+------+-----+---------+-------+ | alert_ident | int(8) | | MUL | 0 | | | parent_type | char(1) | | | | | | parent_ident | int(8) | | | 0 | | | portlist | varchar(255) | YES | | NULL | | +--------------+--------------+------+-----+---------+-------+ describe Prelude_Source; +-------------+----------------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+----------------------------+------+-----+---------+-------+ | alert_ident | int(8) | | PRI | 0 | | | ident | int(8) | | PRI | 0 | | | spoofed | enum('unknown','yes','no') | YES | | unknown | | | interface | varchar(255) | YES | | NULL | | +-------------+----------------------------+------+-----+---------+-------+ describe Prelude_Target; +-------------+----------------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+----------------------------+------+-----+---------+-------+ | alert_ident | int(8) | | PRI | 0 | | | ident | int(8) | | PRI | 0 | | | decoy | enum('unknown','yes','no') | YES | | unknown | | | interface | varchar(255) | YES | | NULL | | +-------------+----------------------------+------+-----+---------+-------+ describe Prelude_ToolAlert; +-------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+--------------+------+-----+---------+-------+ | alert_ident | int(8) | | PRI | 0 | | | name | varchar(255) | | | | | | command | varchar(255) | YES | | NULL | | +-------------+--------------+------+-----+---------+-------+ describe Prelude_User; +--------------+-------------------------------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+-------------------------------------------+------+-----+---------+-------+ | alert_ident | int(8) | | PRI | 0 | | | parent_type | char(1) | | PRI | | | | parent_ident | int(8) | | PRI | 0 | | | category | enum('unknown','application','os-device') | YES | | unknown | | +--------------+-------------------------------------------+------+-----+---------+-------+ describe Prelude_UserId; +--------------+-------------------------------------------------------------------------------------------------------------+------+-----+---------------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+-------------------------------------------------------------------------------------------------------------+------+-----+---------------+-------+ | alert_ident | int(8) | | PRI | 0 | | | parent_type | char(1) | | PRI | | | | parent_ident | int(8) | | PRI | 0 | | | ident | int(8) | | PRI | 0 | | | type | enum('current-user','original-user','target-user','user-privs','current-group','group-privs','other-privs') | YES | | original-user | | | name | varchar(255) | YES | MUL | NULL | | | number | varchar(255) | YES | | NULL | | +--------------+-------------------------------------------------------------------------------------------------------------+------+-----+---------------+-------+ describe Prelude_WebService; +--------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+--------------+------+-----+---------+-------+ | alert_ident | int(8) | | PRI | 0 | | | parent_type | char(1) | | PRI | | | | parent_ident | int(8) | | PRI | 0 | | | url | varchar(255) | | | | | | cgi | varchar(255) | YES | | NULL | | | http_method | varchar(255) | YES | | NULL | | +--------------+--------------+------+-----+---------+-------+ describe Prelude_WebServiceArg; +--------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+--------------+------+-----+---------+-------+ | alert_ident | int(8) | | MUL | 0 | | | parent_type | char(1) | | | | | | parent_ident | int(8) | | | 0 | | | arg | varchar(255) | YES | | NULL | | +--------------+--------------+------+-----+---------+-------+