SURFids SQL functions

NOTE: The functions on this page are still in development and not yet active in the current software. These are being used as a basis for new and upcoming SURFids plugins for various honeypots.

To facilitate access to the SURFids database for logging any attack data we have several functions. We will explain here how they work.

surfids3_attack_add

Called by:

SELECT surfids3_attack_add(integer, inet, integer, inet, integer, macaddr, integer);

Arguments:

integer          Severity of the attack (0,1,16,32) - (Possible, Malicious, Offer, Download)
inet             Source IP address
integer          Source port
inet             Destination IP address
integer          Destination port
macaddr          MAC address of the destination (optional)
integer          Type of honeypot that did the detection. Can be retrieved with surfids3_type_from_name()

Returns:

integer          ID of the attack just added.

surfids3_attack_add_by_id

Called by:

SELECT surfids3_attack_add_by_id(integer, inet, integer, inet, integer, macaddr, integer, integer);

Arguments:

integer          Severity of the attack (0,1,16,32) - (Possible, Malicious, Offer, Download)
inet             Source IP address
integer          Source port
inet             Destination IP address
integer          Destination port
macaddr          MAC address of the destination (optional)
integer          The ID of the sensor that detected it
integer          Type of honeypot that did the detection. Can be retrieved with surfids3_type_from_name()

Returns:

integer          ID of the attack just added.

surfids3_attack_update_severity

Called by:

SELECT surfids3_attack_update_severity(integer, integer);

Arguments:

integer          ID of the attack to be updated.
integer          New value of the severity.

Returns: nothing

surfids3_detail_add

Called by:

SELECT surfids3_detail_add(integer, inet, integer, character varying);

Arguments:

integer            ID of the attack to be updated.
inet               Destination IP address of the attack this belongs to.
integer            Type of detail record in the form of an integer value.
character varying  Actual data to be added.

Returns:

integer            ID of the detail record just added

surfids3_detail_add_by_id

Called by:

SELECT surfids3_detail_add_by_id(integer, integer, integer, character varying);

Arguments:

integer            ID of the attack to be updated.
integer            ID of the sensor that detected this attack.
integer            Type of detail record in the form of an integer value.
character varying  Actual data to be added.

Returns:

integer            ID of the detail record just added

surfids3_detail_add_download

Called by:

SELECT surfids3_detail_add_download(inet, inet, character varying, character varying, integer);

Arguments:

inet               Source IP address.
inet               Destination IP address.
character varying  URL of the malware downloaded.
character varying  MD5 hash of the malware downloaded.
integer            Type of honeypot that did the detection. Can be retrieved with surfids3_type_from_name()

Returns: nothing

surfids3_detail_add_offer

Called by:

SELECT surfids3_detail_add_offer(inet, inet, character varying, integer);

Arguments:

inet               Source IP address.
inet               Destination IP address.
character varying  URL of the malware offered.
integer            Type of honeypot that did the detection. Can be retrieved with surfids3_type_from_name()

Returns: nothing

surfids3_sensorid_get

Called by:

SELECT surfids3_sensorid_get(inet);

Arguments:

inet             Destination IP address.

Returns:

integer          Sensor ID

surfids3_type_from_name

Called by:

SELECT surfids3_type_from_name(character varying);

Arguments:

character varying    Name of the honeypot that did the detection

Returns:

integer              ID of the honeypot that did the detection

surfids3_attack_link

Called by:

SELECT surfids3_attack_link(integer, integer, integer);

Arguments:

integer               ID of the parent attack (parent ID)
integer               ID of the child attack (child ID)
integer               ID of the attack tree

Returns: nothing

surfids3_ipv6_add_by_id

Called by:

SELECT surfids3_ipv6_add_by_id(integer, inet, integer, integer);

Arguments:

integer               ID of the sensor
inet                  Source IP address
integer               Severity of the attack (0,1,16,32) - (Possible, Malicious, Offer, Download)
integer               Type of honeypot that did the detection. Can be retrieved with surfids3_type_from_name()

Returns:

integer               ID of the attack just added.

surfids3_dhcp_add_by_id

Called by:

SELECT surfids3_dhcp_add_by_id(integer, macaddr, inet, integer, integer);

Arguments:

integer               ID of the sensor
macaddr               Source MAC address
inet                  Source IP address
integer               Severity of the attack (0,1,16,32) - (Possible, Malicious, Offer, Download)
integer               Type of honeypot that did the detection. Can be retrieved with surfids3_type_from_name()

Returns:

integer               ID of the attack just added.
 
kb/surfids_sql_functions.txt · Last modified: 2012/07/12 11:27 (external edit)
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki