+----------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +----------+------------------+------+-----+---------+----------------+ | ag_id | int(10) unsigned | | PRI | NULL | auto_increment | | ag_name | varchar(40) | YES | | NULL | | | ag_desc | text | YES | | NULL | | | ag_ctime | datetime | YES | | NULL | | | ag_ltime | datetime | YES | | NULL | | +----------+------------------+------+-----+---------+----------------+ A.1.1 acid_ag_alert +--------+------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------+------------------+------+-----+---------+-------+ | ag_id | int(10) unsigned | | PRI | 0 | | | ag_sid | int(10) unsigned | | PRI | 0 | | | ag_cid | int(10) unsigned | | PRI | 0 | | +--------+------------------+------+-----+---------+-------+ A.1.1.1 acid_event +--------------+------------------+------+-----+---------------------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+------------------+------+-----+---------------------+-------+ | sid | int(10) unsigned | | PRI | 0 | | | cid | int(10) unsigned | | PRI | 0 | | | signature | int(10) unsigned | | MUL | 0 | | | sig_name | varchar(255) | YES | MUL | NULL | | | sig_class_id | int(10) unsigned | YES | MUL | NULL | | | sig_priority | int(10) unsigned | YES | MUL | NULL | | | timestamp | datetime | | MUL | 0000-00-00 00:00:00 | | | ip_src | int(10) unsigned | YES | MUL | NULL | | | ip_dst | int(10) unsigned | YES | MUL | NULL | | | ip_proto | int(11) | YES | MUL | NULL | | | layer4_sport | int(10) unsigned | YES | MUL | NULL | | | layer4_dport | int(10) unsigned | YES | MUL | NULL | | +--------------+------------------+------+-----+---------------------+-------+ A.1.1.2 acid_ip_cache +---------------------+------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +---------------------+------------------+------+-----+---------+-------+ | ipc_ip | int(10) unsigned | | PRI | 0 | | | ipc_fqdn | varchar(50) | YES | | NULL | | | ipc_dns_timestamp | datetime | YES | | NULL | | | ipc_whois | text | YES | | NULL | | | ipc_whois_timestamp | datetime | YES | | NULL | | +---------------------+------------------+------+-----+---------+-------+ A.1.1.3 data +--------------+------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+------------------+------+-----+---------+-------+ | sid | int(10) unsigned | | PRI | 0 | | | cid | int(10) unsigned | | PRI | 0 | | | data_payload | text | YES | | NULL | | +--------------+------------------+------+-----+---------+-------+ A.1.1.4 detail +-------------+---------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+---------------------+------+-----+---------+-------+ | detail_type | tinyint(3) unsigned | | PRI | 0 | | | detail_text | text | | | | | +-------------+---------------------+------+-----+---------+-------+ A.1.1.5 encoding +---------------+---------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +---------------+---------------------+------+-----+---------+-------+ | encoding_type | tinyint(3) unsigned | | PRI | 0 | | | encoding_text | text | | | | | +---------------+---------------------+------+-----+---------+-------+ A.1.1.6 event +-----------+------------------+------+-----+---------------------+-------+ | Field | Type | Null | Key | Default | Extra | +-----------+------------------+------+-----+---------------------+-------+ | sid | int(10) unsigned | | PRI | 0 | | | cid | int(10) unsigned | | PRI | 0 | | | signature | int(10) unsigned | | MUL | 0 | | | timestamp | datetime | | MUL | 0000-00-00 00:00:00 | | +-----------+------------------+------+-----+---------------------+-------+ A.1.1.7 icmphdr +-----------+----------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-----------+----------------------+------+-----+---------+-------+ | sid | int(10) unsigned | | PRI | 0 | | | cid | int(10) unsigned | | PRI | 0 | | | icmp_type | tinyint(3) unsigned | | MUL | 0 | | | icmp_code | tinyint(3) unsigned | | | 0 | | | icmp_csum | smallint(5) unsigned | YES | | NULL | | | icmp_id | smallint(5) unsigned | YES | | NULL | | | icmp_seq | smallint(5) unsigned | YES | | NULL | | +-----------+----------------------+------+-----+---------+-------+ A.1.1.8 iphdr +----------+----------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +----------+----------------------+------+-----+---------+-------+ | sid | int(10) unsigned | | PRI | 0 | | | cid | int(10) unsigned | | PRI | 0 | | | ip_src | int(10) unsigned | | MUL | 0 | | | ip_dst | int(10) unsigned | | MUL | 0 | | | ip_ver | tinyint(3) unsigned | YES | | NULL | | | ip_hlen | tinyint(3) unsigned | YES | | NULL | | | ip_tos | tinyint(3) unsigned | YES | | NULL | | | ip_len | smallint(5) unsigned | YES | | NULL | | | ip_id | smallint(5) unsigned | YES | | NULL | | | ip_flags | tinyint(3) unsigned | YES | | NULL | | | ip_off | smallint(5) unsigned | YES | | NULL | | | ip_ttl | tinyint(3) unsigned | YES | | NULL | | | ip_proto | tinyint(3) unsigned | | | 0 | | | ip_csum | smallint(5) unsigned | YES | | NULL | | +----------+----------------------+------+-----+---------+-------+ A.1.1.9 opt +-----------+---------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-----------+---------------------+------+-----+---------+-------+ | sid | int(10) unsigned | | PRI | 0 | | | cid | int(10) unsigned | | PRI | 0 | | | optid | int(10) unsigned | | PRI | 0 | | | opt_proto | tinyint(3) unsigned | | | 0 | | | opt_code | tinyint(3) unsigned | | | 0 | | | opt_len | smallint(6) | YES | | NULL | | | opt_data | text | YES | | NULL | | +-----------+---------------------+------+-----+---------+-------+ A.1.1.10 reference +---------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +---------------+------------------+------+-----+---------+----------------+ | ref_id | int(10) unsigned | | PRI | NULL | auto_increment | | ref_system_id | int(10) unsigned | | | 0 | | | ref_tag | text | | | | | +---------------+------------------+------+-----+---------+----------------+ A.1.1.11 reference_system +-----------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-----------------+------------------+------+-----+---------+----------------+ | ref_system_id | int(10) unsigned | | PRI | NULL | auto_increment | | ref_system_name | varchar(20) | YES | | NULL | | +-----------------+------------------+------+-----+---------+----------------+ A.1.1.12 schema +-------+------------------+------+-----+---------------------+-------+ | Field | Type | Null | Key | Default | Extra | +-------+------------------+------+-----+---------------------+-------+ | vseq | int(10) unsigned | | PRI | 0 | | | ctime | datetime | | | 0000-00-00 00:00:00 | | +-------+------------------+------+-----+---------------------+-------+ A.1.1.13 sensor +-----------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-----------+------------------+------+-----+---------+----------------+ | sid | int(10) unsigned | | PRI | NULL | auto_increment | | hostname | text | YES | | NULL | | | interface | text | YES | | NULL | | | filter | text | YES | | NULL | | | detail | tinyint(4) | YES | | NULL | | | encoding | tinyint(4) | YES | | NULL | | | last_cid | int(10) unsigned | | | 0 | | +-----------+------------------+------+-----+---------+----------------+ A.1.1.14 sig_class +----------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +----------------+------------------+------+-----+---------+----------------+ | sig_class_id | int(10) unsigned | | PRI | NULL | auto_increment | | sig_class_name | varchar(60) | | MUL | | | +----------------+------------------+------+-----+---------+----------------+ A.1.1.15 sig_reference +---------+------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +---------+------------------+------+-----+---------+-------+ | sig_id | int(10) unsigned | | PRI | 0 | | | ref_seq | int(10) unsigned | | PRI | 0 | | | ref_id | int(10) unsigned | | | 0 | | +---------+------------------+------+-----+---------+-------+ A.1.1.16 signature +--------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +--------------+------------------+------+-----+---------+----------------+ | sig_id | int(10) unsigned | | PRI | NULL | auto_increment | | sig_name | varchar(255) | | MUL | | | | sig_class_id | int(10) unsigned | | MUL | 0 | | | sig_priority | int(10) unsigned | YES | | NULL | | | sig_rev | int(10) unsigned | YES | | NULL | | | sig_sid | int(10) unsigned | YES | | NULL | | +--------------+------------------+------+-----+---------+----------------+ A.1.1.17 tcphdr +-----------+----------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-----------+----------------------+------+-----+---------+-------+ | sid | int(10) unsigned | | PRI | 0 | | | cid | int(10) unsigned | | PRI | 0 | | | tcp_sport | smallint(5) unsigned | | MUL | 0 | | | tcp_dport | smallint(5) unsigned | | MUL | 0 | | | tcp_seq | int(10) unsigned | YES | | NULL | | | tcp_ack | int(10) unsigned | YES | | NULL | | | tcp_off | tinyint(3) unsigned | YES | | NULL | | | tcp_res | tinyint(3) unsigned | YES | | NULL | | | tcp_flags | tinyint(3) unsigned | | MUL | 0 | | | tcp_win | smallint(5) unsigned | YES | | NULL | | | tcp_csum | smallint(5) unsigned | YES | | NULL | | | tcp_urp | smallint(5) unsigned | YES | | NULL | | +-----------+----------------------+------+-----+---------+-------+ A.1.1.18 udphdr +-----------+----------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-----------+----------------------+------+-----+---------+-------+ | sid | int(10) unsigned | | PRI | 0 | | | cid | int(10) unsigned | | PRI | 0 | | | udp_sport | smallint(5) unsigned | | MUL | 0 | | | udp_dport | smallint(5) unsigned | | MUL | 0 | | | udp_len | smallint(5) unsigned | YES | | NULL | | | udp_csum | smallint(5) unsigned | YES | | NULL | | +-----------+----------------------+------+-----+---------+-------+ |