QueryFactory

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.tfe.console
Class QueryFactory

java.lang.Object
  |
  +--org.tfe.console.QueryFactory

public class QueryFactory
extends java.lang.Object

Method Summary

static java.lang.String convertAddressToString(long number)
          Converts IP addresses from a long to a String (dotted decimal format) This function is used to convert the long number value IP address that is stored in the snort database into a human readable IP address.

static long convertStringToAddress(java.lang.String address)


void deleteAlert(int sid, int cid)
          Deletes an alert from the database.

Alert getAlert(int sid, int cid)
          Queries the database for alerts that have a specific sid and cid.

java.util.ArrayList getAlertCountByProtocol(java.lang.String sDateTime, java.lang.String eDateTime)
          Gets the number of Alerts for each protocol (ICMP, TCP, UDP) from the database.

int[] getAlertIndices(Alert alert)
          Retrieves the sid and cid of a given Alert.

AlertList getAlerts(java.lang.String SQLString)
          Queries the database for alerts.

AlertList getAlerts(java.lang.String sDateTime, java.lang.String eDateTime)
          Queries the database for alerts that fall between a specific start and end date.

java.util.ArrayList getAlertsPerDay(java.lang.String sDateTime, java.lang.String eDateTime)
          Gets the number of Alerts per day from the database.

Incident getIncident(int ID)
          Retrieves an Incident from the database.

int getIncidentIndex()
          Retrieves the last incident index number from the database.

java.util.ArrayList getIncidents(java.lang.String SQL)
          Queries the database for Incidents that match a custom SQL string.

java.util.ArrayList getIncidents(java.lang.String sDateTime, java.lang.String eDateTime)
          Retrieves all Incidents that fall between the specified dates & times.

static QueryFactory getInstance(java.lang.String[] dbInfo)


java.util.ArrayList getMostActiveSensors(java.lang.String sDateTime, java.lang.String eDateTime)
          Gets the top 10 most active sensors (by number of Alerts) from the database.

int getNumIncidentAlerts(int incident_id)
          Retrieve the number of Alerts associated with an Incident.

java.util.ArrayList getTopDstIPs(java.lang.String sDateTime, java.lang.String eDateTime)
          Gets the top 10 destination IP addresses (by number of Alerts) from the database.

java.util.ArrayList getTopSignatures(java.lang.String sDateTime, java.lang.String eDateTime)
          Gets the top 10 Alert signatures from the database.

java.util.ArrayList getTopSrcIPs(java.lang.String sDateTime, java.lang.String eDateTime)
          Gets the top 10 source IP addresses (by number of Alerts) from the database.

java.util.ArrayList getTopTCPPorts(java.lang.String sDateTime, java.lang.String eDateTime)
          Gets the top 10 TCP ports (by number of Alerts) from the database.

java.util.ArrayList getTopUDPPorts(java.lang.String sDateTime, java.lang.String eDateTime)
          Gets the top 10 UDP ports (by number of Alerts) from the database.

boolean insertIncident(Incident tempIncident)
          Inserts a given Incident into the database.

boolean updateIncident(Incident tempIncident)
          Updates information about a specific Incident in the database.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getInstance

public static QueryFactory getInstance(java.lang.String[] dbInfo)

getAlerts

public AlertList getAlerts(java.lang.String sDateTime,
                           java.lang.String eDateTime)

Queries the database for alerts that fall between a specific start and end date.

Parameters:: sDateTime - the start date and time for which to search for alerts.; eDateTime - the end date and time for which to search for alerts.
Returns:: an ArrayList of Alerts that fell between the specified dates, null if nothing found.

getAlert

public Alert getAlert(int sid,
                      int cid)

Queries the database for alerts that have a specific sid and cid.

Parameters:: sid - the sid of the Alert.; cid - the cid of the Alert.
Returns:: the Alert that matched the query parameters, null if nothing found.

getAlerts

public AlertList getAlerts(java.lang.String SQLString)

Queries the database for alerts. This code will allow the user to specify custom constraints that will be appended to the WHERE clause of the SQL statement. This code will (eventually) check the input for any instances of the INSERT, UPDATE, or DELETE keywords.

Parameters:: SQLString - a custom, user-defined SQL string that gets appended to the standard SQL statement for retrieving Alerts.
Returns:: an ArrayList of Alerts that matched the specified parameters, null if nothing found.

getAlertIndices

public int[] getAlertIndices(Alert alert)

Retrieves the sid and cid of a given Alert. This function queries the database and retrieves the sid and cid that are associated with a given alert. This can be useful when creating an Incident from the Alert.

Parameters:: alert - the Alert for which to retrieve the sid and cid from the database.
Returns:: a two-element integer array containing the sid[0] and cid[1] of the Alert in the database, or null if nothing was found.

deleteAlert

public void deleteAlert(int sid,
                        int cid)

Deletes an alert from the database. This function allows a user to remove a snort alert from the database.

Parameters:: sid - the sid of the alert to be deleted; cid - the cid of the alert to be deleted

getIncidentIndex

public int getIncidentIndex()

Retrieves the last incident index number from the database. This function gets the index number of the last Incident in the database. This is useful for determining what the index number of the next Incident should be. It can also be used in reporting functions to tell the total number of Incidents in a given time period (this functionality is not yet implemented).

Returns:: an integer value of the last Incident index in the database.

insertIncident

public boolean insertIncident(Incident tempIncident)

Inserts a given Incident into the database. This function will take a newly created Incident and insert it into the database. It checks first to see if the Incident is already in the database, and if it is, then it returns. If not, it proceeds.

Parameters:: tempIncident - the Incident to be stored in the database.
Returns:: true if the insert succeeds, false if it fails.

updateIncident

public boolean updateIncident(Incident tempIncident)

Updates information about a specific Incident in the database. This function will update the information in the database for a given incident. This is used when Incident related information is updated by the user.

Parameters:: tempIncident - the Incident to be updated (with new values set).
Returns:: true if the update succeeds, false if it fails.

getIncident

public Incident getIncident(int ID)

Retrieves an Incident from the database.

Parameters:: ID - the integer ID of the Incident to retrieve from the database.
Returns:: the Incident, or null if nothing was found.

getNumIncidentAlerts

public int getNumIncidentAlerts(int incident_id)

Retrieve the number of Alerts associated with an Incident.

Parameters:: incident_id - the integer ID of the Incident to query.
Returns:: an integer value of the total number of Alerts associated with the specified Incident.

getIncidents

public java.util.ArrayList getIncidents(java.lang.String sDateTime,
                                        java.lang.String eDateTime)

Retrieves all Incidents that fall between the specified dates & times. This function will query the database and retrieve all incidents that fall between the dates/times that the user specifies. This enables reporting and metrics to be generated on the Incidents. Note that this queries by the CREATION date & time of the Incident, not the onset date & time of the Incident.

Parameters:: sDateTime - the earliest possible creation time for which to retrieve Alerts.; eDateTime - the latest possible creation time for which to retrieve Alerts.
Returns:: an ArrayList of Incidents that matched the specified parameters, or null if nothing was found.

getIncidents

public java.util.ArrayList getIncidents(java.lang.String SQL)

Queries the database for Incidents that match a custom SQL string. This code will allow the user to specify custom constraints that will be appended to the WHERE clause of the SQL statement. This code will (eventually) check the input for any instances of the INSERT, UPDATE, or DELETE keywords.

Parameters:: SQL - a custom, user-defined SQL string that gets appended to the standard SQL statement for retrieving Incidents.
Returns:: an ArrayList of Incidents that matched the specified parameters, null if nothing found.

getTopTCPPorts

public java.util.ArrayList getTopTCPPorts(java.lang.String sDateTime,
                                          java.lang.String eDateTime)

Gets the top 10 TCP ports (by number of Alerts) from the database. This function is used in conjunction with ReportInputFrame & JFreeChart to generate charts.

Parameters:: sDateTime - the earliest date for which to query.; eDateTime - the latest date for which to query.
Returns:: an ArrayList of ChartQueryResults, sorted from greatest # of Alerts/port to least # of Alerts/port.

getTopUDPPorts

public java.util.ArrayList getTopUDPPorts(java.lang.String sDateTime,
                                          java.lang.String eDateTime)

Gets the top 10 UDP ports (by number of Alerts) from the database. This function is used in conjunction with ReportInputFrame & JFreeChart to generate charts.

Parameters:: sDateTime - the earliest date for which to query.; eDateTime - the latest date for which to query.
Returns:: an ArrayList of ChartQueryResults, sorted from greatest # of Alerts/port to least # of Alerts/port.

getTopSrcIPs

public java.util.ArrayList getTopSrcIPs(java.lang.String sDateTime,
                                        java.lang.String eDateTime)

Gets the top 10 source IP addresses (by number of Alerts) from the database. This function is used in conjunction with ReportInputFrame & JFreeChart to generate charts.

Parameters:: sDateTime - the earliest date for which to query.; eDateTime - the latest date for which to query.
Returns:: an ArrayList of ChartQueryResults, sorted from greatest # of Alerts/IP to least # of Alerts/IP.

getTopDstIPs

public java.util.ArrayList getTopDstIPs(java.lang.String sDateTime,
                                        java.lang.String eDateTime)

Gets the top 10 destination IP addresses (by number of Alerts) from the database. This function is used in conjunction with ReportInputFrame & JFreeChart to generate charts.

Parameters:: sDateTime - the earliest date for which to query.; eDateTime - the latest date for which to query.
Returns:: an ArrayList of ChartQueryResults, sorted from greatest # of Alerts/IP to least # of Alerts/IP.

getTopSignatures

public java.util.ArrayList getTopSignatures(java.lang.String sDateTime,
                                            java.lang.String eDateTime)

Gets the top 10 Alert signatures from the database. This function is used in conjunction with ReportInputFrame & JFreeChart to generate charts.

Parameters:: sDateTime - the earliest date for which to query.; eDateTime - the latest date for which to query.
Returns:: an ArrayList of ChartQueryResults, sorted from greatest # of Alerts/signature to least # of Alerts/signature.

getAlertCountByProtocol

public java.util.ArrayList getAlertCountByProtocol(java.lang.String sDateTime,
                                                   java.lang.String eDateTime)

Gets the number of Alerts for each protocol (ICMP, TCP, UDP) from the database. This function is used in conjunction with ReportInputFrame & JFreeChart to generate charts.

Parameters:: sDateTime - the earliest date for which to query.; eDateTime - the latest date for which to query.
Returns:: an ArrayList of ChartQueryResults, sorted from greatest # of Alerts/Protocol to least # of Alerts/Protocol.

getMostActiveSensors

public java.util.ArrayList getMostActiveSensors(java.lang.String sDateTime,
                                                java.lang.String eDateTime)

Gets the top 10 most active sensors (by number of Alerts) from the database. This function is used in conjunction with ReportInputFrame & JFreeChart to generate charts.

Parameters:: sDateTime - the earliest date for which to query.; eDateTime - the latest date for which to query.
Returns:: an ArrayList of ChartQueryResults, sorted from greatest # of Alerts/Sensor to least # of Alerts/Sensor.

getAlertsPerDay

public java.util.ArrayList getAlertsPerDay(java.lang.String sDateTime,
                                           java.lang.String eDateTime)

Gets the number of Alerts per day from the database. This function is used in conjunction with ReportInputFrame & JFreeChart to generate charts.

Parameters:: sDateTime - the earliest date for which to query.; eDateTime - the latest date for which to query.
Returns:: an ArrayList of ChartQueryResults, sorted chronologically from the first day to the last day.

convertAddressToString

public static java.lang.String convertAddressToString(long number)

Converts IP addresses from a long to a String (dotted decimal format) This function is used to convert the long number value IP address that is stored in the snort database into a human readable IP address.

Returns:: a String representation of the IP address

convertStringToAddress

public static long convertStringToAddress(java.lang.String address)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

Method Summary
`static java.lang.String`	`convertAddressToString(long number)` Converts IP addresses from a long to a String (dotted decimal format) This function is used to convert the long number value IP address that is stored in the snort database into a human readable IP address.
`static long`	`convertStringToAddress(java.lang.String address)`
`void`	`deleteAlert(int sid, int cid)` Deletes an alert from the database.
`Alert`	`getAlert(int sid, int cid)` Queries the database for alerts that have a specific sid and cid.
`java.util.ArrayList`	`getAlertCountByProtocol(java.lang.String sDateTime, java.lang.String eDateTime)` Gets the number of `Alert`s for each protocol (ICMP, TCP, UDP) from the database.
`int[]`	`getAlertIndices(Alert alert)` Retrieves the sid and cid of a given `Alert`.
`AlertList`	`getAlerts(java.lang.String SQLString)` Queries the database for alerts.
`AlertList`	`getAlerts(java.lang.String sDateTime, java.lang.String eDateTime)` Queries the database for alerts that fall between a specific start and end date.
`java.util.ArrayList`	`getAlertsPerDay(java.lang.String sDateTime, java.lang.String eDateTime)` Gets the number of `Alert`s per day from the database.
`Incident`	`getIncident(int ID)` Retrieves an `Incident` from the database.
`int`	`getIncidentIndex()` Retrieves the last incident index number from the database.
`java.util.ArrayList`	`getIncidents(java.lang.String SQL)` Queries the database for `Incident`s that match a custom SQL string.
`java.util.ArrayList`	`getIncidents(java.lang.String sDateTime, java.lang.String eDateTime)` Retrieves all `Incident`s that fall between the specified dates & times.
`static QueryFactory`	`getInstance(java.lang.String[] dbInfo)`
`java.util.ArrayList`	`getMostActiveSensors(java.lang.String sDateTime, java.lang.String eDateTime)` Gets the top 10 most active sensors (by number of `Alert`s) from the database.
`int`	`getNumIncidentAlerts(int incident_id)` Retrieve the number of `Alert`s associated with an `Incident`.
`java.util.ArrayList`	`getTopDstIPs(java.lang.String sDateTime, java.lang.String eDateTime)` Gets the top 10 destination IP addresses (by number of `Alert`s) from the database.
`java.util.ArrayList`	`getTopSignatures(java.lang.String sDateTime, java.lang.String eDateTime)` Gets the top 10 `Alert` signatures from the database.
`java.util.ArrayList`	`getTopSrcIPs(java.lang.String sDateTime, java.lang.String eDateTime)` Gets the top 10 source IP addresses (by number of `Alert`s) from the database.
`java.util.ArrayList`	`getTopTCPPorts(java.lang.String sDateTime, java.lang.String eDateTime)` Gets the top 10 TCP ports (by number of `Alert`s) from the database.
`java.util.ArrayList`	`getTopUDPPorts(java.lang.String sDateTime, java.lang.String eDateTime)` Gets the top 10 UDP ports (by number of `Alert`s) from the database.
`boolean`	`insertIncident(Incident tempIncident)` Inserts a given `Incident` into the database.
`boolean`	`updateIncident(Incident tempIncident)` Updates information about a specific `Incident` in the database.

org.tfe.console Class QueryFactory

getInstance

getAlerts

getAlert

getAlerts

getAlertIndices

deleteAlert

getIncidentIndex

insertIncident

updateIncident

getIncident

getNumIncidentAlerts

getIncidents

getIncidents

getTopTCPPorts

getTopUDPPorts

getTopSrcIPs

getTopDstIPs

getTopSignatures

getAlertCountByProtocol

getMostActiveSensors

getAlertsPerDay

convertAddressToString

convertStringToAddress

org.tfe.console
Class QueryFactory