A.1 acid_ag
+----------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+------------------+------+-----+---------+----------------+
| ag_id | int(10) unsigned | | PRI | NULL | auto_increment |
| ag_name | varchar(40) | YES | | NULL | |
| ag_desc | text | YES | | NULL | |
| ag_ctime | datetime | YES | | NULL | |
| ag_ltime | datetime | YES | | NULL | |
+----------+------------------+------+-----+---------+----------------+
A.1.1 acid_ag_alert
+--------+------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+--------+------------------+------+-----+---------+-------+
| ag_id | int(10) unsigned | | PRI | 0 | |
| ag_sid | int(10) unsigned | | PRI | 0 | |
| ag_cid | int(10) unsigned | | PRI | 0 | |
+--------+------------------+------+-----+---------+-------+
A.1.1.1 acid_event
+--------------+------------------+------+-----+---------------------+-------+
| Field | Type | Null | Key | Default | Extra |
+--------------+------------------+------+-----+---------------------+-------+
| sid | int(10) unsigned | | PRI | 0 | |
| cid | int(10) unsigned | | PRI | 0 | |
| signature | int(10) unsigned | | MUL | 0 | |
| sig_name | varchar(255) | YES | MUL | NULL | |
| sig_class_id | int(10) unsigned | YES | MUL | NULL | |
| sig_priority | int(10) unsigned | YES | MUL | NULL | |
| timestamp | datetime | | MUL | 0000-00-00 00:00:00 | |
| ip_src | int(10) unsigned | YES | MUL | NULL | |
| ip_dst | int(10) unsigned | YES | MUL | NULL | |
| ip_proto | int(11) | YES | MUL | NULL | |
| layer4_sport | int(10) unsigned | YES | MUL | NULL | |
| layer4_dport | int(10) unsigned | YES | MUL | NULL | |
+--------------+------------------+------+-----+---------------------+-------+
A.1.1.2 acid_ip_cache
+---------------------+------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+---------------------+------------------+------+-----+---------+-------+
| ipc_ip | int(10) unsigned | | PRI | 0 | |
| ipc_fqdn | varchar(50) | YES | | NULL | |
| ipc_dns_timestamp | datetime | YES | | NULL | |
| ipc_whois | text | YES | | NULL | |
| ipc_whois_timestamp | datetime | YES | | NULL | |
+---------------------+------------------+------+-----+---------+-------+
A.1.1.3 data
+--------------+------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+--------------+------------------+------+-----+---------+-------+
| sid | int(10) unsigned | | PRI | 0 | |
| cid | int(10) unsigned | | PRI | 0 | |
| data_payload | text | YES | | NULL | |
+--------------+------------------+------+-----+---------+-------+
A.1.1.4 detail
+-------------+---------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------+---------------------+------+-----+---------+-------+
| detail_type | tinyint(3) unsigned | | PRI | 0 | |
| detail_text | text | | | | |
+-------------+---------------------+------+-----+---------+-------+
A.1.1.5 encoding
+---------------+---------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+---------------+---------------------+------+-----+---------+-------+
| encoding_type | tinyint(3) unsigned | | PRI | 0 | |
| encoding_text | text | | | | |
+---------------+---------------------+------+-----+---------+-------+
A.1.1.6 event
+-----------+------------------+------+-----+---------------------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+------------------+------+-----+---------------------+-------+
| sid | int(10) unsigned | | PRI | 0 | |
| cid | int(10) unsigned | | PRI | 0 | |
| signature | int(10) unsigned | | MUL | 0 | |
| timestamp | datetime | | MUL | 0000-00-00 00:00:00 | |
+-----------+------------------+------+-----+---------------------+-------+
A.1.1.7 icmphdr
+-----------+----------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+----------------------+------+-----+---------+-------+
| sid | int(10) unsigned | | PRI | 0 | |
| cid | int(10) unsigned | | PRI | 0 | |
| icmp_type | tinyint(3) unsigned | | MUL | 0 | |
| icmp_code | tinyint(3) unsigned | | | 0 | |
| icmp_csum | smallint(5) unsigned | YES | | NULL | |
| icmp_id | smallint(5) unsigned | YES | | NULL | |
| icmp_seq | smallint(5) unsigned | YES | | NULL | |
+-----------+----------------------+------+-----+---------+-------+
A.1.1.8 iphdr
+----------+----------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+----------+----------------------+------+-----+---------+-------+
| sid | int(10) unsigned | | PRI | 0 | |
| cid | int(10) unsigned | | PRI | 0 | |
| ip_src | int(10) unsigned | | MUL | 0 | |
| ip_dst | int(10) unsigned | | MUL | 0 | |
| ip_ver | tinyint(3) unsigned | YES | | NULL | |
| ip_hlen | tinyint(3) unsigned | YES | | NULL | |
| ip_tos | tinyint(3) unsigned | YES | | NULL | |
| ip_len | smallint(5) unsigned | YES | | NULL | |
| ip_id | smallint(5) unsigned | YES | | NULL | |
| ip_flags | tinyint(3) unsigned | YES | | NULL | |
| ip_off | smallint(5) unsigned | YES | | NULL | |
| ip_ttl | tinyint(3) unsigned | YES | | NULL | |
| ip_proto | tinyint(3) unsigned | | | 0 | |
| ip_csum | smallint(5) unsigned | YES | | NULL | |
+----------+----------------------+------+-----+---------+-------+
A.1.1.9 opt
+-----------+---------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+---------------------+------+-----+---------+-------+
| sid | int(10) unsigned | | PRI | 0 | |
| cid | int(10) unsigned | | PRI | 0 | |
| optid | int(10) unsigned | | PRI | 0 | |
| opt_proto | tinyint(3) unsigned | | | 0 | |
| opt_code | tinyint(3) unsigned | | | 0 | |
| opt_len | smallint(6) | YES | | NULL | |
| opt_data | text | YES | | NULL | |
+-----------+---------------------+------+-----+---------+-------+
A.1.1.10 reference
+---------------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+---------------+------------------+------+-----+---------+----------------+
| ref_id | int(10) unsigned | | PRI | NULL | auto_increment |
| ref_system_id | int(10) unsigned | | | 0 | |
| ref_tag | text | | | | |
+---------------+------------------+------+-----+---------+----------------+
A.1.1.11 reference_system
+-----------------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-----------------+------------------+------+-----+---------+----------------+
| ref_system_id | int(10) unsigned | | PRI | NULL | auto_increment |
| ref_system_name | varchar(20) | YES | | NULL | |
+-----------------+------------------+------+-----+---------+----------------+
A.1.1.12 schema
+-------+------------------+------+-----+---------------------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------+------------------+------+-----+---------------------+-------+
| vseq | int(10) unsigned | | PRI | 0 | |
| ctime | datetime | | | 0000-00-00 00:00:00 | |
+-------+------------------+------+-----+---------------------+-------+
A.1.1.13 sensor
+-----------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-----------+------------------+------+-----+---------+----------------+
| sid | int(10) unsigned | | PRI | NULL | auto_increment |
| hostname | text | YES | | NULL | |
| interface | text | YES | | NULL | |
| filter | text | YES | | NULL | |
| detail | tinyint(4) | YES | | NULL | |
| encoding | tinyint(4) | YES | | NULL | |
| last_cid | int(10) unsigned | | | 0 | |
+-----------+------------------+------+-----+---------+----------------+
A.1.1.14 sig_class
+----------------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------------+------------------+------+-----+---------+----------------+
| sig_class_id | int(10) unsigned | | PRI | NULL | auto_increment |
| sig_class_name | varchar(60) | | MUL | | |
+----------------+------------------+------+-----+---------+----------------+
A.1.1.15 sig_reference
+---------+------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+---------+------------------+------+-----+---------+-------+
| sig_id | int(10) unsigned | | PRI | 0 | |
| ref_seq | int(10) unsigned | | PRI | 0 | |
| ref_id | int(10) unsigned | | | 0 | |
+---------+------------------+------+-----+---------+-------+
A.1.1.16 signature
+--------------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+--------------+------------------+------+-----+---------+----------------+
| sig_id | int(10) unsigned | | PRI | NULL | auto_increment |
| sig_name | varchar(255) | | MUL | | |
| sig_class_id | int(10) unsigned | | MUL | 0 | |
| sig_priority | int(10) unsigned | YES | | NULL | |
| sig_rev | int(10) unsigned | YES | | NULL | |
| sig_sid | int(10) unsigned | YES | | NULL | |
+--------------+------------------+------+-----+---------+----------------+
A.1.1.17 tcphdr
+-----------+----------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+----------------------+------+-----+---------+-------+
| sid | int(10) unsigned | | PRI | 0 | |
| cid | int(10) unsigned | | PRI | 0 | |
| tcp_sport | smallint(5) unsigned | | MUL | 0 | |
| tcp_dport | smallint(5) unsigned | | MUL | 0 | |
| tcp_seq | int(10) unsigned | YES | | NULL | |
| tcp_ack | int(10) unsigned | YES | | NULL | |
| tcp_off | tinyint(3) unsigned | YES | | NULL | |
| tcp_res | tinyint(3) unsigned | YES | | NULL | |
| tcp_flags | tinyint(3) unsigned | | MUL | 0 | |
| tcp_win | smallint(5) unsigned | YES | | NULL | |
| tcp_csum | smallint(5) unsigned | YES | | NULL | |
| tcp_urp | smallint(5) unsigned | YES | | NULL | |
+-----------+----------------------+------+-----+---------+-------+
A.1.1.18 udphdr
+-----------+----------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+----------------------+------+-----+---------+-------+
| sid | int(10) unsigned | | PRI | 0 | |
| cid | int(10) unsigned | | PRI | 0 | |
| udp_sport | smallint(5) unsigned | | MUL | 0 | |
| udp_dport | smallint(5) unsigned | | MUL | 0 | |
| udp_len | smallint(5) unsigned | YES | | NULL | |
| udp_csum | smallint(5) unsigned | YES | | NULL | |
+-----------+----------------------+------+-----+---------+-------+
| 
