Working on an Alienvault IDS system or OSSIM you can come across over huge amount of alarms are created will system migrations.
use the ossim-db command:
> ossim-db
use the alienvault database:
> USE alienvault
Check for Alarm tables
>SHOW TABLES LIKE 'alarm%';
Get table description
>DESCRIBE alarm;
Get the number of records in a table 'alarm'.
>SELECT COUNT(*) FROM alarm;
Listing 20 timestamp in alarm table which are created today
>SELECT timestamp FROM alarm WHERE DATE(timestamp) = CURDATE() limit 20;
Let make status for Close for today alarms
>update alarm set status = 'closed' WHERE DATE(timestamp) = CURDATE();
Before -------- -----> Now
No comments:
Post a Comment