#section 1: database connection

dbDriver = com.microsoft.jdbc.sqlserver.SQLServerDriver

dbURL = jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=dmz1;selectMethod=cursor

#dbDriver = org.gjt.mm.mysql.Driver

#dbURL = jdbc:mysql://balisong/inside

#section 2: knowledge base

Generate_Knowledge_Base = true

Knowledge_Base_XML_File = DARPA_2k_final.xml

#section 3: correlation engine

IDSName = realsecure
AlertTable = events

# column names of RealSecure & MSSQL

AlertID = EventID

SensorID = c29
HyperAlertType = OrigEventName

begin_time = EventDate

end_time = EventDate

SrcIPAddress = SrcIPAddress

SrcPort = SrcPort

DestIPAddress = DestIPAddress

DestPort = DestPort

# column names of snort & my sql 

#AlertID = cid

#AlertName = sig_name

#BeginTime = timestamp

#EndTime = timestamp

#SrcIPAddress = ip_src

#SrcPort = layer4_sport

#DestIPAddress = ip_dst

#DestPort = layer4_dport

Original_Graph_Output = darpa_dmz1.txt

#Below are the three utilities

#section 4: graph reduction

Aggregation_Time_Interval = -1

Graph_Reduction_Output = sample_reduction.txt

#section 5: focus analysis

Focused_Analysis_GraphID = 9

Focused_Analysis_Condition = 

Focused_Aggregation = true

Focused_Aggregation_Time_Interval = -1 

Focused_Output = sample_focused.txt

#section 6: graph decomposition

# the value is the column name in the original alert table

Decomposition_ID = 9

Decomposition_Constraint = h1.SrcIPAddress=h2.SrcIPAddress and h1.DestIPAddress=h2.DestIPAddress

Decomposition_Aggregation = true

Decomposition_Aggregation_Time_Interval = -1

Decomposition_Output = sample_decomp.txt