CAT Detect Sub-Projects

Parsers

CAT Detect reads recorded events from a database table which stores events from logs in a normalized form. At the moment, data can be read into these tables using the ParseCSV class (see [Setup instructions]). ParseCSV takes files with each event recorded on its own line in this form:

EventID,Time,Subject,Object,Action,Result

Parsers are needed which take event logs as input and produce CSV files in this normalized form as output (or which go straight into the RecordedEvents table of the database). We need every sort of log from any and all operating systems and applications.

Graphical Rules Designer

CAT Detect now supports customised rules through an external rulesbase file. It needs a GUI to allow users to build rules (as easily as possible) and save these rules to the rulesbase file so that they can be shared with other users.

Research Project: More Rules

Although not supported in the DFRWS 2011 release, if you check out the sourcecode, CAT Detect now reads its rulesbase from an XML file. Researchers can develop new rules and expand the rulesbase, or build their own rulesbases for particular applications. It would be great if you could share those rulesbase XML files with the community too. If somebody builds a graphical rules designer, you could use that, otherwise you can just write the rules yourself in XML!