Recent changes to CAT Detect Sub-Projectshttps://sourceforge.net/p/catdetect/wiki/CAT%2520Detect%2520Sub-Projects/Recent changes to CAT Detect Sub-ProjectsenWed, 06 Feb 2013 21:42:19 -0000WikiPage CAT Detect Sub-Projects modified by Andrew Marringtonhttps://sourceforge.net/p/catdetect/wiki/CAT%2520Detect%2520Sub-Projects/<div class="markdown_content"><pre>--- v1 +++ v2 @@ -1,5 +1,5 @@ ## Parsers ## -CAT Detect reads recorded events from a database table which stores events from logs in a *normalized* form. At the moment, data can be read into these tables using the *ParseCSV* class (see [Setup Instructions]). ParseCSV takes files with each event recorded on its own line in this form: +CAT Detect reads recorded events from a database table which stores events from logs in a *normalized* form. At the moment, data can be read into these tables using the *ParseCSV* class (see [Setup instructions]). ParseCSV takes files with each event recorded on its own line in this form: **EventID,Time,Subject,Object,Action,Result** </pre> </div>Andrew MarringtonWed, 06 Feb 2013 21:42:19 -0000https://sourceforge.net3bc44f27827c71487a1143800c661d8af6d33cfbWikiPage CAT Detect Sub-Projects modified by Andrew Marringtonhttps://sourceforge.net/p/catdetect/wiki/CAT%2520Detect%2520Sub-Projects/<div class="markdown_content"><h2 id="parsers">Parsers</h2> <p>CAT Detect reads recorded events from a database table which stores events from logs in a <em>normalized</em> form. At the moment, data can be read into these tables using the <em>ParseCSV</em> class (see <span>[Setup Instructions]</span>). ParseCSV takes files with each event recorded on its own line in this form:</p> <p><strong>EventID,Time,Subject,Object,Action,Result</strong></p> <p>Parsers are needed which take event logs as input and produce CSV files in this normalized form as output (or which go straight into the RecordedEvents table of the database). We need every sort of log from any and all operating systems and applications.</p> <h2 id="graphical-rules-designer">Graphical Rules Designer</h2> <p>CAT Detect now supports customised rules through an external rulesbase file. It needs a GUI to allow users to build rules (as easily as possible) and save these rules to the rulesbase file so that they can be shared with other users.</p> <h2 id="research-project-more-rules">Research Project: More Rules</h2> <p>Although not supported in the DFRWS 2011 release, if you check out the sourcecode, CAT Detect now reads its rulesbase from an XML file. Researchers can develop new rules and expand the rulesbase, or build their own rulesbases for particular applications. It would be great if you could share those rulesbase XML files with the community too. If somebody builds a graphical rules designer, you could use that, otherwise you can just write the rules yourself in XML!</p></div>Andrew MarringtonWed, 06 Feb 2013 21:41:49 -0000https://sourceforge.net72e4c38ab99d677bd3d000de5e96537ff93ccc62