dorothy2 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +21 -0
- data/Gemfile +4 -0
- data/LICENSE +644 -0
- data/README.md +231 -0
- data/Rakefile +1 -0
- data/bin/dorothy_start +176 -0
- data/bin/dorothy_stop +28 -0
- data/bin/dparser_start +66 -0
- data/bin/dparser_stop +23 -0
- data/dorothy2.gemspec +30 -0
- data/etc/ddl/dorothive.ddl +1803 -0
- data/etc/dorothy copy.yml.example +39 -0
- data/etc/sandboxes.yml.example +20 -0
- data/etc/sources.yml.example +32 -0
- data/lib/doroParser.rb +518 -0
- data/lib/dorothy2/BFM.rb +156 -0
- data/lib/dorothy2/MAM.rb +239 -0
- data/lib/dorothy2/Settings.rb +35 -0
- data/lib/dorothy2/deep_symbolize.rb +67 -0
- data/lib/dorothy2/do-init.rb +296 -0
- data/lib/dorothy2/do-logger.rb +43 -0
- data/lib/dorothy2/do-parsers.rb +468 -0
- data/lib/dorothy2/do-utils.rb +223 -0
- data/lib/dorothy2/environment.rb +29 -0
- data/lib/dorothy2/version.rb +3 -0
- data/lib/dorothy2/vtotal.rb +84 -0
- data/lib/dorothy2.rb +470 -0
- data/share/img/Dorothy-Basic.pdf +0 -0
- data/share/img/Setup-Advanced.pdf +0 -0
- data/share/img/The_big_picture.pdf +0 -0
- data/test/tc_dorothy_full.rb +95 -0
- data/var/log/parser.log +0 -0
- metadata +260 -0
@@ -0,0 +1,1803 @@
|
|
1
|
+
--
|
2
|
+
-- PostgreSQL database dump
|
3
|
+
--
|
4
|
+
|
5
|
+
DROP DATABASE dorothive;
|
6
|
+
|
7
|
+
|
8
|
+
SET statement_timeout = 0;
|
9
|
+
SET client_encoding = 'UTF8';
|
10
|
+
SET standard_conforming_strings = off;
|
11
|
+
SET check_function_bodies = false;
|
12
|
+
SET client_min_messages = warning;
|
13
|
+
SET escape_string_warning = off;
|
14
|
+
|
15
|
+
--
|
16
|
+
-- Name: dorothive; Type: DATABASE; Schema: -; Owner: postgres
|
17
|
+
--
|
18
|
+
|
19
|
+
CREATE DATABASE dorothive WITH TEMPLATE = template0 ENCODING = 'UTF8' LC_COLLATE = 'C' LC_CTYPE = 'C';
|
20
|
+
|
21
|
+
|
22
|
+
ALTER DATABASE dorothive OWNER TO postgres;
|
23
|
+
|
24
|
+
\connect dorothive
|
25
|
+
|
26
|
+
SET statement_timeout = 0;
|
27
|
+
SET client_encoding = 'UTF8';
|
28
|
+
SET standard_conforming_strings = off;
|
29
|
+
SET check_function_bodies = false;
|
30
|
+
SET client_min_messages = warning;
|
31
|
+
SET escape_string_warning = off;
|
32
|
+
|
33
|
+
--
|
34
|
+
-- Name: dorothy; Type: SCHEMA; Schema: -; Owner: postgres
|
35
|
+
--
|
36
|
+
|
37
|
+
CREATE SCHEMA dorothy;
|
38
|
+
|
39
|
+
|
40
|
+
ALTER SCHEMA dorothy OWNER TO postgres;
|
41
|
+
|
42
|
+
--
|
43
|
+
-- Name: SCHEMA dorothy; Type: COMMENT; Schema: -; Owner: postgres
|
44
|
+
--
|
45
|
+
|
46
|
+
COMMENT ON SCHEMA dorothy IS 'standard public schema';
|
47
|
+
|
48
|
+
|
49
|
+
--
|
50
|
+
-- Name: plpgsql; Type: PROCEDURAL LANGUAGE; Schema: -; Owner: postgres
|
51
|
+
--
|
52
|
+
|
53
|
+
CREATE OR REPLACE PROCEDURAL LANGUAGE plpgsql;
|
54
|
+
|
55
|
+
|
56
|
+
ALTER PROCEDURAL LANGUAGE plpgsql OWNER TO postgres;
|
57
|
+
|
58
|
+
SET search_path = dorothy, pg_catalog;
|
59
|
+
|
60
|
+
--
|
61
|
+
-- Name: dns_queries; Type: TYPE; Schema: dorothy; Owner: postgres
|
62
|
+
--
|
63
|
+
|
64
|
+
CREATE TYPE dns_queries AS ENUM (
|
65
|
+
'query',
|
66
|
+
'axfr'
|
67
|
+
);
|
68
|
+
|
69
|
+
|
70
|
+
ALTER TYPE dorothy.dns_queries OWNER TO postgres;
|
71
|
+
|
72
|
+
--
|
73
|
+
-- Name: ftp_types; Type: TYPE; Schema: dorothy; Owner: postgres
|
74
|
+
--
|
75
|
+
|
76
|
+
CREATE TYPE ftp_types AS ENUM (
|
77
|
+
'active',
|
78
|
+
'passive',
|
79
|
+
'fxp'
|
80
|
+
);
|
81
|
+
|
82
|
+
|
83
|
+
ALTER TYPE dorothy.ftp_types OWNER TO postgres;
|
84
|
+
|
85
|
+
--
|
86
|
+
-- Name: http_methods; Type: TYPE; Schema: dorothy; Owner: postgres
|
87
|
+
--
|
88
|
+
|
89
|
+
CREATE TYPE http_methods AS ENUM (
|
90
|
+
'head',
|
91
|
+
'get',
|
92
|
+
'post',
|
93
|
+
'put',
|
94
|
+
'delete',
|
95
|
+
'trace',
|
96
|
+
'options',
|
97
|
+
'connect',
|
98
|
+
'patch'
|
99
|
+
);
|
100
|
+
|
101
|
+
|
102
|
+
ALTER TYPE dorothy.http_methods OWNER TO postgres;
|
103
|
+
|
104
|
+
--
|
105
|
+
-- Name: layer4_protocols; Type: TYPE; Schema: dorothy; Owner: postgres
|
106
|
+
--
|
107
|
+
|
108
|
+
CREATE TYPE layer4_protocols AS ENUM (
|
109
|
+
'tcp',
|
110
|
+
'udp'
|
111
|
+
);
|
112
|
+
|
113
|
+
|
114
|
+
ALTER TYPE dorothy.layer4_protocols OWNER TO postgres;
|
115
|
+
|
116
|
+
--
|
117
|
+
-- Name: layer7_protocols; Type: TYPE; Schema: dorothy; Owner: postgres
|
118
|
+
--
|
119
|
+
|
120
|
+
CREATE TYPE layer7_protocols AS ENUM (
|
121
|
+
'http',
|
122
|
+
'irc',
|
123
|
+
'dns',
|
124
|
+
'smtp',
|
125
|
+
'other'
|
126
|
+
);
|
127
|
+
|
128
|
+
|
129
|
+
ALTER TYPE dorothy.layer7_protocols OWNER TO postgres;
|
130
|
+
|
131
|
+
--
|
132
|
+
-- Name: sample_type; Type: TYPE; Schema: dorothy; Owner: postgres
|
133
|
+
--
|
134
|
+
|
135
|
+
CREATE TYPE sample_type AS ENUM (
|
136
|
+
'mz',
|
137
|
+
'pe',
|
138
|
+
'elf'
|
139
|
+
);
|
140
|
+
|
141
|
+
|
142
|
+
ALTER TYPE dorothy.sample_type OWNER TO postgres;
|
143
|
+
|
144
|
+
--
|
145
|
+
-- Name: TYPE sample_type; Type: COMMENT; Schema: dorothy; Owner: postgres
|
146
|
+
--
|
147
|
+
|
148
|
+
COMMENT ON TYPE sample_type IS 'Sample file type';
|
149
|
+
|
150
|
+
|
151
|
+
--
|
152
|
+
-- Name: sanbox_type; Type: TYPE; Schema: dorothy; Owner: postgres
|
153
|
+
--
|
154
|
+
|
155
|
+
CREATE TYPE sanbox_type AS ENUM (
|
156
|
+
'virtual',
|
157
|
+
'phisical',
|
158
|
+
'mobile-virtual',
|
159
|
+
'mobile-phisical',
|
160
|
+
'external'
|
161
|
+
);
|
162
|
+
|
163
|
+
|
164
|
+
ALTER TYPE dorothy.sanbox_type OWNER TO postgres;
|
165
|
+
|
166
|
+
--
|
167
|
+
-- Name: sensor_type; Type: TYPE; Schema: dorothy; Owner: postgres
|
168
|
+
--
|
169
|
+
|
170
|
+
CREATE TYPE sensor_type AS ENUM (
|
171
|
+
'low_honey',
|
172
|
+
'high_honey',
|
173
|
+
'mwcollect'
|
174
|
+
);
|
175
|
+
|
176
|
+
|
177
|
+
ALTER TYPE dorothy.sensor_type OWNER TO postgres;
|
178
|
+
|
179
|
+
--
|
180
|
+
-- Name: sensor_type2; Type: TYPE; Schema: dorothy; Owner: postgres
|
181
|
+
--
|
182
|
+
|
183
|
+
CREATE TYPE sensor_type2 AS ENUM (
|
184
|
+
'lowint-honeypot',
|
185
|
+
'highint-honeypot',
|
186
|
+
'unknow',
|
187
|
+
'client-honeypot',
|
188
|
+
'external-source'
|
189
|
+
);
|
190
|
+
|
191
|
+
|
192
|
+
ALTER TYPE dorothy.sensor_type2 OWNER TO postgres;
|
193
|
+
|
194
|
+
SET default_tablespace = '';
|
195
|
+
|
196
|
+
SET default_with_oids = false;
|
197
|
+
|
198
|
+
--
|
199
|
+
-- Name: analyses; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
200
|
+
--
|
201
|
+
|
202
|
+
CREATE TABLE analyses (
|
203
|
+
id integer NOT NULL,
|
204
|
+
sample character(64) NOT NULL,
|
205
|
+
sandbox integer NOT NULL,
|
206
|
+
traffic_dump character(64) NOT NULL,
|
207
|
+
date timestamp without time zone
|
208
|
+
);
|
209
|
+
|
210
|
+
|
211
|
+
ALTER TABLE dorothy.analyses OWNER TO postgres;
|
212
|
+
|
213
|
+
--
|
214
|
+
-- Name: analyses_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
215
|
+
--
|
216
|
+
|
217
|
+
CREATE SEQUENCE analyses_id_seq
|
218
|
+
START WITH 1
|
219
|
+
INCREMENT BY 1
|
220
|
+
NO MINVALUE
|
221
|
+
NO MAXVALUE
|
222
|
+
CACHE 1;
|
223
|
+
|
224
|
+
|
225
|
+
ALTER TABLE dorothy.analyses_id_seq OWNER TO postgres;
|
226
|
+
|
227
|
+
--
|
228
|
+
-- Name: analyses_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
|
229
|
+
--
|
230
|
+
|
231
|
+
ALTER SEQUENCE analyses_id_seq OWNED BY analyses.id;
|
232
|
+
|
233
|
+
|
234
|
+
--
|
235
|
+
-- Name: analyses_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
236
|
+
--
|
237
|
+
|
238
|
+
SELECT pg_catalog.setval('analyses_id_seq', 1, true);
|
239
|
+
|
240
|
+
|
241
|
+
--
|
242
|
+
-- Name: samples; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
243
|
+
--
|
244
|
+
|
245
|
+
CREATE TABLE samples (
|
246
|
+
hash character(64) NOT NULL,
|
247
|
+
size integer NOT NULL,
|
248
|
+
type sample_type,
|
249
|
+
path character(256),
|
250
|
+
filename character(256),
|
251
|
+
md5 character(64),
|
252
|
+
long_type character varying,
|
253
|
+
CONSTRAINT size_notneg CHECK ((size >= 0))
|
254
|
+
);
|
255
|
+
|
256
|
+
|
257
|
+
ALTER TABLE dorothy.samples OWNER TO postgres;
|
258
|
+
|
259
|
+
--
|
260
|
+
-- Name: TABLE samples; Type: COMMENT; Schema: dorothy; Owner: postgres
|
261
|
+
--
|
262
|
+
|
263
|
+
COMMENT ON TABLE samples IS 'Acquired samples';
|
264
|
+
|
265
|
+
|
266
|
+
--
|
267
|
+
-- Name: COLUMN samples.hash; Type: COMMENT; Schema: dorothy; Owner: postgres
|
268
|
+
--
|
269
|
+
|
270
|
+
COMMENT ON COLUMN samples.hash IS 'SHA256 checksum hash';
|
271
|
+
|
272
|
+
|
273
|
+
--
|
274
|
+
-- Name: COLUMN samples.size; Type: COMMENT; Schema: dorothy; Owner: postgres
|
275
|
+
--
|
276
|
+
|
277
|
+
COMMENT ON COLUMN samples.size IS 'Sample size';
|
278
|
+
|
279
|
+
|
280
|
+
--
|
281
|
+
-- Name: COLUMN samples.type; Type: COMMENT; Schema: dorothy; Owner: postgres
|
282
|
+
--
|
283
|
+
|
284
|
+
COMMENT ON COLUMN samples.type IS 'Sample type';
|
285
|
+
|
286
|
+
|
287
|
+
--
|
288
|
+
-- Name: CONSTRAINT size_notneg ON samples; Type: COMMENT; Schema: dorothy; Owner: postgres
|
289
|
+
--
|
290
|
+
|
291
|
+
COMMENT ON CONSTRAINT size_notneg ON samples IS 'Sample size must not be negative';
|
292
|
+
|
293
|
+
|
294
|
+
--
|
295
|
+
-- Name: traffic_dumps; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
296
|
+
--
|
297
|
+
|
298
|
+
CREATE TABLE traffic_dumps (
|
299
|
+
hash character(64) NOT NULL,
|
300
|
+
size integer NOT NULL,
|
301
|
+
pcapr_id character(64),
|
302
|
+
"binary" character varying,
|
303
|
+
parsed boolean
|
304
|
+
);
|
305
|
+
|
306
|
+
|
307
|
+
ALTER TABLE dorothy.traffic_dumps OWNER TO postgres;
|
308
|
+
|
309
|
+
--
|
310
|
+
-- Name: COLUMN traffic_dumps.hash; Type: COMMENT; Schema: dorothy; Owner: postgres
|
311
|
+
--
|
312
|
+
|
313
|
+
COMMENT ON COLUMN traffic_dumps.hash IS 'SHA256 checksum hash';
|
314
|
+
|
315
|
+
|
316
|
+
--
|
317
|
+
-- Name: analysis_resume_view; Type: VIEW; Schema: dorothy; Owner: postgres
|
318
|
+
--
|
319
|
+
|
320
|
+
CREATE VIEW analysis_resume_view AS
|
321
|
+
SELECT analyses.id, samples.filename, samples.md5, samples.long_type, analyses.date, traffic_dumps.parsed FROM traffic_dumps, samples, analyses WHERE ((analyses.sample = samples.hash) AND (analyses.traffic_dump = traffic_dumps.hash)) ORDER BY analyses.id DESC;
|
322
|
+
|
323
|
+
|
324
|
+
ALTER TABLE dorothy.analysis_resume_view OWNER TO postgres;
|
325
|
+
|
326
|
+
--
|
327
|
+
-- Name: appdata_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
328
|
+
--
|
329
|
+
|
330
|
+
CREATE SEQUENCE appdata_id_seq
|
331
|
+
START WITH 1
|
332
|
+
INCREMENT BY 1
|
333
|
+
NO MINVALUE
|
334
|
+
NO MAXVALUE
|
335
|
+
CACHE 1;
|
336
|
+
|
337
|
+
|
338
|
+
ALTER TABLE dorothy.appdata_id_seq OWNER TO postgres;
|
339
|
+
|
340
|
+
--
|
341
|
+
-- Name: appdata_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
342
|
+
--
|
343
|
+
|
344
|
+
SELECT pg_catalog.setval('appdata_id_seq', 1, true);
|
345
|
+
|
346
|
+
|
347
|
+
--
|
348
|
+
-- Name: asns; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
349
|
+
--
|
350
|
+
|
351
|
+
CREATE TABLE asns (
|
352
|
+
handle character varying(10) NOT NULL,
|
353
|
+
owner character varying(15),
|
354
|
+
country character(2),
|
355
|
+
confidence integer,
|
356
|
+
id integer NOT NULL
|
357
|
+
);
|
358
|
+
|
359
|
+
|
360
|
+
ALTER TABLE dorothy.asns OWNER TO postgres;
|
361
|
+
|
362
|
+
--
|
363
|
+
-- Name: TABLE asns; Type: COMMENT; Schema: dorothy; Owner: postgres
|
364
|
+
--
|
365
|
+
|
366
|
+
COMMENT ON TABLE asns IS 'Autonomous systems';
|
367
|
+
|
368
|
+
|
369
|
+
--
|
370
|
+
-- Name: asns_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
371
|
+
--
|
372
|
+
|
373
|
+
CREATE SEQUENCE asns_id_seq
|
374
|
+
START WITH 1
|
375
|
+
INCREMENT BY 1
|
376
|
+
NO MINVALUE
|
377
|
+
NO MAXVALUE
|
378
|
+
CACHE 1;
|
379
|
+
|
380
|
+
|
381
|
+
ALTER TABLE dorothy.asns_id_seq OWNER TO postgres;
|
382
|
+
|
383
|
+
--
|
384
|
+
-- Name: asns_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
|
385
|
+
--
|
386
|
+
|
387
|
+
ALTER SEQUENCE asns_id_seq OWNED BY asns.id;
|
388
|
+
|
389
|
+
|
390
|
+
--
|
391
|
+
-- Name: asns_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
392
|
+
--
|
393
|
+
|
394
|
+
SELECT pg_catalog.setval('asns_id_seq', 1, false);
|
395
|
+
|
396
|
+
|
397
|
+
--
|
398
|
+
-- Name: dns_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
399
|
+
--
|
400
|
+
|
401
|
+
CREATE SEQUENCE dns_id_seq
|
402
|
+
START WITH 1
|
403
|
+
INCREMENT BY 1
|
404
|
+
NO MINVALUE
|
405
|
+
NO MAXVALUE
|
406
|
+
CACHE 1;
|
407
|
+
|
408
|
+
|
409
|
+
ALTER TABLE dorothy.dns_id_seq OWNER TO postgres;
|
410
|
+
|
411
|
+
--
|
412
|
+
-- Name: dns_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
413
|
+
--
|
414
|
+
|
415
|
+
SELECT pg_catalog.setval('dns_id_seq', 1, true);
|
416
|
+
|
417
|
+
|
418
|
+
--
|
419
|
+
-- Name: dns_data; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
420
|
+
--
|
421
|
+
|
422
|
+
CREATE TABLE dns_data (
|
423
|
+
id integer DEFAULT nextval('dns_id_seq'::regclass) NOT NULL,
|
424
|
+
name character varying(255),
|
425
|
+
class integer,
|
426
|
+
qry boolean NOT NULL,
|
427
|
+
ttl integer,
|
428
|
+
flow integer NOT NULL,
|
429
|
+
address inet,
|
430
|
+
data character varying(255),
|
431
|
+
type integer,
|
432
|
+
is_sinkholed boolean
|
433
|
+
);
|
434
|
+
|
435
|
+
|
436
|
+
ALTER TABLE dorothy.dns_data OWNER TO postgres;
|
437
|
+
|
438
|
+
--
|
439
|
+
-- Name: COLUMN dns_data.address; Type: COMMENT; Schema: dorothy; Owner: postgres
|
440
|
+
--
|
441
|
+
|
442
|
+
COMMENT ON COLUMN dns_data.address IS 'type A answer data ';
|
443
|
+
|
444
|
+
|
445
|
+
--
|
446
|
+
-- Name: COLUMN dns_data.data; Type: COMMENT; Schema: dorothy; Owner: postgres
|
447
|
+
--
|
448
|
+
|
449
|
+
COMMENT ON COLUMN dns_data.data IS 'in the case it is an answer different from TYPE A ';
|
450
|
+
|
451
|
+
|
452
|
+
--
|
453
|
+
-- Name: flows; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
454
|
+
--
|
455
|
+
|
456
|
+
CREATE TABLE flows (
|
457
|
+
source inet NOT NULL,
|
458
|
+
dest inet NOT NULL,
|
459
|
+
srcport integer,
|
460
|
+
dstport integer,
|
461
|
+
size integer NOT NULL,
|
462
|
+
traffic_dump character(64),
|
463
|
+
packets integer DEFAULT 0,
|
464
|
+
id bigint NOT NULL,
|
465
|
+
ip_protocol integer DEFAULT 1 NOT NULL,
|
466
|
+
service character(64) DEFAULT 0,
|
467
|
+
title character(256),
|
468
|
+
content character(128) DEFAULT 0,
|
469
|
+
duration double precision DEFAULT 0,
|
470
|
+
"time" double precision,
|
471
|
+
relative_id integer NOT NULL
|
472
|
+
);
|
473
|
+
|
474
|
+
|
475
|
+
ALTER TABLE dorothy.flows OWNER TO postgres;
|
476
|
+
|
477
|
+
--
|
478
|
+
-- Name: COLUMN flows.packets; Type: COMMENT; Schema: dorothy; Owner: postgres
|
479
|
+
--
|
480
|
+
|
481
|
+
COMMENT ON COLUMN flows.packets IS 'Number of the packets involved in the flow';
|
482
|
+
|
483
|
+
|
484
|
+
--
|
485
|
+
-- Name: COLUMN flows.service; Type: COMMENT; Schema: dorothy; Owner: postgres
|
486
|
+
--
|
487
|
+
|
488
|
+
COMMENT ON COLUMN flows.service IS 'flow service';
|
489
|
+
|
490
|
+
|
491
|
+
--
|
492
|
+
-- Name: COLUMN flows.title; Type: COMMENT; Schema: dorothy; Owner: postgres
|
493
|
+
--
|
494
|
+
|
495
|
+
COMMENT ON COLUMN flows.title IS 'Title of the flow';
|
496
|
+
|
497
|
+
|
498
|
+
--
|
499
|
+
-- Name: COLUMN flows.content; Type: COMMENT; Schema: dorothy; Owner: postgres
|
500
|
+
--
|
501
|
+
|
502
|
+
COMMENT ON COLUMN flows.content IS 'Link to pcapr-local RESTful platform . (URL)';
|
503
|
+
|
504
|
+
|
505
|
+
--
|
506
|
+
-- Name: COLUMN flows."time"; Type: COMMENT; Schema: dorothy; Owner: postgres
|
507
|
+
--
|
508
|
+
|
509
|
+
COMMENT ON COLUMN flows."time" IS 'Relative time (from the beginning) of the flow';
|
510
|
+
|
511
|
+
|
512
|
+
--
|
513
|
+
-- Name: host_ips; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
514
|
+
--
|
515
|
+
|
516
|
+
CREATE TABLE host_ips (
|
517
|
+
ip inet NOT NULL,
|
518
|
+
geoinfo integer,
|
519
|
+
sbl integer,
|
520
|
+
uptime time without time zone,
|
521
|
+
is_online boolean,
|
522
|
+
whois integer,
|
523
|
+
zone text,
|
524
|
+
last_update timestamp without time zone,
|
525
|
+
id integer NOT NULL,
|
526
|
+
dns_name integer,
|
527
|
+
migrated_from integer
|
528
|
+
);
|
529
|
+
|
530
|
+
|
531
|
+
ALTER TABLE dorothy.host_ips OWNER TO postgres;
|
532
|
+
|
533
|
+
--
|
534
|
+
-- Name: host_roles; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
535
|
+
--
|
536
|
+
|
537
|
+
CREATE TABLE host_roles (
|
538
|
+
role integer NOT NULL,
|
539
|
+
host_ip inet NOT NULL
|
540
|
+
);
|
541
|
+
|
542
|
+
|
543
|
+
ALTER TABLE dorothy.host_roles OWNER TO postgres;
|
544
|
+
|
545
|
+
--
|
546
|
+
-- Name: irc_data; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
547
|
+
--
|
548
|
+
|
549
|
+
CREATE TABLE irc_data (
|
550
|
+
id integer NOT NULL,
|
551
|
+
flow integer NOT NULL,
|
552
|
+
data bytea,
|
553
|
+
incoming boolean NOT NULL
|
554
|
+
);
|
555
|
+
|
556
|
+
|
557
|
+
ALTER TABLE dorothy.irc_data OWNER TO postgres;
|
558
|
+
|
559
|
+
--
|
560
|
+
-- Name: roles; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
561
|
+
--
|
562
|
+
|
563
|
+
CREATE TABLE roles (
|
564
|
+
id integer NOT NULL,
|
565
|
+
type character varying(10),
|
566
|
+
comment character varying
|
567
|
+
);
|
568
|
+
|
569
|
+
|
570
|
+
ALTER TABLE dorothy.roles OWNER TO postgres;
|
571
|
+
|
572
|
+
--
|
573
|
+
-- Name: ccprofile_view3; Type: VIEW; Schema: dorothy; Owner: postgres
|
574
|
+
--
|
575
|
+
|
576
|
+
CREATE VIEW ccprofile_view3 AS
|
577
|
+
SELECT DISTINCT host_ips.id AS hostid, host_ips.ip, flows.dstport, traffic_dumps.hash, irc_data.id, roles.type, dns_data.name, irc_data.data FROM roles, host_roles, host_ips, dns_data, flows, irc_data, traffic_dumps WHERE (((((((((roles.id = host_roles.role) AND (host_roles.host_ip = host_ips.ip)) AND (dns_data.id = host_ips.dns_name)) AND (flows.dest = host_ips.ip)) AND (flows.traffic_dump = traffic_dumps.hash)) AND (irc_data.flow = flows.id)) AND (irc_data.incoming = false)) AND (host_ips.is_online = true)) AND ((roles.type)::text = 'cc-irc'::text)) ORDER BY irc_data.id, host_ips.id, host_ips.ip, flows.dstport, traffic_dumps.hash, roles.type, dns_data.name, irc_data.data;
|
578
|
+
|
579
|
+
|
580
|
+
ALTER TABLE dorothy.ccprofile_view3 OWNER TO postgres;
|
581
|
+
|
582
|
+
--
|
583
|
+
-- Name: connections_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
584
|
+
--
|
585
|
+
|
586
|
+
CREATE SEQUENCE connections_id_seq
|
587
|
+
START WITH 1
|
588
|
+
INCREMENT BY 1
|
589
|
+
NO MINVALUE
|
590
|
+
NO MAXVALUE
|
591
|
+
CACHE 1;
|
592
|
+
|
593
|
+
|
594
|
+
ALTER TABLE dorothy.connections_id_seq OWNER TO postgres;
|
595
|
+
|
596
|
+
--
|
597
|
+
-- Name: connections_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
|
598
|
+
--
|
599
|
+
|
600
|
+
ALTER SEQUENCE connections_id_seq OWNED BY flows.id;
|
601
|
+
|
602
|
+
|
603
|
+
--
|
604
|
+
-- Name: connections_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
605
|
+
--
|
606
|
+
|
607
|
+
SELECT pg_catalog.setval('connections_id_seq', 1, true);
|
608
|
+
|
609
|
+
|
610
|
+
--
|
611
|
+
-- Name: downloads; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
612
|
+
--
|
613
|
+
|
614
|
+
CREATE TABLE downloads (
|
615
|
+
sample character(256) NOT NULL,
|
616
|
+
flow integer NOT NULL,
|
617
|
+
path character(128) NOT NULL,
|
618
|
+
filename character varying
|
619
|
+
);
|
620
|
+
|
621
|
+
|
622
|
+
ALTER TABLE dorothy.downloads OWNER TO postgres;
|
623
|
+
|
624
|
+
--
|
625
|
+
-- Name: TABLE downloads; Type: COMMENT; Schema: dorothy; Owner: postgres
|
626
|
+
--
|
627
|
+
|
628
|
+
COMMENT ON TABLE downloads IS 'Downloaded sample sighting';
|
629
|
+
|
630
|
+
|
631
|
+
--
|
632
|
+
-- Name: emails; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
633
|
+
--
|
634
|
+
|
635
|
+
CREATE TABLE emails (
|
636
|
+
"from" character(64),
|
637
|
+
"to" character(64),
|
638
|
+
subject character(128),
|
639
|
+
data bytea,
|
640
|
+
id integer NOT NULL,
|
641
|
+
flow bigint NOT NULL,
|
642
|
+
hcmd character varying,
|
643
|
+
hcont character varying,
|
644
|
+
rcode interval,
|
645
|
+
rcont character varying
|
646
|
+
);
|
647
|
+
|
648
|
+
|
649
|
+
ALTER TABLE dorothy.emails OWNER TO postgres;
|
650
|
+
|
651
|
+
--
|
652
|
+
-- Name: emails_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
653
|
+
--
|
654
|
+
|
655
|
+
CREATE SEQUENCE emails_id_seq
|
656
|
+
START WITH 1
|
657
|
+
INCREMENT BY 1
|
658
|
+
NO MINVALUE
|
659
|
+
NO MAXVALUE
|
660
|
+
CACHE 1;
|
661
|
+
|
662
|
+
|
663
|
+
ALTER TABLE dorothy.emails_id_seq OWNER TO postgres;
|
664
|
+
|
665
|
+
--
|
666
|
+
-- Name: emails_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
|
667
|
+
--
|
668
|
+
|
669
|
+
ALTER SEQUENCE emails_id_seq OWNED BY emails.id;
|
670
|
+
|
671
|
+
|
672
|
+
--
|
673
|
+
-- Name: emails_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
674
|
+
--
|
675
|
+
|
676
|
+
SELECT pg_catalog.setval('emails_id_seq', 1, true);
|
677
|
+
|
678
|
+
|
679
|
+
--
|
680
|
+
-- Name: ftp_data; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
681
|
+
--
|
682
|
+
|
683
|
+
CREATE TABLE ftp_data (
|
684
|
+
id integer DEFAULT nextval('appdata_id_seq'::regclass) NOT NULL,
|
685
|
+
banner text,
|
686
|
+
"user" character varying(50),
|
687
|
+
password character varying(50),
|
688
|
+
type ftp_types,
|
689
|
+
is_ssl boolean,
|
690
|
+
size integer,
|
691
|
+
data bytea
|
692
|
+
);
|
693
|
+
|
694
|
+
|
695
|
+
ALTER TABLE dorothy.ftp_data OWNER TO postgres;
|
696
|
+
|
697
|
+
--
|
698
|
+
-- Name: geoinfo; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
699
|
+
--
|
700
|
+
|
701
|
+
CREATE TABLE geoinfo (
|
702
|
+
id integer NOT NULL,
|
703
|
+
longlat point,
|
704
|
+
country character(2),
|
705
|
+
city character varying(255),
|
706
|
+
"last-update" timestamp without time zone,
|
707
|
+
asn integer
|
708
|
+
);
|
709
|
+
|
710
|
+
|
711
|
+
ALTER TABLE dorothy.geoinfo OWNER TO postgres;
|
712
|
+
|
713
|
+
--
|
714
|
+
-- Name: COLUMN geoinfo.longlat; Type: COMMENT; Schema: dorothy; Owner: postgres
|
715
|
+
--
|
716
|
+
|
717
|
+
COMMENT ON COLUMN geoinfo.longlat IS 'Spatial location (longitude, latitude)';
|
718
|
+
|
719
|
+
|
720
|
+
--
|
721
|
+
-- Name: geoinfo_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
722
|
+
--
|
723
|
+
|
724
|
+
CREATE SEQUENCE geoinfo_id_seq
|
725
|
+
START WITH 1
|
726
|
+
INCREMENT BY 1
|
727
|
+
NO MINVALUE
|
728
|
+
NO MAXVALUE
|
729
|
+
CACHE 1;
|
730
|
+
|
731
|
+
|
732
|
+
ALTER TABLE dorothy.geoinfo_id_seq OWNER TO postgres;
|
733
|
+
|
734
|
+
--
|
735
|
+
-- Name: geoinfo_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
|
736
|
+
--
|
737
|
+
|
738
|
+
ALTER SEQUENCE geoinfo_id_seq OWNED BY geoinfo.id;
|
739
|
+
|
740
|
+
|
741
|
+
--
|
742
|
+
-- Name: geoinfo_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
743
|
+
--
|
744
|
+
|
745
|
+
SELECT pg_catalog.setval('geoinfo_id_seq', 1, true);
|
746
|
+
|
747
|
+
|
748
|
+
--
|
749
|
+
-- Name: host_ips_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
750
|
+
--
|
751
|
+
|
752
|
+
CREATE SEQUENCE host_ips_id_seq
|
753
|
+
START WITH 1
|
754
|
+
INCREMENT BY 1
|
755
|
+
NO MINVALUE
|
756
|
+
NO MAXVALUE
|
757
|
+
CACHE 1;
|
758
|
+
|
759
|
+
|
760
|
+
ALTER TABLE dorothy.host_ips_id_seq OWNER TO postgres;
|
761
|
+
|
762
|
+
--
|
763
|
+
-- Name: host_ips_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
|
764
|
+
--
|
765
|
+
|
766
|
+
ALTER SEQUENCE host_ips_id_seq OWNED BY host_ips.id;
|
767
|
+
|
768
|
+
|
769
|
+
--
|
770
|
+
-- Name: host_ips_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
771
|
+
--
|
772
|
+
|
773
|
+
SELECT pg_catalog.setval('host_ips_id_seq', 1, true);
|
774
|
+
|
775
|
+
|
776
|
+
--
|
777
|
+
-- Name: http_data; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
778
|
+
--
|
779
|
+
|
780
|
+
CREATE TABLE http_data (
|
781
|
+
id integer DEFAULT nextval('appdata_id_seq'::regclass) NOT NULL,
|
782
|
+
method http_methods NOT NULL,
|
783
|
+
url text,
|
784
|
+
size integer,
|
785
|
+
is_ssl boolean,
|
786
|
+
flow integer NOT NULL,
|
787
|
+
data bytea
|
788
|
+
);
|
789
|
+
|
790
|
+
|
791
|
+
ALTER TABLE dorothy.http_data OWNER TO postgres;
|
792
|
+
|
793
|
+
--
|
794
|
+
-- Name: http_headers; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
795
|
+
--
|
796
|
+
|
797
|
+
CREATE TABLE http_headers (
|
798
|
+
http_data integer NOT NULL,
|
799
|
+
key character varying(255) NOT NULL,
|
800
|
+
value character varying(255)
|
801
|
+
);
|
802
|
+
|
803
|
+
|
804
|
+
ALTER TABLE dorothy.http_headers OWNER TO postgres;
|
805
|
+
|
806
|
+
--
|
807
|
+
-- Name: irc_data_connection_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
808
|
+
--
|
809
|
+
|
810
|
+
CREATE SEQUENCE irc_data_connection_seq
|
811
|
+
START WITH 1
|
812
|
+
INCREMENT BY 1
|
813
|
+
NO MINVALUE
|
814
|
+
NO MAXVALUE
|
815
|
+
CACHE 1;
|
816
|
+
|
817
|
+
|
818
|
+
ALTER TABLE dorothy.irc_data_connection_seq OWNER TO postgres;
|
819
|
+
|
820
|
+
--
|
821
|
+
-- Name: irc_data_connection_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
|
822
|
+
--
|
823
|
+
|
824
|
+
ALTER SEQUENCE irc_data_connection_seq OWNED BY irc_data.flow;
|
825
|
+
|
826
|
+
|
827
|
+
--
|
828
|
+
-- Name: irc_data_connection_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
829
|
+
--
|
830
|
+
|
831
|
+
SELECT pg_catalog.setval('irc_data_connection_seq', 1, true);
|
832
|
+
|
833
|
+
|
834
|
+
--
|
835
|
+
-- Name: malwares; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
836
|
+
--
|
837
|
+
|
838
|
+
CREATE TABLE malwares (
|
839
|
+
bin character(64) NOT NULL,
|
840
|
+
family character(64) NOT NULL,
|
841
|
+
vendor character(64),
|
842
|
+
version character(16),
|
843
|
+
rate character(8),
|
844
|
+
update integer,
|
845
|
+
detected boolean NOT NULL
|
846
|
+
);
|
847
|
+
|
848
|
+
|
849
|
+
ALTER TABLE dorothy.malwares OWNER TO postgres;
|
850
|
+
|
851
|
+
--
|
852
|
+
-- Name: reports; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
853
|
+
--
|
854
|
+
|
855
|
+
CREATE TABLE reports (
|
856
|
+
id integer NOT NULL,
|
857
|
+
sandbox integer NOT NULL,
|
858
|
+
sample character(64) NOT NULL,
|
859
|
+
data text NOT NULL
|
860
|
+
);
|
861
|
+
|
862
|
+
|
863
|
+
ALTER TABLE dorothy.reports OWNER TO postgres;
|
864
|
+
|
865
|
+
--
|
866
|
+
-- Name: reports_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
867
|
+
--
|
868
|
+
|
869
|
+
CREATE SEQUENCE reports_id_seq
|
870
|
+
START WITH 1
|
871
|
+
INCREMENT BY 1
|
872
|
+
NO MINVALUE
|
873
|
+
NO MAXVALUE
|
874
|
+
CACHE 1;
|
875
|
+
|
876
|
+
|
877
|
+
ALTER TABLE dorothy.reports_id_seq OWNER TO postgres;
|
878
|
+
|
879
|
+
--
|
880
|
+
-- Name: reports_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
|
881
|
+
--
|
882
|
+
|
883
|
+
ALTER SEQUENCE reports_id_seq OWNED BY reports.id;
|
884
|
+
|
885
|
+
|
886
|
+
--
|
887
|
+
-- Name: reports_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
888
|
+
--
|
889
|
+
|
890
|
+
SELECT pg_catalog.setval('reports_id_seq', 1, false);
|
891
|
+
|
892
|
+
|
893
|
+
--
|
894
|
+
-- Name: roles_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
895
|
+
--
|
896
|
+
|
897
|
+
CREATE SEQUENCE roles_id_seq
|
898
|
+
START WITH 1
|
899
|
+
INCREMENT BY 1
|
900
|
+
NO MINVALUE
|
901
|
+
NO MAXVALUE
|
902
|
+
CACHE 1;
|
903
|
+
|
904
|
+
|
905
|
+
ALTER TABLE dorothy.roles_id_seq OWNER TO postgres;
|
906
|
+
|
907
|
+
--
|
908
|
+
-- Name: roles_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
|
909
|
+
--
|
910
|
+
|
911
|
+
ALTER SEQUENCE roles_id_seq OWNED BY roles.id;
|
912
|
+
|
913
|
+
|
914
|
+
--
|
915
|
+
-- Name: roles_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
916
|
+
--
|
917
|
+
|
918
|
+
SELECT pg_catalog.setval('roles_id_seq', 1, false);
|
919
|
+
|
920
|
+
|
921
|
+
--
|
922
|
+
-- Name: sandboxes; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
923
|
+
--
|
924
|
+
|
925
|
+
CREATE TABLE sandboxes (
|
926
|
+
id integer NOT NULL,
|
927
|
+
hostname character varying(30) NOT NULL,
|
928
|
+
type sanbox_type NOT NULL,
|
929
|
+
"OS" character varying NOT NULL,
|
930
|
+
version character varying,
|
931
|
+
os_lang character(4),
|
932
|
+
ipaddress inet,
|
933
|
+
username character varying NOT NULL,
|
934
|
+
password character varying,
|
935
|
+
is_available boolean DEFAULT false NOT NULL
|
936
|
+
);
|
937
|
+
|
938
|
+
|
939
|
+
ALTER TABLE dorothy.sandboxes OWNER TO postgres;
|
940
|
+
|
941
|
+
--
|
942
|
+
-- Name: sandboxes_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
943
|
+
--
|
944
|
+
|
945
|
+
CREATE SEQUENCE sandboxes_id_seq
|
946
|
+
START WITH 1
|
947
|
+
INCREMENT BY 1
|
948
|
+
NO MINVALUE
|
949
|
+
NO MAXVALUE
|
950
|
+
CACHE 1;
|
951
|
+
|
952
|
+
|
953
|
+
ALTER TABLE dorothy.sandboxes_id_seq OWNER TO postgres;
|
954
|
+
|
955
|
+
--
|
956
|
+
-- Name: sandboxes_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
|
957
|
+
--
|
958
|
+
|
959
|
+
ALTER SEQUENCE sandboxes_id_seq OWNED BY sandboxes.id;
|
960
|
+
|
961
|
+
|
962
|
+
--
|
963
|
+
-- Name: sandboxes_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
964
|
+
--
|
965
|
+
|
966
|
+
SELECT pg_catalog.setval('sandboxes_id_seq', 1, true);
|
967
|
+
|
968
|
+
|
969
|
+
--
|
970
|
+
-- Name: sensors; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
971
|
+
--
|
972
|
+
|
973
|
+
CREATE TABLE sensors (
|
974
|
+
id integer NOT NULL,
|
975
|
+
name character varying(40) NOT NULL,
|
976
|
+
host integer NOT NULL,
|
977
|
+
type sensor_type2 NOT NULL
|
978
|
+
);
|
979
|
+
|
980
|
+
|
981
|
+
ALTER TABLE dorothy.sensors OWNER TO postgres;
|
982
|
+
|
983
|
+
--
|
984
|
+
-- Name: TABLE sensors; Type: COMMENT; Schema: dorothy; Owner: postgres
|
985
|
+
--
|
986
|
+
|
987
|
+
COMMENT ON TABLE sensors IS 'Malware sensors';
|
988
|
+
|
989
|
+
|
990
|
+
--
|
991
|
+
-- Name: sensors_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
992
|
+
--
|
993
|
+
|
994
|
+
CREATE SEQUENCE sensors_id_seq
|
995
|
+
START WITH 1
|
996
|
+
INCREMENT BY 1
|
997
|
+
NO MINVALUE
|
998
|
+
NO MAXVALUE
|
999
|
+
CACHE 1;
|
1000
|
+
|
1001
|
+
|
1002
|
+
ALTER TABLE dorothy.sensors_id_seq OWNER TO postgres;
|
1003
|
+
|
1004
|
+
--
|
1005
|
+
-- Name: sensors_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
|
1006
|
+
--
|
1007
|
+
|
1008
|
+
ALTER SEQUENCE sensors_id_seq OWNED BY sensors.id;
|
1009
|
+
|
1010
|
+
|
1011
|
+
--
|
1012
|
+
-- Name: sensors_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1013
|
+
--
|
1014
|
+
|
1015
|
+
SELECT pg_catalog.setval('sensors_id_seq', 1, false);
|
1016
|
+
|
1017
|
+
|
1018
|
+
--
|
1019
|
+
-- Name: sightings; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
1020
|
+
--
|
1021
|
+
|
1022
|
+
CREATE TABLE sightings (
|
1023
|
+
sample character(64) NOT NULL,
|
1024
|
+
sensor integer NOT NULL,
|
1025
|
+
date timestamp without time zone NOT NULL,
|
1026
|
+
traffic_dump character(64)
|
1027
|
+
);
|
1028
|
+
|
1029
|
+
|
1030
|
+
ALTER TABLE dorothy.sightings OWNER TO postgres;
|
1031
|
+
|
1032
|
+
--
|
1033
|
+
-- Name: TABLE sightings; Type: COMMENT; Schema: dorothy; Owner: postgres
|
1034
|
+
--
|
1035
|
+
|
1036
|
+
COMMENT ON TABLE sightings IS 'Malware sample sightings on sensors';
|
1037
|
+
|
1038
|
+
|
1039
|
+
--
|
1040
|
+
-- Name: COLUMN sightings.sample; Type: COMMENT; Schema: dorothy; Owner: postgres
|
1041
|
+
--
|
1042
|
+
|
1043
|
+
COMMENT ON COLUMN sightings.sample IS 'Sample hash';
|
1044
|
+
|
1045
|
+
|
1046
|
+
--
|
1047
|
+
-- Name: COLUMN sightings.sensor; Type: COMMENT; Schema: dorothy; Owner: postgres
|
1048
|
+
--
|
1049
|
+
|
1050
|
+
COMMENT ON COLUMN sightings.sensor IS '
|
1051
|
+
';
|
1052
|
+
|
1053
|
+
|
1054
|
+
--
|
1055
|
+
-- Name: whois; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
1056
|
+
--
|
1057
|
+
|
1058
|
+
CREATE TABLE whois (
|
1059
|
+
id integer NOT NULL,
|
1060
|
+
query character varying(255),
|
1061
|
+
data text,
|
1062
|
+
abuse character varying(255),
|
1063
|
+
"last-update" timestamp without time zone
|
1064
|
+
);
|
1065
|
+
|
1066
|
+
|
1067
|
+
ALTER TABLE dorothy.whois OWNER TO postgres;
|
1068
|
+
|
1069
|
+
--
|
1070
|
+
-- Name: COLUMN whois.abuse; Type: COMMENT; Schema: dorothy; Owner: postgres
|
1071
|
+
--
|
1072
|
+
|
1073
|
+
COMMENT ON COLUMN whois.abuse IS 'Abuse email address';
|
1074
|
+
|
1075
|
+
|
1076
|
+
--
|
1077
|
+
-- Name: whois_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
1078
|
+
--
|
1079
|
+
|
1080
|
+
CREATE SEQUENCE whois_id_seq
|
1081
|
+
START WITH 1
|
1082
|
+
INCREMENT BY 1
|
1083
|
+
NO MINVALUE
|
1084
|
+
NO MAXVALUE
|
1085
|
+
CACHE 1;
|
1086
|
+
|
1087
|
+
|
1088
|
+
ALTER TABLE dorothy.whois_id_seq OWNER TO postgres;
|
1089
|
+
|
1090
|
+
--
|
1091
|
+
-- Name: whois_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
|
1092
|
+
--
|
1093
|
+
|
1094
|
+
ALTER SEQUENCE whois_id_seq OWNED BY whois.id;
|
1095
|
+
|
1096
|
+
|
1097
|
+
--
|
1098
|
+
-- Name: whois_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1099
|
+
--
|
1100
|
+
|
1101
|
+
SELECT pg_catalog.setval('whois_id_seq', 1, false);
|
1102
|
+
|
1103
|
+
|
1104
|
+
--
|
1105
|
+
-- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
|
1106
|
+
--
|
1107
|
+
|
1108
|
+
ALTER TABLE ONLY analyses ALTER COLUMN id SET DEFAULT nextval('analyses_id_seq'::regclass);
|
1109
|
+
|
1110
|
+
|
1111
|
+
--
|
1112
|
+
-- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
|
1113
|
+
--
|
1114
|
+
|
1115
|
+
ALTER TABLE ONLY asns ALTER COLUMN id SET DEFAULT nextval('asns_id_seq'::regclass);
|
1116
|
+
|
1117
|
+
|
1118
|
+
--
|
1119
|
+
-- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
|
1120
|
+
--
|
1121
|
+
|
1122
|
+
ALTER TABLE ONLY emails ALTER COLUMN id SET DEFAULT nextval('emails_id_seq'::regclass);
|
1123
|
+
|
1124
|
+
|
1125
|
+
--
|
1126
|
+
-- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
|
1127
|
+
--
|
1128
|
+
|
1129
|
+
ALTER TABLE ONLY flows ALTER COLUMN id SET DEFAULT nextval('connections_id_seq'::regclass);
|
1130
|
+
|
1131
|
+
|
1132
|
+
--
|
1133
|
+
-- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
|
1134
|
+
--
|
1135
|
+
|
1136
|
+
ALTER TABLE ONLY geoinfo ALTER COLUMN id SET DEFAULT nextval('geoinfo_id_seq'::regclass);
|
1137
|
+
|
1138
|
+
|
1139
|
+
--
|
1140
|
+
-- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
|
1141
|
+
--
|
1142
|
+
|
1143
|
+
ALTER TABLE ONLY host_ips ALTER COLUMN id SET DEFAULT nextval('host_ips_id_seq'::regclass);
|
1144
|
+
|
1145
|
+
|
1146
|
+
--
|
1147
|
+
-- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
|
1148
|
+
--
|
1149
|
+
|
1150
|
+
ALTER TABLE ONLY irc_data ALTER COLUMN id SET DEFAULT nextval('irc_data_connection_seq'::regclass);
|
1151
|
+
|
1152
|
+
|
1153
|
+
--
|
1154
|
+
-- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
|
1155
|
+
--
|
1156
|
+
|
1157
|
+
ALTER TABLE ONLY reports ALTER COLUMN id SET DEFAULT nextval('reports_id_seq'::regclass);
|
1158
|
+
|
1159
|
+
|
1160
|
+
--
|
1161
|
+
-- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
|
1162
|
+
--
|
1163
|
+
|
1164
|
+
ALTER TABLE ONLY roles ALTER COLUMN id SET DEFAULT nextval('roles_id_seq'::regclass);
|
1165
|
+
|
1166
|
+
|
1167
|
+
--
|
1168
|
+
-- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
|
1169
|
+
--
|
1170
|
+
|
1171
|
+
ALTER TABLE ONLY sandboxes ALTER COLUMN id SET DEFAULT nextval('sandboxes_id_seq'::regclass);
|
1172
|
+
|
1173
|
+
|
1174
|
+
--
|
1175
|
+
-- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
|
1176
|
+
--
|
1177
|
+
|
1178
|
+
ALTER TABLE ONLY sensors ALTER COLUMN id SET DEFAULT nextval('sensors_id_seq'::regclass);
|
1179
|
+
|
1180
|
+
|
1181
|
+
--
|
1182
|
+
-- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
|
1183
|
+
--
|
1184
|
+
|
1185
|
+
ALTER TABLE ONLY whois ALTER COLUMN id SET DEFAULT nextval('whois_id_seq'::regclass);
|
1186
|
+
|
1187
|
+
|
1188
|
+
--
|
1189
|
+
-- Data for Name: analyses; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1190
|
+
--
|
1191
|
+
|
1192
|
+
COPY analyses (id, sample, sandbox, traffic_dump, date) FROM stdin;
|
1193
|
+
\.
|
1194
|
+
|
1195
|
+
|
1196
|
+
--
|
1197
|
+
-- Data for Name: asns; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1198
|
+
--
|
1199
|
+
|
1200
|
+
COPY asns (handle, owner, country, confidence, id) FROM stdin;
|
1201
|
+
\.
|
1202
|
+
|
1203
|
+
|
1204
|
+
--
|
1205
|
+
-- Data for Name: dns_data; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1206
|
+
--
|
1207
|
+
|
1208
|
+
COPY dns_data (id, name, class, qry, ttl, flow, address, data, type, is_sinkholed) FROM stdin;
|
1209
|
+
\.
|
1210
|
+
|
1211
|
+
|
1212
|
+
--
|
1213
|
+
-- Data for Name: downloads; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1214
|
+
--
|
1215
|
+
|
1216
|
+
COPY downloads (sample, flow, path, filename) FROM stdin;
|
1217
|
+
\.
|
1218
|
+
|
1219
|
+
|
1220
|
+
--
|
1221
|
+
-- Data for Name: emails; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1222
|
+
--
|
1223
|
+
|
1224
|
+
COPY emails ("from", "to", subject, data, id, flow, hcmd, hcont, rcode, rcont) FROM stdin;
|
1225
|
+
\.
|
1226
|
+
|
1227
|
+
|
1228
|
+
--
|
1229
|
+
-- Data for Name: flows; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1230
|
+
--
|
1231
|
+
|
1232
|
+
COPY flows (source, dest, srcport, dstport, size, traffic_dump, packets, id, ip_protocol, service, title, content, duration, "time", relative_id) FROM stdin;
|
1233
|
+
\.
|
1234
|
+
|
1235
|
+
|
1236
|
+
--
|
1237
|
+
-- Data for Name: ftp_data; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1238
|
+
--
|
1239
|
+
|
1240
|
+
COPY ftp_data (id, banner, "user", password, type, is_ssl, size, data) FROM stdin;
|
1241
|
+
\.
|
1242
|
+
|
1243
|
+
|
1244
|
+
--
|
1245
|
+
-- Data for Name: geoinfo; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1246
|
+
--
|
1247
|
+
|
1248
|
+
COPY geoinfo (id, longlat, country, city, "last-update", asn) FROM stdin;
|
1249
|
+
\.
|
1250
|
+
|
1251
|
+
|
1252
|
+
--
|
1253
|
+
-- Data for Name: host_ips; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1254
|
+
--
|
1255
|
+
|
1256
|
+
COPY host_ips (ip, geoinfo, sbl, uptime, is_online, whois, zone, last_update, id, dns_name, migrated_from) FROM stdin;
|
1257
|
+
\.
|
1258
|
+
|
1259
|
+
|
1260
|
+
--
|
1261
|
+
-- Data for Name: host_roles; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1262
|
+
--
|
1263
|
+
|
1264
|
+
COPY host_roles (role, host_ip) FROM stdin;
|
1265
|
+
\.
|
1266
|
+
|
1267
|
+
|
1268
|
+
--
|
1269
|
+
-- Data for Name: http_data; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1270
|
+
--
|
1271
|
+
|
1272
|
+
COPY http_data (id, method, url, size, is_ssl, flow, data) FROM stdin;
|
1273
|
+
\.
|
1274
|
+
|
1275
|
+
|
1276
|
+
--
|
1277
|
+
-- Data for Name: http_headers; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1278
|
+
--
|
1279
|
+
|
1280
|
+
COPY http_headers (http_data, key, value) FROM stdin;
|
1281
|
+
\.
|
1282
|
+
|
1283
|
+
|
1284
|
+
--
|
1285
|
+
-- Data for Name: irc_data; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1286
|
+
--
|
1287
|
+
|
1288
|
+
COPY irc_data (id, flow, data, incoming) FROM stdin;
|
1289
|
+
\.
|
1290
|
+
|
1291
|
+
|
1292
|
+
--
|
1293
|
+
-- Data for Name: malwares; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1294
|
+
--
|
1295
|
+
|
1296
|
+
COPY malwares (bin, family, vendor, version, rate, update, detected) FROM stdin;
|
1297
|
+
\.
|
1298
|
+
|
1299
|
+
|
1300
|
+
--
|
1301
|
+
-- Data for Name: reports; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1302
|
+
--
|
1303
|
+
|
1304
|
+
COPY reports (id, sandbox, sample, data) FROM stdin;
|
1305
|
+
\.
|
1306
|
+
|
1307
|
+
|
1308
|
+
--
|
1309
|
+
-- Data for Name: roles; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1310
|
+
--
|
1311
|
+
|
1312
|
+
COPY roles (id, type, comment) FROM stdin;
|
1313
|
+
0 honeypot \N
|
1314
|
+
1 cc-irc \N
|
1315
|
+
2 SPAM \N
|
1316
|
+
3 cc-drop \N
|
1317
|
+
5 cc-support \N
|
1318
|
+
4 unknown \N
|
1319
|
+
\.
|
1320
|
+
|
1321
|
+
|
1322
|
+
--
|
1323
|
+
-- Data for Name: samples; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1324
|
+
--
|
1325
|
+
|
1326
|
+
COPY samples (hash, size, type, path, filename, md5, long_type) FROM stdin;
|
1327
|
+
\.
|
1328
|
+
|
1329
|
+
|
1330
|
+
--
|
1331
|
+
-- Data for Name: sandboxes; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1332
|
+
--
|
1333
|
+
|
1334
|
+
COPY sandboxes (id, hostname, type, "OS", version, os_lang, ipaddress, username, password, is_available) FROM stdin;
|
1335
|
+
\.
|
1336
|
+
|
1337
|
+
|
1338
|
+
--
|
1339
|
+
-- Data for Name: sensors; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1340
|
+
--
|
1341
|
+
|
1342
|
+
COPY sensors (id, name, host, type) FROM stdin;
|
1343
|
+
0 hp1-dionaea 0 lowint-honeypot
|
1344
|
+
2 userinput 0 unknow
|
1345
|
+
1 ztracker 0 external-source
|
1346
|
+
\.
|
1347
|
+
|
1348
|
+
|
1349
|
+
--
|
1350
|
+
-- Data for Name: sightings; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1351
|
+
--
|
1352
|
+
|
1353
|
+
COPY sightings (sample, sensor, date, traffic_dump) FROM stdin;
|
1354
|
+
\.
|
1355
|
+
|
1356
|
+
|
1357
|
+
--
|
1358
|
+
-- Data for Name: traffic_dumps; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1359
|
+
--
|
1360
|
+
|
1361
|
+
COPY traffic_dumps (hash, size, pcapr_id, "binary", parsed) FROM stdin;
|
1362
|
+
EMPTYPCAP 0 ffff ffff true
|
1363
|
+
\.
|
1364
|
+
|
1365
|
+
|
1366
|
+
--
|
1367
|
+
-- Data for Name: whois; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1368
|
+
--
|
1369
|
+
|
1370
|
+
COPY whois (id, query, data, abuse, "last-update") FROM stdin;
|
1371
|
+
\.
|
1372
|
+
|
1373
|
+
|
1374
|
+
--
|
1375
|
+
-- Name: asns_handle_uq; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1376
|
+
--
|
1377
|
+
|
1378
|
+
ALTER TABLE ONLY asns
|
1379
|
+
ADD CONSTRAINT asns_handle_uq UNIQUE (handle);
|
1380
|
+
|
1381
|
+
|
1382
|
+
--
|
1383
|
+
-- Name: CONSTRAINT asns_handle_uq ON asns; Type: COMMENT; Schema: dorothy; Owner: postgres
|
1384
|
+
--
|
1385
|
+
|
1386
|
+
COMMENT ON CONSTRAINT asns_handle_uq ON asns IS 'AS handle must be unique';
|
1387
|
+
|
1388
|
+
|
1389
|
+
--
|
1390
|
+
-- Name: asns_pk; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1391
|
+
--
|
1392
|
+
|
1393
|
+
ALTER TABLE ONLY asns
|
1394
|
+
ADD CONSTRAINT asns_pk PRIMARY KEY (id);
|
1395
|
+
|
1396
|
+
|
1397
|
+
--
|
1398
|
+
-- Name: dns_data_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1399
|
+
--
|
1400
|
+
|
1401
|
+
ALTER TABLE ONLY dns_data
|
1402
|
+
ADD CONSTRAINT dns_data_pkey PRIMARY KEY (id);
|
1403
|
+
|
1404
|
+
|
1405
|
+
--
|
1406
|
+
-- Name: ftp_data_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1407
|
+
--
|
1408
|
+
|
1409
|
+
ALTER TABLE ONLY ftp_data
|
1410
|
+
ADD CONSTRAINT ftp_data_pkey PRIMARY KEY (id);
|
1411
|
+
|
1412
|
+
|
1413
|
+
--
|
1414
|
+
-- Name: geoinfo_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1415
|
+
--
|
1416
|
+
|
1417
|
+
ALTER TABLE ONLY geoinfo
|
1418
|
+
ADD CONSTRAINT geoinfo_pkey PRIMARY KEY (id);
|
1419
|
+
|
1420
|
+
|
1421
|
+
--
|
1422
|
+
-- Name: hash; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1423
|
+
--
|
1424
|
+
|
1425
|
+
ALTER TABLE ONLY samples
|
1426
|
+
ADD CONSTRAINT hash PRIMARY KEY (hash);
|
1427
|
+
|
1428
|
+
|
1429
|
+
--
|
1430
|
+
-- Name: http_data_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1431
|
+
--
|
1432
|
+
|
1433
|
+
ALTER TABLE ONLY http_data
|
1434
|
+
ADD CONSTRAINT http_data_pkey PRIMARY KEY (id);
|
1435
|
+
|
1436
|
+
|
1437
|
+
--
|
1438
|
+
-- Name: http_headers_pk; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1439
|
+
--
|
1440
|
+
|
1441
|
+
ALTER TABLE ONLY http_headers
|
1442
|
+
ADD CONSTRAINT http_headers_pk PRIMARY KEY (http_data, key);
|
1443
|
+
|
1444
|
+
|
1445
|
+
--
|
1446
|
+
-- Name: id; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1447
|
+
--
|
1448
|
+
|
1449
|
+
ALTER TABLE ONLY analyses
|
1450
|
+
ADD CONSTRAINT id PRIMARY KEY (id);
|
1451
|
+
|
1452
|
+
|
1453
|
+
--
|
1454
|
+
-- Name: id_pk; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1455
|
+
--
|
1456
|
+
|
1457
|
+
ALTER TABLE ONLY emails
|
1458
|
+
ADD CONSTRAINT id_pk PRIMARY KEY (id);
|
1459
|
+
|
1460
|
+
|
1461
|
+
--
|
1462
|
+
-- Name: ip_uniq; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1463
|
+
--
|
1464
|
+
|
1465
|
+
ALTER TABLE ONLY host_ips
|
1466
|
+
ADD CONSTRAINT ip_uniq UNIQUE (ip);
|
1467
|
+
|
1468
|
+
|
1469
|
+
--
|
1470
|
+
-- Name: pk_connection; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1471
|
+
--
|
1472
|
+
|
1473
|
+
ALTER TABLE ONLY flows
|
1474
|
+
ADD CONSTRAINT pk_connection PRIMARY KEY (id);
|
1475
|
+
|
1476
|
+
|
1477
|
+
--
|
1478
|
+
-- Name: pk_host_ips; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1479
|
+
--
|
1480
|
+
|
1481
|
+
ALTER TABLE ONLY host_ips
|
1482
|
+
ADD CONSTRAINT pk_host_ips PRIMARY KEY (ip, id);
|
1483
|
+
|
1484
|
+
|
1485
|
+
--
|
1486
|
+
-- Name: pk_irc; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1487
|
+
--
|
1488
|
+
|
1489
|
+
ALTER TABLE ONLY irc_data
|
1490
|
+
ADD CONSTRAINT pk_irc PRIMARY KEY (id);
|
1491
|
+
|
1492
|
+
|
1493
|
+
--
|
1494
|
+
-- Name: reports_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1495
|
+
--
|
1496
|
+
|
1497
|
+
ALTER TABLE ONLY reports
|
1498
|
+
ADD CONSTRAINT reports_pkey PRIMARY KEY (id);
|
1499
|
+
|
1500
|
+
|
1501
|
+
--
|
1502
|
+
-- Name: roles_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1503
|
+
--
|
1504
|
+
|
1505
|
+
ALTER TABLE ONLY roles
|
1506
|
+
ADD CONSTRAINT roles_pkey PRIMARY KEY (id);
|
1507
|
+
|
1508
|
+
|
1509
|
+
--
|
1510
|
+
-- Name: sandboxes_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1511
|
+
--
|
1512
|
+
|
1513
|
+
ALTER TABLE ONLY sandboxes
|
1514
|
+
ADD CONSTRAINT sandboxes_pkey PRIMARY KEY (id);
|
1515
|
+
|
1516
|
+
|
1517
|
+
--
|
1518
|
+
-- Name: sensors_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1519
|
+
--
|
1520
|
+
|
1521
|
+
ALTER TABLE ONLY sensors
|
1522
|
+
ADD CONSTRAINT sensors_pkey PRIMARY KEY (id);
|
1523
|
+
|
1524
|
+
--
|
1525
|
+
-- Name: traffic_dumps_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1526
|
+
--
|
1527
|
+
|
1528
|
+
ALTER TABLE ONLY traffic_dumps
|
1529
|
+
ADD CONSTRAINT traffic_dumps_pkey PRIMARY KEY (hash);
|
1530
|
+
|
1531
|
+
|
1532
|
+
--
|
1533
|
+
-- Name: uniq_sandbox; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1534
|
+
--
|
1535
|
+
|
1536
|
+
ALTER TABLE ONLY sandboxes
|
1537
|
+
ADD CONSTRAINT uniq_sandbox UNIQUE (ipaddress);
|
1538
|
+
|
1539
|
+
|
1540
|
+
--
|
1541
|
+
-- Name: whois_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1542
|
+
--
|
1543
|
+
|
1544
|
+
ALTER TABLE ONLY whois
|
1545
|
+
ADD CONSTRAINT whois_pkey PRIMARY KEY (id);
|
1546
|
+
|
1547
|
+
|
1548
|
+
--
|
1549
|
+
-- Name: fki_bin; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1550
|
+
--
|
1551
|
+
|
1552
|
+
CREATE INDEX fki_bin ON malwares USING btree (bin);
|
1553
|
+
|
1554
|
+
|
1555
|
+
--
|
1556
|
+
-- Name: fki_connection; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1557
|
+
--
|
1558
|
+
|
1559
|
+
CREATE INDEX fki_connection ON http_data USING btree (flow);
|
1560
|
+
|
1561
|
+
|
1562
|
+
--
|
1563
|
+
-- Name: fki_dest_ip; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1564
|
+
--
|
1565
|
+
|
1566
|
+
CREATE INDEX fki_dest_ip ON flows USING btree (dest);
|
1567
|
+
|
1568
|
+
|
1569
|
+
--
|
1570
|
+
-- Name: fki_dns; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1571
|
+
--
|
1572
|
+
|
1573
|
+
CREATE INDEX fki_dns ON host_ips USING btree (dns_name);
|
1574
|
+
|
1575
|
+
|
1576
|
+
--
|
1577
|
+
-- Name: fki_dumps; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1578
|
+
--
|
1579
|
+
|
1580
|
+
CREATE INDEX fki_dumps ON flows USING btree (traffic_dump);
|
1581
|
+
|
1582
|
+
|
1583
|
+
--
|
1584
|
+
-- Name: fki_email; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1585
|
+
--
|
1586
|
+
|
1587
|
+
CREATE INDEX fki_email ON emails USING btree (flow);
|
1588
|
+
|
1589
|
+
|
1590
|
+
--
|
1591
|
+
-- Name: fki_flow; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1592
|
+
--
|
1593
|
+
|
1594
|
+
CREATE INDEX fki_flow ON downloads USING btree (flow);
|
1595
|
+
|
1596
|
+
|
1597
|
+
--
|
1598
|
+
-- Name: fki_flows; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1599
|
+
--
|
1600
|
+
|
1601
|
+
CREATE INDEX fki_flows ON dns_data USING btree (flow);
|
1602
|
+
|
1603
|
+
|
1604
|
+
--
|
1605
|
+
-- Name: fki_host; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1606
|
+
--
|
1607
|
+
|
1608
|
+
CREATE INDEX fki_host ON host_roles USING btree (host_ip);
|
1609
|
+
|
1610
|
+
|
1611
|
+
--
|
1612
|
+
-- Name: fki_irc; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1613
|
+
--
|
1614
|
+
|
1615
|
+
CREATE INDEX fki_irc ON irc_data USING btree (flow);
|
1616
|
+
|
1617
|
+
|
1618
|
+
--
|
1619
|
+
-- Name: fki_sample; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1620
|
+
--
|
1621
|
+
|
1622
|
+
CREATE INDEX fki_sample ON analyses USING btree (sample);
|
1623
|
+
|
1624
|
+
|
1625
|
+
--
|
1626
|
+
-- Name: fki_sandbox; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1627
|
+
--
|
1628
|
+
|
1629
|
+
CREATE INDEX fki_sandbox ON analyses USING btree (sandbox);
|
1630
|
+
|
1631
|
+
|
1632
|
+
--
|
1633
|
+
-- Name: fki_shash; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1634
|
+
--
|
1635
|
+
|
1636
|
+
CREATE INDEX fki_shash ON reports USING btree (sample);
|
1637
|
+
|
1638
|
+
|
1639
|
+
--
|
1640
|
+
-- Name: fki_tdumps; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1641
|
+
--
|
1642
|
+
|
1643
|
+
CREATE INDEX fki_tdumps ON analyses USING btree (traffic_dump);
|
1644
|
+
|
1645
|
+
|
1646
|
+
--
|
1647
|
+
-- Name: dest_ip; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1648
|
+
--
|
1649
|
+
|
1650
|
+
ALTER TABLE ONLY flows
|
1651
|
+
ADD CONSTRAINT dest_ip FOREIGN KEY (dest) REFERENCES host_ips(ip);
|
1652
|
+
|
1653
|
+
|
1654
|
+
--
|
1655
|
+
-- Name: dns; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1656
|
+
--
|
1657
|
+
|
1658
|
+
ALTER TABLE ONLY host_ips
|
1659
|
+
ADD CONSTRAINT dns FOREIGN KEY (dns_name) REFERENCES dns_data(id);
|
1660
|
+
|
1661
|
+
|
1662
|
+
--
|
1663
|
+
-- Name: dumps; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1664
|
+
--
|
1665
|
+
|
1666
|
+
ALTER TABLE ONLY flows
|
1667
|
+
ADD CONSTRAINT dumps FOREIGN KEY (traffic_dump) REFERENCES traffic_dumps(hash);
|
1668
|
+
|
1669
|
+
|
1670
|
+
--
|
1671
|
+
-- Name: fk_bin; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1672
|
+
--
|
1673
|
+
|
1674
|
+
ALTER TABLE ONLY malwares
|
1675
|
+
ADD CONSTRAINT fk_bin FOREIGN KEY (bin) REFERENCES samples(hash);
|
1676
|
+
|
1677
|
+
|
1678
|
+
--
|
1679
|
+
-- Name: fk_email; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1680
|
+
--
|
1681
|
+
|
1682
|
+
ALTER TABLE ONLY emails
|
1683
|
+
ADD CONSTRAINT fk_email FOREIGN KEY (flow) REFERENCES flows(id);
|
1684
|
+
|
1685
|
+
|
1686
|
+
--
|
1687
|
+
-- Name: fk_flow; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1688
|
+
--
|
1689
|
+
|
1690
|
+
ALTER TABLE ONLY http_data
|
1691
|
+
ADD CONSTRAINT fk_flow FOREIGN KEY (flow) REFERENCES flows(id);
|
1692
|
+
|
1693
|
+
|
1694
|
+
--
|
1695
|
+
-- Name: fk_flow; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1696
|
+
--
|
1697
|
+
|
1698
|
+
ALTER TABLE ONLY downloads
|
1699
|
+
ADD CONSTRAINT fk_flow FOREIGN KEY (flow) REFERENCES flows(id);
|
1700
|
+
|
1701
|
+
|
1702
|
+
--
|
1703
|
+
-- Name: fk_irc; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1704
|
+
--
|
1705
|
+
|
1706
|
+
ALTER TABLE ONLY irc_data
|
1707
|
+
ADD CONSTRAINT fk_irc FOREIGN KEY (flow) REFERENCES flows(id);
|
1708
|
+
|
1709
|
+
|
1710
|
+
--
|
1711
|
+
-- Name: flows; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1712
|
+
--
|
1713
|
+
|
1714
|
+
ALTER TABLE ONLY dns_data
|
1715
|
+
ADD CONSTRAINT flows FOREIGN KEY (flow) REFERENCES flows(id);
|
1716
|
+
|
1717
|
+
|
1718
|
+
--
|
1719
|
+
-- Name: geoinfo_fk; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1720
|
+
--
|
1721
|
+
|
1722
|
+
ALTER TABLE ONLY host_ips
|
1723
|
+
ADD CONSTRAINT geoinfo_fk FOREIGN KEY (geoinfo) REFERENCES geoinfo(id);
|
1724
|
+
|
1725
|
+
|
1726
|
+
--
|
1727
|
+
-- Name: host; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1728
|
+
--
|
1729
|
+
|
1730
|
+
ALTER TABLE ONLY host_roles
|
1731
|
+
ADD CONSTRAINT host FOREIGN KEY (host_ip) REFERENCES host_ips(ip);
|
1732
|
+
|
1733
|
+
|
1734
|
+
--
|
1735
|
+
-- Name: role_fkey; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1736
|
+
--
|
1737
|
+
|
1738
|
+
ALTER TABLE ONLY host_roles
|
1739
|
+
ADD CONSTRAINT role_fkey FOREIGN KEY (role) REFERENCES roles(id);
|
1740
|
+
|
1741
|
+
|
1742
|
+
--
|
1743
|
+
-- Name: samples; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1744
|
+
--
|
1745
|
+
|
1746
|
+
ALTER TABLE ONLY analyses
|
1747
|
+
ADD CONSTRAINT samples FOREIGN KEY (sample) REFERENCES samples(hash);
|
1748
|
+
|
1749
|
+
|
1750
|
+
--
|
1751
|
+
-- Name: samples; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1752
|
+
--
|
1753
|
+
|
1754
|
+
ALTER TABLE ONLY sightings
|
1755
|
+
ADD CONSTRAINT samples FOREIGN KEY (sample) REFERENCES samples(hash);
|
1756
|
+
|
1757
|
+
|
1758
|
+
--
|
1759
|
+
-- Name: sensor_fkey; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1760
|
+
--
|
1761
|
+
|
1762
|
+
ALTER TABLE ONLY sightings
|
1763
|
+
ADD CONSTRAINT sensor_fkey FOREIGN KEY (sensor) REFERENCES sensors(id);
|
1764
|
+
|
1765
|
+
|
1766
|
+
--
|
1767
|
+
-- Name: shash; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1768
|
+
--
|
1769
|
+
|
1770
|
+
ALTER TABLE ONLY reports
|
1771
|
+
ADD CONSTRAINT shash FOREIGN KEY (sample) REFERENCES samples(hash);
|
1772
|
+
|
1773
|
+
|
1774
|
+
--
|
1775
|
+
-- Name: tdumps; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1776
|
+
--
|
1777
|
+
|
1778
|
+
ALTER TABLE ONLY analyses
|
1779
|
+
ADD CONSTRAINT tdumps FOREIGN KEY (traffic_dump) REFERENCES traffic_dumps(hash);
|
1780
|
+
|
1781
|
+
|
1782
|
+
--
|
1783
|
+
-- Name: whois_fk; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1784
|
+
--
|
1785
|
+
|
1786
|
+
ALTER TABLE ONLY host_ips
|
1787
|
+
ADD CONSTRAINT whois_fk FOREIGN KEY (whois) REFERENCES whois(id);
|
1788
|
+
|
1789
|
+
|
1790
|
+
--
|
1791
|
+
-- Name: dorothy; Type: ACL; Schema: -; Owner: postgres
|
1792
|
+
--
|
1793
|
+
|
1794
|
+
REVOKE ALL ON SCHEMA dorothy FROM PUBLIC;
|
1795
|
+
REVOKE ALL ON SCHEMA dorothy FROM postgres;
|
1796
|
+
GRANT ALL ON SCHEMA dorothy TO postgres;
|
1797
|
+
GRANT ALL ON SCHEMA dorothy TO PUBLIC;
|
1798
|
+
|
1799
|
+
|
1800
|
+
--
|
1801
|
+
-- PostgreSQL database dump complete
|
1802
|
+
--
|
1803
|
+
|