sendnrw/siem-backend
2
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

SOC-Update
All checks were successful
release-tag / release-image (push) Successful in 2m58s
Details

Browse Source
This commit is contained in:
jbergner
2026-04-26 09:59:34 +02:00
parent 416d2bd41f
commit c4e586c0bf
2 changed files with 533 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
deploy/mariadb/init/001-schema.sql
View File

@@ -1395,4 +1395,34 @@ CREATE TABLE baseline_exclusions (
);
CREATE INDEX idx_baseline_exclusions_lookup
ON baseline_exclusions (enabled, hostname, channel_name, event_id, expires_at);
ON baseline_exclusions (enabled, hostname, channel_name, event_id, expires_at);
CREATE TABLE host_risk_scores (
hostname VARCHAR(255) PRIMARY KEY,
risk_score DOUBLE NOT NULL DEFAULT 0,
severity VARCHAR(16) NOT NULL DEFAULT 'info',
open_detections INT NOT NULL DEFAULT 0,
high_detections INT NOT NULL DEFAULT 0,
critical_detections INT NOT NULL DEFAULT 0,
confirmed_incidents INT NOT NULL DEFAULT 0,
last_detection_at TIMESTAMP(6) NULL,
updated_at TIMESTAMP(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6) ON UPDATE CURRENT_TIMESTAMP(6)
);
CREATE TABLE ueba_user_baseline (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(255) NOT NULL,
hostname VARCHAR(255) NOT NULL,
src_ip VARCHAR(255) NOT NULL DEFAULT '',
workstation VARCHAR(255) NOT NULL DEFAULT '',
first_seen TIMESTAMP(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6),
last_seen TIMESTAMP(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6),
seen_count BIGINT NOT NULL DEFAULT 1,
UNIQUE KEY uniq_user_context (username, hostname, src_ip, workstation)
);
CREATE INDEX idx_ueba_user_baseline_user
ON ueba_user_baseline (username, last_seen);
CREATE INDEX idx_host_risk_score
ON host_risk_scores (risk_score, severity);