Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

network.detectors
Class NewProcessEventDetector

java.lang.Object
  extended bynetwork.detectors.EventDetector
      extended bynetwork.detectors.NewProcessEventDetector
All Implemented Interfaces:
java.lang.Runnable, java.io.Serializable
public class NewProcessEventDetector
extends EventDetector
implements java.io.Serializable

Check for NewProcess, We keep a record of all processes seen, and compare against it to see if new processes have been created.

See Also:
Serialized Form

Field Summary
 
Fields inherited from class network.detectors.EventDetector
agentURN, cred, dbModule, eventIDGenerator, eventTable, host, localTriggeringEvents, remoteTriggeringEvents, reportTable
 
Constructor Summary
NewProcessEventDetector(ConfigObject configObj)
           
 
Method Summary
 java.util.Vector generateEvent(Event triggeringEvent)
          Receives an event and calls testProcessMonitoringEvent on it
 java.lang.String getGeneratingEventClassName()
          Returns a string containing the name of the event this detector generates
 java.util.Vector testProcessMonitoringEvent(ProcessMonitoringEvent event)
          Tests if the given event contains processes this detector has not seen yet.
 
Methods inherited from class network.detectors.EventDetector
getAlarmLevel, getAlertLevel, getLocalTriggeringEventClassNames, getRemoteTriggeringEventClassNames, getSynchronizer, InitializeFields, modifyDetector, populatePatterns, printRunningThreads, run, setAgentURN, setAlarmLevel, setAlertLevel, setDB, setEventIDGenerator, setEventTable, setLocalTriggeringEvents, setRemoteTriggeringEvents, setReportTable, stopDetector, switchOffPrintRunningThreads
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

NewProcessEventDetector

public NewProcessEventDetector(ConfigObject configObj)
Method Detail

getGeneratingEventClassName

public java.lang.String getGeneratingEventClassName()
Returns a string containing the name of the event this detector generates

Specified by:
getGeneratingEventClassName in class EventDetector
Returns:
A string containing the name of the event this detector generates

testProcessMonitoringEvent

public java.util.Vector testProcessMonitoringEvent(ProcessMonitoringEvent event)
Tests if the given event contains processes this detector has not seen yet. The first call to this method will built the initial database of running processes Subsequent calls will detect new events by matching them against the database of known currently running processes. These processes are then added to the database of running processes.

Parameters:
event - The event from which to obtain process information
Returns:
A Vector of NewProcessEvents. One event object per new event detected.

generateEvent

public java.util.Vector generateEvent(Event triggeringEvent)
Receives an event and calls testProcessMonitoringEvent on it

Specified by:
generateEvent in class EventDetector
Parameters:
triggeringEvent - The event that triggers this detector. Should be of type ProcessMonitoringEvent
Returns:
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD