network.detectors
Class NewProcessEventDetector

java.lang.Object
  |
  +--network.detectors.EventDetector
        |
        +--network.detectors.NewProcessEventDetector

All Implemented Interfaces:

java.lang.Runnable, java.io.Serializable

public class NewProcessEventDetector

extends EventDetector

implements java.io.Serializable

Check for NewProcess, We keep a record of all processes seen, and compare against it to see if new processes have been created.

See Also:

Serialized Form

Field Summary

private long	count
private java.lang.String[]	defaultLocalTriggeringEvents
private java.util.Vector	rootProcesses
private java.util.Hashtable	rootProcessesTable

Fields inherited from class network.detectors.EventDetector

agentURN, attempts, cred, dbModule, eventIDGenerator, eventTable, host, localTriggeringEvents, printRunningThreadsFlag, remoteTriggeringEvents, reportTable

Constructor Summary

NewProcessEventDetector(ConfigObject configObj)

Method Summary

java.util.Vector	generateEvent(network.events.Event triggeringEvent) Receives an event and calls testProcessMonitoringEvent on it
java.lang.String	getGeneratingEventClassName() Returns a string containing the name of the event this detector generates
java.util.Vector	testProcessMonitoringEvent(network.events.ProcessMonitoringEvent event) Tests if the given event contains processes this detector has not seen yet.

Methods inherited from class network.detectors.EventDetector

getAlarmLevel, getAlertLevel, getLocalTriggeringEventClassNames, getRemoteTriggeringEventClassNames, getSynchronizer, InitializeFields, modifyDetector, populatePatterns, printRunningThreads, run, setAgentURN, setAlarmLevel, setAlertLevel, setDB, setEventIDGenerator, setEventTable, setLocalTriggeringEvents, setRemoteTriggeringEvents, setReportTable, stopDetector, switchOffPrintRunningThreads

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

rootProcesses

private java.util.Vector rootProcesses

rootProcessesTable

private java.util.Hashtable rootProcessesTable

count

private long count

defaultLocalTriggeringEvents

private java.lang.String[] defaultLocalTriggeringEvents

Constructor Detail

NewProcessEventDetector

public NewProcessEventDetector(ConfigObject configObj)

Method Detail

getGeneratingEventClassName

public java.lang.String getGeneratingEventClassName()

Returns a string containing the name of the event this detector generates

Specified by:

getGeneratingEventClassName in class EventDetector

Returns:

A string containing the name of the event this detector generates

testProcessMonitoringEvent

public java.util.Vector testProcessMonitoringEvent(network.events.ProcessMonitoringEvent event)

Tests if the given event contains processes this detector has not seen yet. The first call to this method will built the initial database of running processes Subsequent calls will detect new events by matching them against the database of known currently running processes. These processes are then added to the database of running processes.

Parameters:

event - The event from which to obtain process information

Returns:

A Vector of NewProcessEvents. One event object per new event detected.

generateEvent

public java.util.Vector generateEvent(network.events.Event triggeringEvent)

Receives an event and calls testProcessMonitoringEvent on it

Specified by:

generateEvent in class EventDetector

Parameters:

triggeringEvent - The event that triggers this detector. Should be of type ProcessMonitoringEvent

Returns: