rename terminology "compile" to "rule"
This commit is contained in:
root
@@ -2,7 +2,7 @@
|
||||
|
||||
* [Item](#item)
|
||||
* [Group(Object)](#groupobject)
|
||||
* [Compile(Policy)](#compilepolicy)
|
||||
* [Rule(Policy)](#rulepolicy)
|
||||
* [Clause(Condition)](#clause)
|
||||
* [Literal](#literal)
|
||||
* [Physical table](#physical-table)
|
||||
@@ -42,17 +42,17 @@ A group defines a set that can contain different types of items and can also ref
|
||||
|
||||
- Group supports multi-level nesting, see [group hierarchy](./overview.md#groupobject-nesting-and-hierarchies)
|
||||
|
||||
- A Group can be referenced by different compiles.
|
||||
- A Group can be referenced by different rules.
|
||||
|
||||
The relationship between group and group is stored in the [group2group table](./maat_table.md#14-group2group-table).
|
||||
|
||||
## Compile(Policy)
|
||||
## Rule(Policy)
|
||||
|
||||
A conjunctive normal form(CNF) consisting of multiple groups and virtual tables.
|
||||
|
||||
`Note`: A compile can contain up to 8 clauses and multiple clauses in the same compile can be logical 'AND' and logical 'NOT' relationships.
|
||||
`Note`: A rule can contain up to 8 clauses and multiple clauses in the same rule can be logical 'AND' and logical 'NOT' relationships.
|
||||
|
||||
The relationship between group and compile is stored in the [group2compile table](./maat_table.md#13-group2compile-table).
|
||||
The relationship between group and rule is stored in the [group2rule table](./maat_table.md#13-group2rule-table).
|
||||
|
||||
<img src="./imgs/CNF.jpg" alt="exclude" style="zoom:80%" />
|
||||
|
||||
@@ -68,7 +68,7 @@ A Literal consists of `vtable_id(virtual table id)` and `group_id`. During the r
|
||||
|
||||
## Physical table
|
||||
|
||||
Different rules are stored in different tables in the actual database, including [item table](./maat_table.md#11-item-table), [compile table](./maat_table.md#12-compile-table), [group2compile table](./maat_table.md#13-group2compile-table), [group2group table](./maat_table.md#14-group2group-table), and [xx_plugin table](./maat_table.md#15-plugin-table), and so on.
|
||||
Different rules are stored in different tables in the actual database, including [item table](./maat_table.md#11-item-table), [rule table](./maat_table.md#12-rule-table), [group2rule table](./maat_table.md#13-group2rule-table), [group2group table](./maat_table.md#14-group2group-table), and [xx_plugin table](./maat_table.md#15-plugin-table), and so on.
|
||||
|
||||
## Virtual table
|
||||
|
||||
@@ -86,7 +86,7 @@ Defines the type of table and the configuration format, determining the specific
|
||||
|
||||
## Table runtime
|
||||
|
||||
The runtime generated by loading the configuration in the table into memory. Different tables have different runtimes. The group2compile table is merged with the corresponding compile table to generate a compile runtime, meaning there is no separate group2compile runtime.
|
||||
The runtime generated by loading the configuration in the table into memory. Different tables have different runtimes. The group2rule table is merged with the corresponding rule table to generate a rule runtime, meaning there is no separate group2rule runtime.
|
||||
|
||||
Different scanning api use runtimes of different tables. For example, the HTTP_URL table is of type expr, and its corresponding scanning interface is maat_scan_string. Therefore, when calling this scanning interface, the API internally uses the runtime of the HTTP_URL table to perform the actual scanning task.
|
||||
|
||||
@@ -112,11 +112,11 @@ Maat supports not only block-based scanning but also stream-based scanning. For
|
||||
|
||||
## Half/Full hit
|
||||
|
||||
From the diagram of [configuration relationship](./overview.md#12-configuration-relationship), it can be seen that if the group that is hit is not referenced by compile, or even if referenced by compile, but after logical operations no compile is hit, then this hit is called a half hit; if a compile is hit, then this hit is called a full hit.
|
||||
From the diagram of [configuration relationship](./overview.md#12-configuration-relationship), it can be seen that if the group that is hit is not referenced by rule, or even if referenced by rule, but after logical operations no rule is hit, then this hit is called a half hit; if a rule is hit, then this hit is called a full hit.
|
||||
|
||||
## Hit path
|
||||
|
||||
From the relationship of item, group, and compile mentioned above, if a scan hits a certain compile, there must be a logical path composed of item_id -> group_id -> compile_id. Maat names this path the hit path. If a group has nested references, the hit path should be item_id -> sub_group_id -> group_id -> compile_id.
|
||||
From the relationship of item, group, and rule mentioned above, if a scan hits a certain rule, there must be a logical path composed of item_id -> group_id -> rule_id. Maat names this path the hit path. If a group has nested references, the hit path should be item_id -> sub_group_id -> group_id -> rule_id.
|
||||
|
||||
## Redis
|
||||
|
||||
|
||||
Reference in New Issue
Block a user