function get_doc_info($conn, $rel) { $name = ''; $url = ''; $url_links['host'] = Menu::get_menu_url('/ossim/av_asset/common/views/detail.php?asset_id=KKKK', 'environment', 'assets', 'assets'); $url_links['net'] = Menu::get_menu_url('/ossim/av_asset/network/view/list.php', 'environment', 'assets', 'networks'); $url_links['host_group'] = Menu::get_menu_url('/ossim/av_asset/group/view/list.php', 'environment', 'assets', 'asset_groups'); $url_links['net_group'] = Menu::get_menu_url('/ossim/netgroup/netgroup.php', 'environment', 'assets', 'network_groups'); $url_links['incident'] = Menu::get_menu_url('/ossim/incidents/incident.php?id=KKKK', 'analysis', 'tickets', 'tickets'); $url_links['directive'] = Menu::get_menu_url('/ossim/directives/index.php?toggled_dir=KKKK&dir_info=1', 'configuration', 'threat_intelligence', 'directives'); $url_links['plugin_sid'] = Menu::get_menu_url('/ossim/forensics/base_qry_main.php?clear_allcriteria=1&search=1&sensor=&sip=&plugin=&ossim_risk_a=+&submit=Signature&search_str=KKKK', 'analysis', 'security_events', 'security_events'); $url_links['taxonomy'] = ""; $key = $rel['key']; switch ($rel['type']) { case 'directive': $name = $rel['key']; break; case 'incident': $sql = "SELECT title from incident where id=?"; $params = array($rel['key']); $rs = $conn->Execute($sql, $params); if (!$rs) { $name = _('Unknown'); } elseif (!$rs->EOF) { $name = $rs->fields["title"]; } break; case 'plugin_sid': $plugin = explode('##', $rel['key']); $pid = $plugin[1]; $sid = $plugin[0]; if ($pid != '' && $sid != '') { $name = Plugin_sid::get_name_by_idsid($conn, $pid, $sid); if (!preg_match('/:/', $name)) { $name = Plugin::get_name_by_id($conn, $pid) . ": " . $name; } $key = $name; } else { $name = _('Unknown, Please edit this relationship'); $key = ''; } break; case 'host': case 'host_group': case 'net': case 'net_group': $field = $rel['type'] == 'host' ? 'hostname' : 'name'; $sql = "SELECT {$field} as name from " . $rel['type'] . " where id=UNHEX(?)"; $params = array($rel['key']); $rs = $conn->Execute($sql, $params); if (!$rs) { $name = _('Unknown'); } elseif (!$rs->EOF) { $name = $rs->fields["name"]; } break; case 'taxonomy': $tax = explode('##', $rel['key']); $ptype = intval($tax[0]) != 0 ? Product_type::get_name_by_id($conn, $tax[0]) : _('ANY'); $cat = intval($tax[1]) != 0 ? Category::get_name_by_id($conn, $tax[1]) : _('ANY'); $subcat = intval($tax[2]) != 0 ? Subcategory::get_name_by_id($conn, $tax[2]) : _('ANY'); $name = _('Product Type') . ': ' . $ptype . ', ' . _('Category') . ': ' . $cat . ', ' . _('Subcategory') . ': ' . $subcat; break; default: $name = _('Unknown'); } $url = $url_links[$rel['type']]; $url = $url != '' ? str_replace('KKKK', $key, $url) : 'javascript:;'; return array($name, $url); }
$range = $chart_info['range'] > 0 ? $chart_info['range'] * 86400 : 432000; $query_where = Security_report::make_where($conn, '', '', array(), $assets_filters, "", "", false); //Limit of host to show in the widget. $limit = $chart_info['top'] != '' ? $chart_info['top'] : 10; //Link to the forensic site. $link = "/ossim/forensics/base_qry_main.php?clear_allcriteria=1&time_range=range&time_cnt=2&time[0][0]= &time[0][1]=>=&time[0][8]= &time[0][9]=AND&time[1][1]=<=&time[0][2]=" . gmdate("m", $timeutc - $range) . "&time[0][3]=" . gmdate("d", $timeutc - $range) . "&time[0][4]=" . gmdate("Y", $timeutc - $range) . "&time[0][5]=00&time[0][6]=00&time[0][7]=00&time[1][2]=" . gmdate("m", $timeutc) . "&time[1][3]=" . gmdate("d", $timeutc) . "&time[1][4]=" . gmdate("Y", $timeutc) . "&time[1][5]=23&time[1][6]=59&time[1][7]=59&submit=Query DB&num_result_rows=-1&sort_order=time_d&hmenu=Forensics&smenu=Forensics&utc=1"; $forensic_link = Menu::get_menu_url($link, 'analysis', 'security_events'); //Sql Query //TO DO: Use parameters in the query. $sqlgraph = "SELECT sum( acid_event.cnt ) as num_events,p.category_id FROM alienvault_siem.ac_acid_event as acid_event, alienvault.plugin_sid p WHERE p.plugin_id=acid_event.plugin_id AND p.sid=acid_event.plugin_sid AND acid_event.timestamp BETWEEN '" . gmdate("Y-m-d H:00:00", $timeutc - $range) . "' AND '" . gmdate("Y-m-d H:59:59") . "' {$query_where} group by p.category_id having num_events > 0 and p.category_id is not null order by num_events desc LIMIT {$limit}"; $rg = $conn->CacheExecute($sqlgraph); if (!$rg) { print $conn->ErrorMsg(); } else { while (!$rg->EOF) { $name = Category::get_name_by_id($conn, $rg->fields["category_id"]); $data[] = $rg->fields["num_events"]; $label[] = $name; $links[] = $forensic_link . '&category%5B1%5D=&category%5B0%5D=' . $rg->fields["category_id"]; $rg->MoveNext(); } } $colors = get_widget_colors(count($data)); break; case 'siemlogger': //Amount of hours to show in the widget. //$max = ($chart_info['range'] == '')? 16 : $chart_info['range']; $max = 16; //By now it will be always 24 hours //Type of graph. In this case is the simple raphael. $js = "analytics_duo";