$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY)); $export = intval(ImportHTTPVar("complete", VAR_DIGIT)); // Called from report_launcher.php $qs->MoveView($submit); /* increment the view if necessary */ $page_title = gettext("Sensor Listing"); /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1); if ($event_cache_auto_update == 1) { UpdateAlertCache($db); } $criteria_clauses = ProcessCriteria(); // Include base_header.php PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1); $mssp = Session::show_entities(); //intval($conf->get_conf("alienvault_mssp", FALSE)); // Use accumulate tables only when timestamp criteria is not hour sensitive $use_ac = $criteria_clauses[3]; $nevents = "count(distinct acid_event.plugin_id, acid_event.plugin_sid)"; // use ac_acid_event if ($use_ac) { $from = " FROM po_acid_event as acid_event " . $criteria_clauses[0] . ", device LEFT JOIN alienvault.sensor ON sensor.id=device.sensor_id"; $where = $criteria_clauses[4] != "" ? " WHERE " . $criteria_clauses[4] : " "; $where2 = $criteria_clauses[5] != "" ? " WHERE " . $criteria_clauses[5] : " "; $counter = "sum(acid_event.cnt) as event_cnt"; $from1 = " FROM acid_event " . $criteria_clauses[0] . ", device LEFT JOIN alienvault.sensor ON sensor.id=device.sensor_id"; $where1 = $criteria_clauses[1] != "" ? " WHERE " . $criteria_clauses[1] : " "; $from2 = " FROM po_acid_event as acid_event " . $criteria_clauses[0]; } else { $from = $from1 = " FROM acid_event " . $criteria_clauses[0] . ", device LEFT JOIN alienvault.sensor ON sensor.id=device.sensor_id";
function print_form($import_type) { $config = array('networks' => array('contexts' => array('show_tree' => Session::show_entities(), 'default_value' => Session::get_default_ctx()), 'chk_iic' => array('show' => TRUE, 'checked' => FALSE), 'help' => array('Version 4.x.x' => array('format' => _('"Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description";"Asset value"*;"Net ID"'), 'example' => '"Net_1";"192.168.10.0/24,192.168.9.0/24";"' . _('Short description') . '";"2";"479D45C0BBF22B4458BD2F8EE09ECAC2"'), 'Version 3.x.x' => array('format' => _('"Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description";"Asset value";"Sensors(Sensor1,Sensor2,...)"*'), 'example' => '"Net_1";"192.168.10.0/24,192.168.9.0/24";"' . _('Short description') . '";"2";"192.168.10.2,192.168.10.3"'))), 'welcome_wizard_nets' => array('contexts' => array('show_tree' => FALSE, 'default_value' => Session::get_default_ctx()), 'chk_iic' => array('show' => FALSE, 'checked' => TRUE), 'help' => array('Version 4.x.x' => array('format' => _('"Netname"*;"CIDRs(CIDR1,CIDR2,...)"*;"Description"'), 'example' => '"Net_1";"192.168.10.0/24,192.168.9.0/24";"' . _('Short description') . '"')))); if (!array_key_exists($import_type, $config)) { echo ossim_error(_('Error! Import Type not found')); } else { ?> <div id='av_info'></div> <form name='form_csv' id='form_csv' method='POST' action='import_all_nets_ajax.php' enctype='multipart/form-data' target='iframe_upload'> <input type="hidden" name="ctx" id="ctx" value="<?php echo $config[$import_type]['contexts']['default_value']; ?> "/> <input type="hidden" name="import_type" id="import_type" value="<?php echo $import_type; ?> "/> <table id='form_container'> <?php //Context if ($config[$import_type]['contexts']['show_tree'] == TRUE) { ?> <tr class='left'> <td class="td_title"> <span><?php echo _('Select the Entity for the nets'); ?> :</span> </td> </tr> <tr> <td class='td_content'> <table id="t_tree"> <tr> <td class='noborder'> <div id="tree"></div> </td> </tr> <tr> <td id='td_es'> <span class='bold'><?php echo _('Entity selected'); ?> :</span> <span id="entity_selected"> - </span> </td> </tr> </table> </td> </tr> <?php } $top_class = $import_type == 'welcome_wizard_nets' ? 'td_top' : ''; //Input File ?> <tr> <td class='td_title <?php echo $top_class; ?> '> <span><?php echo _('Choose a CSV file'); ?> :</span> </td> </tr> <tr> <td class='td_content'> <input name='file_csv' id='file_csv' type='file' size='38'/> <?php if ($config[$import_type]['chk_iic']['show'] == TRUE) { $checked_iic = $config[$import_type]['chk_iic']['checked'] == TRUE ? 'checked="checked"' : ''; ?> <span class='ignore_span'> <input type='checkbox' name='iic' id='iic' <?php echo $checked_iic; ?> value='1'/> <label for='iic' style='margin-left: 2px;'><?php echo _('Ignore invalid characters'); ?> </label> </span> <?php } else { $chk_iic_value = $config[$import_type]['chk_iic']['checked'] == TRUE ? '1' : '0'; ?> <input type='hidden' name='iic' id='iic' value="<?php echo $chk_iic_value; ?> "/> <?php } ?> </td> </tr> <tr> <td class='td_content'> <div id='c_send'> <input type='button' name='send' id='send' value='<?php echo _('Import'); ?> '/> </div> </td> </tr> <tr> <td class='td_title'> <span><?php echo _('Formats allowed'); ?> :</span> </td> </tr> <tr> <td class='td_content'> <table id='t_format'> <?php //Help foreach ($config[$import_type]['help'] as $version => $help_data) { ?> <tr> <td class='td_version'> <?php echo $version; ?> : </td> </tr> <tr> <td class='td_format'> <?php echo $help_data['format']; ?> </td> </tr> <tr> <td class='td_example'> <?php echo $help_data['example']; ?> </td> </tr> <?php } ?> </table> </td> </tr> <tr> <td class='td_title'> <span><?php echo _('Notes'); ?> :</span> </td> </tr> <tr> <td class='td_content'> <ul id='note_list'> <li><?php echo _('Characters allowed: A-Z, a-z, 0-9, ., :, _ and -'); ?> </li> <li><?php echo _('Values marked with (*) are mandatory'); ?> </li> </ul> </td> </tr> </table> <div id='c_resume'></div> <iframe name="iframe_upload" id="iframe_upload" style="display:none;"></iframe> </form> <?php } }
// data to fill report_data if (is_array($_SESSION["server"]) && $_SESSION["server"][0] != "") { $_conn = $dbo->custom_connect($_SESSION["server"][0], $_SESSION["server"][2], $_SESSION["server"][3]); } else { $_conn = $dbo->connect(); } while (($myrow = $result->baseFetchRow()) && $i < $qs->GetDisplayRowCnt()) { $ctx = $myrow["ctx"]; $product_type = GetSourceType($myrow["product_type"], $db); $total_occurances = $myrow["events"]; $urlp = "base_qry_main.php?new=1&submit=" . gettext("Query DB") . "&sourcetype=" . urlencode($myrow["product_type"]); //$urlp = "base_stat_ptypes.php?sort=occur_d&sourcetype=".urlencode($myrow["product_type"]); qroPrintEntryHeader($i); qroPrintEntry('  <a href="' . $urlp . '">' . $product_type . '</a>', 'left', "", "nowrap"); qroPrintEntry(' <a href="' . $urlp . '">' . Util::number_format_locale($total_occurances, 0) . '</a>', "center", "", ""); qroPrintEntry(Session::show_entities() && !empty($entities[$ctx]) ? $entities[$ctx] : (Session::show_entities() ? _("Unknown") : GetSensorName($ctx, $db)), "center", "", ""); qroPrintEntry(" <A class='usig' id='sg" . $myrow["product_type"] . "-{$ctx}' HREF='{$urlp}'>-</a>", "left", "", ""); qroPrintEntry("<div id='ts" . $myrow["product_type"] . "-{$ctx}'>-</div>", "center", "", "nowrap"); qroPrintEntryFooter(); $i++; $prev_time = null; } $result->baseFreeRows(); $dbo->close($_conn); $qro->PrintFooter(); $qs->PrintBrowseButtons(); $qs->PrintAlertActionButtons(); $qs->SaveState(); echo "\n</FORM>\n"; PrintBASESubFooter(); if ($debug_time_mode >= 1) {
</label> </th> <td class="left"> <select name="location" id="location" class='vfield'> <?php $locations = Locations::get_list($conn); foreach ($locations as $lc) { echo "<option value='" . $lc->get_id() . "'>" . $lc->get_name() . "</option>"; } ?> </select> </td> </tr> <?php } else { if (Session::show_entities()) { $e_url = Menu::get_menu_url('../acl/entities.php', 'configuration', 'administration', 'users', 'structure'); ?> <tr> <th> <label for='entities'><?php echo _('Context') . required(); ?> </label><br/> </th> <td class="nobborder"> <table id='t_entities' class="transparent"> <tr> <td class="noborder left"> <div id="tree"></div>
if ($addr_type == 1) { if ($no_ip) { $url_criteria = BuildSrcIPFormVars(NULL_IP); } else { $url_criteria = BuildSrcIPFormVars($currentIP); } } else { if ($addr_type == 2) { if ($no_ip) { $url_criteria = BuildDstIpFormVars(NULL_IP); } else { $url_criteria = BuildDstIPFormVars($currentIP); } } } $sens = Session::show_entities() && !empty($entities[$ctx]) ? $entities[$ctx] : (Session::show_entities() ? _("Unknown") : GetSensorName($ctx, $db)); qroPrintEntry($sens, "center", "middle"); qroPrintEntry('<A HREF="' . $tmp_iplookup . $url_criteria . '">' . Util::number_format_locale($num_events, 0) . '</A>', "center", "middle"); qroPrintEntry('<A HREF="' . $tmp_iplookup2 . $url_criteria . '">' . Util::number_format_locale($num_sig, 0) . '</A>', "center", "middle"); qroPrintEntry(Util::number_format_locale($num_ip, 0), "center", "middle"); if (file_exists("../kml/GoogleEarth.php") && $currentIP != "0.0.0.0" && $currentIP != "::") { qroPrintEntry("<a href='' onclick='window.open(\"../kml/TourConfig.php?type={$addr_type_name}&ip={$currentIP}\",\"IP {$currentIP} " . ($addr_type == 2 ? _("sources") : _("destinations")) . " - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' title='" . _("Geolocation Tour") . "' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type={$addr_type_name}&ip={$currentIP}\",\"IP {$currentIP} " . ($addr_type == 2 ? _("sources") : _("destinations")) . " - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img title='" . _("Geolocation Map") . "' align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>"); } else { qroPrintEntry(''); } qroPrintEntryFooter(); ++$i; // report_data $report_data[] = array($currentIP, '', $num_sig, $num_ip, "", "", "", "", "", "", $sens, intval($_GET['addr_type']), 0, $num_events, $country_img); } $result->baseFreeRows();
$query = GET('query') != "" ? GET('query') : ""; $directive_id = GET('directive_id'); $intent = intval(GET('intent')); $sensor_query = GET('sensor_query'); $tag = GET('tag'); $num_events = GET('num_events'); $num_events_op = GET('num_events_op'); $date_from = GET('date_from'); $date_to = GET('date_to'); $ds_id = GET('ds_id'); $ds_name = GET('ds_name'); $beep = intval(GET('beep')); $sec = POST('sEcho'); //$tags = Tags::get_list($conn); $tags_html = Tags::get_list_html($conn); if (Session::is_pro() && Session::show_entities()) { list($entities, $_children, $_num_ent) = Acl::get_entities($conn, '', '', true, false); } ossim_valid($order, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Order")); ossim_valid($torder, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("Order Direction")); ossim_valid($delete, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Delete")); ossim_valid($close, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Close")); ossim_valid($open, OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Open")); ossim_valid($delete_day, OSS_ALPHA, OSS_SPACE, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _("Delete_day")); ossim_valid($query, OSS_ALPHA, OSS_PUNC_EXT, OSS_SPACE, OSS_NULLABLE, 'illegal:' . _("Query")); ossim_valid($autorefresh, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Autorefresh")); ossim_valid($refresh_time, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Refresh_time")); ossim_valid($directive_id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Directive_id")); ossim_valid($intent, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Intent")); ossim_valid($src_ip, OSS_IP_ADDRCIDR_0, OSS_NULLABLE, 'illegal:' . _("Src_ip")); ossim_valid($dst_ip, OSS_IP_ADDRCIDR_0, OSS_NULLABLE, 'illegal:' . _("Dst_ip"));
$report_unit = POST('reportUnit'); $type = POST('Type'); $date_from = POST('date_from'); $date_to = POST('date_to'); ossim_valid($user, OSS_USER, OSS_NULLABLE, 'illegal:' . _('User')); ossim_valid($report_unit, OSS_ALPHA, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _('reportUnit')); ossim_valid($type, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('Type')); ossim_valid($date_from, OSS_DATE, OSS_NULLABLE, 'illegal:' . _('Date From')); ossim_valid($date_to, OSS_DATE, OSS_NULLABLE, 'illegal:' . _('Date To')); if (ossim_error()) { echo 'error###' . ossim_get_error_clean(); exit; } //Variable field $pro = Session::is_pro(); $var_field = Session::show_entities() ? "Context" : "Sensor"; /* Security_DB_Events Security_DB_Unique_Events Security_DB_Sensors Security_DB_Unique_Address - Types: 1, 2 Security_DB_Source_Port - Types: 0, 1, 2 Security_DB_Destination_Port - Types: 0, 1, 2 Security_DB_Unique_Plugin Security_DB_Unique_Country_Events SIEM_Events_Unique_IP_Links */ $type_id = array("Security_DB_Events" => "33", "Security_DB_Unique_Events" => "36", "Security_DB_Sensors" => "38", "Security_DB_Unique_Address" => "40", "Security_DB_Source_Port" => "42", "Security_DB_Destination_Port" => "44", "Security_DB_Unique_Plugin" => "46", "Security_DB_Unique_Country_Events" => "48", "SIEM_Events_Unique_IP_Links" => "37"); $fields = array("Security_DB_Events" => "dataV1, dataV2, dataV3, dataV4, dataV5, dataV6, dataV10, dataV11, dataI1", "Security_DB_Unique_Events" => "dataV1, dataV2, dataI2, dataI3", "Security_DB_Sensors" => "dataV7, dataV8, dataV1, dataI2", "Security_DB_Unique_Address" => "dataV1, cell_data, dataV11, dataI3, dataV3, dataV4", "Security_DB_Source_Port" => "dataV1, dataV11, dataI3, dataV2", "Security_DB_Destination_Port" => "dataV1, dataV11, dataI3, dataV2", "Security_DB_Unique_Plugin" => "dataV1, dataV11, dataI1, dataV2", "Security_DB_Unique_Country_Events" => "dataV1, cell_data, dataV3, dataI1, dataI2, dataI3", "SIEM_Events_Unique_IP_Links" => "dataV1, cell_data, dataV3, dataV4, dataV5, dataI1, dataI2, dataI3"); //Query Parameters $params = array();
function print_form($import_type) { $config = array('hosts' => array('contexts' => array('show_tree' => Session::show_entities(), 'default_value' => Session::get_default_ctx()), 'chk_iic' => array('show' => TRUE, 'checked' => FALSE), 'help' => array('Version 4.x.x, 5.x.x' => array('format' => _('"IPs(IP1,IP2,...)";"Hostname";"FQDNs(FQDN1,FQDN2,...)";"Description";"Asset Value";"Operating System";"Latitude";"Longitude";"Asset ID";"External Asset";"Device Types(Type1,Type2,...)"'), 'header' => '"IPs";"Hostname";"FQDNs";"Description";"Asset Value";"Operating System";"Latitude";"Longitude";"Asset ID";"External Asset";"Device Type"', 'example' => '"192.168.10.3";"Host-1";"www.example-1.es,www.example-2.es";"' . _('Short description') . '";"2";"Windows";"23.78";"121.45";"379D45C0BBF22B4458BD2F8EE09ECCC2";0;"Server:Mail Server"'), 'Version 3.x.x' => array('format' => _('"IP";"Hostname";"FQDNs(FQDN1,FQDN2,...)";"Description";"Asset Value";"Sensors(Sensor1,Sensor2,...)";"Operating System";"Latitude";"Longitude"'), 'header' => '"IP";"Hostname";"FQDNs";"Description";"Asset Value";"Sensors";"Operating System";"Latitude";"Longitude"', 'example' => '"192.168.10.3";"Host-1";"www.example-1.es,www.example-2.es";"' . _('Short description') . '";"2";"192.168.10.2,192.168.10.3";"Windows";"23.78";"121.45"'))), 'welcome_wizard_hosts' => array('contexts' => array('show_tree' => FALSE, 'default_value' => Session::get_default_ctx()), 'chk_iic' => array('show' => FALSE, 'checked' => TRUE), 'help' => array('Version 4.x.x or higher' => array('format' => _('"IPs(IP1,IP2,...)";"Hostname";"Description";"Operating System";"Device Type(Type1,Type2,...)"'), 'header' => _('"IPs";"Hostname";"Description";"Operating System";"Device Type"'), 'example' => '"192.168.10.3";"Host-1";"' . _('Short description') . '";"Windows";"Server,Network Device"')))); $paths = Asset::get_path_url(FALSE); $form_action = $paths['asset']['controllers'] . 'import_all_hosts_ajax.php'; if (!array_key_exists($import_type, $config)) { echo ossim_error(_('Error! Import Type not found')); } else { ?> <div id='av_info'></div> <form name='form_csv' id='form_csv' method='POST' action='<?php echo $form_action; ?> ' enctype='multipart/form-data' target='iframe_upload'> <input type="hidden" name="ctx" id="ctx" value="<?php echo $config[$import_type]['contexts']['default_value']; ?> "/> <input type="hidden" name="import_type" id="import_type" value="<?php echo $import_type; ?> "/> <table id='form_container'> <?php //Context if ($config[$import_type]['contexts']['show_tree'] == TRUE) { ?> <tr class='left'> <td class="td_title"> <span><?php echo _('Select the Entity for the assets'); ?> :</span> </td> </tr> <tr> <td class='td_content'> <table id="t_tree"> <tr> <td class='noborder'> <div id="tree"></div> </td> </tr> <tr> <td id='td_es'> <span class='bold'><?php echo _('Entity selected'); ?> :</span> <span id="entity_selected"> - </span> </td> </tr> </table> </td> </tr> <?php } //Input File ?> <tr> <td class='td_title'> <span><?php echo _('Choose a CSV file'); ?> :</span> </td> </tr> <tr> <td class='td_content'> <input name='file_csv' id='file_csv' type='file' size='38'/> <?php if ($config[$import_type]['chk_iic']['show'] == TRUE) { $checked_iic = $config[$import_type]['chk_iic']['checked'] == TRUE ? 'checked="checked"' : ''; ?> <span class='ignore_span'> <input type='checkbox' name='iic' id='iic' <?php echo $checked_iic; ?> value='1'/> <label for='iic' style='margin-left: 2px;'><?php echo _('Ignore invalid characters (Hostnames)'); ?> </label> </span> <?php } else { $chk_iic_value = $config[$import_type]['chk_iic']['checked'] == TRUE ? '1' : '0'; ?> <input type='hidden' name='iic' id='iic' value="<?php echo $chk_iic_value; ?> "/> <?php } ?> </td> </tr> <tr> <td class='td_content'> <div id='c_send'> <input type='button' name='send' id='send' value='<?php echo _('Import'); ?> '/> </div> </td> </tr> <tr> <td class='td_title'> <span><?php echo _('Formats allowed'); ?> :</span> </td> </tr> <tr> <td class='td_content'> <table id='t_format'> <?php //Help foreach ($config[$import_type]['help'] as $version => $help_data) { ?> <tr> <td class='td_version'> <?php echo $version; ?> : </td> </tr> <tr> <td class='td_format'> <strong><?php echo _('Format'); ?> :</strong> <?php echo $help_data['format']; ?> </td> </tr> <tr> <td class='td_header'> <strong><?php echo _('Header'); ?> :</strong> <?php echo $help_data['header']; ?> </td> </tr> <tr> <td class='td_example'> <strong><?php echo _('Example'); ?> :</strong> <?php echo $help_data['example']; ?> </td> </tr> <tr> <td></td> </tr> <?php } ?> </table> </td> </tr> <tr> <td class='td_title'> <span><?php echo _('Notes'); ?> :</span> </td> </tr> <tr> <td class='td_content'> <ul id='note_list'> <li><?php echo _('IP address and sensor fields cannot be empty'); ?> </li> <li><?php echo _('Hostname syntax defined by RFC 1123'); ?> </li> <?php if ($import_type == 'hosts') { ?> <li><?php echo _('FQDN syntax defined by RFC 1035, RFC 1123 and RFC 2181'); ?> </li> <li> <span><?php echo _('Valid Operating System values'); ?> :</span> <div style='padding-left: 10px; font-style: italic;'> Windows, Linux, FreeBSD, NetBSD, OpenBSD, MacOS, Solaris, Cisco, AIX,HP-UX, Tru64, IRIX, BSD/OS, SunOS, Plan9 <?php echo _('or'); ?> IPhone </div> </li> <?php } else { ?> <li> <span><?php echo _('Valid Operating System values'); ?> :</span> <span class='italic'>Windows <?php echo _('or'); ?> Linux</span> </li> <li> <span><?php echo _('Valid Device Types'); ?> :</span> <span class='italic'>Server <?php echo _('or'); ?> Network Device</span> </li> <?php } ?> </ul> </td> </tr> </table> <div id='c_resume'></div> <iframe name="iframe_upload" id="iframe_upload" style='display:none;'></iframe> </form> <?php } }
</label> </th> <td class='noborder left'> <?php if (Session::show_entities() && $ctx == '') { ?> <div id="portsmsg"><i><?php echo _('Select first an Entity to select ports'); ?> </i></div> <?php } ?> <table id="t_ports" class="transparent" <?php if (Session::show_entities() && $ctx == '') { ?> style="display:none"<?php } ?> > <tr> <td class="noborder"><?php echo _("<span class='bold'>Type</span> here the port"); ?> :</td> </tr> <tr> <td class="noborder"> <input type="text" id="ports_name" name="ports_name" value=""/>
av_map.bind_pos_actions(); //Search box (Handler Keyup and Blur) av_map.bind_sl_actions(); } else { av_map.draw_warning(); $('#send, #search_location, #latitude, #longitude').attr('disabled', 'disabled'); } // Entities tree <?php if (Session::show_entities() && !$locations_id) { ?> $("#tree").dynatree({ initAjax: { url: "../tree.php?key=contexts&extra_options=local" }, clickFolderMode: 2, onActivate: function(dtnode) { var key = dtnode.data.key.replace(/e_/, ""); if (key != "") { $('#ctx').val(key); $('#entity_selected').html("<?php echo _("Context selected"); ?> : <b>"+dtnode.data.val+"</b>");
$addr_type = intval(GET('addr_type')); $type = array("33" => "Events", "38" => "Sensors", "36" => "Unique_Events", "46" => "Unique_Plugins", "40" => "Unique_Addresses", "42" => "Source_Port", "44" => "Destination_Port", "37" => "Unique_IP_links", "48" => "Unique_Country_Events"); $tz = Util::get_timezone(); $current_cols_titles = array("SIGNATURE" => _("Signature"), "ENTITY" => _("Context"), "DATE" => _("Date") . " " . Util::timezone($tz), "IP_PORTSRC" => _("Source"), "IP_PORTDST" => _("Destination"), "SENSOR" => _("Sensor"), "OTX" => _("OTX"), "IP_SRC" => _("Src IP"), "IP_DST" => _("Dst IP"), "IP_SRC_FQDN" => _("Src IP FQDN"), "IP_DST_FQDN" => _("Dst IP FQDN"), "PORT_SRC" => _("Src Port"), "PORT_DST" => _("Dst Port"), "ASSET" => _("Asset S->D"), "PRIORITY" => _("Prio"), "RELIABILITY" => _("Rel"), "RISK" => _("Risk"), "IP_PROTO" => _("L4-proto"), "USERDATA1" => _("Userdata1"), "USERDATA2" => _("Userdata2"), "USERDATA3" => _("Userdata3"), "USERDATA4" => _("Userdata4"), "USERDATA5" => _("Userdata5"), "USERDATA6" => _("Userdata6"), "USERDATA7" => _("Userdata7"), "USERDATA8" => _("Userdata8"), "USERDATA9" => _("Userdata9"), "USERNAME" => _("Username"), "FILENAME" => _("Filename"), "PASSWORD" => _("Password"), "PAYLOAD" => _("Payload"), "PLUGIN_ID" => _("Data Source ID"), "PLUGIN_SID" => _("Event Type ID"), "PLUGIN_DESC" => _("Data Source Description"), "PLUGIN_NAME" => _("Data Source Name"), "PLUGIN_SOURCE_TYPE" => _("Source Type"), "PLUGIN_SID_CATEGORY" => _("Category"), "PLUGIN_SID_SUBCATEGORY" => _("SubCategory"), 'SRC_USERDOMAIN' => _("IDM User@Domain Src IP"), 'DST_USERDOMAIN' => _("IDM User@Domain Dst IP"), 'SRC_HOSTNAME' => _("IDM Source"), 'DST_HOSTNAME' => _("IDM Destination"), 'SRC_MAC' => _("IDM MAC Src IP"), 'DST_MAC' => _("IDM MAC Dst IP"), 'REP_PRIO_SRC' => _("Rep Src IP Prio"), 'REP_PRIO_DST' => _("Rep Dst IP Prio"), 'REP_REL_SRC' => _("Rep Src IP Rel"), 'REP_REL_DST' => _("Rep Dst IP Rel"), 'REP_ACT_SRC' => _("Rep Src IP Act"), 'REP_ACT_DST' => _("Rep Dst IP Act"), 'DEVICE' => _("Device IP")); $user = $_SESSION["_user"]; $path_conf = $GLOBALS["CONF"]; /* database connect */ $db = new ossim_db(true); $conn = $db->connect(); //$conn = $db->custom_connect('localhost',$path_conf->get_conf("ossim_user"),$path_conf->get_conf("ossim_pass")); $config = new User_config($conn); $default_view = $config->get($login, 'custom_view_default', 'php', "siem") != "" ? $config->get($login, 'custom_view_default', 'php', "siem") : ($idm_enabled ? 'IDM' : 'default'); $output_name = $type[$rtype] . "_" . $user . "_" . date("Y-m-d", time()) . ".csv"; $csv_header = ""; $csv_body = ""; $var_data = Session::show_entities() ? "Context" : "Sensor"; if ($type[$rtype] == "Events") { $sql = "SELECT dataV1, dataV2, dataV11, dataV3, dataV5, dataV10, cell_data\n FROM datawarehouse.report_data WHERE id_report_data_type={$rtype} and user='******'"; if ($_SESSION['current_cview'] != $default_view) { foreach ($_SESSION['views'][$_SESSION['current_cview']]['cols'] as $colname) { if ($csv_header != "") { $csv_header .= ";"; } $csv_header .= $current_cols_titles[$colname]; } $csv_header .= "\n"; } else { $csv_header .= "Signature;Date;{$var_data};Source;Destination;Risk\n"; } } else { if ($type[$rtype] == "Sensors") {