Beispiel #1
0
function PrintEventsByIP($db, $ip)
{
    global $debug_mode;
    $count = 0;
    /* Jeffs stuff */
    /* Count total events for the given address */
    $event_cnt = EventCntByAddr($db, $ip);
    /* Grab unique alerts and count them */
    $unique_events = UniqueEventCntByAddr($db, $ip, $count);
    $unique_event_cnt = count($unique_events);
    printf("<B>" . gettext("%d unique events detected among %d events on %s") . "/32</B><BR>", $unique_event_cnt, $event_cnt, $ip);
    /* Print the Statistics on Each of the Unique Alerts */
    echo '<TABLE BORDER=0>
        <TR>
           <TD CLASS="headerbasestat">' . gettext("TCP Flags") . '</TD>
           <TD CLASS="headerbasestat">' . gettext("Total<BR> Occurrences") . '</TD>
           <TD CLASS="headerbasestat">' . gettext("Num of Sensors") . '</TD>
           <TD CLASS="headerbasestat">' . gettext("First<BR> Occurrence") . '</TD>
           <TD CLASS="headerbasestat">' . gettext("Last<BR> Occurrence") . '</TD>
        </TR>';
    for ($i = 0; $i < $unique_event_cnt; $i++) {
        $current_event = $unique_events[$i];
        $total = UniqueEventTotalsByAddr($db, $ip, $current_event);
        $num_sensors = UniqueSensorCntByAddr($db, $ip, $current_event);
        $start_time = StartTimeForUniqueEventByAddr($db, $ip, $current_event);
        $stop_time = StopTimeForUniqueEventByAddr($db, $ip, $current_event);
        $cellcolor = $i % 2 != 0 ? "bgcolor='#f2f2f2'" : "";
        /* Print out */
        echo "<TR {$cellcolor}>";
        if ($debug_mode > 1) {
            SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": Before BuildSigByID()");
        }
        $signame = BuildSigByPlugin($unique_events[$i][0], $unique_events[$i][1], $db);
        echo "  <TD ALIGN='center'> " . str_replace("##", "", html_entity_decode($signame));
        if ($debug_mode > 1) {
            SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": After BuildSigByID()");
        }
        $tmp_iplookup = 'base_qry_main.php?new=1&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($unique_events[$i][0] . ";" . $unique_events[$i][1]) . '&num_result_rows=-1&submit=' . gettext("Query+DB") . '&current_view=-1&ip_addr_cnt=2' . BuildIPFormVars($ip);
        $tmp_sensor_lookup = 'base_stat_sensor.php?sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($unique_events[$i][0] . ";" . $unique_events[$i][1]) . '&ip_addr_cnt=2' . BuildIPFormVars($ip);
        echo "  <TD align='center'> <A HREF=\"{$tmp_iplookup}\">{$total}</A> ";
        echo "  <TD align='center'> <A HREF=\"{$tmp_sensor_lookup}\">{$num_sensors}</A> ";
        //echo "  <TD align='center'> $num_sensors";
        echo "  <TD align='center'> {$start_time}";
        echo "  <TD align='center' valign='middle'> {$stop_time}";
        echo '</TR>';
    }
    echo "</TABLE>\n";
}
Beispiel #2
0
     $current_sport = ":" . $myrow["layer4_sport"];
 }
 if ($myrow["layer4_dport"] != 0) {
     $current_dport = ":" . $myrow["layer4_dport"];
 }
 if ($debug_mode > 1) {
     SQLTraceLog("\n\n");
     SQLTraceLog(__FILE__ . ":" . __LINE__ . ":\n############## <calls to BuildSigByID> ##################");
 }
 // SIGNATURE
 $current_sig = TranslateSignature($current_sig, $myrow);
 $current_sig_txt = trim(html_entity_decode(strip_tags($current_sig)));
 //$current_sig_txt = BuildSigByID($myrow[2], $myrow["sid"], $myrow["cid"], $db, 2);
 if ($debug_mode > 1) {
     SQLTraceLog(__FILE__ . ":" . __LINE__ . ":\n################ </calls to BuildSigByID> ###############");
     SQLTraceLog("\n\n");
 }
 $current_otype = $myrow["ossim_type"];
 $current_oprio = $myrow["ossim_priority"];
 $current_oreli = $myrow["ossim_reliability"];
 $current_oasset_s = $myrow["ossim_asset_src"];
 $current_oasset_d = $myrow["ossim_asset_dst"];
 $current_oriskc = $myrow["ossim_risk_c"];
 $current_oriska = $myrow["ossim_risk_a"];
 if ($portscan_payload_in_signature == 1) {
     /* fetch from payload portscan open port number */
     if (stristr($current_sig_txt, "(portscan) Open Port")) {
         $sql2 = "SELECT data_payload FROM data WHERE sid='" . $myrow["sid"] . "' AND cid='" . $myrow["cid"] . "'";
         $result2 = $db->baseExecute($sql2);
         $myrow_payload = $result2->baseFetchRow();
         $result2->baseFreeRows();