$action = 'modifyserver.php';
if (!$opensource) {
$_engines = Acl::get_engines_by_server($conn, $id);
if (count($_engines) < 1) {
$mssp = FALSE;
}
}
} elseif (!empty($server)) {
$sname = $server->get_name();
$ip = $server->get_ip();
$action = 'modifyserver.php';
}
// Check hierarchy
$parent_servers = Server::get_parent_servers($conn, $id);
foreach ($parent_servers as $p_id => $p_name) {
if (Util::uuid_format($p_id) == $local_id) {
$can_i_modify_elem = FALSE;
$external_ctx = $p_name;
}
}
} else {
$correlate = $cross_correlate = $store = $qualify = $resend_events = $resend_alarms = $sim = 1;
$sign = $sem = $rep = 0;
}
$dis_sim = $sim == 0 ? "disabled='disabled'" : '';
$dis_resend = $opensource || $sim == 0 && $sem == 0 ? "disabled='disabled'" : '';
$dis_opens = $opensource ? "disabled='disabled'" : '';
$dis_sign = $sem == 0 ? "disabled='disabled'" : '';
$class_sim = $sim == 0 ? "class='thgray'" : '';
$class_resend = $opensource || $sem == 0 && $sim == 0 ? "class='thgray'" : '';
$class_sign = $opensource || $sem == 0 ? "class='thgray'" : '';
$assets_aux[] = Util::uuid_format($n_id);
}
$_GET["from_list"] = implode(",", $assets_aux);
}
if ((Session::get_host_where() != "" || Session::get_net_where() != "") && (GET('to') == "ANY" || GET('to_list') == "")) {
$_GET["to"] = "LIST";
$assets_aux = array();
$_list_data = Asset_host::get_basic_list($conn);
$_host_aux = array_keys($_list_data[1]);
foreach ($_host_aux as $h_id) {
$assets_aux[] = Util::uuid_format($h_id);
}
$_list_data = Asset_net::get_list($conn);
$_net_aux = array_keys($_list_data[0]);
foreach ($_net_aux as $n_id) {
$assets_aux[] = Util::uuid_format($n_id);
}
$_GET["to_list"] = implode(",", $assets_aux);
}
if (GET("from") == "LIST") {
$_GET["from"] = GET("from_list");
}
if (GET("port_from") == "LIST") {
$_GET["port_from"] = GET("port_from_list");
}
if (GET("to") == "LIST") {
$_GET["to"] = GET("to_list");
}
if (GET("port_to") == "LIST") {
$_GET["port_to"] = GET("port_to_list");
}
function set_plugins($conn, $data)
{
$response = array();
$plugins = array();
foreach ($data['plugin_list'] as $id => $list_cpe) {
ossim_valid($id, OSS_HEX, 'illegal:' . _("Host ID"));
$list_cpe = is_array($list_cpe) ? $list_cpe : array();
foreach ($list_cpe as $p) {
$cpe = '';
if ($p['version'] != '') {
$cpe = $p['version'];
} elseif ($p['model'] != '') {
$cpe = $p['model'];
} elseif ($p['vendor'] != '') {
$cpe = $p['vendor'];
}
ossim_valid($cpe, OSS_NULLABLE, OSS_ALPHA, OSS_PUNC_EXT, 'illegal:' . _("CPE"));
$plugins[$id][] = $cpe;
}
}
$sensor = $data['sensor'];
ossim_valid($sensor, 'a-fA-F0-9\\-', 'illegal:' . _("Sensor ID"));
check_ossim_error();
Plugin::set_plugins_by_device_cpe($conn, $plugins, Util::uuid_format($sensor));
$response['error'] = FALSE;
$response['msg'] = _("Plugin successfully configured.");
return $response;
}
-</option>
<?php
foreach ($users as $k => $v) {
echo "<option value='" . $v->get_login() . "'>" . $v->get_login() . "</option>";
}
?>
</select>
<select name="entity" id="entity" style="width: 200px;">
<option value="">- <?php
echo _("All Entities");
?>
-</option>
<?php
foreach ($entities as $k => $v) {
echo "<option value='" . Util::uuid_format($k) . "'>{$v}</option>";
}
?>
</select>
</td>
</tr>
<?php
}
?>
</table>
</td>
<td class="nobborder" style="text-align:center;padding-top:3px" valign="top">
<select name="delete[]" id="delete_combo" size="10" multiple='multiple' style='width: 100%;'>
<?php
if (count($delete) > 0) {
foreach ($delete as $delete_item) {
ossim_valid($toggled_info, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Directive Option"));
if (ossim_error()) {
die(ossim_error());
}
if (GET('msg_success') == 1) {
$msg_success = _("Directive successfully saved");
}
$conf = $GLOBALS["CONF"];
if ($engine_id == "") {
$engine_id = $conf->get_conf("default_engine_id", false);
}
$found = 0;
// Default engine is not allowed by CTX user perms
if (Session::get_ctx_where() != "" && Session::is_pro() && !Acl::entityAllowed(strtoupper(str_replace("-", "", $engine_id)))) {
if ($_SESSION['_user_vision']['ctx'] != "") {
$engine_id = Util::uuid_format($_SESSION['_user_vision']['ctx']);
}
}
$directive_editor = new Directive_editor($engine_id);
// Default toggle User Contributed
if ($toggled == "") {
$toggled = "user.xml";
}
if (POST('delete_directive_id') != "") {
$toggled = POST('file');
ossim_valid(POST('delete_directive_id'), OSS_DIGIT, 'illegal:' . _("Directive ID"));
ossim_valid(POST('file'), OSS_ALPHA, OSS_PUNC, 'illegal:' . _("File"));
if (ossim_error()) {
die(ossim_error());
}
if ($directive_editor->delete_directive(POST('delete_directive_id'), POST('file'))) {
function set_plugins($data)
{
$sensor = $data['sensor'];
ossim_valid($sensor, OSS_HEX, 'illegal:' . _("Sensor ID"));
check_ossim_error();
$response = array();
$plugins = Plugin::resolve_plugins_by_vmv($data['plugin_list'], $sensor);
Plugin::set_plugins_by_assets($plugins, Util::uuid_format($sensor));
$response['error'] = FALSE;
$response['msg'] = _("Plugin successfully configured.");
return $response;
}
/**
* This function calculates status of systems with profile sensor enabled
*
* @param object $conn DataBase access object
*
* @return array
*/
function calc_sensors_status($conn)
{
// Getting system list
$avc_list = Av_center::get_avc_list($conn);
$total = 0;
$up_sensors = array();
$down_sensors = array();
// Getting DOWN systems
$filters = array('level' => 'error', 'message_id' => Util::uuid_format('00000000000000000000000000010011'));
$pagination = array('page' => 1, 'page_rows' => count($avc_list['data']));
$status = new System_notifications();
list($notification_list, $total_notifications) = $status->get_status_messages($filters, $pagination);
if ($total_notifications > 0) {
$down_systems = array();
foreach ($notification_list as $notification) {
$down_systems[$notification['component_id']] = 1;
}
}
//Calculating UP and DOWN sensors
if (is_array($avc_list['data']) && !empty($avc_list['data'])) {
foreach ($avc_list['data'] as $avc_data) {
if (preg_match('/sensor/i', $avc_data['profile'])) {
if (isset($down_systems[Util::uuid_format($avc_data['system_id'])])) {
$down_sensors[$avc_data['sensor_id']] = 1;
} else {
$up_sensors[$avc_data['sensor_id']] = 1;
}
}
}
}
$up = count($up_sensors);
$down = count($down_sensors);
$total = $up + $down;
return array($total, $up, $down);
}
<tr><td class="nobborder">· <i><?php
echo _("Empty selection means ANY sensor");
?>
</i></td></tr>
<tr><td class="nobborder" id="sensor_msg" style="color:red"></td></tr>
<tr>
<td class="nobborder">
<div id='ms_body'>
<select id="sensorselect" class="multiselect_sensor" multiple="multiple" name="sensorselect[]" style="display:none;width:600px;height:300px">
<?php
$sensor_list = $rule->sensor;
$_list_data = Av_sensor::get_list($conn);
$s_list = $_list_data[0];
foreach ($s_list as $s_id => $s) {
$sensor_name = $s['name'];
$sensor_id = Util::uuid_format($s_id);
$sensor_entities_arr = $s['ctx'];
$sensor_entities = "";
foreach ($sensor_entities_arr as $e_id => $e_name) {
$sensor_entities .= " {$e_id}";
}
if ($sensor_list != "ANY" && $sensor_list != "" && in_array($sensor_id, preg_split('/,/', $sensor_list))) {
echo "<option value='{$sensor_id}' ctx='{$sensor_entities}' selected='selected'>{$sensor_name}</option>\n";
} else {
echo "<option value='{$sensor_id}' ctx='{$sensor_entities}'>{$sensor_name}</option>\n";
}
}
?>
</select>
</div>
</td>
$active_plugins = Plugin::get_plugins_by_assets();
} catch (Exception $e) {
$total = 0;
Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage());
}
if ($total > 0) {
try {
$vendors = Software::get_hardware_vendors();
} catch (Exception $e) {
$vendors = array();
Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage());
}
$device_list = array();
foreach ($hosts as $asset_id => $host) {
$plugin_list = array();
$asset_id_canonical = Util::uuid_format($asset_id);
if (count($active_plugins[$asset_id_canonical]) < 1) {
$plugin_list[$asset_id][] = array('vendor' => '', 'model' => '', 'version' => '', 'model_list' => array(), 'version_list' => array());
} else {
foreach ($active_plugins[$asset_id_canonical] as $pdata) {
$models = array();
$versions = array();
if ($pdata['vendor'] != '') {
try {
$models = Software::get_models_by_vendor($pdata['vendor']);
} catch (Exception $e) {
Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage());
}
}
if ($pdata['model'] != '') {
try {
//Alarm Attack Pattern
$attack_pattern = _(is_promiscous(count($src['ip']), count($dst['ip']), $_home_src['is_internal'], $_home_dst['is_internal']));
//Getting the tags
$_tags = Tag::get_tags_by_component($conn, $backlog_id);
$tag_list = array();
foreach ($_tags as $tag_id => $tag) {
$tag_list[$tag_id] = array('id' => $tag_id, 'name' => $tag->get_name(), 'class' => $tag->get_class());
}
//Alarm Status
if ($alarm->get_removable() === 0) {
$status = 'correlating';
} else {
$status = $alarm->get_status();
}
//Alarm JSON Info
$alarm = array('backlog_id' => $backlog_id, 'plugin_id' => $alarm->get_plugin_id(), 'plugin_sid' => $alarm->get_plugin_sid(), 'event_id' => $alarm->get_event_id(), 'engine' => Util::uuid_format($alarm->get_ctx()), 'agent_ctx' => $event_info["agent_ctx"], 'sid_name' => $alarm_name['name'], 'status' => $status, 'risk' => $alarm->get_risk(), 'attack_pattern' => $attack_pattern, 'created' => $alarm_life, 'duration' => $alarm_time, 'events' => $event_number, 'otx_icon' => $alarm->get_otx_icon(), 'iocs' => $alarm->get_iocs($conn, TRUE), 'event_start' => $alarm->get_since(), 'event_end' => $alarm->get_last(), 'src_ips' => $alarm->get_src_ip(), 'dst_ips' => $alarm->get_dst_ip(), 'src_ports' => $alarm->get_src_port(), 'dst_ports' => $alarm->get_dst_port(), 'sources' => $src['ip'], 'destinations' => $dst['ip'], 'tags' => $tag_list, 'taxonomy' => array('id' => $alarm_name['id'], 'kingdom' => $alarm_name['kingdom'], 'category' => $alarm_name['category'], 'subcategory' => $alarm_name['subcategory']));
//Alarm Perms
$perms = array('admin' => Session::am_i_admin(), 'pro' => Session::is_pro());
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title><?php
echo _('AlienVault ' . (Session::is_pro() ? 'USM' : 'OSSIM'));
?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<meta http-equiv="Pragma" content="no-cache"/>
<?php
//CSS Files
echo json_encode($response);
exit;
}
$db = new ossim_db();
$conn = $db->connect();
// Get plugins by asset using Alienvault API
$total = 0;
$data = array();
$plugins = array();
try {
$sensors = Asset_host_sensors::get_sensors_by_id($conn, $asset_id);
//Show column 'Sensor' when there are two sensors or more
$num_sensors = count($sensors);
$client = new Alienvault_client();
foreach ($sensors as $sensor_id => $s_data) {
$plugins = $client->sensor(Util::uuid_format($sensor_id))->get_plugins_by_assets();
$plugins = @json_decode($plugins, TRUE);
if ($plugins['status'] == 'success') {
if (array_key_exists($asset_id, $plugins['data']['plugins'])) {
$plugins = $plugins['data']['plugins'][$asset_id];
foreach ($plugins as $plugin_name => $pdata) {
$total++;
if (!empty($search_str)) {
$aux_search_str = '/' . strtolower($search_str) . '/';
$aux_cpe = strtolower($pdata['cpe']);
if (!preg_match($aux_search_str, $aux_cpe)) {
continue;
}
}
$vmv = Software::get_vmv_by_cpe($conn, $pdata['cpe']);
if (!empty($s_data)) {
}
// Database Object
$db = new ossim_db();
$conn = $db->connect();
//Getting the vendors
try {
$vendors = Software::get_hardware_vendors($conn, TRUE);
} catch (Exception $e) {
$vendors = array();
Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage());
}
$plugin_list = array();
try {
$related_sensors = Asset_host_sensors::get_sensors_by_id($conn, $asset_id);
$selected_sensor = $sensor_id != '' ? $sensor_id : key($related_sensors);
$active_plugins = Plugin::get_plugins_by_device(Util::uuid_format($selected_sensor));
$asset_plugins = is_array($active_plugins[$asset_id]) ? $active_plugins[$asset_id] : array();
foreach ($asset_plugins as $pdata) {
$model_list = array();
$version_list = array();
list($vendor, $model, $version) = Plugin::translate_cpe_to_software($pdata['cpe']);
if ($vendor != '') {
try {
$model_list = Software::get_models_by_cpe($conn, $vendor, TRUE);
} catch (Exception $e) {
Av_exception::write_log(Av_exception::USER_ERROR, $e->getMessage());
}
}
if ($model != '') {
try {
$version_list = Software::get_versions_by_cpe($conn, $model, TRUE);
/**
* @param object $conn DataBase access object
*
* @return array
*/
function calc_sensors_status($conn)
{
// Get component list
$avc_list = Av_center::get_avc_list($conn);
$total = count($avc_list['data']);
$up = $total;
$down = 0;
// Get notifications list
$filters = array('level' => 'notification', 'message_id' => 11);
$pagination = array('page' => 1, 'page_rows' => $total);
$status = new System_status();
list($notification_list, $total_notifications) = $status->get_status_messages($filters, $pagination);
if ($total_notifications > 0) {
$notification_components = array();
foreach ($notification_list as $notification) {
$notification_components[$notification['component_id']] = 1;
}
foreach ($avc_list['data'] as $avc_data) {
if (preg_match('/sensor/i', $avc_data['profile'])) {
if (isset($notification_components[Util::uuid_format($avc_data['system_id'])])) {
$down++;
$up--;
}
}
}
}
return array($total, $up, $down);
}
function delete_engine($conn, $data)
{
$id = $data['engine'];
ossim_valid($id, OSS_HEX, 'illegal:' . _('Engine ID'));
if (ossim_error()) {
$info_error = _('Error') . ': ' . ossim_get_error();
ossim_clean_error();
$return['error'] = TRUE;
$return['msg'] = $info_error;
return $return;
}
if ($id == Session::get_default_engine($conn)) {
$return['error'] = TRUE;
$return['msg'] = _('It is not allowed to delete the default engine');
return $return;
}
$contexts = Acl::get_contexts_by_engine($conn, $id);
if (count($contexts) > 0) {
$return['error'] = TRUE;
$return['msg'] = _('There are contexts asociated to this engine. You are not allowed to delete this engine');
return $return;
}
Acl::delete_entities($conn, $id);
Alarm::delete_from_taxonomy($conn, $id);
$id = Util::uuid_format($id);
if (is_dir(_MAIN_PATH . "/{$id}")) {
Directive_editor::remove_engine($id);
}
Web_indicator::set_on('Reload_servers');
$return['error'] = FALSE;
$return['data'] = '';
return $return;
}
if(typeof url == 'string' && url !='')
{
if(url.match(/wizard_directive/) && typeof params == 'object')
{
//We have edited a directive. Reload is necessary to show the changes.
if(params['edited'] == true)
{
document.location.reload();
}
else if(params['reload'] == true) //If we have created a new directive, we go to directive editor
{
var url = '<?php
echo $new_direct_link;
?>
&engine_id=<?php
echo Util::uuid_format($engine);
?>
&toggled=&toggled_dir='+ params['directive'] +'&msg_success=1';
document.location.href = GB_makeurl(url);
}
}
else if(url.match(/newincident/))
{
document.location.href="../incidents/index.php?m_opt=analysis&sm_opt=tickets&h_opt=tickets"
}
}
}
function show_events()
{
</div>
</div>
<!-- Suggestions -->
<div class='suggestions_header sec_title'><?php
echo _('Suggestions');
?>
</div>
<div class='suggestions_content'>
<?php
$message = _("Currently no suggestions");
try {
$status = new System_status();
$filters = array('component_id' => Util::uuid_format($id), 'level' => 'info,warning,error', 'order_by' => $order, 'order_desc' => 'desc');
list($message_list, $total) = $status->get_status_messages($filters);
} catch (Exception $e) {
$total = 0;
$message_list = array();
$message = $e->getMessage();
}
if (!$total) {
?>
<div class="no_suggestions"><?php
echo $message;
?>
</div>
<?php
} else {
$i = 0;