function ip_max_occurrences($target, $date_from, $date_to)
{
global $NUM_HOSTS;
global $security_report;
global $report_type;
global $geoloc;
/* ossim framework conf */
$conf = $GLOBALS['CONF'];
$report_graph_type = $conf->get_conf('report_graph_type');
if (!strcmp($target, "ip_src")) {
if ($report_type == "alarm") {
$target = "src_ip";
}
$title = _("Attacker hosts");
} elseif (!strcmp($target, "ip_dst")) {
if ($report_type == "alarm") {
$target = "dst_ip";
}
$title = _("Attacked hosts");
}
$list = $security_report->AttackHost($target, $NUM_HOSTS, $report_type, $date_from, $date_to);
if (!is_array($list) || empty($list)) {
return 0;
}
?>
<table class='t_alarms'>
<thead>
<tr><td colspan='2' class="headerpr"><?php
echo _("Top");
echo " {$NUM_HOSTS} {$title}";
?>
</td></tr>
</thead>
<tbody>
<tr>
<td class='td_container'>
<table class="table_data">
<thead>
<tr>
<th> <?php
echo _("Host");
?>
</th>
<th> <?php
echo _("Occurrences");
?>
</th>
</tr>
</thead>
<tbody>
<?php
foreach ($list as $l) {
$ip = $l[0];
$occurrences = number_format($l[1], 0, ",", ".");
$id = $l[2];
$ctx = $l[3];
$host_output = Asset_host::get_extended_name($security_report->ossim_conn, $geoloc, $ip, $ctx, $id);
$hostname = $host_output['name'];
$icon = $host_output['html_icon'];
$os = valid_hex32($id) ? Asset_host_properties::get_os_by_host($security_report->ossim_conn, $id) : "";
$os_pixmap = preg_match("/unknown/", $os) ? '' : $os;
$bold = $host_output['is_internal'];
?>
<tr>
<td class='td_data <?php
if ($bold) {
echo 'bold';
}
?>
'>
<?php
echo $icon . ' ' . $hostname . ' ' . $os_pixmap;
?>
</td>
<td class='td_data'><?php
echo $occurrences;
?>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</td>
<td class='td_container'>
<?php
if ($report_graph_type == "applets") {
jgraph_attack_graph($target, $NUM_HOSTS);
} else {
?>
<img src="graphs/attack_graph.php?target=<?php
echo $target;
?>
&hosts=<?php
echo $NUM_HOSTS;
?>
&type=<?php
echo $report_type;
?>
&date_from=<?php
echo urlencode($date_from);
?>
&date_to=<?php
echo urlencode($date_to);
?>
" alt="attack_graph"/>
<?php
}
?>
</td>
</tr>
</tbody>
</table>
<?php
return 1;
}
<table style="width:80mm; padding-top: 10px; padding-bottom: 10px;">
<tr>
<th>' . gettext("Host") . '</th>
<th class="center">' . gettext("Occurrences") . '</th>
</tr>');
$c = 0;
$shared_file = $dDB["_shared"]->dbfile();
$dDB["_shared"]->put("SS_AttackedHost" . $runorder, $list);
$font_size = getFontSizeSIEM($list);
foreach ($list as $l) {
$ip = $l[0];
$occurrences = number_format($l[1], 0, ",", ".");
$host_id = $l[2];
$ctx = $l[3] != '' ? $l[3] : Session::get_default_ctx();
$host_output = Asset_host::get_extended_name($security_report->ossim_conn, $geoloc, $ip, $ctx, $host_id);
$os_pixmap = $host_id != "" ? Asset_host_properties::get_os_by_host($security_report->ossim_conn, $host_id) : "";
$hostname = $host_id != "" ? $host_output['name'] : $ip;
$icon = $host_output['html_icon'];
$link = "{$acid_link}/" . $acid_prefix . "_stat_alerts.php?&" . "num_result_rows=-1&" . "submit=Query+DB&" . "current_view=-1&" . "ip_addr[0][1]={$target}&" . "ip_addr[0][2]==&" . "ip_addr[0][3]={$ip}&" . "ip_addr_cnt=1&" . "sort_order=time_d";
$bc = $c++ % 2 != 0 ? "class='par'" : "";
$htmlPdfReport->set('
<tr ' . $bc . '>
<td style="width:55mm;font-size:' . $font_size . 'px">' . $icon . ' ' . Util::wordwrap($hostname, 21, " ", true) . ' ' . $os_pixmap . '</td>
<td style="width:22mm;text-align:center;font-size:' . $font_size . 'px">' . $occurrences . '</td>
</tr>');
}
$htmlPdfReport->set('
</table>
</td>
<td valign="top" style="padding-top:15px; width:98mm;">');
if ($report_graph_type == "applets") {
<!-- C & A levels for each IP -->
<tr>
<td align="center">
<a href="<?php
echo $r_url;
?>
" title="<?php
echo $ip;
?>
"><?php
echo $hostname;
?>
</a>
<?php
echo Asset_host_properties::get_os_by_host($conn, $host_id);
?>
</td>
<td align="center">
<a href="<?php
echo $cp_url;
?>
"> <img src="../pixmaps/graph.gif" border="0"/> </a>
</td>
<td class="left">
<?php
if ($compromise <= $threshold_c) {
?>
<img src="../pixmaps/solid-blue.jpg" height="12" width="<?php
