header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
$id = GET('id');
ossim_valid($id, OSS_DIGIT, 'illegal:' . _("ID"));
if (ossim_error()) {
die(ossim_error());
}
require "base_conf.php";
include_once $BASE_path . "includes/base_db.inc.php";
include_once "{$BASE_path}/includes/base_state_query.inc.php";
include_once "{$BASE_path}/includes/base_state_common.inc.php";
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 1);
$qs = new QueryState();
$sql = "SELECT icon FROM reference_system WHERE ref_system_id={$id}";
$result = $qs->ExecuteOutputQuery($sql, $db);
if ($myrow = $result->baseFetchRow()) {
//echo $myrow[0];
header("Content-type: image/png");
if ($myrow[0] != "") {
$image = imagecreatefromstring($myrow[0]);
} else {
$image = imagecreatefrompng("../forensics/images/server.png");
}
if (imageistruecolor($image)) {
imagealphablending($image, false);
imagesavealpha($image, true);
}
imagepng($image);
**
** Built upon work by Roman Danyliw <*****@*****.**>, <*****@*****.**>
** Built upon work by the BASE Project Team <*****@*****.**>
*/
require "base_conf.php";
include "{$BASE_path}/includes/base_constants.inc.php";
include "{$BASE_path}/includes/base_include.inc.php";
include_once "{$BASE_path}/includes/base_action.inc.php";
include_once "{$BASE_path}/base_db_common.php";
include_once "{$BASE_path}/base_common.php";
include_once "{$BASE_path}/base_qry_common.php";
include_once "{$BASE_path}/base_ag_common.php";
$debug_time_mode >= 1 ? $et = new EventTiming($debug_time_mode) : '';
$cs = new CriteriaState("base_ag_main.php");
$cs->ReadState();
$qs = new QueryState();
$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY));
$ag_action = ImportHTTPVar("ag_action", VAR_ALPHA | VAR_USCORE);
//$ag_id = ImportHTTPVar("ag_id", VAR_DIGIT);
$ag_id = filterSql(ImportHTTPVar("ag_id", VAR_DIGIT));
$ag_name = filterSql(ImportHTTPVar("ag_name"));
$ag_desc = filterSql(ImportHTTPVar("ag_desc"));
// Check role out and redirect if needed -- Kevin
$roleneeded = 10000;
$BUser = new BaseUser();
if ($BUser->hasRole($roleneeded) == 0 && $Use_Auth_System == 1) {
base_header("Location: " . $BASE_urlpath . "/index.php");
}
$page_title = gettext("Event Group (AG) Maintenance");
PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1);
/* Connect to the Alert database */
require "{$BASE_path}/includes/base_include.inc.php";
include_once "{$BASE_path}/base_db_common.php";
include_once "{$BASE_path}/base_qry_common.php";
include_once "{$BASE_path}/base_stat_common.php";
$_SESSION["siem_default_group"] = "base_stat_plugins.php?sort_order=occur_d";
$debug_time_mode >= 1 ? $et = new EventTiming($debug_time_mode) : '';
$cs = new CriteriaState("base_stat_plugins.php");
$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY));
$export = intval(ImportHTTPVar("export", VAR_DIGIT));
// Called from report_launcher.php
$cs->ReadState();
// Check role out and redirect if needed -- Kevin
$roleneeded = 10000;
#$BUser = new BaseUser();
#if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php");
$qs = new QueryState();
$qs->AddCannedQuery("most_frequent", $freq_num_alerts, gettext("Most Frequent Events"), "occur_d");
$qs->AddCannedQuery("last_alerts", $last_num_ualerts, gettext("Last Events"), "last_d");
$qs->MoveView($submit);
/* increment the view if necessary */
$page_title = gettext("Event Listing");
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1);
if ($event_cache_auto_update == 1) {
UpdateAlertCache($db);
}
$criteria_clauses = ProcessCriteria();
// Include base_header.php
if ($qs->isCannedQuery()) {
PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1);
Session::logcheck("analysis-menu", "EventsForensics");
if (!Session::am_i_admin()) {
echo ossim_error(_("You don't have permission to see this page"));
exit;
}
$db = new ossim_db();
$conn = $db->connect();
$plugin_list = Plugin::get_list($conn, "ORDER BY name", 0);
require 'base_conf.php';
include_once $BASE_path . "includes/base_db.inc.php";
include_once "{$BASE_path}/includes/base_state_query.inc.php";
include_once "{$BASE_path}/includes/base_state_common.inc.php";
/* Connect to the Alert database */
$db_snort = NewBASEDBConnection($DBlib_path, $DBtype);
$db_snort->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 1);
$qs = new QueryState();
$newref = GET('newref');
$delete = GET('deleteref');
$error_msg = null;
if ($newref != "") {
ossim_valid($newref, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("New Reference"));
if (!ossim_error()) {
$sql = "INSERT INTO reference_system (ref_system_name) VALUES (\"{$newref}\")";
$qs->ExecuteOutputQueryNoCanned($sql, $db_snort);
} else {
$error_msg = ossim_get_error();
ossim_clean_error();
}
}
if (preg_match("/^\\d+\$/", $delete)) {
ossim_valid($delete, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Reference ID"));
* Need to import $submit and set the $QUERY_STRING early to support
* the back button. Otherwise, the value of $submit will not be passed
* to the history.
*/
/* This call can include "#xx-(xx-xx)" values and "submit" values. */
$submit = ImportHTTPVar("submit", VAR_DIGIT | VAR_PUNC | VAR_LETTER, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY));
//if(preg_match("/^#0(-\(\d+-\d+\))$/", $submit, $matches)){
//$submit = "#1" . $matches[1];
//}
$sort_order = ImportHTTPVar("sort_order", VAR_LETTER | VAR_USCORE);
$_SERVER["QUERY_STRING"] = "submit=" . rawurlencode($submit);
//unset($_GET["sort_order"]);
$et = new EventTiming($debug_time_mode);
$cs = new CriteriaState("base_qry_main.php", "&new=1&submit=" . gettext("Query+DB"));
$cs->ReadState();
$qs = new QueryState();
$page_title = gettext("Event");
PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1);
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
if (!array_key_exists("minimal_view", $_GET)) {
PrintCriteria("");
}
$criteria_clauses = ProcessCriteria();
$from = " FROM acid_event " . $criteria_clauses[0];
$where = " WHERE " . $criteria_clauses[1];
// Payload special case
//if (preg_match("/data_payload/", $criteria_clauses[1])) {
// $where = ",extra_data WHERE acid_event.sid = extra_data.sid AND acid_event.cid=extra_data.cid AND " . $criteria_clauses[1];
//}
** (see the file 'base_main.php' for license details)
**
** Built upon work by Roman Danyliw <*****@*****.**>, <*****@*****.**>
** Built upon work by the BASE Project Team <*****@*****.**>
*/
require "base_conf.php";
require "vars_session.php";
require_once 'classes/Util.inc';
require "{$BASE_path}/includes/base_constants.inc.php";
require "{$BASE_path}/includes/base_include.inc.php";
include_once "{$BASE_path}/base_db_common.php";
include_once "{$BASE_path}/base_qry_common.php";
include_once "{$BASE_path}/base_stat_common.php";
if ($_SESSION['_siem_sensor_query'] == "") {
echo "-##-##-";
die;
}
$device_id = ImportHTTPVar("id", VAR_DIGIT);
$sql = str_replace("DEVICEID", $device_id, $_SESSION['_siem_sensor_query']);
session_write_close();
$qs = new QueryState();
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
$rs = $qs->ExecuteOutputQueryNoCanned($sql, $db);
if ($row = $rs->baseFetchRow()) {
$unique_addrs = BuildUniqueAlertLink("?sensor=" . urlencode($device_id)) . Util::number_format_locale($row[0], 0) . '</A>';
$src_addrs = BuildUniqueAddressLink(1, "&sensor=" . urlencode($device_id)) . Util::number_format_locale($row[1], 0) . '</A>';
$dst_addrs = BuildUniqueAddressLink(2, "&sensor=" . urlencode($device_id)) . Util::number_format_locale($row[2], 0) . '</A>';
}
$rs->baseFreeRows();
echo "{$unique_addrs}##{$src_addrs}##{$dst_addrs}";
require "vars_session.php";
require "{$BASE_path}/includes/base_constants.inc.php";
require "{$BASE_path}/includes/base_include.inc.php";
include_once "{$BASE_path}/base_db_common.php";
include_once "{$BASE_path}/base_qry_common.php";
include_once "{$BASE_path}/base_stat_common.php";
$_SESSION["siem_default_group"] = "base_stat_ptypes.php?sort_order=occur_d";
$debug_time_mode >= 1 ? $et = new EventTiming($debug_time_mode) : '';
$cs = new CriteriaState("base_stat_ptypes.php");
$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY));
$cs->ReadState();
// Check role out and redirect if needed -- Kevin
$roleneeded = 10000;
#$BUser = new BaseUser();
#if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php");
$qs = new QueryState();
$qs->AddCannedQuery("most_frequent", $freq_num_alerts, gettext("Most Frequent Events"), "occur_d");
$qs->AddCannedQuery("last_alerts", $last_num_ualerts, gettext("Last Events"), "last_d");
$qs->MoveView($submit);
/* increment the view if necessary */
$page_title = gettext("Event Listing");
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1);
if ($event_cache_auto_update == 1) {
UpdateAlertCache($db);
}
$criteria_clauses = ProcessCriteria();
// Include base_header.php
if ($qs->isCannedQuery()) {
PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1);
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
****************************************************************************/
require_once 'classes/Security.inc';
include "base_conf.php";
include_once $BASE_path . "includes/base_db.inc.php";
include_once "{$BASE_path}/includes/base_state_query.inc.php";
include_once "{$BASE_path}/includes/base_state_common.inc.php";
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
$qs = new QueryState();
$msg_error = null;
$show_form = false;
if (isset($_POST['send']) && !empty($_POST['send'])) {
$id = POST('id');
$name = POST('name');
$url = POST('url');
ossim_valid($id, OSS_DIGIT, 'illegal:' . _("Id"));
ossim_valid($name, OSS_DIGIT, OSS_ALPHA, OSS_SPACE, OSS_NULLABLE, 'illegal:' . _("Name"));
ossim_valid($url, OSS_ALPHA, OSS_DIGIT, OSS_URL, OSS_PUNC, '%', OSS_NULLABLE, 'illegal:' . _("Url"));
if (ossim_error()) {
die(ossim_error());
}
if ($name != "") {
$icon = "";
if (is_uploaded_file($HTTP_POST_FILES['icon']['tmp_name'])) {
** (see the file 'base_main.php' for license details)
**
** Built upon work by Roman Danyliw <*****@*****.**>, <*****@*****.**>
** Built upon work by the BASE Project Team <*****@*****.**>
*/
include "base_conf.php";
include "vars_session.php";
include "{$BASE_path}/includes/base_constants.inc.php";
include "{$BASE_path}/includes/base_include.inc.php";
include_once "{$BASE_path}/base_db_common.php";
include_once "{$BASE_path}/base_qry_common.php";
include_once "{$BASE_path}/base_stat_common.php";
$et = new EventTiming($debug_time_mode);
$cs = new CriteriaState("base_stat_class.php");
$cs->ReadState();
$qs = new QueryState();
// Check role out and redirect if needed -- Kevin
$roleneeded = 10000;
$BUser = new BaseUser();
if ($BUser->hasRole($roleneeded) == 0 && $Use_Auth_System == 1) {
base_header("Location: " . $BASE_urlpath . "/index.php");
}
$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY));
$qs->MoveView($submit);
/* increment the view if necessary */
$page_title = gettext("Classification");
if ($qs->isCannedQuery()) {
PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1);
} else {
PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1);
}
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1);
$cs = new CriteriaState("base_stat_uidm.php", "&addr_type={$addr_type}");
$cs->ReadState();
/* Dump some debugging information on the shared state */
// if ($debug_mode > 0) {
// PrintCriteriaState();
// }
//print_r($_SESSION['ip_addr']);
if (!in_array($addr_type, array("userdomain", "username", "hostname", "domain"))) {
$addr_type = "userdomain";
}
$type_name = ucfirst(str_replace("userdomain", "user@domain", $addr_type)) . "s";
$page_title = _("Unique") . " " . _($type_name);
$qs = new QueryState();
$qs->AddCannedQuery("most_frequent", $freq_num_uaddr, gettext("Most Frequent") . " " . _($type_name), "occur_d");
$qs->MoveView($submit);
/* increment the view if necessary */
if ($event_cache_auto_update == 1) {
UpdateAlertCache($db);
}
$criteria_clauses = ProcessCriteria();
// Include base_header.php
if ($qs->isCannedQuery()) {
PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1);
} else {
PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1);
}
$criteria = $criteria_clauses[0] . " " . $criteria_clauses[1];
if (preg_match("/user|domain/i", $addr_type)) {
require "{$BASE_path}/includes/base_constants.inc.php";
require "{$BASE_path}/includes/base_include.inc.php";
include_once "{$BASE_path}/base_db_common.php";
include_once "{$BASE_path}/base_qry_common.php";
include_once "{$BASE_path}/base_stat_common.php";
if ($_SESSION['siem_current_query_graph'] == "" || $_SESSION['siem_alerts_query'] == "") {
echo "-##-##-";
die;
}
$tz = Util::get_timezone();
$plugin_id = ImportHTTPVar("id", VAR_DIGIT);
$plugin_sid = ImportHTTPVar("sid", VAR_DIGIT);
$sqlgraph = str_replace("PLUGINSID", $plugin_sid, str_replace("PLUGINID", $plugin_id, $_SESSION['siem_current_query_graph']));
$sql = str_replace("PLUGINSID", $plugin_sid, str_replace("PLUGINID", $plugin_id, $_SESSION['siem_alerts_query']));
session_write_close();
$qs = new QueryState();
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
$rs = $qs->ExecuteOutputQuery($sql, $db);
if ($row = $rs->baseFetchRow()) {
$addr_link = '&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($plugin_id . ";" . $plugin_sid);
$src_addrs = BuildUniqueAddressLink(1, $addr_link) . $row[0] . '</A>';
$dst_addrs = BuildUniqueAddressLink(2, $addr_link) . $row[1] . '</A>';
$last = get_utc_unixtime($db, $row[2]);
}
$rs->baseFreeRows();
if ($tz != 0) {
$last = gmdate("Y-m-d H:i:s", $last + 3600 * $tz);
} else {
$last = $row[2];
}
** (see the file 'base_main.php' for license details)
**
** Built upon work by Roman Danyliw <*****@*****.**>, <*****@*****.**>
** Built upon work by the BASE Project Team <*****@*****.**>
*/
require "base_conf.php";
require "vars_session.php";
require_once 'classes/Util.inc';
require "{$BASE_path}/includes/base_constants.inc.php";
require "{$BASE_path}/includes/base_include.inc.php";
include_once "{$BASE_path}/base_db_common.php";
include_once "{$BASE_path}/base_qry_common.php";
include_once "{$BASE_path}/base_stat_common.php";
if ($_SESSION['siem_sensor_query'] == "") {
echo "-##-##-";
die;
}
$device_id = ImportHTTPVar("id", VAR_DIGIT);
$sql = str_replace("DEVICEID", $device_id, $_SESSION['siem_sensor_query']);
session_write_close();
$qs = new QueryState();
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
$rs = $qs->ExecuteOutputQuery($sql, $db);
if ($row = $rs->baseFetchRow()) {
$unique_addrs = BuildUniqueAlertLink("?sensor=" . urlencode($device_id)) . Util::htmlentities($row[0]) . '</A>';
$src_addrs = BuildUniqueAddressLink(1, "&sensor=" . urlencode($device_id)) . Util::htmlentities($row[1]) . '</A>';
$dst_addrs = BuildUniqueAddressLink(2, "&sensor=" . urlencode($device_id)) . Util::htmlentities($row[2]) . '</A>';
}
$rs->baseFreeRows();
echo "{$unique_addrs}##{$src_addrs}##{$dst_addrs}";
require "{$BASE_path}/includes/base_constants.inc.php";
require "{$BASE_path}/includes/base_include.inc.php";
include_once "{$BASE_path}/base_db_common.php";
include_once "{$BASE_path}/base_qry_common.php";
include_once "{$BASE_path}/base_stat_common.php";
if ($_SESSION['_siem_current_query_graph'] == "" || $_SESSION['_siem_ip_query'] == "" || $_SESSION["deletetask"] != "") {
echo "-##-##-";
die;
}
$tz = Util::get_timezone();
$plugin_id = ImportHTTPVar("id", VAR_DIGIT);
$plugin_sid = ImportHTTPVar("sid", VAR_DIGIT);
$sqlgraph = str_replace("PLUGINSID", $plugin_sid, str_replace("PLUGINID", $plugin_id, $_SESSION['_siem_current_query_graph']));
$sqlunique = str_replace("PLUGINSID", $plugin_sid, str_replace("PLUGINID", $plugin_id, $_SESSION['_siem_ip_query']));
session_write_close();
$qs = new QueryState();
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
// Unique
$rs = $qs->ExecuteOutputQueryNoCanned($sqlunique, $db);
if ($row = $rs->baseFetchRow()) {
$last = $tz != 0 ? gmdate("Y-m-d H:i:s", get_utc_unixtime($db, $row[0]) + 3600 * $tz) : get_utc_unixtime($db, $row[0]);
if (preg_match("/_acid_event/", $sqlunique)) {
$last = str_replace(":00:00", "H", $last);
}
}
$rs->baseFreeRows();
//error_log("$sql\n$sqlunique\n$sqlgraph\n",3,"/tmp/graph");
echo "{$last}##";
// Graph
$tr = $_SESSION["time_range"] != "" ? $_SESSION["time_range"] : "all";
/* save the search criteria */
// Solve error when payload is searched cnt = 1
// if ($_GET{"data"} {
// 0
// } {
// 2
// } != "") $cs->criteria['data']->criteria_cnt = 1;
if ($_GET["data"][0][2] != "") {
$cs->criteria['data']->criteria_cnt = 1;
}
$submit = gettext("Query DB");
/* restore the real submit value */
$_POST['submit'] = $submit;
}
$cs->ReadState();
$qs = new QueryState();
$qs->AddCannedQuery("last_tcp", $last_num_alerts, gettext("Last TCP Events"), "time_d");
$qs->AddCannedQuery("last_udp", $last_num_alerts, gettext("Last UDP Events"), "time_d");
$qs->AddCannedQuery("last_icmp", $last_num_alerts, gettext("Last ICMP Events"), "time_d");
$qs->AddCannedQuery("last_any", $last_num_alerts, gettext("Last Events"), "time_d");
$page_title = gettext("Query Results");
if ($qs->isCannedQuery()) {
if (!array_key_exists("minimal_view", $_GET)) {
PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1);
} else {
PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), "", 1);
}
} else {
if (!array_key_exists("minimal_view", $_GET)) {
PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1);
} else {
// Check role out and redirect if needed -- Kevin
$roleneeded = 10000;
#$BUser = new BaseUser();
#if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php");
$et = new EventTiming($debug_time_mode);
// The below three lines were moved from line 87 because of the odd errors some users were having
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1);
$cs = new CriteriaState("base_stat_otx.php", "");
$cs->ReadState();
/* Dump some debugging information on the shared state */
// if ($debug_mode > 0) {
// PrintCriteriaState();
// }
$qs = new QueryState();
if ($event_cache_auto_update == 1) UpdateAlertCache($db);
$criteria_clauses = ProcessCriteria();
// Include base_header.php
if ($qs->isCannedQuery()) PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc() , $page_title . ": " . $qs->GetCurrentCannedQueryDesc() , $cs->GetBackLink() , 1);
else PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink() , 1);
$criteria = $criteria_clauses[0] . " " . $criteria_clauses[1];
if (preg_match("/otx_data/",$criteria))
{
$where = " WHERE " . $criteria_clauses[1];
$from = " FROM acid_event " . $criteria_clauses[0];
}
/* save the search criteria */
// Solve error when payload is searched cnt = 1
// if ($_GET{"data"} {
// 0
// } {
// 2
// } != "") $cs->criteria['data']->criteria_cnt = 1;
if ($_GET["data"][0][2] != "") {
$cs->criteria['data']->criteria_cnt = 1;
}
$submit = gettext("Query DB");
/* restore the real submit value */
$_POST['submit'] = $submit;
}
$cs->ReadState();
$qs = new QueryState();
$qs->AddCannedQuery("last_tcp", $last_num_alerts, gettext("Last TCP Events"), "time_d");
$qs->AddCannedQuery("last_udp", $last_num_alerts, gettext("Last UDP Events"), "time_d");
$qs->AddCannedQuery("last_icmp", $last_num_alerts, gettext("Last ICMP Events"), "time_d");
$qs->AddCannedQuery("last_any", $last_num_alerts, gettext("Last Events"), "time_d");
$page_title = gettext("Query Results");
//$sqlcalls = ($submit == "Query DB" || $submit == gettext("Query DB") || $submit == gettext("Query+DB") || $submit == gettext("Delete Selected") || $submit == gettext("Delete ALL on Screen") || $submit == gettext("Delete Entire Query") || $qs->isCannedQuery() || ($qs->GetCurrentSort() != "" && $qs->GetCurrentSort() != "none" && $_SERVER["QUERY_STRING"]!="new=1")) ? TRUE : FALSE;
//if ($sqlcalls)
//{
$criteria_clauses = ProcessCriteria();
//}
// Include base_header.php
if ($qs->isCannedQuery()) {
if (!array_key_exists("minimal_view", $_GET)) {
PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1);
} else {
$roleneeded = 10000;
$BUser = new BaseUser();
#if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php");
$et = new EventTiming($debug_time_mode);
// The below three lines were moved from line 87 because of the odd errors some users were having
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
$cs = new CriteriaState("base_stat_uaddr.php", "&addr_type={$addr_type}");
$cs->ReadState();
/* Dump some debugging information on the shared state */
if ($debug_mode > 0) {
PrintCriteriaState();
}
//print_r($_SESSION['ip_addr']);
$qs = new QueryState();
$qs->AddCannedQuery("most_frequent", $freq_num_uaddr, gettext("Most Frequent IP addresses"), "occur_d");
$qs->MoveView($submit);
/* increment the view if necessary */
if ($addr_type == SOURCE_IP) {
$page_title = gettext("Unique Source Address(es)");
$results_title = gettext("Src IP address");
$addr_type_name = "ip_src";
} else {
if ($addr_type != DEST_IP) {
ErrorMessage(gettext("CRITERIA ERROR: unknown address type -- assuming Dst address"));
}
$page_title = gettext("Unique Destination Address(es)");
$results_title = gettext("Dst IP address");
$addr_type_name = "ip_dst";
}
for(var i = 0, l = this.length; i < l; i++) {
if(this[i] == p_val) {
return true;
}
}
return false;
}
</script>
</head>
<body>
<center><div id="plotareaglobal" class="plot" style="text-align:center;margin:12px 15px 0px 0px;"></div></center>
<?php
$qs = new QueryState();
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
$sqlgraph = $_SESSION['siem_current_query_graph'];
$tr = $_SESSION["time_range"] != "" ? $_SESSION["time_range"] : "all";
$trdata = array(0, 0, $tr);
if ($tr == "range") {
$desde = strtotime($_SESSION["time"][0][4] . "-" . $_SESSION["time"][0][2] . "-" . $_SESSION["time"][0][3] . ' ' . $_SESSION['time'][0][5] . ':' . $_SESSION['time'][0][6] . ':' . $_SESSION['time'][0][7]);
$hasta = strtotime($_SESSION["time"][1][4] . "-" . $_SESSION["time"][1][2] . "-" . $_SESSION["time"][1][3] . ' ' . $_SESSION['time'][1][5] . ':' . $_SESSION['time'][1][6] . ':' . $_SESSION['time'][1][7]);
$trdata = array($desde, $hasta, "range");
}
list($x, $y, $xticks, $xlabels) = range_graphic($trdata);
if (count($y) > 1) {
//echo "SQLG:$sqlgraph -->";
$res = $qs->ExecuteOutputQueryNoCanned($sqlgraph, $db);
//echo " COUNT:".$res->baseRecordCount()."<br>";
include_once "{$BASE_path}/base_stat_common.php";
$_SESSION["siem_default_group"] = "base_stat_alerts.php?sort_order=occur_d";
if ($_REQUEST['sort_order'] == '') {
$_GET['sort_order'] = 'occur_d';
}
$debug_time_mode >= 1 ? $et = new EventTiming($debug_time_mode) : '';
$cs = new CriteriaState("base_stat_alerts.php");
$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY));
$export = intval(ImportHTTPVar("export", VAR_DIGIT));
// Called from report_launcher.php
$cs->ReadState();
// Check role out and redirect if needed -- Kevin
$roleneeded = 10000;
#$BUser = new BaseUser();
#if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php");
$qs = new QueryState();
$qs->AddCannedQuery("most_frequent", $freq_num_alerts, gettext("Most Frequent Events"), "occur_d");
$qs->AddCannedQuery("last_alerts", $last_num_ualerts, gettext("Last Events"), "last_d");
$qs->MoveView($submit);
/* increment the view if necessary */
$page_title = gettext("Event Listing");
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1);
if ($event_cache_auto_update == 1) {
UpdateAlertCache($db);
}
$criteria_clauses = ProcessCriteria();
// Include base_header.php
if ($qs->isCannedQuery()) {
PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1);
if (!$max) {
$max = 50;
}
$resolution = ImportHTTPVar("resolution", VAR_ALPHA);
if ($resolution == "") {
$resolution = "m";
}
//
$cs->ReadState();
// Check role out and redirect if needed -- Kevin
$roleneeded = 10000;
$BUser = new BaseUser();
if ($BUser->hasRole($roleneeded) == 0 && $Use_Auth_System == 1) {
base_header("Location: " . $BASE_urlpath . "/index.php");
}
$qs = new QueryState();
$qs->AddCannedQuery("most_frequent", $freq_num_alerts, gettext("Most Frequent Events"), "occur_d");
$qs->AddCannedQuery("last_alerts", $last_num_ualerts, gettext("Last Events"), "last_d");
$qs->MoveView($submit);
/* increment the view if necessary */
$page_title = gettext("Event Listing");
if ($qs->isCannedQuery()) {
PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 0);
} else {
PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 0);
}
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
if ($event_cache_auto_update == 1) {
UpdateAlertCache($db);
$BUser = new BaseUser();
if ($BUser->hasRole($roleneeded) == 0 && $Use_Auth_System == 1) {
base_header("Location: " . $BASE_urlpath . "/index.php");
}
$et = new EventTiming($debug_time_mode);
// The below three lines were moved from line 87 because of the odd errors some users were having
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
$cs = new CriteriaState("base_stat_country.php", "&addr_type=1");
$cs->ReadState();
/* Dump some debugging information on the shared state */
if ($debug_mode > 0) {
PrintCriteriaState();
}
$qs = new QueryState();
$qs->AddCannedQuery("most_frequent", $freq_num_uaddr, gettext("Most Frequent IP addresses"), "occur_d");
$qs->MoveView($submit);
/* increment the view if necessary */
if ($addr_type == SOURCE_IP) {
$page_title = gettext("Unique Source Address(es)");
$results_title = gettext("Src IP address");
$addr_type_name = "ip_src";
} else {
if ($addr_type != DEST_IP) {
ErrorMessage(gettext("CRITERIA ERROR: unknown address type -- assuming Dst address"));
}
$page_title = gettext("Unique Destination Address(es)");
$results_title = gettext("Dst IP address");
$addr_type_name = "ip_dst";
}
* the back button. Otherwise, the value of $submit will not be passed
* to the history.
*/
/* This call can include "#xx-(xx-xx)" values and "submit" values. */
$submit = ImportHTTPVar("submit", VAR_DIGIT | VAR_PUNC | VAR_LETTER, array(_("Delete Selected"), _("Delete ALL on Screen"), _ENTIREQUERY));
//if(preg_match("/^#0(-\(\d+-\d+\))$/", $submit, $matches)){
//$submit = "#1" . $matches[1];
//}
$sort_order = ImportHTTPVar("sort_order", VAR_LETTER | VAR_USCORE);
$pag = ImportHTTPVar("pag", VAR_DIGIT);
$_SERVER["QUERY_STRING"] = "submit=" . rawurlencode($submit);
//unset($_GET["sort_order"]);
$et = new EventTiming($debug_time_mode);
$cs = new CriteriaState("base_qry_main.php", "&new=1&submit=" . _("Query DB"));
$cs->ReadState();
$qs = new QueryState();
$page_title = _("Event");
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
if (!array_key_exists("minimal_view", $_GET) && !array_key_exists("noheader", $_GET)) {
PrintCriteria("");
}
$criteria_clauses = ProcessCriteria();
// Include base_header.php
PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1);
$from = " FROM acid_event " . $criteria_clauses[0];
$where = " WHERE " . $criteria_clauses[1];
$qs->AddValidAction("del_alert");
$qs->SetActionSQL($sort_sql[0] . $from . $where);
$et->Mark("Initialization");
require "base_conf.php";
require "vars_session.php";
require "{$BASE_path}/includes/base_constants.inc.php";
require "{$BASE_path}/includes/base_include.inc.php";
include_once "{$BASE_path}/base_db_common.php";
include_once "{$BASE_path}/base_common.php";
include_once "{$BASE_path}/base_stat_common.php";
include_once "{$BASE_path}/base_qry_common.php";
include_once "{$BASE_path}/base_ag_common.php";
include_once "geoip.inc";
$_SESSION["siem_default_group"] = "base_stat_sensor.php?sort_order=occur_d";
$geoloc = new Geolocation("/usr/share/geoip/GeoLiteCity.dat");
$et = new EventTiming($debug_time_mode);
$cs = new CriteriaState("base_stat_sensor.php");
$cs->ReadState();
$qs = new QueryState();
// Check role out and redirect if needed -- Kevin
$roleneeded = 10000;
#$BUser = new BaseUser();
#if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php");
$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY));
$export = intval(ImportHTTPVar("complete", VAR_DIGIT));
// Called from report_launcher.php
$qs->MoveView($submit);
/* increment the view if necessary */
$page_title = gettext("Sensor Listing");
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1);
if ($event_cache_auto_update == 1) {
UpdateAlertCache($db);
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
/* FIXME: OSSIM */
/* This used to break the port filters, have to look deeply on this
maybe changing db_connect_method in base_conf.php */
$port_type = ImportHTTPVar("port_type", VAR_DIGIT);
$proto = ImportHTTPVar("proto", VAR_DIGIT | VAR_PUNC);
$export = intval(ImportHTTPVar("export", VAR_DIGIT));
// Called from report_launcher.php
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1);
$cs = new CriteriaState("base_stat_ports.php", "&port_type={$port_type}&proto={$proto}");
$cs->ReadState();
// Check role out and redirect if needed -- Kevin
$roleneeded = 10000;
$port_proto = "TCP";
$qs = new QueryState();
$qs->AddCannedQuery("most_frequent", $freq_num_uports, gettext("Most Frequent Ports"), "occur_d");
$qs->AddCannedQuery("last_ports", $last_num_uports, gettext("Last Ports"), "last_d");
$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY));
$qs->MoveView($submit);
/* increment the view if necessary */
$page_title = "";
switch ($proto) {
case TCP:
$page_title = gettext("Unique") . " TCP ";
$displaytitle = $port_type == SOURCE_PORT ? gettext("Displaying source tcp ports %d-%d of <b>%s</b> matching your selection.") : gettext("Displaying destination tcp ports %d-%d of <b>%s</b> matching your selection.");
break;
case UDP:
$page_title = gettext("Unique") . " UDP ";
$displaytitle = $port_type == SOURCE_PORT ? gettext("Displaying source udp ports %d-%d of <b>%s</b> matching your selection.") : gettext("Displaying destination udp ports %d-%d of <b>%s</b> matching your selection.");
break;
