Ejemplo n.º 1
0
#$BUser = new BaseUser();
#if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php");
$et = new EventTiming($debug_time_mode);
// The below three lines were moved from line 87 because of the odd errors some users were having
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1);
$cs = new CriteriaState("base_stat_country.php", "&addr_type=1");
$cs->ReadState();
/* Dump some debugging information on the shared state */
// if ($debug_mode > 0) {
    // PrintCriteriaState();
// }
$qs = new QueryState();
$qs->AddCannedQuery("most_frequent", $freq_num_uaddr, gettext("Most Frequent IP addresses"), "occur_d");
$qs->MoveView($submit); /* increment the view if necessary */
if ($addr_type == SOURCE_IP) {
    $page_title = gettext("Unique Source Address(es)");
    $results_title = gettext("Src IP address");
    $addr_type_name = "ip_src";
} else {
    if ($addr_type != DEST_IP) ErrorMessage(gettext("CRITERIA ERROR: unknown address type -- assuming Dst address"));
    $page_title = gettext("Unique Destination Address(es)");
    $results_title = gettext("Dst IP address");
    $addr_type_name = "ip_dst";
}

if ($event_cache_auto_update == 1) UpdateAlertCache($db);
$criteria_clauses = ProcessCriteria();

// Include base_header.php
Ejemplo n.º 2
0
include_once "{$BASE_path}/base_ag_common.php";
include_once "geoip.inc";
$_SESSION["siem_default_group"] = "base_stat_sensor.php?sort_order=occur_d";
$geoloc = new Geolocation("/usr/share/geoip/GeoLiteCity.dat");
$et = new EventTiming($debug_time_mode);
$cs = new CriteriaState("base_stat_sensor.php");
$cs->ReadState();
$qs = new QueryState();
// Check role out and redirect if needed -- Kevin
$roleneeded = 10000;
#$BUser = new BaseUser();
#if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php");
$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY));
$export = intval(ImportHTTPVar("complete", VAR_DIGIT));
// Called from report_launcher.php
$qs->MoveView($submit);
/* increment the view if necessary */
$page_title = gettext("Sensor Listing");
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1);
if ($event_cache_auto_update == 1) {
    UpdateAlertCache($db);
}
$criteria_clauses = ProcessCriteria();
// Include base_header.php
PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1);
$mssp = Session::show_entities();
//intval($conf->get_conf("alienvault_mssp", FALSE));
// Use accumulate tables only when timestamp criteria is not hour sensitive
$use_ac = $criteria_clauses[3];
Ejemplo n.º 3
0
if ($event_cache_auto_update == 1) {
    UpdateAlertCache($db);
}
?>
<FORM METHOD="POST" name="PacketForm" id="PacketForm" ACTION="base_qry_main.php" style="margin:0 auto">
<input type='hidden' name="search" value="1" />
<input type="hidden" name="sort_order" value="<?php 
echo $_GET['sort_order'] != "" ? Util::htmlentities($_GET['sort_order']) : Util::htmlentities($_POST['sort_order']);
?>
">
<?php 
/* Dump some debugging information on the shared state */
/* a browsing button was clicked -> increment view */
if (is_numeric($submit) || $pag != '') {
    $pagn = is_numeric($submit) ? $submit : $pag;
    $qs->MoveView($pagn);
    $submit = gettext("Query DB");
}
//echo $submit." ".$qs->isCannedQuery()." ".$qs->GetCurrentSort()." ".$_SERVER["QUERY_STRING"];
/* Run the SQL Query and get results */
//print_r($criteria_clauses);
$from = "FROM acid_event " . $criteria_clauses[0];
$where = "";
if ($criteria_clauses[1] != "") {
    $where = "WHERE " . $criteria_clauses[1];
}
$where = str_replace("::%", ":%:%", $where);
if (preg_match("/^(.*)AND\\s+\\(\\s+timestamp\\s+[^']+'([^']+)'\\s+\\)\\s+AND\\s+\\(\\s+timestamp\\s+[^']+'([^']+)'\\s+\\)(.*)\$/", $where, $matches)) {
    if ($matches[2] != $matches[3]) {
        //print "A";
        $where = $matches[1] . " AND timestamp BETWEEN('" . $matches[2] . "') AND ('" . $matches[3] . "') " . $matches[4];