$data = SIEM_trends_week(); $max = 7; for ($i = $max - 1; $i >= 0; $i--) { $d = gmdate("j M", $timetz - 86400 * $i); $hours[] = $d; $trend[] = $data[$d] != "" ? $data[$d] : 0; } /*foreach ($data as $h => $v) { $hours[] = $h; $trend[] = ($v!="") ? $v : 0; } $max = count($hours);*/ $siem_url = "../forensics/base_qry_main.php?clear_allcriteria=1&time_range=day&time[0][0]=+&time[0][1]=>%3D&time[0][2]=MM&time[0][3]=DD&time[0][4]=" . gmdate("Y", $timetz) . "&time[0][5]=00&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=MM&time[1][3]=DD&time[1][4]=" . gmdate("Y", $timetz) . "&time[1][5]=23&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d&hmenu=Forensics&smenu=Forensics"; } elseif (GET("type") == "hids") { $js = "analytics"; list($data, $plugins) = SIEM_trends_week("ossec%"); $max = 7; for ($i = $max - 1; $i >= 0; $i--) { $d = gmdate("j M", $timetz - 86400 * $i); $hours[] = $d; $trend[] = $data[$d] != "" ? $data[$d] : 0; } /*foreach ($data as $h => $v) { $hours[] = $h; $trend[] = ($v!="") ? $v : 0; } $max = count($hours);*/ $siem_url = "../forensics/base_qry_main.php?clear_allcriteria=1&time_range=day&time[0][0]=+&time[0][1]=>%3D&time[0][2]=MM&time[0][3]=DD&time[0][4]=" . gmdate("Y", $timetz) . "&time[0][5]=00&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=MM&time[1][3]=DD&time[1][4]=" . gmdate("Y", $timetz) . "&time[1][5]=23&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d&hmenu=Forensics&smenu=Forensics&plugin=" . $plugins; } else { $js = "analytics_duo"; $data = SIEM_trends();
$links[] = "'{$link}'"; $rg->MoveNext(); } } $colors = get_widget_colors(count($data)); $serie = _('Events'); //Message in case of empty widget. $nodata_text = "No data available yet"; break; case 'trend': //Amount of days to show in the widget. $max = $chart_info['range'] == '' ? 7 : $chart_info['range']; //Type of graph. In this case is the simple raphael. $js = "analytics"; //Retrieving the data of the widget $values = SIEM_trends_week("taxonomy=honeypot", $max, $assets_filters); //Formating the info into a generinf format valid for the handler. for ($i = $max - 1; $i >= 0; $i--) { $d = gmdate("j M", $timetz - 86400 * $i); $label[] = $d; $data[] = $values[$d] != "" ? $values[$d] : 0; $link = "/forensics/base_qry_main.php?clear_allcriteria=1&category[0]=19&time_range=day&time[0][0]= &time[0][1]=>=&time[0][2]=MM&time[0][3]=ZZ&time[0][4]=" . gmdate("Y", $timetz) . "&time[0][5]=00&time[0][6]=00&time[0][7]=00&time[0][8]= &time[0][9]=AND&time[1][0]= &time[1][1]=<=&time[1][2]=MM&time[1][3]=ZZ&time[1][4]=" . gmdate("Y", $timetz) . "&time[1][5]=23&time[1][6]=59&time[1][7]=59&time[1][8]= &time[1][9]= &submit=Query DB&num_result_rows=-1&time_cnt=2&sort_order=time_d&hmenu=Forensics&smenu=Forensics"; $link = Menu::get_menu_url($link, 'analysis', 'security_events'); $links[] = "'{$link}'"; } //Widget's links $siem_url = $links[0]; $colors = "'#854F61'"; //Message in case of empty widget. $nodata_text = "No data available yet"; break;
$key = preg_replace('/^0/', '', gmdate("H", $tref) . 'h'); $links[$key] = $link; } //Widget's links $siem_url = $links; $colors = "'#444444'"; //Message in case of empty widget. $nodata_text = "No data available yet"; break; case 'siemdays': //Amount of days to show in the widget. $max = $chart_info['range'] == '' ? 7 : $chart_info['range']; //Type of graph. In this case is the simple raphael. $js = "analytics"; //Retrieving the data of the widget $values = SIEM_trends_week("", $max, $assets_filters); //Formating the info into a generinf format valid for the handler. for ($i = $max - 1; $i >= 0; $i--) { $tref = $timetz - 86400 * $i; $d = gmdate("j M", $tref); $label[] = $d; $key = $d; $data[] = $values[$d] != "" ? $values[$d] : 0; $link = Menu::get_menu_url("/ossim/forensics/base_qry_main.php?clear_allcriteria=1&time_range=range&time[0][0]=+&time[0][1]=>%3D&time[0][2]=" . gmdate("m", $tref) . "&time[0][3]=" . gmdate("d", $tref) . "&time[0][4]=" . gmdate("Y", $tref) . "&time[0][5]=00&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=" . gmdate("m", $tref) . "&time[1][3]=" . gmdate("d", $tref) . "&time[1][4]=" . gmdate("Y", $tref) . "&time[1][5]=23&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d&hmenu=Forensics&smenu=Forensics", 'analysis', 'security_events'); $links[$key] = $link; } //Widget's links $siem_url = $links; $colors = "'#444444'"; //Message in case of empty widget. $nodata_text = "No data available yet";
$trend[] = $data[$d] != '' ? $data[$d] : 0; } $f_url = "../forensics/base_qry_main.php?clear_allcriteria=1&time_range=range&time[0][0]=+&time[0][1]=>%3D&time[0][2]=MM&time[0][3]=ZZ&time[0][4]=" . gmdate("Y", $timetz) . "&time[0][5]=00&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=MM&time[1][3]=ZZ&time[1][4]=" . gmdate("Y", $timetz) . "&time[1][5]=23&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d"; } elseif (GET('type') == 'hids') { $js = 'analytics'; list($data, $plugins) = SIEM_trends_week("ossec%"); $max = 7; for ($i = $max - 1; $i >= 0; $i--) { $d = gmdate('j M', $timetz - 86400 * $i); $hours[] = $d; $trend[] = $data[$d] != "" ? $data[$d] : 0; } $f_url = "../forensics/base_qry_main.php?clear_allcriteria=1&time_range=range&time[0][0]=+&time[0][1]=>%3D&time[0][2]=MM&time[0][3]=ZZ&time[0][4]=" . gmdate("Y", $timetz) . "&time[0][5]=00&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=MM&time[1][3]=ZZ&time[1][4]=" . gmdate("Y", $timetz) . "&time[1][5]=23&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d&plugin=" . $plugins; } elseif (GET('type') == 'honeypotweek') { $js = 'analytics'; $data = SIEM_trends_week('taxonomy=honeypot'); $max = 7; for ($i = $max - 1; $i >= 0; $i--) { $d = gmdate('j M', $timetz - 86400 * $i); $hours[] = $d; $trend[] = $data[$d] != "" ? $data[$d] : 0; } $f_url = "../forensics/base_qry_main.php?clear_allcriteria=1&category%5B0%5D=19&time_range=range&time[0][0]=+&time[0][1]=>%3D&time[0][2]=MM&time[0][3]=ZZ&time[0][4]=" . gmdate("Y", $timetz) . "&time[0][5]=00&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=MM&time[1][3]=ZZ&time[1][4]=" . gmdate("Y", $timetz) . "&time[1][5]=23&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d"; } else { $js = 'analytics_duo'; $data = SIEM_trends(); $data2 = $prodemo ? Logger_trends() : array(); for ($i = $max - 1; $i >= 0; $i--) { $h = gmdate('j G', $timetz - 3600 * $i) . 'h'; $hours[] = preg_replace("/^\\d+ /", '', $h); $trend[] = $data[$h] != '' ? $data[$h] : 0;