function ip_max_occurrences($target, $date_from, $date_to)
{
global $NUM_HOSTS;
global $security_report;
global $report_type;
/* ossim framework conf */
$conf = $GLOBALS["CONF"];
$acid_link = $conf->get_conf("acid_link");
$ossim_link = $conf->get_conf("ossim_link");
$acid_prefix = $conf->get_conf("event_viewer");
$report_graph_type = $conf->get_conf("report_graph_type");
if (!strcmp($target, "ip_src")) {
if ($report_type == "alarm") {
$target = "src_ip";
}
$title = _("Attacker hosts");
} elseif (!strcmp($target, "ip_dst")) {
if ($report_type == "alarm") {
$target = "dst_ip";
}
$title = _("Attacked hosts");
}
$list = $security_report->AttackHost($security_report->ossim_conn, $target, $NUM_HOSTS, $report_type, $date_from, $date_to);
if (count($list) == 0) {
echo "<table align='center' class='nobborder'><tr><td class='nobborder'>" . _("No data available") . "</td></tr></table></body></html>";
exit(0);
}
?>
<table align="center" width="750" cellpadding="0" cellspacing="0" class="noborder">
<tr><td class="headerpr"><?php
echo _("Top");
echo " {$NUM_HOSTS} {$title}";
?>
</td></tr>
</table>
<table align="center" width="750">
<tr><td style="padding-top:15px;" valign="top" class="nobborder">
<table align="center">
<tr>
<th> <?php
echo gettext("Host");
?>
</th>
<th> <?php
echo gettext("Occurrences");
?>
</th>
</tr>
<?php
foreach ($list as $l) {
$ip = $l[0];
$occurrences = number_format($l[1], 0, ",", ".");
$hostname = Host::ip2hostname($security_report->ossim_conn, $ip);
$os_pixmap = Host_os::get_os_pixmap($security_report->ossim_conn, $ip);
if ($report_type == "alarm") {
if ($target == "src_ip") {
$link = "{$ossim_link}/control_panel/alarm_console.php?src_ip=" . $ip;
} elseif ($target == "dst_ip") {
$link = "{$ossim_link}/control_panel/alarm_console.php?dst_ip=" . $ip;
} else {
$link = "{$ossim_link}/control_panel/alarm_console.php?src_ip=" . $ip . "&dst_ip=" . $ip;
}
} else {
$link = "{$acid_link}/" . $acid_prefix . "_stat_alerts.php?&" . "num_result_rows=-1&" . "submit=Query+DB&" . "current_view=-1&" . "ip_addr[0][1]={$target}&" . "ip_addr[0][2]==&" . "ip_addr[0][3]={$ip}&" . "ip_addr_cnt=1&" . "sort_order=time_d";
}
?>
<tr>
<td><div id="<?php
echo $ip;
?>
;<?php
echo $hostname;
?>
" class="HostReportMenu" style="display:inline">
<a title="<?php
echo $ip;
?>
"
href="<?php
echo $link;
?>
"><?php
echo $hostname;
?>
</a></div>
<?php
echo $os_pixmap;
?>
</td>
<td><?php
echo $occurrences;
?>
</td>
</tr>
<?php
}
?>
</table>
</td>
<td valign="top" class="nobborder">
<?php
if ($report_graph_type == "applets") {
jgraph_attack_graph($target, $NUM_HOSTS);
} else {
?>
<img src="graphs/attack_graph.php?target=<?php
echo $target;
?>
&hosts=<?php
echo $NUM_HOSTS;
?>
&type=<?php
echo $report_type;
?>
&date_from=<?php
echo urlencode($date_from);
?>
&date_to=<?php
echo urlencode($date_to);
?>
"
alt="attack_graph"/>
<?php
}
?>
</td>
</tr>
</table>
<?php
}
$ip = $l[0];
$occurrences = number_format($l[1], 0, ",", ".");
$host_id = $l[2];
$ctx = $l[3] != '' ? $l[3] : Session::get_default_ctx();
$host_output = Asset_host::get_extended_name($security_report->ossim_conn, $geoloc, $ip, $ctx, $host_id);
$os_pixmap = $host_id != "" ? Asset_host_properties::get_os_by_host($security_report->ossim_conn, $host_id) : "";
$hostname = $host_id != "" ? $host_output['name'] : $ip;
$icon = $host_output['html_icon'];
$link = "{$acid_link}/" . $acid_prefix . "_stat_alerts.php?&" . "num_result_rows=-1&" . "submit=Query+DB&" . "current_view=-1&" . "ip_addr[0][1]={$target}&" . "ip_addr[0][2]==&" . "ip_addr[0][3]={$ip}&" . "ip_addr_cnt=1&" . "sort_order=time_d";
$bc = $c++ % 2 != 0 ? "class='par'" : "";
$htmlPdfReport->set('
<tr ' . $bc . '>
<td style="width:55mm;font-size:' . $font_size . 'px">' . $icon . ' ' . Util::wordwrap($hostname, 21, " ", true) . ' ' . $os_pixmap . '</td>
<td style="width:22mm;text-align:center;font-size:' . $font_size . 'px">' . $occurrences . '</td>
</tr>');
}
$htmlPdfReport->set('
</table>
</td>
<td valign="top" style="padding-top:15px; width:98mm;">');
if ($report_graph_type == "applets") {
jgraph_attack_graph($target, $num_hosts);
} else {
$htmlPdfReport->set('<img src="' . $htmlPdfReport->newImage('/report/graphs/attack_graph.php?shared=' . urlencode($shared_file) . '&target=' . $target . '&hosts=' . $num_hosts . '&type=' . $report_type . '&date_from=' . urlencode($date_from) . '&date_to=' . urlencode($date_to) . '&runorder=' . $runorder, 'png') . '" />');
}
$htmlPdfReport->set('
</td>
</tr>
</table><br/><br />');
}
$geoloc->close();
function ip_max_occurrences($target, $date_from, $date_to)
{
global $NUM_HOSTS;
global $security_report;
global $report_type;
global $geoloc;
/* ossim framework conf */
$conf = $GLOBALS['CONF'];
$report_graph_type = $conf->get_conf('report_graph_type');
if (!strcmp($target, "ip_src")) {
if ($report_type == "alarm") {
$target = "src_ip";
}
$title = _("Attacker hosts");
} elseif (!strcmp($target, "ip_dst")) {
if ($report_type == "alarm") {
$target = "dst_ip";
}
$title = _("Attacked hosts");
}
$list = $security_report->AttackHost($target, $NUM_HOSTS, $report_type, $date_from, $date_to);
if (!is_array($list) || empty($list)) {
return 0;
}
?>
<table class='t_alarms'>
<thead>
<tr><td colspan='2' class="headerpr"><?php
echo _("Top");
echo " {$NUM_HOSTS} {$title}";
?>
</td></tr>
</thead>
<tbody>
<tr>
<td class='td_container'>
<table class="table_data">
<thead>
<tr>
<th> <?php
echo _("Host");
?>
</th>
<th> <?php
echo _("Occurrences");
?>
</th>
</tr>
</thead>
<tbody>
<?php
foreach ($list as $l) {
$ip = $l[0];
$occurrences = number_format($l[1], 0, ",", ".");
$id = $l[2];
$ctx = $l[3];
$host_output = Asset_host::get_extended_name($security_report->ossim_conn, $geoloc, $ip, $ctx, $id);
$hostname = $host_output['name'];
$icon = $host_output['html_icon'];
$os = valid_hex32($id) ? Asset_host_properties::get_os_by_host($security_report->ossim_conn, $id) : "";
$os_pixmap = preg_match("/unknown/", $os) ? '' : $os;
$bold = $host_output['is_internal'];
?>
<tr>
<td class='td_data <?php
if ($bold) {
echo 'bold';
}
?>
'>
<?php
echo $icon . ' ' . $hostname . ' ' . $os_pixmap;
?>
</td>
<td class='td_data'><?php
echo $occurrences;
?>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</td>
<td class='td_container'>
<?php
if ($report_graph_type == "applets") {
jgraph_attack_graph($target, $NUM_HOSTS);
} else {
?>
<img src="graphs/attack_graph.php?target=<?php
echo $target;
?>
&hosts=<?php
echo $NUM_HOSTS;
?>
&type=<?php
echo $report_type;
?>
&date_from=<?php
echo urlencode($date_from);
?>
&date_to=<?php
echo urlencode($date_to);
?>
" alt="attack_graph"/>
<?php
}
?>
</td>
</tr>
</tbody>
</table>
<?php
return 1;
}
