function ip_max_occurrences($target, $date_from, $date_to) { global $NUM_HOSTS; global $security_report; global $report_type; /* ossim framework conf */ $conf = $GLOBALS["CONF"]; $acid_link = $conf->get_conf("acid_link"); $ossim_link = $conf->get_conf("ossim_link"); $acid_prefix = $conf->get_conf("event_viewer"); $report_graph_type = $conf->get_conf("report_graph_type"); if (!strcmp($target, "ip_src")) { if ($report_type == "alarm") { $target = "src_ip"; } $title = _("Attacker hosts"); } elseif (!strcmp($target, "ip_dst")) { if ($report_type == "alarm") { $target = "dst_ip"; } $title = _("Attacked hosts"); } $list = $security_report->AttackHost($security_report->ossim_conn, $target, $NUM_HOSTS, $report_type, $date_from, $date_to); if (count($list) == 0) { echo "<table align='center' class='nobborder'><tr><td class='nobborder'>" . _("No data available") . "</td></tr></table></body></html>"; exit(0); } ?> <table align="center" width="750" cellpadding="0" cellspacing="0" class="noborder"> <tr><td class="headerpr"><?php echo _("Top"); echo " {$NUM_HOSTS} {$title}"; ?> </td></tr> </table> <table align="center" width="750"> <tr><td style="padding-top:15px;" valign="top" class="nobborder"> <table align="center"> <tr> <th> <?php echo gettext("Host"); ?> </th> <th> <?php echo gettext("Occurrences"); ?> </th> </tr> <?php foreach ($list as $l) { $ip = $l[0]; $occurrences = number_format($l[1], 0, ",", "."); $hostname = Host::ip2hostname($security_report->ossim_conn, $ip); $os_pixmap = Host_os::get_os_pixmap($security_report->ossim_conn, $ip); if ($report_type == "alarm") { if ($target == "src_ip") { $link = "{$ossim_link}/control_panel/alarm_console.php?src_ip=" . $ip; } elseif ($target == "dst_ip") { $link = "{$ossim_link}/control_panel/alarm_console.php?dst_ip=" . $ip; } else { $link = "{$ossim_link}/control_panel/alarm_console.php?src_ip=" . $ip . "&dst_ip=" . $ip; } } else { $link = "{$acid_link}/" . $acid_prefix . "_stat_alerts.php?&" . "num_result_rows=-1&" . "submit=Query+DB&" . "current_view=-1&" . "ip_addr[0][1]={$target}&" . "ip_addr[0][2]==&" . "ip_addr[0][3]={$ip}&" . "ip_addr_cnt=1&" . "sort_order=time_d"; } ?> <tr> <td><div id="<?php echo $ip; ?> ;<?php echo $hostname; ?> " class="HostReportMenu" style="display:inline"> <a title="<?php echo $ip; ?> " href="<?php echo $link; ?> "><?php echo $hostname; ?> </a></div> <?php echo $os_pixmap; ?> </td> <td><?php echo $occurrences; ?> </td> </tr> <?php } ?> </table> </td> <td valign="top" class="nobborder"> <?php if ($report_graph_type == "applets") { jgraph_attack_graph($target, $NUM_HOSTS); } else { ?> <img src="graphs/attack_graph.php?target=<?php echo $target; ?> &hosts=<?php echo $NUM_HOSTS; ?> &type=<?php echo $report_type; ?> &date_from=<?php echo urlencode($date_from); ?> &date_to=<?php echo urlencode($date_to); ?> " alt="attack_graph"/> <?php } ?> </td> </tr> </table> <?php }
$ip = $l[0]; $occurrences = number_format($l[1], 0, ",", "."); $host_id = $l[2]; $ctx = $l[3] != '' ? $l[3] : Session::get_default_ctx(); $host_output = Asset_host::get_extended_name($security_report->ossim_conn, $geoloc, $ip, $ctx, $host_id); $os_pixmap = $host_id != "" ? Asset_host_properties::get_os_by_host($security_report->ossim_conn, $host_id) : ""; $hostname = $host_id != "" ? $host_output['name'] : $ip; $icon = $host_output['html_icon']; $link = "{$acid_link}/" . $acid_prefix . "_stat_alerts.php?&" . "num_result_rows=-1&" . "submit=Query+DB&" . "current_view=-1&" . "ip_addr[0][1]={$target}&" . "ip_addr[0][2]==&" . "ip_addr[0][3]={$ip}&" . "ip_addr_cnt=1&" . "sort_order=time_d"; $bc = $c++ % 2 != 0 ? "class='par'" : ""; $htmlPdfReport->set(' <tr ' . $bc . '> <td style="width:55mm;font-size:' . $font_size . 'px">' . $icon . ' ' . Util::wordwrap($hostname, 21, " ", true) . ' ' . $os_pixmap . '</td> <td style="width:22mm;text-align:center;font-size:' . $font_size . 'px">' . $occurrences . '</td> </tr>'); } $htmlPdfReport->set(' </table> </td> <td valign="top" style="padding-top:15px; width:98mm;">'); if ($report_graph_type == "applets") { jgraph_attack_graph($target, $num_hosts); } else { $htmlPdfReport->set('<img src="' . $htmlPdfReport->newImage('/report/graphs/attack_graph.php?shared=' . urlencode($shared_file) . '&target=' . $target . '&hosts=' . $num_hosts . '&type=' . $report_type . '&date_from=' . urlencode($date_from) . '&date_to=' . urlencode($date_to) . '&runorder=' . $runorder, 'png') . '" />'); } $htmlPdfReport->set(' </td> </tr> </table><br/><br />'); } $geoloc->close();
function ip_max_occurrences($target, $date_from, $date_to) { global $NUM_HOSTS; global $security_report; global $report_type; global $geoloc; /* ossim framework conf */ $conf = $GLOBALS['CONF']; $report_graph_type = $conf->get_conf('report_graph_type'); if (!strcmp($target, "ip_src")) { if ($report_type == "alarm") { $target = "src_ip"; } $title = _("Attacker hosts"); } elseif (!strcmp($target, "ip_dst")) { if ($report_type == "alarm") { $target = "dst_ip"; } $title = _("Attacked hosts"); } $list = $security_report->AttackHost($target, $NUM_HOSTS, $report_type, $date_from, $date_to); if (!is_array($list) || empty($list)) { return 0; } ?> <table class='t_alarms'> <thead> <tr><td colspan='2' class="headerpr"><?php echo _("Top"); echo " {$NUM_HOSTS} {$title}"; ?> </td></tr> </thead> <tbody> <tr> <td class='td_container'> <table class="table_data"> <thead> <tr> <th> <?php echo _("Host"); ?> </th> <th> <?php echo _("Occurrences"); ?> </th> </tr> </thead> <tbody> <?php foreach ($list as $l) { $ip = $l[0]; $occurrences = number_format($l[1], 0, ",", "."); $id = $l[2]; $ctx = $l[3]; $host_output = Asset_host::get_extended_name($security_report->ossim_conn, $geoloc, $ip, $ctx, $id); $hostname = $host_output['name']; $icon = $host_output['html_icon']; $os = valid_hex32($id) ? Asset_host_properties::get_os_by_host($security_report->ossim_conn, $id) : ""; $os_pixmap = preg_match("/unknown/", $os) ? '' : $os; $bold = $host_output['is_internal']; ?> <tr> <td class='td_data <?php if ($bold) { echo 'bold'; } ?> '> <?php echo $icon . ' ' . $hostname . ' ' . $os_pixmap; ?> </td> <td class='td_data'><?php echo $occurrences; ?> </td> </tr> <?php } ?> </tbody> </table> </td> <td class='td_container'> <?php if ($report_graph_type == "applets") { jgraph_attack_graph($target, $NUM_HOSTS); } else { ?> <img src="graphs/attack_graph.php?target=<?php echo $target; ?> &hosts=<?php echo $NUM_HOSTS; ?> &type=<?php echo $report_type; ?> &date_from=<?php echo urlencode($date_from); ?> &date_to=<?php echo urlencode($date_to); ?> " alt="attack_graph"/> <?php } ?> </td> </tr> </tbody> </table> <?php return 1; }