function SIEM_trends_week($param = "") { global $tz; $tzc = Util::get_tzc($tz); $data = array(); $plugins = $plugins_sql = ""; require_once 'ossim_db.inc'; $db = new ossim_db(); $dbconn = $db->connect(); $sensor_where = make_sensor_filter($dbconn); if ($param != "") { require_once "classes/Plugin.inc"; $oss_p_id_name = Plugin::get_id_and_name($dbconn, "WHERE name LIKE '{$param}'"); $plugins = implode(",", array_flip($oss_p_id_name)); $plugins_sql = "AND acid_event.plugin_id in ({$plugins})"; } $sqlgraph = "SELECT COUNT(acid_event.sid) as num_events, day(convert_tz(timestamp,'+00:00','{$tzc}')) as intervalo, monthname(convert_tz(timestamp,'+00:00','{$tzc}')) as suf FROM snort.acid_event LEFT JOIN ossim.plugin ON acid_event.plugin_id=plugin.id WHERE timestamp BETWEEN '" . gmdate("Y-m-d 00:00:00", gmdate("U") - 604800) . "' AND '" . gmdate("Y-m-d 23:59:59") . "' {$plugins_sql} {$sensor_where} GROUP BY suf,intervalo ORDER BY suf,intervalo"; if (!($rg =& $dbconn->Execute($sqlgraph))) { print $dbconn->ErrorMsg(); } else { while (!$rg->EOF) { $hours = $rg->fields["intervalo"] . " " . substr($rg->fields["suf"], 0, 3); $data[$hours] = $rg->fields["num_events"]; $rg->MoveNext(); } } $db->close($dbconn); return $param != "" ? array($data, $oss_plugin_id) : $data; }
function SIEM_trends_hids($agent_ip) { include_once '../panel/sensor_filter.php'; require_once 'classes/Plugin.inc'; require_once 'classes/Util.inc'; require_once 'ossim_db.inc'; $tz = Util::get_timezone(); $tzc = Util::get_tzc($tz); $data = array(); $plugins = $plugins_sql = ""; $db = new ossim_db(); $dbconn = $db->connect(); $sensor_where = make_sensor_filter($dbconn); // Ossec filter $oss_p_id_name = Plugin::get_id_and_name($dbconn, "WHERE name LIKE 'ossec%'"); $plugins = implode(",", array_flip($oss_p_id_name)); $plugins_sql = "AND acid_event.plugin_id in ({$plugins})"; // Agent ip filter $agent_where = make_sid_filter($dbconn, $agent_ip); if ($agent_where == "") { $agent_where = "0"; } $sqlgraph = "SELECT COUNT(acid_event.sid) as num_events, day(convert_tz(timestamp,'+00:00','{$tzc}')) as intervalo, monthname(convert_tz(timestamp,'+00:00','{$tzc}')) as suf FROM snort.acid_event LEFT JOIN ossim.plugin ON acid_event.plugin_id=plugin.id WHERE sid in ({$agent_where}) AND timestamp BETWEEN '" . gmdate("Y-m-d 00:00:00", gmdate("U") - 604800) . "' AND '" . gmdate("Y-m-d 23:59:59") . "' {$plugins_sql} {$sensor_where} GROUP BY suf,intervalo ORDER BY suf,intervalo"; //print $sqlgraph; if (!($rg =& $dbconn->Execute($sqlgraph))) { return false; } else { while (!$rg->EOF) { $hours = $rg->fields["intervalo"] . " " . substr($rg->fields["suf"], 0, 3); $data[$hours] = $rg->fields["num_events"]; $rg->MoveNext(); } } $db->close($dbconn); return $data; }
if (!Session::menu_perms("MenuControlPanel", "ControlPanelExecutive")) { Session::unallowed_section(null, 'noback', "MenuControlPanel", "ControlPanelExecutive"); } } $db = new ossim_db(); $conn = $db->connect(); session_write_close(); $data = ""; $urls = ""; $colors = '"#E9967A","#9BC3CF"'; $range = 604800; // Week $h = 250; // Graph Height $forensic_link = "../forensics/base_qry_main.php?clear_allcriteria=1&time_range=week&time[0][0]=+&time[0][1]=>%3D&time[0][2]=" . gmdate("m", $timetz - $range) . "&time[0][3]=" . gmdate("d", $timetz - $range) . "&time[0][4]=" . gmdate("Y", $timetz - $range) . "&time[0][5]=&time[0][6]=&time[0][7]=&time[0][8]=+&time[0][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=1&sort_order=time_d&hmenu=Forensics&smenu=Forensics"; $sensor_where = make_sensor_filter($conn, "a"); if ($sensor_where != "") { $query = "SELECT count(a.sid) as num_events,c.cat_id,c.id,c.name FROM snort.acid_event a,ossim.plugin_sid p,ossim.subcategory c WHERE c.id=p.subcategory_id AND p.plugin_id=a.plugin_id AND p.sid=a.plugin_sid AND a.timestamp BETWEEN '" . gmdate("Y-m-d 00:00:00", gmdate("U") - $range) . "' AND '" . gmdate("Y-m-d 23:59:59") . "' {$sensor_where} TAXONOMY group by c.id,c.name order by num_events desc LIMIT 10"; } else { $query = "SELECT sum(sig_cnt) as num_events,c.cat_id,c.id,c.name FROM snort.ac_alerts_signature a,ossim.plugin_sid p,ossim.subcategory c WHERE c.id=p.subcategory_id AND p.plugin_id=a.plugin_id AND p.sid=a.plugin_sid AND a.day BETWEEN '" . gmdate("Y-m-d", gmdate("U") - $range) . "' AND '" . gmdate("Y-m-d") . "' TAXONOMY group by c.id,c.name order by num_events desc LIMIT 10"; } switch (GET("type")) { // Top 10 Events by Product Type - Last Week case "source_type": $types = $ac = array(); if (!($rp =& $conn->Execute("SELECT id,source_type FROM ossim.plugin"))) { print $conn->ErrorMsg(); } else { while (!$rp->EOF) { if ($rp->fields["source_type"] == "") { $rp->fields["source_type"] = _("Unknown type");