Example #1
0
function get_unresolved_alarms($conn)
{
    $alarms = intval(Alarm::get_count($conn, '', '', 1, TRUE));
    $alarms_prev = intval($_SESSION['_unresolved_alarms']);
    if ($alarms != $alarms_prev && $alarms_prev > 0) {
        $new_alarms = $alarms - $alarms_prev;
    } else {
        $new_alarms = 0;
    }
    $_SESSION['_unresolved_alarms'] = $alarms;
    $data['alarms'] = $alarms;
    $data['new_alarms'] = $new_alarms;
    $data['new_alarms_desc'] = '';
    if ($new_alarms > 0) {
        $criteria = array('src_ip' => '', 'dst_ip' => '', 'hide_closed' => 1, 'order' => 'ORDER BY a.timestamp DESC', 'inf' => 0, 'sup' => $new_alarms, 'date_from' => '', 'date_to' => '', 'query' => '', 'directive_id' => '', 'intent' => 0, 'sensor' => '', 'tag' => '', 'num_events' => '', 'num_events_op' => 0, 'plugin_id' => '', 'plugin_sid' => '', 'ctx' => '', 'host' => '', 'net' => '', 'host_group' => '');
        list($alarm_list, $count) = Alarm::get_list($conn, $criteria);
        $alarm_string = '';
        foreach ($alarm_list as $alarm) {
            $desc_alarm = Util::translate_alarm($conn, $alarm->get_sid_name(), $alarm);
            $desc_alarm = html_entity_decode(str_replace("'", "\\'", $desc_alarm));
            $desc_alarm = str_replace('"', """, $desc_alarm);
            $desc_alarm = str_replace('—', "-", $desc_alarm);
            $desc_alarm = Util::js_entities($desc_alarm);
            if ($alarm_string != '') {
                $alarm_string .= '|';
            }
            $alarm_string .= $desc_alarm;
        }
        $data['new_alarms_desc'] = $alarm_string;
    }
    $return['error'] = FALSE;
    $return['output'] = $data;
    return $return;
}
Example #2
0
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
//Checking active session
Session::useractive();
//Checking permissions
if (!Session::am_i_admin()) {
    echo _('You do not have permissions to see this section');
    die;
}
try {
    $db = new ossim_db();
    $conn = $db->connect();
    $alarms = Alarm::get_count($conn);
    $db->close();
} catch (Exception $e) {
    $alarms = 0;
}
$_version = Session::is_pro() ? " USM" : " OSSIM";
if ($alarms > 0) {
    $msg = _('Data is now coming into AlienVault. AlienVault has generated a few alarms. You can either view the alarms or explore AlienVault') . $_version;
} else {
    $msg = _('Data is now coming into AlienVault. So far analysis has not generated any alarms. While you wait for more data to come in, you can continue configuring the system or start exploring AlienVault') . $_version;
}
?>
<script type='text/javascript'>

    $(document).ready(function()
    {
Example #3
0
 $incident_list = Incident::search($conn, array(), "date", "DESC", 1, 1);
 $incident_date1 = $incident_list[0] ? $incident_list[0]->get_date() : 0;
 $incident_ticket_list = Incident_ticket::get_list($conn, "ORDER BY date DESC LIMIT 1");
 $incident_date2 = $incident_ticket_list[0] ? $incident_ticket_list[0]->get_date() : 0;
 if ($incident_list[0] || $incident_ticket_list[0]) {
     $incident_date = strtotime($incident_date1) > strtotime($incident_date2) ? $incident_date1 : $incident_date2;
     if ($incident_date == 0) {
         $incident_date = "__/__/__ --:--:--";
     }
 }
 //$incident_list = Incident::get_list($conn, "ORDER BY priority DESC");
 $incident_list = Incident::search($conn, array("status" => "Open"), "priority", "DESC", 1, 1);
 $incident_max_priority = $incident_list[0] ? $incident_list[0]->get_priority() : "-";
 $incident_max_priority_id = $incident_list[0] ? $incident_list[0]->get_id() : "0";
 // Get unresolved ALARMS
 $unresolved_alarms = Alarm::get_count($conn);
 list($alarm_date, $alarm_date_id) = Alarm::get_max_byfield($conn, "timestamp");
 list($alarm_max_risk, $alarm_max_risk_id) = Alarm::get_max_byfield($conn, "risk");
 if ($alarm_max_risk_id == "") {
     $alarm_max_risk = "-";
 }
 //
 list($siem, $events) = get_siem_events($conn, date("Y-m-d"));
 $i = 0;
 foreach ($siem as $p) {
     $plot .= "[" . $i++ . "," . $p["num_events"] . "],";
 }
 $i = 0;
 foreach ($siem as $p) {
     $legend .= "[" . $i++ . ",'" . ($i % 2 == 0 ? $p["intervalo"] . "h" : "") . "'],";
 }
Example #4
0
header('Content-Type: text/xml');
echo "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n<feed xmlns=\"http://www.w3.org/2005/Atom\">\n<title>OSSIM Alarm Console</title>\n<link rel=\"self\" href=\"http://" . $_SERVER['SERVER_ADDR'] . "/ossim/rss.php\" />\n<updated>" . dateRFC() . "</updated>\n<id>http://www.ossim.net/</id>\n";
require_once 'ossim_db.inc';
require_once 'classes/Host.inc';
require_once 'classes/Host_os.inc';
require_once 'classes/Alarm.inc';
require_once 'classes/Plugin.inc';
require_once 'classes/Plugin_sid.inc';
require_once 'classes/Port.inc';
require_once 'classes/Util.inc';
$ITEMS = 50;
$db = new ossim_db();
$conn = $db->connect();
$inf = 0;
$sup = $ITEMS;
$count = Alarm::get_count($conn, $src_ip, $dst_ip, $hide_closed);
$time_start = time();
if ($alarm_list = Alarm::get_list($conn, $src_ip, $dst_ip, $hide_closed, "ORDER by timestamp DESC", $inf, $sup)) {
    $datemark = "";
    foreach ($alarm_list as $alarm) {
        /* hide closed alarmas */
        if ($alarm->get_status() == "closed") {
            continue;
        }
        $id = $alarm->get_plugin_id();
        $sid = $alarm->get_plugin_sid();
        $backlog_id = $alarm->get_backlog_id();
        $sid_name = "";
        if ($plugin_sid_list = Plugin_sid::get_list($conn, "WHERE plugin_id = {$id} AND sid = {$sid}")) {
            $sid_name = $plugin_sid_list[0]->get_name();
        } else {