Example #1
0
 public function nids($isSiteAdmin, $org, $format, $sid, $id = false, $continue = false, $tags = false, $from = false, $to = false, $last = false)
 {
     if (empty($org)) {
         throw new MethodNotAllowedException('No org supplied.');
     }
     //restricting to non-private or same org if the user is not a site-admin.
     $eventIds = $this->Event->fetchEventIds($org, $isSiteAdmin, $from, $to, $last);
     if ($tags !== '') {
         $tag = ClassRegistry::init('Tag');
         $args = $this->dissectArgs($tags);
         $tagArray = $tag->fetchEventTagIds($args[0], $args[1]);
         if ($id) {
             foreach ($eventIds as $k => $v) {
                 if ($v['Event']['id'] !== $id) {
                     unset($eventIds[$k]);
                 }
             }
         }
         if (!empty($tagArray[0])) {
             foreach ($eventIds as $k => $v) {
                 if (!in_array($v['Event']['id'], $tagArray[0])) {
                     unset($eventIds[$k]);
                 }
             }
         }
         if (!empty($tagArray[1])) {
             foreach ($eventIds as $k => $v) {
                 if (in_array($v['Event']['id'], $tagArray[1])) {
                     unset($eventIds[$k]);
                 }
             }
         }
     }
     if ($format == 'suricata') {
         App::uses('NidsSuricataExport', 'Export');
     } else {
         App::uses('NidsSnortExport', 'Export');
     }
     $rules = array();
     foreach ($eventIds as $event) {
         $conditions['AND'] = array('Attribute.to_ids' => 1, "Event.published" => 1, 'Attribute.event_id' => $event['Event']['id']);
         $valid_types = array('ip-dst', 'ip-src', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'domain', 'hostname', 'url', 'user-agent', 'snort');
         $conditions['AND']['Attribute.type'] = $valid_types;
         if (!$isSiteAdmin && $org !== $event['Event']['org']) {
             $conditions['AND']['Attribute.distribution >'] = 0;
         }
         $params = array('conditions' => $conditions, 'recursive' => 0, 'group' => array('Attribute.type', 'Attribute.value1'));
         unset($this->virtualFields['category_order']);
         // not needed for IDS export and speeds things up
         $items = $this->find('all', $params);
         // export depending of the requested type
         switch ($format) {
             case 'suricata':
                 $export = new NidsSuricataExport();
                 break;
             case 'snort':
                 $export = new NidsSnortExport();
                 break;
         }
         $rules = array_merge($rules, $export->export($items, $sid, $format, $continue));
         // Only pre-pend the comments once
         $continue = true;
     }
     return $rules;
 }
Example #2
0
 public function nids($isSiteAdmin, $org, $format, $sid, $id = false, $continue = false, $tags = false, $from = false, $to = false, $last)
 {
     //restricting to non-private or same org if the user is not a site-admin.
     $conditions['AND'] = array('Attribute.to_ids' => 1, "Event.published" => 1);
     $valid_types = array('ip-dst', 'ip-src', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'domain', 'hostname', 'url', 'user-agent', 'snort');
     $conditions['AND']['Attribute.type'] = $valid_types;
     if (!$isSiteAdmin) {
         $temp = array();
         $distribution = array();
         array_push($temp, array('AND' => array('Attribute.distribution >' => 0, 'Event.distribution >' => 0)));
         array_push($temp, array('(SELECT events.org FROM events WHERE events.id = Attribute.event_id) LIKE' => $org));
         $conditions['OR'] = $temp;
     }
     if ($id) {
         array_push($conditions['AND'], array('Event.id' => $id));
     }
     if ($from) {
         array_push($conditions['AND'], array('Event.date >=' => $from));
     }
     if ($to) {
         array_push($conditions['AND'], array('Event.date <=' => $to));
     }
     if ($last) {
         array_push($conditions['AND'], array('Event.publish_timestamp >=' => $last));
     }
     // If we sent any tags along, load the associated tag names for each attribute
     if ($tags) {
         $tag = ClassRegistry::init('Tag');
         $args = $this->dissectArgs($tags);
         $tagArray = $tag->fetchEventTagIds($args[0], $args[1]);
         $temp = array();
         foreach ($tagArray[0] as $accepted) {
             $temp['OR'][] = array('Event.id' => $accepted);
         }
         $conditions['AND'][] = $temp;
         $temp = array();
         foreach ($tagArray[1] as $rejected) {
             $temp['AND'][] = array('Event.id !=' => $rejected);
         }
         $conditions['AND'][] = $temp;
     }
     $params = array('conditions' => $conditions, 'recursive' => 0, 'group' => array('Attribute.type', 'Attribute.value1'));
     unset($this->virtualFields['category_order']);
     // not needed for IDS export and speeds things up
     $items = $this->find('all', $params);
     // export depending of the requested type
     switch ($format) {
         case 'suricata':
             -App::uses('NidsSuricataExport', 'Export');
             $export = new NidsSuricataExport();
             break;
         case 'snort':
             App::uses('NidsSnortExport', 'Export');
             $export = new NidsSnortExport();
             break;
     }
     $rules = $export->export($items, $sid, $format, $continue);
     return $rules;
 }