PHP NidsSnortExport Examples

Programming Language: PHP

Class/Type: NidsSnortExport

Examples at hotexamples.com: 2

PHP NidsSnortExport - 2 examples found. These are the top rated real world PHP examples of NidsSnortExport extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

export(2)

Example #1

Show file

File: Attribute.php Project: vman747/MISP

 public function nids($isSiteAdmin, $org, $format, $sid, $id = false, $continue = false, $tags = false, $from = false, $to = false, $last = false)
 {
     if (empty($org)) {
         throw new MethodNotAllowedException('No org supplied.');
     }
     //restricting to non-private or same org if the user is not a site-admin.
     $eventIds = $this->Event->fetchEventIds($org, $isSiteAdmin, $from, $to, $last);
     if ($tags !== '') {
         $tag = ClassRegistry::init('Tag');
         $args = $this->dissectArgs($tags);
         $tagArray = $tag->fetchEventTagIds($args[0], $args[1]);
         if ($id) {
             foreach ($eventIds as $k => $v) {
                 if ($v['Event']['id'] !== $id) {
                     unset($eventIds[$k]);
                 }
             }
         }
         if (!empty($tagArray[0])) {
             foreach ($eventIds as $k => $v) {
                 if (!in_array($v['Event']['id'], $tagArray[0])) {
                     unset($eventIds[$k]);
                 }
             }
         }
         if (!empty($tagArray[1])) {
             foreach ($eventIds as $k => $v) {
                 if (in_array($v['Event']['id'], $tagArray[1])) {
                     unset($eventIds[$k]);
                 }
             }
         }
     }
     if ($format == 'suricata') {
         App::uses('NidsSuricataExport', 'Export');
     } else {
         App::uses('NidsSnortExport', 'Export');
     }
     $rules = array();
     foreach ($eventIds as $event) {
         $conditions['AND'] = array('Attribute.to_ids' => 1, "Event.published" => 1, 'Attribute.event_id' => $event['Event']['id']);
         $valid_types = array('ip-dst', 'ip-src', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'domain', 'hostname', 'url', 'user-agent', 'snort');
         $conditions['AND']['Attribute.type'] = $valid_types;
         if (!$isSiteAdmin && $org !== $event['Event']['org']) {
             $conditions['AND']['Attribute.distribution >'] = 0;
         }
         $params = array('conditions' => $conditions, 'recursive' => 0, 'group' => array('Attribute.type', 'Attribute.value1'));
         unset($this->virtualFields['category_order']);
         // not needed for IDS export and speeds things up
         $items = $this->find('all', $params);
         // export depending of the requested type
         switch ($format) {
             case 'suricata':
                 $export = new NidsSuricataExport();
                 break;
             case 'snort':
                 $export = new NidsSnortExport();
                 break;
         }
         $rules = array_merge($rules, $export->export($items, $sid, $format, $continue));
         // Only pre-pend the comments once
         $continue = true;
     }
     return $rules;
 }

Example #2

Show file

File: Attribute.php Project: sha8e/MISP

 public function nids($isSiteAdmin, $org, $format, $sid, $id = false, $continue = false, $tags = false, $from = false, $to = false, $last)
 {
     //restricting to non-private or same org if the user is not a site-admin.
     $conditions['AND'] = array('Attribute.to_ids' => 1, "Event.published" => 1);
     $valid_types = array('ip-dst', 'ip-src', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'domain', 'hostname', 'url', 'user-agent', 'snort');
     $conditions['AND']['Attribute.type'] = $valid_types;
     if (!$isSiteAdmin) {
         $temp = array();
         $distribution = array();
         array_push($temp, array('AND' => array('Attribute.distribution >' => 0, 'Event.distribution >' => 0)));
         array_push($temp, array('(SELECT events.org FROM events WHERE events.id = Attribute.event_id) LIKE' => $org));
         $conditions['OR'] = $temp;
     }
     if ($id) {
         array_push($conditions['AND'], array('Event.id' => $id));
     }
     if ($from) {
         array_push($conditions['AND'], array('Event.date >=' => $from));
     }
     if ($to) {
         array_push($conditions['AND'], array('Event.date <=' => $to));
     }
     if ($last) {
         array_push($conditions['AND'], array('Event.publish_timestamp >=' => $last));
     }
     // If we sent any tags along, load the associated tag names for each attribute
     if ($tags) {
         $tag = ClassRegistry::init('Tag');
         $args = $this->dissectArgs($tags);
         $tagArray = $tag->fetchEventTagIds($args[0], $args[1]);
         $temp = array();
         foreach ($tagArray[0] as $accepted) {
             $temp['OR'][] = array('Event.id' => $accepted);
         }
         $conditions['AND'][] = $temp;
         $temp = array();
         foreach ($tagArray[1] as $rejected) {
             $temp['AND'][] = array('Event.id !=' => $rejected);
         }
         $conditions['AND'][] = $temp;
     }
     $params = array('conditions' => $conditions, 'recursive' => 0, 'group' => array('Attribute.type', 'Attribute.value1'));
     unset($this->virtualFields['category_order']);
     // not needed for IDS export and speeds things up
     $items = $this->find('all', $params);
     // export depending of the requested type
     switch ($format) {
         case 'suricata':
             -App::uses('NidsSuricataExport', 'Export');
             $export = new NidsSuricataExport();
             break;
         case 'snort':
             App::uses('NidsSnortExport', 'Export');
             $export = new NidsSnortExport();
             break;
     }
     $rules = $export->export($items, $sid, $format, $continue);
     return $rules;
 }