header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); $id = GET('id'); ossim_valid($id, OSS_DIGIT, 'illegal:' . _("ID")); if (ossim_error()) { die(ossim_error()); } require "base_conf.php"; include_once $BASE_path . "includes/base_db.inc.php"; include_once "{$BASE_path}/includes/base_state_query.inc.php"; include_once "{$BASE_path}/includes/base_state_common.inc.php"; /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 1); $qs = new QueryState(); $sql = "SELECT icon FROM reference_system WHERE ref_system_id={$id}"; $result = $qs->ExecuteOutputQuery($sql, $db); if ($myrow = $result->baseFetchRow()) { //echo $myrow[0]; header("Content-type: image/png"); if ($myrow[0] != "") { $image = imagecreatefromstring($myrow[0]); } else { $image = imagecreatefrompng("../forensics/images/server.png"); } if (imageistruecolor($image)) { imagealphablending($image, false); imagesavealpha($image, true); } imagepng($image);
** ** Built upon work by Roman Danyliw <*****@*****.**>, <*****@*****.**> ** Built upon work by the BASE Project Team <*****@*****.**> */ require "base_conf.php"; include "{$BASE_path}/includes/base_constants.inc.php"; include "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/includes/base_action.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_common.php"; include_once "{$BASE_path}/base_qry_common.php"; include_once "{$BASE_path}/base_ag_common.php"; $debug_time_mode >= 1 ? $et = new EventTiming($debug_time_mode) : ''; $cs = new CriteriaState("base_ag_main.php"); $cs->ReadState(); $qs = new QueryState(); $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY)); $ag_action = ImportHTTPVar("ag_action", VAR_ALPHA | VAR_USCORE); //$ag_id = ImportHTTPVar("ag_id", VAR_DIGIT); $ag_id = filterSql(ImportHTTPVar("ag_id", VAR_DIGIT)); $ag_name = filterSql(ImportHTTPVar("ag_name")); $ag_desc = filterSql(ImportHTTPVar("ag_desc")); // Check role out and redirect if needed -- Kevin $roleneeded = 10000; $BUser = new BaseUser(); if ($BUser->hasRole($roleneeded) == 0 && $Use_Auth_System == 1) { base_header("Location: " . $BASE_urlpath . "/index.php"); } $page_title = gettext("Event Group (AG) Maintenance"); PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1); /* Connect to the Alert database */
require "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_qry_common.php"; include_once "{$BASE_path}/base_stat_common.php"; $_SESSION["siem_default_group"] = "base_stat_plugins.php?sort_order=occur_d"; $debug_time_mode >= 1 ? $et = new EventTiming($debug_time_mode) : ''; $cs = new CriteriaState("base_stat_plugins.php"); $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY)); $export = intval(ImportHTTPVar("export", VAR_DIGIT)); // Called from report_launcher.php $cs->ReadState(); // Check role out and redirect if needed -- Kevin $roleneeded = 10000; #$BUser = new BaseUser(); #if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php"); $qs = new QueryState(); $qs->AddCannedQuery("most_frequent", $freq_num_alerts, gettext("Most Frequent Events"), "occur_d"); $qs->AddCannedQuery("last_alerts", $last_num_ualerts, gettext("Last Events"), "last_d"); $qs->MoveView($submit); /* increment the view if necessary */ $page_title = gettext("Event Listing"); /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1); if ($event_cache_auto_update == 1) { UpdateAlertCache($db); } $criteria_clauses = ProcessCriteria(); // Include base_header.php if ($qs->isCannedQuery()) { PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1);
Session::logcheck("analysis-menu", "EventsForensics"); if (!Session::am_i_admin()) { echo ossim_error(_("You don't have permission to see this page")); exit; } $db = new ossim_db(); $conn = $db->connect(); $plugin_list = Plugin::get_list($conn, "ORDER BY name", 0); require 'base_conf.php'; include_once $BASE_path . "includes/base_db.inc.php"; include_once "{$BASE_path}/includes/base_state_query.inc.php"; include_once "{$BASE_path}/includes/base_state_common.inc.php"; /* Connect to the Alert database */ $db_snort = NewBASEDBConnection($DBlib_path, $DBtype); $db_snort->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 1); $qs = new QueryState(); $newref = GET('newref'); $delete = GET('deleteref'); $error_msg = null; if ($newref != "") { ossim_valid($newref, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("New Reference")); if (!ossim_error()) { $sql = "INSERT INTO reference_system (ref_system_name) VALUES (\"{$newref}\")"; $qs->ExecuteOutputQueryNoCanned($sql, $db_snort); } else { $error_msg = ossim_get_error(); ossim_clean_error(); } } if (preg_match("/^\\d+\$/", $delete)) { ossim_valid($delete, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Reference ID"));
* Need to import $submit and set the $QUERY_STRING early to support * the back button. Otherwise, the value of $submit will not be passed * to the history. */ /* This call can include "#xx-(xx-xx)" values and "submit" values. */ $submit = ImportHTTPVar("submit", VAR_DIGIT | VAR_PUNC | VAR_LETTER, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY)); //if(preg_match("/^#0(-\(\d+-\d+\))$/", $submit, $matches)){ //$submit = "#1" . $matches[1]; //} $sort_order = ImportHTTPVar("sort_order", VAR_LETTER | VAR_USCORE); $_SERVER["QUERY_STRING"] = "submit=" . rawurlencode($submit); //unset($_GET["sort_order"]); $et = new EventTiming($debug_time_mode); $cs = new CriteriaState("base_qry_main.php", "&new=1&submit=" . gettext("Query+DB")); $cs->ReadState(); $qs = new QueryState(); $page_title = gettext("Event"); PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1); /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); if (!array_key_exists("minimal_view", $_GET)) { PrintCriteria(""); } $criteria_clauses = ProcessCriteria(); $from = " FROM acid_event " . $criteria_clauses[0]; $where = " WHERE " . $criteria_clauses[1]; // Payload special case //if (preg_match("/data_payload/", $criteria_clauses[1])) { // $where = ",extra_data WHERE acid_event.sid = extra_data.sid AND acid_event.cid=extra_data.cid AND " . $criteria_clauses[1]; //}
** (see the file 'base_main.php' for license details) ** ** Built upon work by Roman Danyliw <*****@*****.**>, <*****@*****.**> ** Built upon work by the BASE Project Team <*****@*****.**> */ require "base_conf.php"; require "vars_session.php"; require_once 'classes/Util.inc'; require "{$BASE_path}/includes/base_constants.inc.php"; require "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_qry_common.php"; include_once "{$BASE_path}/base_stat_common.php"; if ($_SESSION['_siem_sensor_query'] == "") { echo "-##-##-"; die; } $device_id = ImportHTTPVar("id", VAR_DIGIT); $sql = str_replace("DEVICEID", $device_id, $_SESSION['_siem_sensor_query']); session_write_close(); $qs = new QueryState(); $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); $rs = $qs->ExecuteOutputQueryNoCanned($sql, $db); if ($row = $rs->baseFetchRow()) { $unique_addrs = BuildUniqueAlertLink("?sensor=" . urlencode($device_id)) . Util::number_format_locale($row[0], 0) . '</A>'; $src_addrs = BuildUniqueAddressLink(1, "&sensor=" . urlencode($device_id)) . Util::number_format_locale($row[1], 0) . '</A>'; $dst_addrs = BuildUniqueAddressLink(2, "&sensor=" . urlencode($device_id)) . Util::number_format_locale($row[2], 0) . '</A>'; } $rs->baseFreeRows(); echo "{$unique_addrs}##{$src_addrs}##{$dst_addrs}";
require "vars_session.php"; require "{$BASE_path}/includes/base_constants.inc.php"; require "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_qry_common.php"; include_once "{$BASE_path}/base_stat_common.php"; $_SESSION["siem_default_group"] = "base_stat_ptypes.php?sort_order=occur_d"; $debug_time_mode >= 1 ? $et = new EventTiming($debug_time_mode) : ''; $cs = new CriteriaState("base_stat_ptypes.php"); $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY)); $cs->ReadState(); // Check role out and redirect if needed -- Kevin $roleneeded = 10000; #$BUser = new BaseUser(); #if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php"); $qs = new QueryState(); $qs->AddCannedQuery("most_frequent", $freq_num_alerts, gettext("Most Frequent Events"), "occur_d"); $qs->AddCannedQuery("last_alerts", $last_num_ualerts, gettext("Last Events"), "last_d"); $qs->MoveView($submit); /* increment the view if necessary */ $page_title = gettext("Event Listing"); /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1); if ($event_cache_auto_update == 1) { UpdateAlertCache($db); } $criteria_clauses = ProcessCriteria(); // Include base_header.php if ($qs->isCannedQuery()) { PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1);
* * * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt ****************************************************************************/ require_once 'classes/Security.inc'; include "base_conf.php"; include_once $BASE_path . "includes/base_db.inc.php"; include_once "{$BASE_path}/includes/base_state_query.inc.php"; include_once "{$BASE_path}/includes/base_state_common.inc.php"; /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); $qs = new QueryState(); $msg_error = null; $show_form = false; if (isset($_POST['send']) && !empty($_POST['send'])) { $id = POST('id'); $name = POST('name'); $url = POST('url'); ossim_valid($id, OSS_DIGIT, 'illegal:' . _("Id")); ossim_valid($name, OSS_DIGIT, OSS_ALPHA, OSS_SPACE, OSS_NULLABLE, 'illegal:' . _("Name")); ossim_valid($url, OSS_ALPHA, OSS_DIGIT, OSS_URL, OSS_PUNC, '%', OSS_NULLABLE, 'illegal:' . _("Url")); if (ossim_error()) { die(ossim_error()); } if ($name != "") { $icon = ""; if (is_uploaded_file($HTTP_POST_FILES['icon']['tmp_name'])) {
** (see the file 'base_main.php' for license details) ** ** Built upon work by Roman Danyliw <*****@*****.**>, <*****@*****.**> ** Built upon work by the BASE Project Team <*****@*****.**> */ include "base_conf.php"; include "vars_session.php"; include "{$BASE_path}/includes/base_constants.inc.php"; include "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_qry_common.php"; include_once "{$BASE_path}/base_stat_common.php"; $et = new EventTiming($debug_time_mode); $cs = new CriteriaState("base_stat_class.php"); $cs->ReadState(); $qs = new QueryState(); // Check role out and redirect if needed -- Kevin $roleneeded = 10000; $BUser = new BaseUser(); if ($BUser->hasRole($roleneeded) == 0 && $Use_Auth_System == 1) { base_header("Location: " . $BASE_urlpath . "/index.php"); } $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY)); $qs->MoveView($submit); /* increment the view if necessary */ $page_title = gettext("Classification"); if ($qs->isCannedQuery()) { PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1); } else { PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1); }
/* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1); $cs = new CriteriaState("base_stat_uidm.php", "&addr_type={$addr_type}"); $cs->ReadState(); /* Dump some debugging information on the shared state */ // if ($debug_mode > 0) { // PrintCriteriaState(); // } //print_r($_SESSION['ip_addr']); if (!in_array($addr_type, array("userdomain", "username", "hostname", "domain"))) { $addr_type = "userdomain"; } $type_name = ucfirst(str_replace("userdomain", "user@domain", $addr_type)) . "s"; $page_title = _("Unique") . " " . _($type_name); $qs = new QueryState(); $qs->AddCannedQuery("most_frequent", $freq_num_uaddr, gettext("Most Frequent") . " " . _($type_name), "occur_d"); $qs->MoveView($submit); /* increment the view if necessary */ if ($event_cache_auto_update == 1) { UpdateAlertCache($db); } $criteria_clauses = ProcessCriteria(); // Include base_header.php if ($qs->isCannedQuery()) { PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1); } else { PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1); } $criteria = $criteria_clauses[0] . " " . $criteria_clauses[1]; if (preg_match("/user|domain/i", $addr_type)) {
require "{$BASE_path}/includes/base_constants.inc.php"; require "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_qry_common.php"; include_once "{$BASE_path}/base_stat_common.php"; if ($_SESSION['siem_current_query_graph'] == "" || $_SESSION['siem_alerts_query'] == "") { echo "-##-##-"; die; } $tz = Util::get_timezone(); $plugin_id = ImportHTTPVar("id", VAR_DIGIT); $plugin_sid = ImportHTTPVar("sid", VAR_DIGIT); $sqlgraph = str_replace("PLUGINSID", $plugin_sid, str_replace("PLUGINID", $plugin_id, $_SESSION['siem_current_query_graph'])); $sql = str_replace("PLUGINSID", $plugin_sid, str_replace("PLUGINID", $plugin_id, $_SESSION['siem_alerts_query'])); session_write_close(); $qs = new QueryState(); $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); $rs = $qs->ExecuteOutputQuery($sql, $db); if ($row = $rs->baseFetchRow()) { $addr_link = '&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($plugin_id . ";" . $plugin_sid); $src_addrs = BuildUniqueAddressLink(1, $addr_link) . $row[0] . '</A>'; $dst_addrs = BuildUniqueAddressLink(2, $addr_link) . $row[1] . '</A>'; $last = get_utc_unixtime($db, $row[2]); } $rs->baseFreeRows(); if ($tz != 0) { $last = gmdate("Y-m-d H:i:s", $last + 3600 * $tz); } else { $last = $row[2]; }
** (see the file 'base_main.php' for license details) ** ** Built upon work by Roman Danyliw <*****@*****.**>, <*****@*****.**> ** Built upon work by the BASE Project Team <*****@*****.**> */ require "base_conf.php"; require "vars_session.php"; require_once 'classes/Util.inc'; require "{$BASE_path}/includes/base_constants.inc.php"; require "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_qry_common.php"; include_once "{$BASE_path}/base_stat_common.php"; if ($_SESSION['siem_sensor_query'] == "") { echo "-##-##-"; die; } $device_id = ImportHTTPVar("id", VAR_DIGIT); $sql = str_replace("DEVICEID", $device_id, $_SESSION['siem_sensor_query']); session_write_close(); $qs = new QueryState(); $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); $rs = $qs->ExecuteOutputQuery($sql, $db); if ($row = $rs->baseFetchRow()) { $unique_addrs = BuildUniqueAlertLink("?sensor=" . urlencode($device_id)) . Util::htmlentities($row[0]) . '</A>'; $src_addrs = BuildUniqueAddressLink(1, "&sensor=" . urlencode($device_id)) . Util::htmlentities($row[1]) . '</A>'; $dst_addrs = BuildUniqueAddressLink(2, "&sensor=" . urlencode($device_id)) . Util::htmlentities($row[2]) . '</A>'; } $rs->baseFreeRows(); echo "{$unique_addrs}##{$src_addrs}##{$dst_addrs}";
require "{$BASE_path}/includes/base_constants.inc.php"; require "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_qry_common.php"; include_once "{$BASE_path}/base_stat_common.php"; if ($_SESSION['_siem_current_query_graph'] == "" || $_SESSION['_siem_ip_query'] == "" || $_SESSION["deletetask"] != "") { echo "-##-##-"; die; } $tz = Util::get_timezone(); $plugin_id = ImportHTTPVar("id", VAR_DIGIT); $plugin_sid = ImportHTTPVar("sid", VAR_DIGIT); $sqlgraph = str_replace("PLUGINSID", $plugin_sid, str_replace("PLUGINID", $plugin_id, $_SESSION['_siem_current_query_graph'])); $sqlunique = str_replace("PLUGINSID", $plugin_sid, str_replace("PLUGINID", $plugin_id, $_SESSION['_siem_ip_query'])); session_write_close(); $qs = new QueryState(); $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); // Unique $rs = $qs->ExecuteOutputQueryNoCanned($sqlunique, $db); if ($row = $rs->baseFetchRow()) { $last = $tz != 0 ? gmdate("Y-m-d H:i:s", get_utc_unixtime($db, $row[0]) + 3600 * $tz) : get_utc_unixtime($db, $row[0]); if (preg_match("/_acid_event/", $sqlunique)) { $last = str_replace(":00:00", "H", $last); } } $rs->baseFreeRows(); //error_log("$sql\n$sqlunique\n$sqlgraph\n",3,"/tmp/graph"); echo "{$last}##"; // Graph $tr = $_SESSION["time_range"] != "" ? $_SESSION["time_range"] : "all";
/* save the search criteria */ // Solve error when payload is searched cnt = 1 // if ($_GET{"data"} { // 0 // } { // 2 // } != "") $cs->criteria['data']->criteria_cnt = 1; if ($_GET["data"][0][2] != "") { $cs->criteria['data']->criteria_cnt = 1; } $submit = gettext("Query DB"); /* restore the real submit value */ $_POST['submit'] = $submit; } $cs->ReadState(); $qs = new QueryState(); $qs->AddCannedQuery("last_tcp", $last_num_alerts, gettext("Last TCP Events"), "time_d"); $qs->AddCannedQuery("last_udp", $last_num_alerts, gettext("Last UDP Events"), "time_d"); $qs->AddCannedQuery("last_icmp", $last_num_alerts, gettext("Last ICMP Events"), "time_d"); $qs->AddCannedQuery("last_any", $last_num_alerts, gettext("Last Events"), "time_d"); $page_title = gettext("Query Results"); if ($qs->isCannedQuery()) { if (!array_key_exists("minimal_view", $_GET)) { PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1); } else { PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), "", 1); } } else { if (!array_key_exists("minimal_view", $_GET)) { PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1); } else {
// Check role out and redirect if needed -- Kevin $roleneeded = 10000; #$BUser = new BaseUser(); #if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php"); $et = new EventTiming($debug_time_mode); // The below three lines were moved from line 87 because of the odd errors some users were having /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1); $cs = new CriteriaState("base_stat_otx.php", ""); $cs->ReadState(); /* Dump some debugging information on the shared state */ // if ($debug_mode > 0) { // PrintCriteriaState(); // } $qs = new QueryState(); if ($event_cache_auto_update == 1) UpdateAlertCache($db); $criteria_clauses = ProcessCriteria(); // Include base_header.php if ($qs->isCannedQuery()) PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc() , $page_title . ": " . $qs->GetCurrentCannedQueryDesc() , $cs->GetBackLink() , 1); else PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink() , 1); $criteria = $criteria_clauses[0] . " " . $criteria_clauses[1]; if (preg_match("/otx_data/",$criteria)) { $where = " WHERE " . $criteria_clauses[1]; $from = " FROM acid_event " . $criteria_clauses[0]; }
/* save the search criteria */ // Solve error when payload is searched cnt = 1 // if ($_GET{"data"} { // 0 // } { // 2 // } != "") $cs->criteria['data']->criteria_cnt = 1; if ($_GET["data"][0][2] != "") { $cs->criteria['data']->criteria_cnt = 1; } $submit = gettext("Query DB"); /* restore the real submit value */ $_POST['submit'] = $submit; } $cs->ReadState(); $qs = new QueryState(); $qs->AddCannedQuery("last_tcp", $last_num_alerts, gettext("Last TCP Events"), "time_d"); $qs->AddCannedQuery("last_udp", $last_num_alerts, gettext("Last UDP Events"), "time_d"); $qs->AddCannedQuery("last_icmp", $last_num_alerts, gettext("Last ICMP Events"), "time_d"); $qs->AddCannedQuery("last_any", $last_num_alerts, gettext("Last Events"), "time_d"); $page_title = gettext("Query Results"); //$sqlcalls = ($submit == "Query DB" || $submit == gettext("Query DB") || $submit == gettext("Query+DB") || $submit == gettext("Delete Selected") || $submit == gettext("Delete ALL on Screen") || $submit == gettext("Delete Entire Query") || $qs->isCannedQuery() || ($qs->GetCurrentSort() != "" && $qs->GetCurrentSort() != "none" && $_SERVER["QUERY_STRING"]!="new=1")) ? TRUE : FALSE; //if ($sqlcalls) //{ $criteria_clauses = ProcessCriteria(); //} // Include base_header.php if ($qs->isCannedQuery()) { if (!array_key_exists("minimal_view", $_GET)) { PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1); } else {
$roleneeded = 10000; $BUser = new BaseUser(); #if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php"); $et = new EventTiming($debug_time_mode); // The below three lines were moved from line 87 because of the odd errors some users were having /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); $cs = new CriteriaState("base_stat_uaddr.php", "&addr_type={$addr_type}"); $cs->ReadState(); /* Dump some debugging information on the shared state */ if ($debug_mode > 0) { PrintCriteriaState(); } //print_r($_SESSION['ip_addr']); $qs = new QueryState(); $qs->AddCannedQuery("most_frequent", $freq_num_uaddr, gettext("Most Frequent IP addresses"), "occur_d"); $qs->MoveView($submit); /* increment the view if necessary */ if ($addr_type == SOURCE_IP) { $page_title = gettext("Unique Source Address(es)"); $results_title = gettext("Src IP address"); $addr_type_name = "ip_src"; } else { if ($addr_type != DEST_IP) { ErrorMessage(gettext("CRITERIA ERROR: unknown address type -- assuming Dst address")); } $page_title = gettext("Unique Destination Address(es)"); $results_title = gettext("Dst IP address"); $addr_type_name = "ip_dst"; }
for(var i = 0, l = this.length; i < l; i++) { if(this[i] == p_val) { return true; } } return false; } </script> </head> <body> <center><div id="plotareaglobal" class="plot" style="text-align:center;margin:12px 15px 0px 0px;"></div></center> <?php $qs = new QueryState(); $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); $sqlgraph = $_SESSION['siem_current_query_graph']; $tr = $_SESSION["time_range"] != "" ? $_SESSION["time_range"] : "all"; $trdata = array(0, 0, $tr); if ($tr == "range") { $desde = strtotime($_SESSION["time"][0][4] . "-" . $_SESSION["time"][0][2] . "-" . $_SESSION["time"][0][3] . ' ' . $_SESSION['time'][0][5] . ':' . $_SESSION['time'][0][6] . ':' . $_SESSION['time'][0][7]); $hasta = strtotime($_SESSION["time"][1][4] . "-" . $_SESSION["time"][1][2] . "-" . $_SESSION["time"][1][3] . ' ' . $_SESSION['time'][1][5] . ':' . $_SESSION['time'][1][6] . ':' . $_SESSION['time'][1][7]); $trdata = array($desde, $hasta, "range"); } list($x, $y, $xticks, $xlabels) = range_graphic($trdata); if (count($y) > 1) { //echo "SQLG:$sqlgraph -->"; $res = $qs->ExecuteOutputQueryNoCanned($sqlgraph, $db); //echo " COUNT:".$res->baseRecordCount()."<br>";
include_once "{$BASE_path}/base_stat_common.php"; $_SESSION["siem_default_group"] = "base_stat_alerts.php?sort_order=occur_d"; if ($_REQUEST['sort_order'] == '') { $_GET['sort_order'] = 'occur_d'; } $debug_time_mode >= 1 ? $et = new EventTiming($debug_time_mode) : ''; $cs = new CriteriaState("base_stat_alerts.php"); $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY)); $export = intval(ImportHTTPVar("export", VAR_DIGIT)); // Called from report_launcher.php $cs->ReadState(); // Check role out and redirect if needed -- Kevin $roleneeded = 10000; #$BUser = new BaseUser(); #if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php"); $qs = new QueryState(); $qs->AddCannedQuery("most_frequent", $freq_num_alerts, gettext("Most Frequent Events"), "occur_d"); $qs->AddCannedQuery("last_alerts", $last_num_ualerts, gettext("Last Events"), "last_d"); $qs->MoveView($submit); /* increment the view if necessary */ $page_title = gettext("Event Listing"); /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1); if ($event_cache_auto_update == 1) { UpdateAlertCache($db); } $criteria_clauses = ProcessCriteria(); // Include base_header.php if ($qs->isCannedQuery()) { PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1);
if (!$max) { $max = 50; } $resolution = ImportHTTPVar("resolution", VAR_ALPHA); if ($resolution == "") { $resolution = "m"; } // $cs->ReadState(); // Check role out and redirect if needed -- Kevin $roleneeded = 10000; $BUser = new BaseUser(); if ($BUser->hasRole($roleneeded) == 0 && $Use_Auth_System == 1) { base_header("Location: " . $BASE_urlpath . "/index.php"); } $qs = new QueryState(); $qs->AddCannedQuery("most_frequent", $freq_num_alerts, gettext("Most Frequent Events"), "occur_d"); $qs->AddCannedQuery("last_alerts", $last_num_ualerts, gettext("Last Events"), "last_d"); $qs->MoveView($submit); /* increment the view if necessary */ $page_title = gettext("Event Listing"); if ($qs->isCannedQuery()) { PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 0); } else { PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 0); } /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); if ($event_cache_auto_update == 1) { UpdateAlertCache($db);
$BUser = new BaseUser(); if ($BUser->hasRole($roleneeded) == 0 && $Use_Auth_System == 1) { base_header("Location: " . $BASE_urlpath . "/index.php"); } $et = new EventTiming($debug_time_mode); // The below three lines were moved from line 87 because of the odd errors some users were having /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); $cs = new CriteriaState("base_stat_country.php", "&addr_type=1"); $cs->ReadState(); /* Dump some debugging information on the shared state */ if ($debug_mode > 0) { PrintCriteriaState(); } $qs = new QueryState(); $qs->AddCannedQuery("most_frequent", $freq_num_uaddr, gettext("Most Frequent IP addresses"), "occur_d"); $qs->MoveView($submit); /* increment the view if necessary */ if ($addr_type == SOURCE_IP) { $page_title = gettext("Unique Source Address(es)"); $results_title = gettext("Src IP address"); $addr_type_name = "ip_src"; } else { if ($addr_type != DEST_IP) { ErrorMessage(gettext("CRITERIA ERROR: unknown address type -- assuming Dst address")); } $page_title = gettext("Unique Destination Address(es)"); $results_title = gettext("Dst IP address"); $addr_type_name = "ip_dst"; }
* the back button. Otherwise, the value of $submit will not be passed * to the history. */ /* This call can include "#xx-(xx-xx)" values and "submit" values. */ $submit = ImportHTTPVar("submit", VAR_DIGIT | VAR_PUNC | VAR_LETTER, array(_("Delete Selected"), _("Delete ALL on Screen"), _ENTIREQUERY)); //if(preg_match("/^#0(-\(\d+-\d+\))$/", $submit, $matches)){ //$submit = "#1" . $matches[1]; //} $sort_order = ImportHTTPVar("sort_order", VAR_LETTER | VAR_USCORE); $pag = ImportHTTPVar("pag", VAR_DIGIT); $_SERVER["QUERY_STRING"] = "submit=" . rawurlencode($submit); //unset($_GET["sort_order"]); $et = new EventTiming($debug_time_mode); $cs = new CriteriaState("base_qry_main.php", "&new=1&submit=" . _("Query DB")); $cs->ReadState(); $qs = new QueryState(); $page_title = _("Event"); /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); if (!array_key_exists("minimal_view", $_GET) && !array_key_exists("noheader", $_GET)) { PrintCriteria(""); } $criteria_clauses = ProcessCriteria(); // Include base_header.php PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1); $from = " FROM acid_event " . $criteria_clauses[0]; $where = " WHERE " . $criteria_clauses[1]; $qs->AddValidAction("del_alert"); $qs->SetActionSQL($sort_sql[0] . $from . $where); $et->Mark("Initialization");
require "base_conf.php"; require "vars_session.php"; require "{$BASE_path}/includes/base_constants.inc.php"; require "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_common.php"; include_once "{$BASE_path}/base_stat_common.php"; include_once "{$BASE_path}/base_qry_common.php"; include_once "{$BASE_path}/base_ag_common.php"; include_once "geoip.inc"; $_SESSION["siem_default_group"] = "base_stat_sensor.php?sort_order=occur_d"; $geoloc = new Geolocation("/usr/share/geoip/GeoLiteCity.dat"); $et = new EventTiming($debug_time_mode); $cs = new CriteriaState("base_stat_sensor.php"); $cs->ReadState(); $qs = new QueryState(); // Check role out and redirect if needed -- Kevin $roleneeded = 10000; #$BUser = new BaseUser(); #if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php"); $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY)); $export = intval(ImportHTTPVar("complete", VAR_DIGIT)); // Called from report_launcher.php $qs->MoveView($submit); /* increment the view if necessary */ $page_title = gettext("Sensor Listing"); /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1); if ($event_cache_auto_update == 1) { UpdateAlertCache($db);
/* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); /* FIXME: OSSIM */ /* This used to break the port filters, have to look deeply on this maybe changing db_connect_method in base_conf.php */ $port_type = ImportHTTPVar("port_type", VAR_DIGIT); $proto = ImportHTTPVar("proto", VAR_DIGIT | VAR_PUNC); $export = intval(ImportHTTPVar("export", VAR_DIGIT)); // Called from report_launcher.php $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1); $cs = new CriteriaState("base_stat_ports.php", "&port_type={$port_type}&proto={$proto}"); $cs->ReadState(); // Check role out and redirect if needed -- Kevin $roleneeded = 10000; $port_proto = "TCP"; $qs = new QueryState(); $qs->AddCannedQuery("most_frequent", $freq_num_uports, gettext("Most Frequent Ports"), "occur_d"); $qs->AddCannedQuery("last_ports", $last_num_uports, gettext("Last Ports"), "last_d"); $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY)); $qs->MoveView($submit); /* increment the view if necessary */ $page_title = ""; switch ($proto) { case TCP: $page_title = gettext("Unique") . " TCP "; $displaytitle = $port_type == SOURCE_PORT ? gettext("Displaying source tcp ports %d-%d of <b>%s</b> matching your selection.") : gettext("Displaying destination tcp ports %d-%d of <b>%s</b> matching your selection."); break; case UDP: $page_title = gettext("Unique") . " UDP "; $displaytitle = $port_type == SOURCE_PORT ? gettext("Displaying source udp ports %d-%d of <b>%s</b> matching your selection.") : gettext("Displaying destination udp ports %d-%d of <b>%s</b> matching your selection."); break;