$userdata7 = $empty; } $userdata8 = Util::htmlentities($myrow2["userdata8"]); if ($userdata8 == "") { $userdata8 = $empty; } $userdata9 = Util::htmlentities($myrow2["userdata9"]); if ($userdata9 == "") { $userdata9 = $empty; } list($payload, $binary) = GetPayloadFromAV($db, $eid, $is_snort); $context = 0; $idm_data['src_hostname'] = Util::htmlentities($myrow2['src_hostname']); $idm_data['src_mac'] = formatMAC($myrow2['src_mac']); $idm_data['dst_hostname'] = Util::htmlentities($myrow2['dst_hostname']); $idm_data['dst_mac'] = formatMAC($myrow2['dst_mac']); // reputation data $idm_data['rep_prio_src'] = $myrow2['rep_prio_src']; $idm_data['rep_prio_dst'] = $myrow2['rep_prio_dst']; $idm_data['rep_rel_src'] = $myrow2['rep_rel_src']; $idm_data['rep_rel_dst'] = $myrow2['rep_rel_dst']; $idm_data['rep_act_src'] = $myrow2['rep_act_src']; $idm_data['rep_act_dst'] = $myrow2['rep_act_dst']; // idm_data $userdomains = array(); $sqli = "select * from alienvault.idm_data where event_id=unhex('{$eid}')"; $resulti = $db->baseExecute($sqli); while ($idmdata = $resulti->baseFetchRow()) { if ($idmdata["from_src"]) { $userdomains["src"][] = $idmdata["username"] . "@" . $idmdata["domain"]; } else {
$row_id["domain"] = trim($row_id["domain"]); if (!empty($row_id["username"])) { $idm_u = $row_id["username"]; $idm_d = $row_id["domain"] != '' ? "@" . $row_id["domain"] : ''; if (intval($row_id["from_src"])) { $srcud[] = Util::htmlentities($idm_u . $idm_d); } else { $dstud[] = Util::htmlentities($idm_u . $idm_d); } } } $myrow["src_userdomain"] = implode(", ", $srcud); $myrow["dst_userdomain"] = implode(", ", $dstud); $rs_id->baseFreeRows(); $myrow["src_mac"] = formatMAC($myrow["src_mac"]); $myrow["dst_mac"] = formatMAC($myrow["dst_mac"]); // // SID, CID, PLUGIN_* $cell_data['ID'] = $eid; $cell_align['ID'] = "center"; $sensor_name = GetSensorName($myrow["device_id"], $db); if ($sensor_name == 'Unknown' || $sensor_name == 'N/A') { $sensor_msg = _("Directive events are generated in servers, not in sensors"); $cell_data['SENSOR'] = '<A class="trlnk" alt="' . $sensor_msg . '" title="' . $sensor_msg . '" HREF="#">' . _("N/A") . '</A>'; $cell_pdfdata['SENSOR'] = _("N/A"); } else { $sensor_msg = $sensorips[$myrow["device_id"]]; $s_url = Menu::get_menu_url("base_qry_main.php?new=2&num_result_rows=-1&submit=Query+DB¤t_view=-1&sensor=" . $myrow["device_id"], 'analysis', 'security_events', 'security_events'); $cell_data['SENSOR'] = '<a class="trlnk" alt="' . Util::htmlentities($sensor_msg) . '" title="' . Util::htmlentities($sensor_msg) . '" href="' . $s_url . '">' . Util::htmlentities($sensor_name) . '</a>'; $cell_pdfdata['SENSOR'] = Util::htmlentities($sensor_name); }