Exemple #1
0
$src = $stats['src'];
$dst = $stats['dst'];
$alarm_name = Util::translate_alarm($conn, $alarm->get_sid_name(), $alarm, 'array');
if (!empty($alarm_name['subcategory'])) {
    $alarm_tr = Util::translate_alarm($conn, $alarm_name['subcategory'], $alarm, 'array');
    $alarm_name['subcategory'] = $alarm_tr['name'];
}
$event_number = $stats['events'];
$alarm_time = get_alarm_life($alarm->get_since(), $alarm->get_last());
$alarm_life = get_alarm_life($alarm->get_last(), gmdate("Y-m-d H:i:s"), 'ago');
/* Source */
$_home_src = Asset_host::get_extended_name($conn, $gl, $alarm->get_src_ip(), $ctx, $event_info["src_host"], $event_info["src_net"]);
/* Destination */
$_home_dst = Asset_host::get_extended_name($conn, $gl, $alarm->get_dst_ip(), $ctx, $event_info["dst_host"], $event_info["dst_net"]);
//Alarm Attack Pattern
$attack_pattern = _(is_promiscous(count($src['ip']), count($dst['ip']), $_home_src['is_internal'], $_home_dst['is_internal']));
//Getting the tags
$_tags = Tag::get_tags_by_component($conn, $backlog_id);
$tag_list = array();
foreach ($_tags as $tag_id => $tag) {
    $tag_list[$tag_id] = array('id' => $tag_id, 'name' => $tag->get_name(), 'class' => $tag->get_class());
}
//Alarm Status
if ($alarm->get_removable() === 0) {
    $status = 'correlating';
} else {
    $status = $alarm->get_status();
}
//Alarm JSON Info
$alarm = array('backlog_id' => $backlog_id, 'plugin_id' => $alarm->get_plugin_id(), 'plugin_sid' => $alarm->get_plugin_sid(), 'event_id' => $alarm->get_event_id(), 'engine' => Util::uuid_format($alarm->get_ctx()), 'agent_ctx' => $event_info["agent_ctx"], 'sid_name' => $alarm_name['name'], 'status' => $status, 'risk' => $alarm->get_risk(), 'attack_pattern' => $attack_pattern, 'created' => $alarm_life, 'duration' => $alarm_time, 'events' => $event_number, 'otx_icon' => $alarm->get_otx_icon(), 'iocs' => $alarm->get_iocs($conn, TRUE), 'event_start' => $alarm->get_since(), 'event_end' => $alarm->get_last(), 'src_ips' => $alarm->get_src_ip(), 'dst_ips' => $alarm->get_dst_ip(), 'src_ports' => $alarm->get_src_port(), 'dst_ports' => $alarm->get_dst_port(), 'sources' => $src['ip'], 'destinations' => $dst['ip'], 'tags' => $tag_list, 'taxonomy' => array('id' => $alarm_name['id'], 'kingdom' => $alarm_name['kingdom'], 'category' => $alarm_name['category'], 'subcategory' => $alarm_name['subcategory']));
//Alarm Perms
Exemple #2
0
$alarm_open_url = "open_alarm('{$backlog_id}');";
$alarm_delete_url = "tray_delete('{$backlog_id}');";
/* Source Home */
$_home_src = Asset_host::get_extended_name($conn, $geoloc, $alarm->get_src_ip(), $ctx, $event["_SRC_HOST"], $event["_SRC_NET"]);
/* Destination Home */
$_home_dst = Asset_host::get_extended_name($conn, $geoloc, $alarm->get_dst_ip(), $ctx, $event["_DST_HOST"], $event["_DST_NET"]);
/* Detail */
$alarm_name = Util::translate_alarm($conn, $alarm->get_sid_name(), $alarm, 'array');
if ($alarm_name["id"] != '') {
    $alarm_image = file_exists("/usr/share/ossim/www/alarm/style/img/" . $alarm_name["id"] . ".png") ? "<img src='style/img/" . $alarm_name["id"] . ".png' border='0' title='" . $alarm_name["kingdom"] . "'>" : "";
    $alarm_title = $alarm_name["kingdom"] . ": <span style='font-size:15px'>" . $alarm_name["category"] . "</span>";
} else {
    $alarm_image = "";
    $alarm_title = $alarm_name['name'];
}
$promiscous_title = _(is_promiscous(count($stats['src']['ip']), count($stats['dst']['ip']), $_home_src['is_internal'], $_home_dst['is_internal']));
?>

<script language="javascript">

    // Remove tag
    function remove_tag(status, data)
    {
        $('#delete_data').html('');
        $('#info_delete').hide();

        if ('OK' == status)
        {
            display_datatables_column(true);

            var row = $('#<?php 
 $engine = $alarm->get_ctx();
 $taxonomy_icon = '/ossim/pixmaps/alarms.png';
 $alarm_name = Util::translate_alarm($conn, $alarm->get_sid_name(), $alarm, 'array');
 $event_number = $stats['events'];
 //$alarm_time            = get_alarm_life($stats['min_timestamp'], $stats['max_timestamp']);
 //$alarm_life            = get_alarm_life($stats['min_timestamp'], gmdate("Y-m-d H:i:s"), 'ago');
 $alarm_time = get_alarm_life($alarm->get_since(), $alarm->get_last());
 $alarm_life = get_alarm_life($alarm->get_last(), gmdate("Y-m-d H:i:s"), 'ago');
 list($risk, $risk_color) = colorize_risk($alarm->get_risk());
 /* Source */
 $_home_src = Asset_host::get_extended_name($conn, $geoloc, $alarm->get_src_ip(), $ctx, $event_info["src_host"], $event_info["src_net"]);
 $src_home = $_home_src['is_internal'] ? "<img src='/ossim/alarm/style/img/home24.png' class='home_img' /> " : '';
 /* Destination */
 $_home_dst = Asset_host::get_extended_name($conn, $geoloc, $alarm->get_dst_ip(), $ctx, $event_info["dst_host"], $event_info["dst_net"]);
 $dst_home = $_home_dst['is_internal'] ? "<img src='/ossim/alarm/style/img/home24.png' class='home_img' /> " : '';
 $promiscous_title = _(is_promiscous(count($src['ip']), count($dst['ip']), $_home_src['is_internal'], $_home_dst['is_internal']));
 if (count($src['ip']) > 1 || count($dst['ip']) > 1) {
     $promiscous_icon = '/ossim/alarm/style/img/promiscuous.png';
 } else {
     $promiscous_icon = '/ossim/alarm/style/img/npromiscuous.png';
 }
 $tooltip = '';
 //Tags related to the alarm
 $tags = $alarm->get_tags();
 if (!empty($tags)) {
     $tags_list = Tags::get_list($conn);
     $tlist = array();
     foreach ($tags as $id_tag) {
         $tag = $tags_list[$id_tag];
         if (is_object($tag)) {
             $tlist[] = "<div>" . $tag->get_name() . "</div>";