function make_sid_filter($conn, $ip) { $sids = array(); if (preg_match("/\\d+\\/\\d+/", $ip)) { $aux = Cidr::expand_cidr($ip, 'SHORT', 'IP'); if ($aux[0] == 'I' && $aux[1] == 'P') { $aux[0] = '0x0'; $aux[1] = '0x0'; } else { $aux[0] = bin2hex(inet_pton($aux[0])); $aux[1] = bin2hex(inet_pton($aux[1])); } $query = "SELECT d.id FROM alienvault_siem.device d, alienvault.sensor s \n\t\t WHERE d.sensor_id=s.id \n\t\t AND ( (s.ip >= UNHEX('" . $aux[0] . "') AND s.ip <= UNHEX('" . $aux[1] . "')) \n\t\t OR (d.device_ip>=UNHEX('" . $aux[0] . "') AND d.device_ip <= UNHEX('" . $aux[1] . "')) )"; } else { $ip = bin2hex(@inet_pton($ip)); $query = "SELECT d.id FROM alienvault_siem.device d, alienvault.sensor s \n\t\t WHERE d.sensor_id = s.id AND ( s.ip = UNHEX('{$ip}') OR d.device_ip = UNHEX('{$ip}') )"; } //echo $query; if (!($rs =& $conn->Execute($query))) { Av_exception::throw_error(Av_exception::DB_ERROR, $conn->ErrorMsg()); } while (!$rs->EOF) { $sids[] = $rs->fields['id']; $rs->MoveNext(); } return implode(',', $sids); }