function make_sid_filter($conn, $ip)
{
$sids = array();
if (preg_match("/\\d+\\/\\d+/", $ip)) {
$aux = Cidr::expand_cidr($ip, 'SHORT', 'IP');
if ($aux[0] == 'I' && $aux[1] == 'P') {
$aux[0] = '0x0';
$aux[1] = '0x0';
} else {
$aux[0] = bin2hex(inet_pton($aux[0]));
$aux[1] = bin2hex(inet_pton($aux[1]));
}
$query = "SELECT d.id FROM alienvault_siem.device d, alienvault.sensor s \n\t\t WHERE d.sensor_id=s.id \n\t\t AND ( (s.ip >= UNHEX('" . $aux[0] . "') AND s.ip <= UNHEX('" . $aux[1] . "')) \n\t\t OR (d.device_ip>=UNHEX('" . $aux[0] . "') AND d.device_ip <= UNHEX('" . $aux[1] . "')) )";
} else {
$ip = bin2hex(@inet_pton($ip));
$query = "SELECT d.id FROM alienvault_siem.device d, alienvault.sensor s \n\t\t WHERE d.sensor_id = s.id AND ( s.ip = UNHEX('{$ip}') OR d.device_ip = UNHEX('{$ip}') )";
}
//echo $query;
if (!($rs =& $conn->Execute($query))) {
Av_exception::throw_error(Av_exception::DB_ERROR, $conn->ErrorMsg());
}
while (!$rs->EOF) {
$sids[] = $rs->fields['id'];
$rs->MoveNext();
}
return implode(',', $sids);
}
