Esempio n. 1
0
"><?php 
        echo Util::number_format_locale($country_uhn['dstnum'], 0);
        ?>
</a>
			<?php 
    } else {
        echo "0";
    }
    ?>
			</td>
		  </TR>
		 </TABLE>
		</TD>
	</tr>
<?php 
    $report_data[] = array($country, "", "", "", "", "", "", "", "", "", "", $country_uhn['Unknown'], $country_uhn['srcnum'] + $country_uhn['dstnum'], 0);
}
echo '</TABLE>';
$result->baseFreeRows();
$dbo->close($_conn);
$qro->PrintFooter();
//$qs->PrintBrowseButtons();
$qs->PrintAlertActionButtons();
$qs->SaveReportData($report_data, $unique_country_events_report_type);
$qs->SaveState();
ExportHTTPVar("addr_type", $addr_type);
PrintBASESubFooter();
$et->Mark("Get Query Elements");
$et->PrintTiming();
echo "</body>\r\n</html>";
geoip_close($gi);
Esempio n. 2
0
                                }
                            }
                        }
                    }
                }
            }
        }
        echo '<input type="submit" name="submit" value="' . $button_text . '">';
        echo '</div>';
    }
}
// if ($ag_action != "list")
echo '<input type="hidden" name="ag_action" value="' . htmlspecialchars($ag_action) . '">';
if ($ag_action == "view" && $submit != "") {
    /* Calculate the Number of Alerts */
    $cnt_sql = "SELECT count(ag_sid) FROM acid_ag_alert WHERE ag_id='" . $ag_id . "'";
    $save_sql = "SELECT acid_event.sid, acid_event.cid, signature, timestamp, " . "ip_src, ip_dst, ip_proto " . "FROM acid_event " . "LEFT JOIN acid_ag_alert ON acid_event.sid=ag_sid AND acid_event.cid=ag_cid " . "WHERE acid_event.cid > '0' AND ag_id = '" . $ag_id . "'";
    $printing_ag = true;
    $ag = $ag_id;
    include "{$BASE_path}/base_qry_sqlcalls.php";
}
$qs->SaveState();
/* Export action_arg = current AG ID, so that Actions work */
ExportHTTPVar($ag_id, "action_arg");
echo "\n</form>\n";
PrintBASESubFooter();
if ($debug_time_mode > 0) {
    $et->Mark("Get Query Elements");
    $et->PrintTiming();
}
echo "</body>\r\n</html>";
Esempio n. 3
0
                $val = explode(":", $dat);
                if ($val[0] != "") {
                    echo "<div class='siem_detail_snortattr siem_detail_snorttab'><b>" . Util::htmlentities(trim($val[0])) . ":</b> " . Util::htmlentities($val[1]) . "</div>\n";
                }
            }
        }
        echo '</div>';
    }
    //
    // pcap
    //
    if (!empty($binary)) {
        include "base_payload_pcap.php";
    }
}
ExportHTTPVar("caller", $caller);
echo "</FORM>\n\n";
if (array_key_exists("minimal_view", $_GET)) {
    echo "</FORM>\n\n";
    ?>
    </div><br/><div class="center">
        <button class="button" id="view_more" data-url="<?php 
    echo Menu::get_menu_url(AV_MAIN_PATH . "/forensics/base_qry_alert.php?noheader=true&pag={$pag}&submit=" . rawurlencode($submit), 'analysis', 'security_events', 'security_events');
    ?>
"><?php 
    echo _('View More');
    ?>
</button>
    </div><br/>
<?php 
}
Esempio n. 4
0
 function SaveState()
 {
     echo "<!-- Saving Query State -->\n";
     ExportHTTPVar("caller", $this->current_canned_query);
     ExportHTTPVar("num_result_rows", $this->num_result_rows);
     // The below line is commented to fix bug #1761605 please verify this doesnt break anything else -- Kevin Johnson
     ExportHTTPVar("sort_order", $this->current_sort_order);
     ExportHTTPVar("current_view", $this->current_view);
 }
Esempio n. 5
0
    $pid = $myrow[0] . '-' . $ctx;
    qroPrintEntry('<div class="upr" id="us' . $pid . '">-</div>', 'center', 'middle');
    qroPrintEntry('<div id="ud' . $pid . '">-</div>', 'center', 'middle');
    qroPrintEntryFooter();
    ++$i;
    // report_data
    $report_data[] = array(trim($crPort), $num_sig, $num_sip, $num_dip, $first_time, $last_time, "", "", "", "", $sens, $proto < 0 ? 0 : ($proto == TCP ? 1 : 2), 0, $num_events);
}
$result->baseFreeRows();
$qro->PrintFooter();
$qs->PrintBrowseButtons();
$qs->PrintAlertActionButtons();
$qs->SaveReportData($report_data, $port_type == SOURCE_PORT ? $src_port_report_type : $dst_port_report_type);
$qs->SaveState();
ExportHTTPVar("port_type", $port_type);
ExportHTTPVar("proto", $proto);
echo "\n</FORM>\n";
PrintBASESubFooter();
$et->Mark("Get Query Elements");
$et->PrintTiming();
$db->baseClose();
// Do not load javascript if we are exporting with report_launcher.php
if (!$export) {
    ?>
<script>
    var tmpimg = '<img alt="" src="data:image/gif;base64,R0lGODlhEAALAPQAAOPj4wAAAMLCwrm5udHR0QUFBQAAACkpKXR0dFVVVaamph4eHkJCQnt7e1lZWampqSEhIQMDA0VFRc3NzcHBwdra2jIyMsTExNjY2KKioo6OjrS0tNTU1AAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/hpDcmVhdGVkIHdpdGggYWpheGxvYWQuaW5mbwAh+QQJCwAAACwAAAAAEAALAAAFLSAgjmRpnqSgCuLKAq5AEIM4zDVw03ve27ifDgfkEYe04kDIDC5zrtYKRa2WQgAh+QQJCwAAACwAAAAAEAALAAAFJGBhGAVgnqhpHIeRvsDawqns0qeN5+y967tYLyicBYE7EYkYAgAh+QQJCwAAACwAAAAAEAALAAAFNiAgjothLOOIJAkiGgxjpGKiKMkbz7SN6zIawJcDwIK9W/HISxGBzdHTuBNOmcJVCyoUlk7CEAAh+QQJCwAAACwAAAAAEAALAAAFNSAgjqQIRRFUAo3jNGIkSdHqPI8Tz3V55zuaDacDyIQ+YrBH+hWPzJFzOQQaeavWi7oqnVIhACH5BAkLAAAALAAAAAAQAAsAAAUyICCOZGme1rJY5kRRk7hI0mJSVUXJtF3iOl7tltsBZsNfUegjAY3I5sgFY55KqdX1GgIAIfkECQsAAAAsAAAAABAACwAABTcgII5kaZ4kcV2EqLJipmnZhWGXaOOitm2aXQ4g7P2Ct2ER4AMul00kj5g0Al8tADY2y6C+4FIIACH5BAkLAAAALAAAAAAQAAsAAAUvICCOZGme5ERRk6iy7qpyHCVStA3gNa/7txxwlwv2isSacYUc+l4tADQGQ1mvpBAAIfkECQsAAAAsAAAAABAACwAABS8gII5kaZ7kRFGTqLLuqnIcJVK0DeA1r/u3HHCXC/aKxJpxhRz6Xi0ANAZDWa+kEAA7AAAAAAAAAAAA" />';
    var plots=new Array();
    var pi = 0;
    function load_content() {
        if (pi>=plots.length) return;
        var item = plots[pi]; pi++;
Esempio n. 6
0
    } elseif ($sort_order == "oriskd_a") {
        $sort_sql = " ORDER BY ossim_risk_a ASC,timestamp DESC";
    } elseif ($sort_order == "oriskd_d") {
        $sort_sql = " ORDER BY ossim_risk_a DESC,timestamp DESC";
    } elseif ($sort_order == "oreli_a") {
        $sort_sql = " ORDER BY ossim_reliability ASC,timestamp DESC";
    } elseif ($sort_order == "oreli_d") {
        $sort_sql = " ORDER BY ossim_reliability DESC,timestamp DESC";
    } elseif ($sort_order == "proto_a") {
        $sort_sql = " ORDER BY ip_proto ASC,timestamp DESC";
        $criteria_sql = preg_replace("/1  AND \\( timestamp/", "ip_proto > 0 AND ( timestamp", $criteria_sql);
    } elseif ($sort_order == "proto_d") {
        $sort_sql = " ORDER BY ip_proto DESC,timestamp DESC";
        $criteria_sql = preg_replace("/1  AND \\( timestamp/", "ip_proto > 0 AND ( timestamp", $criteria_sql);
    }
    ExportHTTPVar("prev_sort_order", $sort_order);
}
// Choose the correct INDEX for select
if (preg_match("/^time/", $sort_order)) {
    $sql .= " FORCE INDEX (timestamp)";
}
//elseif (preg_match("/^sip/", $sort_order)) $sql.= " FORCE INDEX (ip_src)";
//elseif (preg_match("/^dip/", $sort_order)) $sql.= " FORCE INDEX (ip_dst)";
//elseif (preg_match("/^sig/", $sort_order)) $sql.= " FORCE INDEX (sig_name)";
//elseif (preg_match("/^oasset/", $sort_order)) $sql.= " FORCE INDEX (ossim_asset_dst)";
//elseif (preg_match("/^oprio/", $sort_order)) $sql.= " FORCE INDEX (acid_event_ossim_priority)";
//elseif (preg_match("/^oriska/", $sort_order)) $sql.= " FORCE INDEX (acid_event_ossim_risk_a)";
//elseif (preg_match("/^oriskd/", $sort_order)) $sql.= " FORCE INDEX (acid_event_ossim_risk_c)";
//elseif (preg_match("/^oreli/", $sort_order)) $sql.= " FORCE INDEX (acid_event_ossim_reliability)";
//elseif (preg_match("/^proto/", $sort_order)) $sql.= " FORCE INDEX (ip_proto)";
// Make SQL string with criterias