$unique_event_cnt = $myrow['sig_cnt'] != "" ? $myrow['sig_cnt'] : "-"; $num_src_ip = $myrow['saddr_cnt'] != "" ? $myrow['saddr_cnt'] : "-"; $num_dst_ip = $myrow['daddr_cnt'] != "" ? $myrow['daddr_cnt'] : "-"; $_country_aux = $geoloc->get_country_by_host($conn, $sensor_ip); $country = strtolower($_country_aux[0]); $country_name = $_country_aux[1]; $homelan = ""; if ($country) { $country_img = " <img src=\"/ossim/pixmaps/flags/" . $country . ".png\" alt=\"{$country_name}\" title=\"{$country_name}\">"; $slnk = $current_url . "/pixmaps/flags/" . $country . ".png"; } else { $country_img = ""; $slnk = ""; } /* Print out */ qroPrintEntryHeader($i); $tmp_rowid = $device_id; echo ' <TD><INPUT TYPE="checkbox" NAME="action_chk_lst[' . $i . ']" VALUE="' . $tmp_rowid . '">'; echo ' <INPUT TYPE="hidden" NAME="action_lst[' . $i . ']" VALUE="' . $tmp_rowid . '"></TD>'; qroPrintEntry($sensor_ip, 'center', 'middle'); qroPrintEntry($sname . $country_img . $homelan, 'center', 'middle'); qroPrintEntry($device_ip, 'center', 'middle'); qroPrintEntry('<A HREF="base_qry_main.php?new=1&sensor=' . $device_id . '&num_result_rows=-1&submit=' . gettext("Query DB") . '">' . Util::number_format_locale($event_cnt, 0) . '</A>', 'center', 'middle'); qroPrintEntry('<div id="ua' . $device_id . '" class="sens">' . $unique_event_cnt . '</div>', 'center', 'middle', 'nowrap'); qroPrintEntry('<div id="sa' . $device_id . '">' . $num_src_ip . '</div>', 'center', 'middle', 'nowrap'); qroPrintEntry('<div id="da' . $device_id . '">' . $num_dst_ip . '</div>', 'center', 'middle', 'nowrap'); /*qroPrintEntry(BuildUniqueAlertLink("?sensor=" . $device_id) . $unique_event_cnt . '</A>'); qroPrintEntry(BuildUniqueAddressLink(1, "&sensor=" . $device_id) . $num_src_ip . '</A>'); qroPrintEntry(BuildUniqueAddressLink(2, "&sensor=" . $device_id) . $num_dst_ip . '</A>');*/ qroPrintEntryFooter(); $i++;
} else { if (stristr($current_sig_txt, "(portscan) TCP Portscan") || stristr($current_sig_txt, "(portscan) UDP Portscan")) { $sql2 = "SELECT data_payload FROM data WHERE sid='" . $myrow["sid"] . "' AND cid='" . $myrow["cid"] . "'"; $result2 = $db->baseExecute($sql2); $myrow_payload = $result2->baseFetchRow(); $result2->baseFreeRows(); $myrow_payload = PrintCleanHexPacketPayload($myrow_payload[0], 2); $current_sig = $current_sig . stristr(stristr($myrow_payload, "Port/Proto Range"), ": "); } } } //$current_sig = GetTagTriger($current_sig, $db, $myrow[0], $myrow[1]); // ********************** EVENTS TABLE ********************** // <TR> //qroPrintEntryHeader((($colored_alerts == 1) ? GetSignaturePriority($myrow[2], $db) : $i) , $colored_alerts); qroPrintEntryHeader($i, $colored_alerts, '', '', 'trcellclk'); $rowid = $qs->GetCurrentView() * $show_rows + $i; $tmp_rowid = "#" . $rowid . "-(" . $myrow["sid"] . "-" . $myrow["cid"] . ")"; // <TD> // Signature $tmpsig = explode("##", $current_sig); if ($tmpsig[1] != "") { $antes = $tmpsig[0]; $despues = $tmpsig[1]; } else { $antes = ""; $despues = $current_sig; } // Solera DeepSee API $solera = ""; if ($_SESSION["_solera"]) {
/* get Total Occurrence */ $total_occurances = $myrow["sig_cnt"]; /* Get other data */ $num_sensors = $myrow["sid_cnt"]; $num_src_ip = $myrow["saddr_cnt"]; $num_dst_ip = $myrow["daddr_cnt"]; /* First and Last timestamp of this signature */ $start_time = $myrow["first_timestamp"]; $stop_time = $myrow["last_timestamp"]; if ($tz != 0) { $start_time = gmdate("Y-m-d H:i:s", get_utc_unixtime($db, $start_time) + 3600 * $tz); $stop_time = gmdate("Y-m-d H:i:s", get_utc_unixtime($db, $stop_time) + 3600 * $tz); } /* Print out (Colored Version) -- Alejandro */ //qroPrintEntryHeader((($colored_alerts == 1) ? GetSignaturePriority($sig_id, $db) : $i) , $colored_alerts); qroPrintEntryHeader($i, $colored_alerts); $tmp_rowid = $myrow["plugin_id"] . " " . $myrow["plugin_sid"]; echo ' <TD nowrap> <INPUT TYPE="checkbox" NAME="action_chk_lst[' . $i . ']" VALUE="' . $tmp_rowid . '"> </TD>'; echo ' <INPUT TYPE="hidden" NAME="action_lst[' . $i . ']" VALUE="' . $tmp_rowid . '">'; $sigstr = trim(preg_replace("/.*\\/\\s*(.*)/", "\\1", preg_replace("/^[\\.\\,\"\\!]|[\\.\\,\"\\!]\$/", "", preg_replace("/.*##/", "", html_entity_decode(strip_tags($signame)))))); $siglink = "base_qry_main.php?new=1&submit=" . gettext("Query+DB") . "&num_result_rows=-1&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=" . urlencode($sig_id); $tmpsig = explode("##", $signame); if ($tmpsig[1] != "") { $antes = $tmpsig[0]; $despues = $tmpsig[1]; } else { $antes = ""; $despues = $signame;
$qro->PrintHeader(); $i = 0; while (($myrow = $result->baseFetchRow()) && $i < $qs->GetDisplayRowCnt()) { $class_id = $myrow[0]; if ($class_id == "") { $class_id = 0; } $total_occurances = $myrow[1]; $sensor_num = $myrow[2]; $sig_num = $myrow[3]; $sip_num = $myrow[4]; $dip_num = $myrow[5]; $min_time = $myrow[6]; $max_time = $myrow[7]; /* Print out */ qroPrintEntryHeader($i, 0, 'height="42"'); $tmp_rowid = rawurlencode($class_id); echo ' <TD> <INPUT TYPE="checkbox" NAME="action_chk_lst[' . $i . ']" VALUE="' . $tmp_rowid . '"> </TD>'; echo ' <INPUT TYPE="hidden" NAME="action_lst[' . $i . ']" VALUE="' . $tmp_rowid . '">'; qroPrintEntry(GetSigClassName($class_id, $db), 'center', 'middle'); $ocurrlink = 'base_qry_main.php?new=1&sig_class=' . $class_id . '&submit=' . gettext("Query+DB") . '&num_result_rows=-1'; qroPrintEntry('<FONT>' . '<A HREF="' . $ocurrlink . '">' . $total_occurances . '</A> (' . round($total_occurances / $event_cnt * 100) . '%)' . '</FONT>', '', 'middle'); qroPrintEntry('<FONT><A HREF="base_stat_sensor.php?sig_class=' . $class_id . '">' . $sensor_num . '</A>', 'center', 'middle'); qroPrintEntry('<FONT><A HREF="base_stat_alerts.php?sig_class=' . $class_id . '">' . $sig_num . '</FONT>', 'center', 'middle'); qroPrintEntry('<FONT>' . BuildUniqueAddressLink(1, '&sig_class=' . $class_id) . $sip_num . '</A></FONT>', 'center', 'middle'); qroPrintEntry('<FONT>' . BuildUniqueAddressLink(2, '&sig_class=' . $class_id) . $dip_num . '</A></FONT>', 'center', 'middle'); //qroPrintEntry('<FONT>'.$min_time.'</FONT>');