function jgraph_attack_graph($target, $hosts, $type = "Bar3D", $width = 450, $height = 250)
{
global $security_report;
global $datapath;
global $base_dir;
global $date_from, $date_to;
if (!strcmp($target, "ip_src")) {
if (!($fp = @fopen("{$base_dir}/tmp/ip_src.xml", "w"))) {
print "Error: <b>{$datapath}</b> directory must exists and be <br/>\n";
print "writable by the user the webserver runs as";
exit;
}
} else {
if (!($fp = @fopen("{$base_dir}/tmp/ip_dst.xml", "w"))) {
print "Error: <b>{$datapath}</b> directory must exists and be <br/>\n";
print "writable by the user the webserver runs as";
exit;
}
}
fwrite($fp, "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n" . "<CategoryDataset>\n <Series name=\"{$target}\">\n");
$list = $security_report->AttackHost($target, $hosts, "event", $date_from, $date_to);
foreach ($list as $l) {
$ip = $l[0];
$ctx = $l[2] != '' ? $l[2] : Session::get_default_ctx();
$occurrences = $l[1];
$_names_aux = Asset_host::get_name_by_ip($security_report->ossim_conn, $ip, $ctx);
$hostname = array_shift($_names_aux);
if (strlen($hostname) > MAX_HOSTNAME_LEN) {
$hostname = $ip;
}
fwrite($fp, " <Item>\n <Key>{$hostname}</Key>\n <Value>{$occurrences}</Value>\n </Item>\n");
}
fwrite($fp, " </Series>\n</CategoryDataset>\n\n");
fclose($fp);
echo "\n<applet archive=\"../java/jcommon-0.9.5.jar,../java/jfreechart-0.9.20.jar,../java/jossim-graph.jar\" code=\"net.ossim.graph.applet.OssimGraphApplet\" width=\"{$width}\" height=\"{$height}\" alt=\"You should see an applet, not this text.\">\n <param name=\"graphType\" value=\"{$type}\">";
if (!strcmp($target, "ip_src")) {
echo " <param name=\"xmlDataUrl\" value=\"{$datapath}/ip_src.xml\">";
} else {
echo " <param name=\"xmlDataUrl\" value=\"{$datapath}/ip_dst.xml\">";
}
echo "\n <param name=\"alpha\" value=\"0.42f\">\n <param name=\"legend\" value=\"false\">\n <param name=\"tooltips\" value=\"false\">\n <param name=\"orientation\" value=\"HORIZONTAL\">\n</applet>\n";
}
<tr>
<td style="height:106px" align="center">
<div id="graph2" style="text-align:center;margin:0px;height:104px;width:98%"></div>
</td>
</tr>
<script language="javascript" type="text/javascript">
$( function () {
$.plot($("#graph2"), [
<?php
$i = 0;
foreach ($list2 as $l) {
$ip = $l[0];
$occurrences = Util::number_format_locale($l[1], 0);
$_hostnames = Asset_host::get_name_by_ip($conn, $ip);
$hostname = count($_hostnames) > 0 ? array_shift($_hostnames) : $ip;
$label = str_replace("'", "\\'", "[<b>{$occurrences}</b>] {$hostname}");
//if (strlen($label)>31) $label = substr($label, 0, 30)."..";
?>
<?php
echo $i++ == 0 ? "" : ",";
?>
{ label: '<?php
echo $label;
?>
', data: <?php
echo $l[1];
?>
}
<?php
$me = NULL;
}
$_country_aux = $geoloc->get_country_by_host($conn, $user->get_ip());
$s_country = strtolower($_country_aux[0]);
$s_country_name = $_country_aux[1];
$geo_code = get_country($s_country);
$flag = !empty($geo_code) ? "<img src='" . $geo_code . "' border='0' align='top'/>" : '';
$logon_date = gmdate('Y-m-d H:i:s', Util::get_utc_unixtime($user->get_logon_date()) + 3600 * Util::get_timezone());
$activity_date = Util::get_utc_unixtime($user->get_activity());
$background = Session_activity::is_expired($activity_date) ? 'background:#FFD8D6;' : '';
$expired = Session_activity::is_expired($activity_date) ? "<span style='color:red'>(" . _('Expired') . ")</span>" : "";
$agent = explode('###', $user->get_agent());
if ($agent[1] == 'av report scheduler') {
$agent = array('AV Report Scheduler', 'wget');
}
$host = @array_shift(Asset_host::get_name_by_ip($conn, $user->get_ip()));
$host = $host == '' ? $user->get_ip() : $host;
echo " <tr id='" . $user->get_id() . "'>\n\t\t\t\t\t\t\t\t\t<td class='ops_user' {$me}><img class='user_icon' src='" . get_user_icon($user->get_login(), $pro) . "' alt='" . _('User icon') . "' title='" . _('User icon') . "' align='absmiddle'/> " . $user->get_login() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_ip'>" . $user->get_ip() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_host'>" . $host . $flag . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_agent'><a title='" . htmlentities($agent[1]) . "' class='info_agent'>" . htmlentities($agent[0]) . "</a></td>\n\t\t\t\t\t\t\t\t\t<td class='ops_id'>" . $user->get_id() . " {$expired}</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_logon'>" . $logon_date . "</td>\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<td class='ops_activity'>" . _(TimeAgo($activity_date, gmdate('U'))) . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_actions'>{$action}</td>\t\n\t\t\t\t\t\t\t\t</tr>";
}
}
?>
</tbody>
</table>
</div>
</div>
</body>
</html>
<?php
$db->close();
print_incident_fields(_('Port'), $a_port);
print_incident_fields(_('Previous Protocol [Version]'), "{$a_prot_o} [{$a_ver_o}]");
print_incident_fields(_('New Protocol [Version]'), "{$a_prot} [{$a_ver}]");
} elseif ($anom_type == 'os') {
list($a_sen, $a_date, $a_os_o) = explode(",", $anom_info_o);
list($a_sen, $a_date, $a_os) = explode(",", $anom_info);
print_incident_fields(_('Host'), $anom_ip);
print_incident_fields(_('Previous OS'), $a_os_o);
print_incident_fields(_('New OS'), $a_os);
}
}
} elseif ($ref == 'Vulnerability') {
$vulnerability_list = $incident->get_vulnerabilities($conn);
foreach ($vulnerability_list as $vulnerability_data) {
$nessus_id = $vulnerability_data->get_nessus_id();
$hostname_temp = Asset_host::get_name_by_ip($conn, $vulnerability_data->get_ip());
$hostname_temp = array_shift($hostname_temp);
print_incident_fields(_('IP'), $vulnerability_data->get_ip() . $hostname_temp);
print_incident_fields(_('Port'), $vulnerability_data->get_port());
print_incident_fields(_('Scanner ID'), $nessus_id);
print_incident_fields(_('Risk'), $vulnerability_data->get_risk());
print_incident_fields(_('Description'), nl2br($vulnerability_data->get_description()));
}
} elseif ($ref == 'Custom') {
$custom_list = $incident->get_custom($conn);
foreach ($custom_list as $custom) {
$c_val = Incident::format_custom_field($custom[3], $id, $custom[1], $custom[2]);
print_incident_fields($custom[0], $c_val);
}
}
?>
