function update_ossim_incidents($dbconn, $vuln_incident_threshold, $hostip, $port, $risk, $desc, $scanid, $currentuser, $assignto)
{
$id_pending = 65001;
$id_false_positive = 6002;
$risk = 8 - $risk;
if ($vuln_incident_threshold >= $risk) {
return;
}
$sql_inc = $dbconn->execute("SELECT incident_id FROM incident_vulns WHERE ip = '{$hostip}' AND port = '{$port}' AND nessus_id = '{$scanid}'");
$id_inc = $sql_inc->fields["incident_id"];
if ($id_inc != "") {
$dbconn->execute("UPDATE incident SET last_update = now() WHERE id = '{$id_inc}'");
$sql_inc = $dbconn->execute("SELECT priority FROM incident WHERE status='Closed' and id = '{$id_inc}'");
$priority = $sql_inc->fields["priority"];
if ($priority != "") {
$sql_inc = $dbconn->execute("SELECT incident_id FROM incident_tag WHERE incident_tag.incident_id = '{$id_inc}' AND incident_tag.tag_id = '{$id_false_positive}'");
$hash_false_incident = $sql_inc->fields["incident_id"];
if ($hash_false_incident == "") {
$dbconn->execute("UPDATE incident SET status = 'Open' WHERE id = '{$id_inc}'");
$ticket_id = genID($dbconn, "incident_ticket_seq");
$dbconn->execute("INSERT INTO incident_ticket (id, incident_id, date, status, priority, users, description) values ('{$ticket_id}', '{$id_inc}', now(), 'Open', '{$priority}', '{$assignto}','Automatic open of the incident')");
}
}
} else {
$sql_inc = $dbconn->execute("SELECT name,reliability,priority FROM plugin_sid where plugin_id = 3001 and sid = '{$scanid}'");
$name_psid = $sql_inc->fields["name"];
$reliability_psid = $sql_inc->fields["reliability"];
$priority_psid = $sql_inc->fields["priority"];
$vuln_name = "";
if ($name_psid != "") {
$vuln_name = $name_psid;
} else {
$vuln_name = "Vulnerability - Unknown detail";
}
$priority = calc_priority($dbconn, $risk, $hostip, $scanid);
$dbconn->execute("INSERT INTO incident(title, date, ref, type_id, priority, status, last_update, in_charge, submitter, event_start, event_end) VALUES('{$vuln_name}', now(), 'Vulnerability', 'Nessus Vulnerability', '{$priority}', 'Open', now(), '{$assignto}', '{$currentuser}', '0000-00-00 00:00:00', '0000-00-00 00:00:00')");
$sql_inc = $dbconn->execute("SELECT MAX(id) id from incident");
$incident_id = $sql_inc->fields["id"];
#sanity check
$desc = str_replace("\"", "'", $desc);
$desc = trim($desc);
$incident_vulns_id = genID($dbconn, "incident_vulns_seq");
$dbconn->execute("INSERT INTO incident_vulns(id, incident_id, ip, port, nessus_id, risk, description) VALUES('{$incident_vulns_id}', '{$incident_id}', '{$hostip}', '{$port}', '{$scanid}', '{$risk}', \"{$desc}\")");
$dbconn->execute("INSERT INTO incident_tag(tag_id, incident_id) VALUES({$id_pending}, '{$incident_id}')");
Incident::insert_subscription($dbconn, $incident_id, $assignto);
}
}
$data['status'] = 'error';
echo json_encode($data);
} else {
$data['status'] = 'OK';
echo json_encode($data);
}
exit;
} else {
if (is_array($validation_errors) && !empty($validation_errors)) {
$data['status'] = 'error';
$data['data'] = $validation_errors;
} else {
$data['status'] = 'OK';
$action = POST('s_action');
if ($action == 'subscribe') {
Incident::insert_subscription($conn, $incident_id, $login);
} elseif ($action == 'unsubscribe') {
Incident::delete_subscriptions($conn, $incident_id, $login);
}
$db->close();
header("Location: incident.php?id={$incident_id}&edit={$edit}");
exit;
}
}
}
if (is_array($data['data']) && !empty($data['data'])) {
$txt_error = "<div>" . _('We found the following errors') . ":</div>\n\t\t\t\t\t\t <div style='padding:0px 3px 3px 15px;'>" . implode("<br/>", $data['data']) . "</div>";
$config_nt = array('content' => $txt_error, 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'width: 80%; margin: 20px auto; text-align: left;');
$nt = new Notification('nt_1', $config_nt);
$nt->show();
}
if ($id != "" && !Incident::user_incident_perms($conn, $id, 'show')) {
die_error(_("Sorry, you are not allowed to perform this action"));
}
/* Subscriptions Management */
if ($action == 'subscrip') {
// Only admin, entity admin and ticket owner
if (!Incident::user_incident_perms($conn, $id, $action)) {
die_error(_("You are not allowed to subscribe a new user because you are neither *admin* or the ticket owner"));
}
if (POST('login')) {
if (!ossim_valid($id, OSS_DIGIT)) {
die_error("Wrong ID");
}
if (ossim_valid(POST('login'), OSS_USER)) {
if (POST('subscribe')) {
Incident::insert_subscription($conn, $id, $_POST['login']);
} elseif (POST('unsubscribe')) {
Incident::delete_subscriptions($conn, $id, $_POST['login']);
}
} else {
die_error("Invalid user");
}
}
if (intval(POST('nohmenu')) == 1) {
header("Location: incident.php?id={$id}&edit={$edit}&nohmenu=1");
} else {
header("Location: incident.php?id={$id}&edit={$edit}");
}
exit;
}
/* New ticket */
