function validate_post_params($conn, $name, $descr, $sids, $imported_sids)
{
$vals = array('name' => array(OSS_INPUT, 'illegal:' . _("Name")), 'descr' => array(OSS_TEXT, OSS_NULLABLE, 'illegal:' . _("Description")));
ossim_valid($name, $vals['name']);
ossim_valid($descr, $vals['descr']);
$plugins = array();
$sids = is_array($sids) ? $sids : array();
if (intval(POST('pluginid')) > 0) {
$sids[POST('pluginid')] = "0";
}
foreach ($sids as $plugin => $sids_str) {
if ($sids_str !== '') {
list($valid, $data) = Plugin_sid::validate_sids_str($sids_str);
if (!$valid) {
ossim_set_error(_("Error for data source ") . $plugin . ': ' . $data);
break;
}
if ($sids_str == "ANY") {
$sids_str = "0";
} else {
$aux = count(explode(',', $sids_str));
$total = Plugin_sid::get_sidscount_by_id($conn, $plugin);
$sids_str = $aux == $total ? "0" : $sids_str;
}
$plugins[$plugin] = $sids_str;
}
}
if (!count($plugins) && !count($imported_sids)) {
ossim_set_error(_("No Data Sources or Event Types selected"));
}
if (ossim_error()) {
die(ossim_error());
}
return array($name, $descr, $plugins);
}
function modify_plugingroup_plugin($conn, $data)
{
$plugin_group = $data['plugin_group'];
$plugin_id = $data['plugin_id'];
$sids_str = $data['plugin_sids'];
ossim_valid($plugin_id, OSS_DIGIT, 'illegal:' . _("Plugin ID"));
ossim_valid($plugin_group, OSS_HEX, 'illegal:' . _("Plugin GroupID"));
if (ossim_error()) {
$info_error = "Error: " . ossim_get_error();
ossim_clean_error();
$return['error'] = true;
$return['msg'] = $info_error;
return $return;
}
$total_sel = 1;
if (is_array($sids_str)) {
$total_sel = count($sids_str);
$sids_str = implode(',', $sids_str);
}
if ($sids_str !== '') {
list($valid, $data) = Plugin_sid::validate_sids_str($sids_str);
if (!$valid) {
$return['error'] = true;
$return['msg'] = _("Error for data source ") . $plugin_id . ': ' . $data;
return $return;
}
if ($sids_str == "ANY") {
$sids_str = "0";
} else {
$total = Plugin_sid::get_sidscount_by_id($conn, $plugin_id);
$sids_str = $total_sel == $total ? "0" : $sids_str;
}
Plugin_group::edit_plugin($conn, $plugin_group, $plugin_id, $sids_str);
}
$return['error'] = false;
$return['output'] = '';
return $return;
}
function validate_post_params($conn, $name, $descr, $sids, $imported_sids, $group_id = NULL)
{
$vals = array('name' => array(OSS_INPUT, 'illegal:' . _("Name")), 'descr' => array(OSS_ALL, OSS_NULLABLE, 'illegal:' . _("Description")), 'group_id' => array(OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Group ID")));
ossim_valid($group_id, $vals['group_id']);
ossim_valid($name, $vals['name']);
if (ossim_error() == FALSE && Plugin_group::is_valid_group_name($conn, $name, $group_id) == FALSE) {
$name = Util::htmlentities($name);
ossim_set_error(sprintf(_("DS group name '<strong>%s</strong>' already exists"), $name));
}
ossim_valid($descr, $vals['descr']);
$plugins = array();
$sids = is_array($sids) ? $sids : array();
$pluginid = intval(POST('pluginid'));
if ($pluginid > 0) {
$sids[$pluginid] = "0";
}
foreach ($sids as $plugin => $sids_str) {
if ($sids_str !== '') {
list($valid, $data) = Plugin_sid::validate_sids_str($sids_str);
if (!$valid) {
ossim_set_error(_("Error for data source ") . $plugin . ': ' . $data);
break;
}
if ($sids_str == "ANY") {
$sids_str = "0";
} else {
$aux = count(explode(',', $sids_str));
$total = Plugin_sid::get_sidscount_by_id($conn, $plugin);
$sids_str = $aux == $total ? "0" : $sids_str;
}
$plugins[$plugin] = $sids_str;
}
}
if (!count($plugins) && !count($imported_sids)) {
ossim_set_error(_("No Data Sources or Event Types selected"));
}
return array($group_id, $name, $descr, $plugins, ossim_error());
}
}
if ($direct->id != $directive_id) {
echo "<center><span style='color:red'>" . _("The directive {$directive_id} doesn't exist in {$XML_FILE}") . "</span></center>";
exit;
}
$_SESSION['directive'] = serialize($direct);
if ($XML_FILE != '/etc/ossim/server/directives.xml') {
release_file($XML_FILE);
}
if (!empty($directive_id)) {
$direct->printDirective($level, $directive_xml);
}
?>
</table>
<?php
$directive_name = Plugin_sid::get_name_by_idsid($conn, "1505", $directive_id);
list($properties, $num_properties) = Compliance::get_category($conn, "AND category.sid={$directive_id}");
$iso_groups = ISO27001::get_groups($conn, "WHERE SIDSS_Ref LIKE '{$directive_id}' OR SIDSS_Ref LIKE '{$directive_id},%' OR SIDSS_Ref LIKE '%,{$directive_id}' OR SIDSS_Ref LIKE '%,{$directive_id},%'");
$pci_groups = PCI::get_groups($conn, "WHERE SIDSS_ref LIKE '{$directive_id}' OR SIDSS_ref LIKE '{$directive_id},%' OR SIDSS_ref LIKE '%,{$directive_id}' OR SIDSS_ref LIKE '%,{$directive_id},%'");
list($alarms, $num_alarms) = Alarm::get_list3($conn, "", "", 0, "", null, null, null, null, "", $directive_id);
$kdocs = Repository::get_linked_by_directive($conn, $directive_id);
?>
<table class="transparent" height="100%" width="100%">
<tr>
<td class="nobborder" valign="top">
<table height="100%" width="100%">
<tr><th colspan="2" height="15"><?php
echo _("Properties");
?>
</th></tr>
<?php
function rule_table($dom, $directive_id, $directive, $level, $ilevel)
{
global $conn;
if ($directive->has_child_nodes()) {
$rules = $directive->child_nodes();
$branch = 0;
foreach ($rules as $rule) {
if ($rule->type == XML_ELEMENT_NODE && $rule->tagname() == 'rule') {
if ($ilevel != $level) {
$indent = "<td colspan=" . ($ilevel - $level) . ">";
} else {
$indent = '';
}
if ($level == 1) {
?>
<tr><?php
echo $indent;
} elseif ($level == 2) {
?>
<tr bgcolor="#CCCCCC"><?php
echo $indent;
} elseif ($level == 3) {
?>
<tr bgcolor="#999999"><?php
echo $indent;
} elseif ($level == 4) {
?>
<tr bgcolor="#9999CC"><?php
echo $indent;
} elseif ($level == 5) {
?>
<tr bgcolor="#6699CC"><?php
echo $indent;
}
?>
<!-- expand -->
<td class="left" colspan=<?php
echo $level;
?>
>
<?php
if ($level == 1 && $rule->has_child_nodes()) {
?>
<a href="<?php
echo $_SERVER["SCRIPT_NAME"];
?>
?directive=<?php
echo $directive_id;
?>
&level=<?php
echo $ilevel + 1;
?>
"><?php
echo "+";
?>
</a>
<?php
} elseif ($rule->has_child_nodes()) {
?>
<a href="<?php
echo $_SERVER["SCRIPT_NAME"];
?>
?directive=<?php
echo $directive_id;
?>
&level=<?php
echo $ilevel - $level + 1;
?>
"><?php
echo '-';
?>
</a>
<?php
}
?>
</td>
<!-- end expand -->
<td><?php
echo $rule->get_attribute('name');
?>
</td>
<td><?php
echo $rule->get_attribute('reliability');
?>
</td>
<td><?php
echo $rule->get_attribute('time_out');
?>
</td>
<td><?php
echo $rule->get_attribute('occurrence');
?>
</td>
<td><?php
echo $rule->get_attribute('from');
?>
</td>
<td><?php
echo $rule->get_attribute('to');
?>
</td>
<td><?php
echo $rule->get_attribute('port_from');
?>
</td>
<td><?php
echo $rule->get_attribute('port_to');
?>
</td>
<td><?php
echo $rule->get_attribute('sensor');
?>
</td>
<td>
<?php
$plugin_id = $rule->get_attribute('plugin_id');
if ($plugin_list = Plugin::get_list($conn, "WHERE id = {$plugin_id}")) {
$name = $plugin_list[0]->get_name();
echo "<a href=\"../conf/pluginsid.php?id={$plugin_id}&" . "name={$name}\">{$name}</a> ({$plugin_id})";
}
?>
</td>
<td>
<?php
$plugin_sid = $rule->get_attribute('plugin_sid');
$plugin_sid_list = split(',', $plugin_sid);
if (count($plugin_sid_list) > 30) {
?>
<a style="cursor:hand;" TITLE="To view or hide the list of plugin sid click here." onclick="Menus('plugsid')"> <?php
echo gettext("Expand / Collapse");
?>
</a>
<div id="plugsid" class="menucache">
<?php
}
foreach ($plugin_sid_list as $sid_negate) {
$sid = $sid_negate;
if (!strncmp($sid_negate, "!", 1)) {
$sid = substr($sid_negate, 1);
}
/* sid == ANY */
if (!strcmp($sid, "ANY")) {
echo gettext("ANY");
} elseif (strpos($sid, "PLUGIN_SID")) {
echo gettext("{$sid}");
} elseif ($plugin_list = Plugin_sid::get_list($conn, "WHERE plugin_id = {$plugin_id} AND sid = {$sid}")) {
$name = $plugin_list[0]->get_name();
echo "<a title=\"{$name}\">{$sid_negate}</a> ";
}
}
if (count($plugin_sid_list) > 30) {
?>
</div>
<?php
}
?>
</td>
</tr>
<?php
if ($level > 1) {
if ($rule->has_child_nodes()) {
$rules = $rule->child_nodes();
foreach ($rules as $rule) {
rule_table($dom, $directive_id, $rule, $level - 1, $ilevel);
}
}
}
$branch++;
}
}
/* foreach */
}
}
function get_doc_info($conn, $rel)
{
$name = '';
$url = '';
$url_links['host'] = Menu::get_menu_url('/ossim/av_asset/common/views/detail.php?asset_id=KKKK', 'environment', 'assets', 'assets');
$url_links['net'] = Menu::get_menu_url('/ossim/av_asset/network/view/list.php', 'environment', 'assets', 'networks');
$url_links['host_group'] = Menu::get_menu_url('/ossim/av_asset/group/view/list.php', 'environment', 'assets', 'asset_groups');
$url_links['net_group'] = Menu::get_menu_url('/ossim/netgroup/netgroup.php', 'environment', 'assets', 'network_groups');
$url_links['incident'] = Menu::get_menu_url('/ossim/incidents/incident.php?id=KKKK', 'analysis', 'tickets', 'tickets');
$url_links['directive'] = Menu::get_menu_url('/ossim/directives/index.php?toggled_dir=KKKK&dir_info=1', 'configuration', 'threat_intelligence', 'directives');
$url_links['plugin_sid'] = Menu::get_menu_url('/ossim/forensics/base_qry_main.php?clear_allcriteria=1&search=1&sensor=&sip=&plugin=&ossim_risk_a=+&submit=Signature&search_str=KKKK', 'analysis', 'security_events', 'security_events');
$url_links['taxonomy'] = "";
$key = $rel['key'];
switch ($rel['type']) {
case 'directive':
$name = $rel['key'];
break;
case 'incident':
$sql = "SELECT title from incident where id=?";
$params = array($rel['key']);
$rs = $conn->Execute($sql, $params);
if (!$rs) {
$name = _('Unknown');
} elseif (!$rs->EOF) {
$name = $rs->fields["title"];
}
break;
case 'plugin_sid':
$plugin = explode('##', $rel['key']);
$pid = $plugin[1];
$sid = $plugin[0];
if ($pid != '' && $sid != '') {
$name = Plugin_sid::get_name_by_idsid($conn, $pid, $sid);
if (!preg_match('/:/', $name)) {
$name = Plugin::get_name_by_id($conn, $pid) . ": " . $name;
}
$key = $name;
} else {
$name = _('Unknown, Please edit this relationship');
$key = '';
}
break;
case 'host':
case 'host_group':
case 'net':
case 'net_group':
$field = $rel['type'] == 'host' ? 'hostname' : 'name';
$sql = "SELECT {$field} as name from " . $rel['type'] . " where id=UNHEX(?)";
$params = array($rel['key']);
$rs = $conn->Execute($sql, $params);
if (!$rs) {
$name = _('Unknown');
} elseif (!$rs->EOF) {
$name = $rs->fields["name"];
}
break;
case 'taxonomy':
$tax = explode('##', $rel['key']);
$ptype = intval($tax[0]) != 0 ? Product_type::get_name_by_id($conn, $tax[0]) : _('ANY');
$cat = intval($tax[1]) != 0 ? Category::get_name_by_id($conn, $tax[1]) : _('ANY');
$subcat = intval($tax[2]) != 0 ? Subcategory::get_name_by_id($conn, $tax[2]) : _('ANY');
$name = _('Product Type') . ': ' . $ptype . ', ' . _('Category') . ': ' . $cat . ', ' . _('Subcategory') . ': ' . $subcat;
break;
default:
$name = _('Unknown');
}
$url = $url_links[$rel['type']];
$url = $url != '' ? str_replace('KKKK', $key, $url) : 'javascript:;';
return array($name, $url);
}
$page = "../net/net.php";
}
if ($rel['type'] == "host_group") {
$page = "../host/hostgroup.php";
}
if ($rel['type'] == "net_group") {
$page = "../net/netgroup.php";
}
if ($rel['type'] == "incident") {
$page = "../incidents/incident.php?id=" . $rel['key'];
}
if ($rel['type'] == "directive") {
$page = "../directive_editor/index.php?hmenu=Directives&smenu=Directives&level=1&directive=" . $rel['key'];
}
if ($rel['type'] == "plugin_sid") {
$page = "../forensics/base_qry_main.php?clear_allcriteria=1&search=1&sensor=&sip=&plugin=&ossim_risk_a=+&hmenu=Forensics&smenu=Forensics&submit=Signature&search_str=" . urlencode(Plugin_sid::get_name_by_idsid($conn, $rel['key'], $rel['name']));
}
?>
<tr>
<td class="nobborder"><a href="<?php
echo $page;
?>
" target="main"><?php
echo $rel['type'] == "plugin_sid" ? $rel['key'] . " (" . $rel['name'] . ")" : $rel['name'];
?>
</a></td>
<td class="nobborder"><?php
echo $rel['type'] == "incident" ? "ticket" : $rel['type'];
?>
</td>
</tr>
pluginsid_inputs_error("Event type {$sid} already exists");
} elseif ($sid < 1) {
echo "<p align=\"center\"> " . gettext("Sid must be a valid number higher than 0") . " </p>";
echo "<p align=\"center\"><a href=\"pluginsid.php?id={$plugin}\"> " . gettext("Back") . " </a></p>";
exit;
} else {
//
if ($category == 'NULL') {
$category = NULL;
$subCategory = NULL;
} else {
if ($subCategory == 'NULL') {
$subCategory = NULL;
}
}
Plugin_sid::insert($conn, $plugin, $name, $sid, $reliability, $priority, $category, $subCategory);
?>
<p><?php
echo _("Event type succesfully updated");
?>
</p>
<script type="text/javascript">
//<![CDATA[
document.location.href='plugin.php';
//]]>
</script>
<?php
}
}
?>
/**
* Prints the html code on the output.Should be called to render the current rule
* (and all of its sub-rules) in a navigator. This method only display <tr> elements, and so
* other markups (eg <table>) must be printed in order to obtain a valid HTML
* code.
*/
function print_rule($level, &$rules)
{
global $conn;
list($id_dir, $id_rule, $id_father) = explode("-", $this->id);
$newid = new_id($this->id, &$rules);
$newlevel = $this->level + 1;
$ilevel = $this->level;
$directive_id = $_GET['directive'];
if ($this->level <= $level) {
if ($this->is_new()) {
?>
<tr bgcolor="f48222"><?php
} elseif ($level - $ilevel == 0) {
?>
<tr bgcolor="#ffffff"><?php
} elseif ($level - $ilevel == 1) {
?>
<tr bgcolor="#CCCCCC"><?php
} elseif ($level - $ilevel == 2) {
?>
<tr bgcolor="#999999"><?php
} elseif ($level - $ilevel == 3) {
?>
<tr bgcolor="#9999CC"><?php
} elseif ($level - $ilevel == 4) {
?>
<tr bgcolor="#6699CC"><?php
}
if ($ilevel - 1 != 0) {
?>
<td bgcolor="#ffffff" colspan=<?php
echo $ilevel - 1;
?>
>
</td>
<?php
}
?>
<td class="left" colspan=<?php
echo $level - $ilevel + 1;
?>
>
<?php
if (isset($_SESSION['rule'])) {
$newrule = unserialize($_SESSION['rule']);
list($id_dir2, $id_rule2, $id_father2) = explode("-", $newrule->id);
if ($id_father2 == $id_rule && $id_dir2 == $id_dir) {
$this->nb_child = $this->nb_child + 1;
}
}
if ($level - $ilevel == 0 && $this->nb_child > 0) {
?>
<a TARGET ="right" href="../viewer/index.php?directive=<?php
echo $directive_id;
?>
&level=<?php
echo $level + 1;
?>
"><img border="0" src="../viewer/img/fleched.gif"></a>
<?php
} elseif ($this->nb_child > 0) {
?>
<a TARGET ="right" href="../viewer/index.php?directive=<?php
echo $directive_id;
?>
&level=<?php
echo $ilevel;
?>
"><img border="0" src="../viewer/img/flecheb.gif"></a>
<?php
}
?>
</td>
<?php
if ($ilevel + 1 > $level) {
$newlev = $ilevel + 1;
} else {
$newlev = $level;
}
if ($level > 1) {
$uplevel = $level - 1;
} else {
$uplevel = 1;
}
//addRule button
if (!$this->is_new()) {
print '<td>';
print "<a TARGET=\"right\" href=\"../include/utils.php?query=add_rule&id=" . $newid . "\" TITLE=\"" . gettext("Add a rule") . "\">+</a>";
print '</td>';
//removeRule button
print '<td>';
print "<a onclick=\"javascript:if (confirm('" . gettext("Are you sure you want to delete this rule ?") . "')) { window.open('../include/utils.php?query=del_rule&id=" . $this->id . "','right'); }\" style=\"marging-left:20px; cursor:pointer\" TITLE=\"" . gettext("Delete this rule") . "\">x</a>";
print '</td>';
//left button
print '<td>';
print "<a TARGET=\"right\" href=\"../include/utils.php?query=move&direction=left&id=" . $this->id . "\">←</a>";
print '</td>';
//right button
print '<td>';
print "<a TARGET=\"right\" href=\"../include/utils.php?query=move&direction=right&id=" . $this->id . "\">→</a>";
print '</td>';
//up button
print '<td>';
print "<a TARGET=\"right\" href=\"../include/utils.php?query=move&direction=up&id=" . $this->id . "\">↑</a>";
print '</td>';
//down button
print '<td>';
print "<a TARGET=\"right\" href=\"../include/utils.php?query=move&direction=down&id=" . $this->id . "\">↓</a>";
print '</td>';
} else {
print '<td>     </td>';
print '<td>';
print "<a TARGET=\"right\" href=\"../include/utils.php?query=del_new_rule&level=" . $uplevel . "\" TITLE=\"Delete this rule.\">-</a>";
print '</td>';
for ($i = 0; $i < 4; $i++) {
print '<td>     </td>';
}
}
if ($this->is_new()) {
?>
<td><a TARGET="right" href="../include/utils.php?query=add_rule&id=<?php
echo $this->id;
?>
&level=<?php
echo $this->level;
?>
" TITLE="<?php
echo gettext("Click to modify this rule");
?>
"><?php
echo $this->name;
?>
</a></td>
<?php
} else {
?>
<td><a TARGET="right" href="../include/utils.php?query=edit_rule&id=<?php
echo $this->id;
?>
" TITLE="<?php
echo gettext("Click to modify this rule");
?>
"><?php
echo $this->name;
?>
</a></td>
<?php
}
?>
<td><?php
echo $this->reliability;
?>
</td>
<td><?php
echo $this->time_out;
?>
</td>
<td><?php
echo $this->occurrence;
?>
</td>
<td><?php
echo $this->from;
?>
</td>
<td><?php
echo $this->to;
?>
</td>
<td><?php
echo $this->port_from;
?>
</td>
<td><?php
echo $this->port_to;
?>
</td>
<td><?php
echo $this->sensor;
?>
</td>
<td>
<?php
if ($this->plugin_id != "") {
$plugin_id = $this->plugin_id;
if ($plugin_list = Plugin::get_list($conn, "WHERE id = {$plugin_id}")) {
$name = $plugin_list[0]->get_name();
echo "<a href=\"../../conf/pluginsid.php?id={$plugin_id}&" . "name={$name}\">{$name}</a> ({$plugin_id})";
}
}
?>
</td>
<td>
<?php
if ($this->plugin_id != "") {
$plugin_sid = $this->plugin_sid;
$plugin_sid_list = split(',', $plugin_sid);
if (count($plugin_sid_list) > 30) {
?>
<a style="cursor:pointer;" TITLE="<?php
echo gettext("To view or hide the list of plugin sid click here");
?>
" onclick="Menus('plugsid')"> <?php
echo gettext("Expand / Collapse");
?>
</a>
<div id="plugsid" class="menuhide">
<?php
}
foreach ($plugin_sid_list as $sid_negate) {
$sid = $sid_negate;
if (!strncmp($sid_negate, "!", 1)) {
$sid = substr($sid_negate, 1);
}
/* sid == ANY */
if (!strcmp($sid, "ANY")) {
echo gettext("ANY");
} elseif (strpos($sid, "PLUGIN_SID")) {
echo gettext("{$sid}");
} elseif ($plugin_list = Plugin_sid::get_list($conn, "WHERE plugin_id = {$plugin_id} AND sid = {$sid}")) {
$name = $plugin_list[0]->get_name();
echo "<a title=\"{$name}\">{$sid_negate}</a> ";
} else {
echo "<a title=\"" . gettext("Invalid plugin sid") . "\" style=\"color:red\">{$sid_negate}</a> ";
}
}
if (count($plugin_sid_list) > 30) {
?>
</div>
<?php
}
}
?>
</td>
</tr>
<?php
}
}
}
$torder = $torder == 1 ? 'ASC' : 'DESC';
$order .= ' ' . $torder;
/* WHERE */
$where = "WHERE id<>1505";
switch ($field) {
case "sourcetype":
$type = escape_sql($type, $conn);
$pids = Plugin_sid::get_plugins_by_type($conn, $type);
$plugin_list = implode(",", $pids);
$plugin_list = $plugin_list != '' ? $plugin_list : "''";
$where .= " AND id in ({$plugin_list})";
break;
case "category_id":
$type = escape_sql($type, $conn);
$pids = Plugin_sid::get_plugins_by_category($conn, $type, $subcategory_id);
$plugin_list = implode(",", $pids);
$plugin_list = $plugin_list != '' ? $plugin_list : "''";
$where .= " AND id in ({$plugin_list})";
break;
}
if (!empty($search)) {
$search = mb_detect_encoding($search . " ", 'UTF-8,ISO-8859-1') == 'UTF-8' ? Util::utf8entities($search) : $search;
$search = escape_sql($search, $conn);
$where .= " AND (name like '%{$search}%' OR id='{$search}' OR description like '%{$search}%') ";
}
/* LIMIT */
$limit = "LIMIT {$from}, {$maxrows}";
$results = array();
if ($plugin_list = Plugin::get_list($conn, "{$where} ORDER BY {$order} {$limit}")) {
$total = $plugin_list[0]->get_foundrows();
$sids = explode(",", $sids);
$range = "";
$sin = array();
foreach ($sids as $sid) {
if (preg_match("/(\\d+)-(\\d+)/", $sid, $found)) {
$range .= " OR (sid BETWEEN " . $found[1] . " AND " . $found[2] . ")";
} else {
$sin[] = $sid;
}
}
if (count($sin) > 0) {
$where = "sid in (" . implode(",", $sin) . ") {$range}";
} else {
$where = preg_replace("/^ OR /", "", $range);
}
$plugin_list = Plugin_sid::get_list($conn, "WHERE plugin_id={$id} AND ({$where})");
foreach ($plugin_list as $plugin) {
$id = $plugin->get_sid();
$name = "{$id} - " . trim($plugin->get_name());
if (strlen($name) > 73) {
$name = substr($name, 0, 70) . "...";
}
echo "<option value='{$id}' selected>{$name}</option>\n";
}
}
?>
</select><br><span id="msg"></span><br><br>
<input type="button" class="button" onclick="makesel()" value="Submit selection">
</form>
</body>
</html>
<input type="checkbox" id="selunsel" onclick="chkall()"></th>
<th><?php
echo _("Data Source Name");
?>
</th>
<th><?php
echo _("Event Type");
?>
</th>
<th><?php
echo _("Event Type Name");
?>
</th>
</tr>
<?php
$plugin_list = Plugin_sid::search_sids($conn, $q);
$pa = 0;
foreach ($plugin_list as $plugin) {
if ($pa != $plugin["plugin_id"]) {
$color = $color == "#eeeeee" ? "" : "#eeeeee";
$pa = $plugin["plugin_id"];
}
?>
<tr bgcolor="<?php
echo $color;
?>
">
<td><input type="checkbox" name="psid<?php
echo $plugin["plugin_id"];
?>
_<?php
if (preg_match("/' plugin_sid='(\\d+)/", $matches[12], $fnd)) {
$plugin_sid = $fnd[1];
}
$matches[12] = preg_replace("/' plugin_sid=.*/", "", $matches[12]);
$signature = "";
if (preg_match("/' sig='(.*)('?)/", $matches[12], $found)) {
$signature = $found[1];
$matches[12] = preg_replace("/' sig=.*/", "", $matches[12]);
}
# decode if data is stored in base64
$data = $matches[12];
$demo = 0;
# special case "demo event"
if ($data == "demo event" && $plugin_sid != "") {
$demo = 1;
$plugin_sid_name = Plugin_sid::get_name_by_idsid($conn, $matches[4], $plugin_sid);
if ($plugin_sid_name != "") {
$data = $plugin_sid_name;
$matches[12] = $plugin_sid_name;
}
}
#$data = $matches[12];
#$matches[12] = base64_decode($matches[12],true);
#if ($matches[12]==FALSE) $matches[12] = $data;
if ($htmlResult) {
if ($_SESSION["_plugins"][$matches[4]] != "") {
$plugin = $_SESSION["_plugins"][$matches[4]];
} else {
$query = "select name from plugin where id = " . intval($matches[4]);
if (!($rs =& $conn->Execute($query))) {
print $conn->ErrorMsg();
ossim_valid($field, OSS_ALPHA, OSS_SPACE, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _("field"));
ossim_valid($subcategory_id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("subcategory_id"));
if (ossim_error()) {
die(ossim_error());
}
if (empty($order)) {
$order = "id";
}
$where = "WHERE id<>1505";
if (!empty($search) && !empty($field)) {
if ($field == "sourcetype") {
$pids = Plugin_sid::GetPluginsBySourceType($conn, $search);
$plugin_list = implode(",", $pids);
$where .= " AND id in ({$plugin_list})";
} elseif ($field == "category_id") {
$pids = Plugin_sid::GetPluginsByCategory($conn, $search, $subcategory_id);
$plugin_list = implode(",", $pids);
$where .= " AND id in ({$plugin_list})";
} else {
$where .= " AND {$field} like '%" . $search . "%'";
}
}
$start = ($page - 1) * $rp;
$limit = "LIMIT {$start}, {$rp}";
$xml = "<rows>\n";
if ($plugin_list = Plugin::get_list($conn, "{$where} ORDER BY {$order} {$limit}")) {
$total = $plugin_list[0]->get_foundrows();
if ($total == 0) {
$total = count($plugin_list);
}
$xml .= "<page>{$page}</page>\n";
$order = "sid";
}
$where = "WHERE sid <> 20000000 AND sid <> 2000000000 AND plugin_id = {$id}";
if (!empty($search) && !empty($field)) {
if ($field == "category_id") {
$pids = Plugin_sid::GetPluginSidsByCategory($conn, $id, $search, $subcategory_id);
$plugin_list = implode(",", $pids);
$where .= " AND sid in ({$plugin_list})";
} else {
$where .= " AND {$field} like '%" . $search . "%'";
}
}
$start = ($page - 1) * $rp;
$limit = "LIMIT {$start}, {$rp}";
$xml = "";
if ($plugin_list = Plugin_sid::get_list($conn, "{$where} ORDER BY {$order} {$limit}")) {
$total = $plugin_list[0]->get_foundrows();
if ($total == 0) {
$total = count($plugin_list);
}
$xml .= "<rows>\n";
$xml .= "<page>{$page}</page>\n";
$xml .= "<total>{$total}</total>\n";
foreach ($plugin_list as $plugin) {
$id = $plugin->get_plugin_id();
$sid = $plugin->get_sid();
$name = $plugin->get_name();
$xml .= "<row id='{$sid}'>";
$xml .= "<cell><![CDATA[" . $id . "]]></cell>";
$xml .= "<cell><![CDATA[" . $sid . "]]></cell>";
// translate category id
$range = "";
$sin = array();
foreach ($sids as $sid) {
if (preg_match("/(\\d+)-(\\d+)/", $sid, $found)) {
$range .= " OR (sid BETWEEN " . $found[1] . " AND " . $found[2] . ")";
} else {
$sin[] = $sid;
}
}
if (count($sin) > 0) {
$where = "sid in (" . implode(",", $sin) . ") {$range}";
} else {
$where = preg_replace("/^ OR /", "", $range);
}
$plugin_id_list = $product_type ? get_plugin_list($conn, $product_type) : $rule->plugin_id;
$w = $plugin_id_list != "" ? "plugin_id in (" . $plugin_id_list . ")" : "1=1";
$plugin_list = Plugin_sid::get_list($conn, "WHERE {$w} AND ({$where})");
foreach ($plugin_list as $plugin) {
$id_plugin = $plugin->get_sid();
$name = "{$id_plugin} - " . trim($plugin->get_name());
if (strlen($name) > 73) {
$name = substr($name, 0, 70) . "...";
}
$options .= "<option value='{$id_plugin}' selected>{$name}</option>\n";
}
}
$options .= "</select><br><br><span id='msg'></span><br><br>";
$response['error'] = false;
$response['data'] = $options;
echo json_encode($response);
$db->close($conn);
*/
require_once 'av_init.php';
Session::logcheck("configuration-menu", "ConfigurationPlugins");
$db = new ossim_db();
$conn = $db->connect();
$category_id = GET('category_id');
$subcategory_id = GET('subcategory_id');
$sourcetype = GET('sourcetype');
ossim_valid($category_id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Category ID"));
ossim_valid($subcategory_id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("SubCategory ID"));
ossim_valid($sourcetype, OSS_ALPHA, OSS_SPACE, OSS_NULLABLE, OSS_SLASH, 'illegal:' . _("Product Type"));
if (ossim_error()) {
die(ossim_error());
}
if (GET('restore') != "" && Session::am_i_admin()) {
Plugin_sid::restore_plugins($conn);
}
$ptypes = Plugin::get_ptypes($conn);
$dt_url = "getplugin.php";
if ($sourcetype != "") {
$dt_url .= "?type={$sourcetype}&field=sourcetype";
} elseif ($category_id != "") {
$dt_url .= "?type={$category_id}&field=category_id&subcategory_id=" . $subcategory_id;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> <?php
echo _('AlienVault ' . (Session::is_pro() ? 'USM' : 'OSSIM'));
?>
<meta http-equiv="Pragma" content="no-cache"/>
<link rel="stylesheet" type="text/css" href="../style/av_common.css?t=<?php
echo Util::get_css_id();
?>
"/>
<script type="text/javascript" src="../js/jquery.min.js"></script>
</head>
<body>
<?php
$db = new ossim_db();
$conn = $db->connect();
$message = _("Can't delete Event Type");
if ($plugin_id != "" && $sid != "") {
$error = Plugin_sid::delete($conn, $plugin_id, $sid);
$message = $error ? _("Can't delete Event Type (not found)") : _("Event type deleted");
if (!$error) {
Util::resend_asset_dump();
}
}
$db->close($conn);
?>
<h1><?php
echo _("Delete Event Type");
?>
</h1>
<p style='font-size: 12px;'><?php
echo $message;
?>
</th>
<th><?php
echo _("Event");
?>
</th>
<th><?php
echo _("Count");
?>
</th>
</tr>
<?php
foreach ($arr as $ip => $plugins_obj) {
$plugins_arr = (array) $plugins_obj;
foreach ($plugins_arr as $idsid => $num) {
list($id, $sid) = explode(",", $idsid);
$event = Plugin_sid::get_name_by_idsid($conn, $id, $sid);
?>
<tr style="background-color:<?php
echo $i++ % 2 == 0 ? "#F2F2F2" : "#FFFFFF";
?>
">
<td><b><?php
echo $ip;
?>
</b></td>
<td style="text-align:left"><?php
echo $event;
?>
</td>
<td><?php
echo $num;
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("configuration-menu", "PluginGroups");
$plugin_id = GET('plugin_id');
$q = urldecode(GET('q'));
ossim_valid($plugin_id, OSS_DIGIT, 'illegal:' . _("ID"));
ossim_valid($q, OSS_TEXT, OSS_NULLABLE);
if (ossim_error()) {
return false;
}
$q = addslashes($q);
$db = new ossim_db();
$conn = $db->connect();
$more = "";
if ($q != "") {
$more = preg_match("/^\\d+\$/", $q) ? "AND sid like '{$q}%'" : "AND name like '%{$q}%'";
}
$plugin_list = Plugin_sid::get_list($conn, "WHERE plugin_id={$plugin_id} {$more} ORDER BY sid LIMIT 150");
if ($plugin_list[0]->foundrows > 150) {
echo "Total=" . $plugin_list[0]->foundrows . "\n";
}
foreach ($plugin_list as $plugin) {
$id = $plugin->get_sid();
$name = "{$id} - " . trim($plugin->get_name());
//if (strlen($name)>73) $name=substr($name,0,70)."...";
echo "{$id}={$name}\n";
}
$db->close();
ossim_valid($rel, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("rel"));
ossim_valid($category, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("category"));
ossim_valid($subcategory, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("subcategory"));
if (ossim_error()) {
die(ossim_error());
}
if (GET('modify') != "") {
Plugin_sid::update($conn, $plugin_id, $plugin_sid, $prio, $rel, $category, $subcategory);
Util::memcacheFlush();
?>
<script type="text/javascript">parent.GB_close();</script><?php
}
// Category
$list_categories = Category::get_list($conn);
// Plugin sid data
$plugins = Plugin_sid::get_list($conn, "WHERE plugin_id={$plugin_id} AND sid={$plugin_sid}");
$plugin = $plugins[0];
$error_message = "";
if (!isset($plugins[0])) {
$error_message = _("Plugin id or plugin sid doesn't exist");
} else {
$rel = $plugin->get_reliability();
$prio = $plugin->get_priority();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link rel="stylesheet" href="../style/av_common.css?t=<?php
echo Util::get_css_id();
?>
//$rep_src_bgcolor = Reputation::getrepbgcolor($event_info["rep_prio_src"]);
$rep_dst_icon = Reputation::getrepimg($event_info["rep_prio_dst"], $event_info["rep_rel_dst"], $event_info["rep_act_dst"], $s_dst_ip);
//$rep_dst_bgcolor = Reputation::getrepbgcolor($event_info["rep_prio_dst"]);
$c_src_homelan = $homelan_src ? 'bold alarm_netlookup' : '';
$source_link = $src_img . " <a href='{$s_src_link}' class='{$c_src_homelan}' data-title='{$s_src_ip}-{$ctx_src}' title='{$s_src_ip}'>" . $s_src_name . $s_src_port . "</a> {$rep_src_icon}";
$source_balloon = "<div id='" . $s_src_ip . ";" . $s_src_name . ";" . $event_info["src_host"] . "' ctx='{$ctx}' id2='" . $s_src_ip . ";" . $s_dst_ip . "' class='HostReportMenu'>";
$source_balloon .= $source_link;
$source_balloon .= "</div>";
$c_dst_homelan = $homelan_dst ? 'bold alarm_netlookup' : '';
$dest_link = $dst_img . " <a href='{$s_dst_link}' class='{$c_dst_homelan}' data-title='{$s_dst_ip}-{$ctx_dst}' title='{$s_dst_ip}'>" . $s_dst_name . $s_dst_port . "</a> {$rep_dst_icon}";
$dest_balloon = "<div id='" . $s_dst_ip . ";" . $s_dst_name . ";" . $event_info["dst_host"] . "' ctx='{$ctx}' id2='" . $s_dst_ip . ";" . $s_src_ip . "' class='HostReportMenu'>";
$dest_balloon .= $dest_link;
$dest_balloon .= "</div>";
// $selection_array[$group_id][$child_number] = $s_backlog_id . "-" . $s_event_id;
$s_sid_name = "";
if ($s_plugin_sid_list = Plugin_sid::get_list($conn, "WHERE plugin_id = {$s_id} AND sid = {$s_sid}")) {
$s_sid_name = $s_plugin_sid_list[0]->get_name();
$s_sid_priority = $s_plugin_sid_list[0]->get_priority();
} else {
$s_sid_name = "Unknown (id={$s_id} sid={$s_sid})";
$s_sid_priority = "N/A";
}
$s_last = Util::timestamp2date($s_alarm->get_last());
$timestamp_utc = Util::get_utc_unixtime($s_last);
$s_last = gmdate("Y-m-d H:i:s", $timestamp_utc + 3600 * $tz);
$s_event_count = Alarm::get_total_events($conn, $s_backlog_id);
$aux_date = Util::timestamp2date($s_alarm->get_timestamp());
$timestamp_utc = Util::get_utc_unixtime($s_alarm->get_timestamp());
$s_date = gmdate("Y-m-d H:i:s", $timestamp_utc + 3600 * $tz);
if ($s_backlog_id && $s_id == 1505 && $s_event_count > 0) {
$aux_date = Util::timestamp2date($s_alarm->get_since());
if ($plugin->get_sid() == $sid1) {
echo " selected='selected'";
}
?>
><?php
echo preg_replace("/(.............................).*/", "\\1[...]", $plugin->get_name());
?>
<?php
}
?>
</select>
</td>
<td id="sid2" class="nobborder" style="text-align:center;padding:20px">
<?php
$plugin_list = Plugin_sid::get_list($conn, "WHERE plugin_id={$id2} ORDER BY name", 0);
?>
<?php
echo _('Reference SID');
?>
:
<select id="sidajax2" onchange="document.frules.plugin_sid2.value=this.value">
<option value=""><?php
echo _('Select Reference SID');
?>
<?php
foreach ($plugin_list as $plugin) {
?>
<option value="<?php
echo $plugin->get_sid();
?>
<?php
if ($data['status'] == 'error') {
$txt_error = '<div>' . _('The following errors occurred') . ":</div>\n\t\t\t\t <div style='padding:2px 10px 5px 10px;'>" . implode('<br/>', $validation_errors) . '</div>';
$config_nt = array('content' => $txt_error, 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'width: 80%; margin: 20px auto; text-align: left;');
$nt = new Notification('nt_1', $config_nt);
$nt->show();
Util::make_form('POST', 'plugin.php');
exit;
}
if ($category == '' || $subcategory == '') {
$category = '';
$subcategory = '';
}
$name = str_replace("<", "<", str_replace(">", ">", $name));
$db = new ossim_db();
$conn = $db->connect();
Plugin_sid::update($conn, $plugin_id, $sid, $priority, $reliability, $category, $subcategory, $name);
Util::resend_asset_dump();
$db->close();
?>
<script type='text/javascript'>
document.location.href="pluginsid.php?plugin_id=<?php
echo $plugin_id;
?>
&msg=updated";
</script>
</body>
</html>
if ($product_type == "null") {
$product_type = "";
}
if ($plugin_id < 1) {
$plugin_id = "";
}
ossim_valid($plugin_id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("ID"));
ossim_valid($q, OSS_TEXT, OSS_NULLABLE);
ossim_valid($product_type, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Product Type"));
if (ossim_error()) {
return false;
}
$db = new ossim_db();
$conn = $db->connect();
$more = "";
if ($q != "") {
$more = preg_match("/^\\d+\$/", $q) ? "AND sid like '{$q}%'" : "AND name like '%{$q}%'";
}
$plugin_id_list = $product_type ? get_plugin_list($conn, $product_type) : $plugin_id;
$w = $plugin_id_list != "" ? "plugin_id in (" . $plugin_id_list . ")" : "1=1";
$plugin_list = Plugin_sid::get_list($conn, "WHERE {$w} {$more} ORDER BY plugin_id, sid LIMIT 150");
if ($plugin_list[0]->foundrows > 150) {
echo "Total=" . $plugin_list[0]->foundrows . "\n";
}
foreach ($plugin_list as $plugin) {
$id = $plugin->get_sid();
$name = "{$id} - " . trim($plugin->get_name());
//if (strlen($name)>73) $name=substr($name,0,70)."...";
echo "{$id}={$name}\n";
}
$db->close($conn);
]" value="<?php
echo $sids;
?>
">
<div id="editsid<?php
echo $id;
?>
" style='white-space: nowrap;'>
<span>
<?php
echo _($plugins[$id][0] . ' events type selected: ');
if ($sids == "ANY") {
$msg = "ANY";
} else {
$aux = count(explode(',', $sids));
$total = Plugin_sid::get_sidscount_by_id($conn, $id);
$msg = $aux == $total ? "ANY" : $aux;
}
?>
</span>
<span id="namesid<?php
echo $id;
?>
" style='padding-right:10px;font-weight:bold'><?php
echo $msg;
?>
</span>
<a href="javascript:;" name="sid<?php
echo $id;
?>
$start = ($page - 1) * $rp;
$limit = "LIMIT {$start}, {$rp}";
$xml = "";
$xml .= "<rows>\n";
if ($plugin_list = Plugin_reference::get_list($conn, "{$where} ORDER BY {$order} {$limit}")) {
$total = $plugin_list[0]->get_foundrows();
if ($total == 0) {
$total = count($plugin_list);
}
$xml .= "<page>{$page}</page>\n";
$xml .= "<total>{$total}</total>\n";
foreach ($plugin_list as $plugin) {
$id = $plugin->get_plugin_id();
$sid = $plugin->get_plugin_sid();
$ref_id = $plugin->get_reference_id();
$ref_sid = $plugin->get_reference_sid();
$xml .= "<row id='{$id}" . "_" . "{$sid}" . "_" . "{$ref_id}" . "_" . "{$ref_sid}'>";
$lnk_id = "<a href='newpluginrefform.php?plugin_id1={$id}&plugin_sid1={$sid}&plugin_id2={$ref_id}&plugin_sid2={$ref_sid}'>" . Plugin::get_name_by_id($conn, $id) . "</a>";
$lnk_sid = "<a href='newpluginrefform.php?plugin_id1={$id}&plugin_sid1={$sid}&plugin_id2={$ref_id}&plugin_sid2={$ref_sid}'>" . Plugin_sid::get_name_by_idsid($conn, $id, $sid) . "</a>";
$lnk_ref = "<a href='newpluginrefform.php?plugin_id1={$id}&plugin_sid1={$sid}&plugin_id2={$ref_id}&plugin_sid2={$ref_sid}'>" . Plugin::get_name_by_id($conn, $ref_id) . "</a>";
$lnk_ref_sid = "<a href='newpluginrefform.php?plugin_id1={$id}&plugin_sid1={$sid}&plugin_id2={$ref_id}&plugin_sid2={$ref_sid}'>" . Plugin_sid::get_name_by_idsid($conn, $ref_id, $ref_sid) . "</a>";
$xml .= "<cell><![CDATA[" . $lnk_id . "]]></cell>";
$xml .= "<cell><![CDATA[" . $lnk_sid . "]]></cell>";
$xml .= "<cell><![CDATA[" . $lnk_ref . "]]></cell>";
$xml .= "<cell><![CDATA[" . $lnk_ref_sid . "]]></cell>";
$xml .= "</row>\n";
}
}
$xml .= "</rows>\n";
echo $xml;
$db->close($conn);
function getPluginSidList($plugin_id, $req)
{
global $conn;
if ($plugin_sid_list = Plugin_sid::get_list($conn, 'WHERE plugin_id = ' . $plugin_id . ' ' . $req)) {
return $plugin_sid_list;
}
return '';
}
echo 'error###' . ossim_get_error_clean();
exit;
}
$query_temp = array();
//
// select src_ip from alarm table and not defined into nets
//
$ips = array();
$plugin_id = NULL;
$plugin_groups = NULL;
$source_type = NULL;
$category = NULL;
$subcategory = NULL;
$limit = 20;
// Taxonomy filters
$plugin_list = Plugin_sid::get_all_sids($conn, $plugin_id, $source_type, $category, $subcategory, $plugin_groups);
// Data Source events or Source Type events
$selected = "";
// src_ips from acid_event
$where = Security_report::make_where($conn, $date_from, $date_to, $plugin_list, $dDB);
$ejoin = preg_match('/plist_[a-z]+/', $where) ? preg_replace('/.*(plist_[a-z]+)\\.id .*/', ',\\1', $where) : '';
$query = "SELECT DISTINCT ip_src AS ip FROM alienvault_siem.acid_event {$ejoin} WHERE 1=1 {$where}\n UNION SELECT DISTINCT ip_dst as ip FROM alienvault_siem.acid_event {$ejoin} WHERE 1=1 {$where}";
$rs = $conn->Execute($query);
if (!$rs) {
Av_exception::throw_error(Av_exception::DB_ERROR, $conn->ErrorMsg());
}
$already = array();
while (!$rs->EOF) {
$ip = inet_ntop($rs->fields['ip']);
if (!isset($already[$ip])) {
//Session::hostAllowed($conn,$ip) => not necessary here?
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
require_once 'av_init.php';
Session::logcheck("configuration-menu", "ConfigurationPlugins");
$plugin_id = GET('plugin_id');
ossim_valid($plugin_id, OSS_DIGIT, 'illegal:' . _("Plugin ID"));
if (ossim_error()) {
echo ossim_error();
exit;
}
$db = new ossim_db();
$conn = $db->connect();
$list_categories = Category::get_list($conn);
$sid = Plugin_sid::get_last_id($conn, $plugin_id);
$sid = $sid > 0 ? $sid + 1 : '';
$db->close($conn);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title><?php
echo _("OSSIM Framework");
?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<meta http-equiv="Pragma" content="no-cache">
<link rel="stylesheet" type="text/css" href="../style/av_common.css?t=<?php
echo Util::get_css_id();
