if ($no_resolv || !$dst_host) { $s_dst_name = $s_dst_ip; $ctx_dst = $ctx; } elseif ($dst_host) { $s_dst_name = $dst_host->get_name(); $ctx_dst = $dst_host->get_ctx(); } // Dst icon and bold $dst_output = Asset_host::get_extended_name($conn, $geoloc, $s_dst_ip, $ctx_dst, $event_info["dst_host"], $event_info["dst_net"]); $homelan_dst = $dst_output['is_internal']; $dst_img = $dst_output['html_icon']; // Clean icon hover tiptip $s_src_link = Menu::get_menu_url("../forensics/base_stat_ipaddr.php?clear_allcriteria=1&ip={$s_src_ip}", 'analysis', 'security_events', 'security_events'); $s_dst_link = Menu::get_menu_url("../forensics/base_stat_ipaddr.php?clear_allcriteria=1&ip={$s_dst_ip}", 'analysis', 'security_events', 'security_events'); $s_src_port = $s_src_port != 0 ? ":" . Port::port2service($conn, $s_src_port) : ""; $s_dst_port = $s_dst_port != 0 ? ":" . Port::port2service($conn, $s_dst_port) : ""; // Reputation info $rep_src_icon = Reputation::getrepimg($event_info["rep_prio_src"], $event_info["rep_rel_src"], $event_info["rep_act_src"], $s_src_ip); //$rep_src_bgcolor = Reputation::getrepbgcolor($event_info["rep_prio_src"]); $rep_dst_icon = Reputation::getrepimg($event_info["rep_prio_dst"], $event_info["rep_rel_dst"], $event_info["rep_act_dst"], $s_dst_ip); //$rep_dst_bgcolor = Reputation::getrepbgcolor($event_info["rep_prio_dst"]); $c_src_homelan = $homelan_src ? 'bold alarm_netlookup' : ''; $source_link = $src_img . " <a href='{$s_src_link}' class='{$c_src_homelan}' data-title='{$s_src_ip}-{$ctx_src}' title='{$s_src_ip}'>" . $s_src_name . $s_src_port . "</a> {$rep_src_icon}"; $source_balloon = "<div id='" . $s_src_ip . ";" . $s_src_name . ";" . $event_info["src_host"] . "' ctx='{$ctx}' id2='" . $s_src_ip . ";" . $s_dst_ip . "' class='HostReportMenu'>"; $source_balloon .= $source_link; $source_balloon .= "</div>"; $c_dst_homelan = $homelan_dst ? 'bold alarm_netlookup' : ''; $dest_link = $dst_img . " <a href='{$s_dst_link}' class='{$c_dst_homelan}' data-title='{$s_dst_ip}-{$ctx_dst}' title='{$s_dst_ip}'>" . $s_dst_name . $s_dst_port . "</a> {$rep_dst_icon}"; $dest_balloon = "<div id='" . $s_dst_ip . ";" . $s_dst_name . ";" . $event_info["dst_host"] . "' ctx='{$ctx}' id2='" . $s_dst_ip . ";" . $s_src_ip . "' class='HostReportMenu'>"; $dest_balloon .= $dest_link; $dest_balloon .= "</div>";
<table class='transparent' width='100%'> <tr> <td class='medium' style='vertical-align:top;white-space:nowrap;text-align:left;width:1%;'> <img src='/ossim/alarm/style/img/port.png' height='15' align='absmiddle' style='padding-bottom:3px;'/> <?php echo _('Ports'); ?> </td> <td> <div id="cloud_port<?php echo $prefix; ?> " style='width:99%;text-align:center'> <?php foreach ($ports as $port => $np) { $tooltip = _('Port') . " {$port} - {$np} " . ($np == 1 ? _('Occurrence') : _('Occurrences')); $port = $port == 0 ? _('Unknown') : strtoupper(Port::port2service($conn, $port)); ?> <a href="#" class='alarm-help' style='text-decoration:none' title='<?php echo $tooltip; ?> ' rel="<?php echo $np; ?> "><?php echo $port; ?> </a> <?php } ?> </div>
?> </span> </td> </tr></table> </td> <!-- risk --> <?php $src_ip = $alarm->get_src_ip(); $dst_ip = $alarm->get_dst_ip(); $src_port = $alarm->get_src_port(); $dst_port = $alarm->get_dst_port(); //$src_port = Port::port2service($conn, $alarm->get_src_port()); //$dst_port = Port::port2service($conn, $alarm->get_dst_port()); $src_port = Port::port2service($conn, $src_port); $dst_port = Port::port2service($conn, $dst_port); $sensors = $alarm->get_sensors(); $risk = $alarm->get_risk(); if ($risk > 7) { echo "\n <td class='nobborder' style='text-align:center;background-color:red'>\n <b>\n <a href=\"{$events_link}\">\n <font color=\"white\">{$risk}</font>\n </a>\n </b>\n </td>\n "; } elseif ($risk > 4) { echo "\n <td class='nobborder' style='text-align:center;background-color:orange'>\n <b>\n <a href=\"{$events_link}\">\n <font color=\"black\">{$risk}</font>\n </a>\n </b>\n </td>\n "; } elseif ($risk > 2) { echo "\n <td class='nobborder' style='text-align:center;background-color:green'>\n <b>\n <a href=\"{$events_link}\">\n <font color=\"white\">{$risk}</font>\n </a>\n </b>\n </td>\n "; } else { echo "\n <td class='nobborder' style='text-align:center'><a href=\"{$events_link}\">{$risk}</a></td>\n "; } ?> <!-- end risk -->
$datemark = $date_slices[0]; $alarm_name = ereg_replace("directive_event: ", "", $sid_name); $alarm_name = Util::translate_alarm($conn, $alarm_name, $alarm); $alarm_name_orig = $alarm_name; if ($backlog_id != 0) { $events_link = "events.php?backlog_id={$backlog_id}"; $alarm_name = $events_link; } else { $events_link = $_SERVER["SCRIPT_NAME"]; $alarm_link = Util::get_acid_pair_link($date, $alarm->get_src_ip(), $alarm->get_dst_ip()); $alarm_name = $alarm_link; } $src_ip = $alarm->get_src_ip(); $dst_ip = $alarm->get_dst_ip(); $src_port = Port::port2service($conn, $alarm->get_src_port()); $dst_port = Port::port2service($conn, $alarm->get_dst_port()); $sensors = $alarm->get_sensors(); $risk = $alarm->get_risk(); $src_link = "report/index.php?host={$src_ip}§ion=events"; $dst_link = "report/index.php?host={$dst_ip}§ion=events"; $src_name = Host::ip2hostname($conn, $src_ip); $dst_name = Host::ip2hostname($conn, $dst_ip); $event_id = $alarm->get_event_id(); $status = $alarm->get_status(); echo "\n <entry>\n <title>\n Alarm: {$alarm_name_orig} Risk: {$risk}</title>\n <id>http://" . $_SERVER['SERVER_ADDR'] . "/" . urlencode($alarm_name) . "</id>\n <link href=\"http://" . $_SERVER['SERVER_ADDR'] . "/" . urlencode($alarm_name) . "\"/>\n <summary>{$alarm_name_orig}</summary>\n <content type=\"application/xhtml+xml\" xml:space=\"preserve\">\n <div xmlns=\"http://www.w3.org/1999/xhtml\">\n <strong>Alarm:</strong> {$alarm_name_orig}<br/>\n <strong>Risk:</strong> {$risk}<br/>\n <strong>Date:</strong> {$since}<br/>\n"; foreach ($sensors as $sensor) { echo "\n <strong>Sensor:</strong>\n <a href=\"http://" . $_SERVER['SERVER_ADDR'] . "/ossim/sensor/sensor_plugins.php?sensor={$sensor}\" >{$sensor}</a>\n (" . Host::ip2hostname($conn, $sensor) . ")<br/>\n "; } echo "\n <strong>Source IP:</strong>\n <a href=\"http://" . $_SERVER['SERVER_ADDR'] . "/ossim/" . urlencode($src_link) . "\">{$src_ip}</a><br/>\n <strong>Destination IP:</strong>\n <a href=\"http://" . $_SERVER['SERVER_ADDR'] . "/ossim/" . urlencode($dst_link) . "\">{$dst_ip}</a><br/>\n </div>\n </content>\n <author>\n <name>\nOSSIM at " . $_SERVER['SERVER_ADDR'] . "\n </name>\n </author>\n <updated>" . Util::timestamp2RFC1459($alarm->get_timestamp()) . "</updated>\n </entry>\n"; } }