Esempio n. 1
0
 /**
  * Display a listing of the resource.
  *
  * @return \Illuminate\Http\RedirectResponse
  */
 public function index()
 {
     $classCounts = [];
     foreach ((array) Lang::get('classifications') as $classID => $classInfo) {
         $classTotal = new \stdClass();
         $tickets = Ticket::where('class_id', $classID);
         $ticketCount = $tickets->count();
         $tickets = $tickets->get();
         if ($ticketCount !== 0) {
             $classTotal->name = $classInfo['name'];
             $classTotal->tickets = $tickets->count();
             $classCounts[] = $classTotal;
         }
     }
     return view('analytics')->with('classCounts', $classCounts)->with('auth_user', $this->auth_user);
 }
Esempio n. 2
0
 /**
  * Display all closed tickets
  * @param Request $request
  * @return Response
  */
 public function statusClosed()
 {
     $tickets = Ticket::where('status_id', 2)->paginate(10);
     return view('tickets.index')->with('tickets', $tickets)->with('user', $this->user);
 }
Esempio n. 3
0
 /**
  * {@inherit docs}.
  */
 protected function getCollectionWithArguments()
 {
     return Ticket::where('id', $this->argument('ticket'));
 }
Esempio n. 4
0
 /**
  * Walk thru all tickets to see which need closing
  *
  * @return boolean
  */
 private function ticketsClosing()
 {
     $closeOlderThen = strtotime(config('main.housekeeping.tickets_close_after') . " ago");
     $validator = Validator::make(['mailarchive_remove_after' => $closeOlderThen], ['mailarchive_remove_after' => 'required|timestamp']);
     if ($validator->fails()) {
         $messages = $validator->messages();
         $message = '';
         foreach ($messages->all() as $messagePart) {
             $message .= $messagePart . PHP_EOL;
         }
         echo $message;
         return false;
     } else {
         $tickets = Ticket::where('status_id', '!=', '2')->get();
         foreach ($tickets as $ticket) {
             if ($ticket->lastEvent[0]->timestamp <= $closeOlderThen) {
                 $ticket->update(['status_id' => 2]);
             }
         }
     }
     return true;
 }
Esempio n. 5
0
 /**
  * Create a list of tickets that need outgoing notifications.
  *
  * @param int|bool    $ticket    Ticket ID
  * @param string|bool $reference ReferenceName of contact in ticket
  * @param bool|bool   $force     Force sending even when there are no new events
  * @param string      $only      Only send to ('ip', 'domain' or null (both))
  *
  * @return array $notificationList   List of notifications to send
  */
 public function buildList($ticket = false, $reference = false, $force = false, $only = null)
 {
     /*
      * Select a list of tickets that are not closed(2) by default or add ticket / reference
      * conditions if options were passed along.
      */
     $selection = [];
     $search = Ticket::where('id', '>', '0');
     if (!$force) {
         $search = Ticket::where('status_id', '!=', 'CLOSED');
     }
     if ($ticket !== false) {
         $search->where('id', '=', $ticket);
     }
     if ($reference !== false) {
         $search->where('ip_contact_reference', '=', $reference)->orwhere('domain_contact_reference', '=', $reference);
     }
     $tickets = $search->get();
     $validator = Validator::make(['notification info_interval' => strtotime(config('main.notifications.info_interval') . ' ago'), 'notification abuse_interval' => strtotime(config('main.notifications.abuse_interval') . ' ago'), 'notification min_lastseen' => strtotime(config('main.notifications.min_lastseen') . ' ago')], ['notification info_interval' => 'required|timestamp', 'notification abuse_interval' => 'required|timestamp', 'notification min_lastseen' => 'required|timestamp']);
     if ($validator->fails()) {
         $messages = $validator->messages();
         $message = '';
         foreach ($messages->all() as $messagePart) {
             $message .= $messagePart . PHP_EOL;
         }
         return $message;
     }
     // If an invalid value for $only is given, set default (null = both)
     if (!in_array($only, ['ip', 'domain'])) {
         $only = null;
     }
     $sendInfoAfter = strtotime(config('main.notifications.info_interval') . ' ago');
     $sendAbuseAfter = strtotime(config('main.notifications.abuse_interval') . ' ago');
     $sendNotOlderThen = strtotime(config('main.notifications.min_lastseen') . ' ago');
     foreach ($tickets as $ticket) {
         /*
          * Only send a notification if there is something new to report
          * or if this is the first notification.
          */
         if ($ticket->last_notify_count == $ticket->events->count() && $ticket->last_notify_count != 0 && $force !== true) {
             continue;
         } else {
             /*
              * Filter outgoing notifications and aggregate them by reference so we can send out a single
              * notifications for multiple tickets if needed.
              */
             if ($force !== true) {
                 // Skip if status Ignored
                 if ($ticket->status_id == 'IGNORED') {
                     continue;
                 }
                 // Skip if type Info and contact status Ignored
                 if ($ticket->type_id == 'INFO' && $ticket->contact_status_id == 'IGNORED') {
                     continue;
                 }
                 // Skip if type Info (1) and last notification was send after info interval
                 if ($ticket->last_notify_count != 0 && $ticket->type_id == 'INFO' && $ticket->last_notify_timestamp >= $sendInfoAfter) {
                     continue;
                 }
                 // Skip if type Info (1) and last notification was send after abuse interval
                 if ($ticket->last_notify_count != 0 && $ticket->type_id != 'INFO' && $ticket->last_notify_timestamp >= $sendAbuseAfter) {
                     continue;
                 }
                 // Skip if the event received is older the minimal last seen
                 if ($ticket->lastEvent[0]->timestamp <= $sendNotOlderThen) {
                     continue;
                 }
                 // Conditions just for IP contacts
                 if (!empty($ticket->ip_contact_reference) && $ticket->ip_contact_reference != 'UNDEF' && $ticket->ip_contact_auto_notify == true && $only != 'domain') {
                     $selection[$ticket->ip_contact_reference]['ip'][] = $ticket;
                 }
                 // Conditions just for Domain contacts
                 if (!empty($ticket->domain_contact_reference) && $ticket->domain_contact_reference != 'UNDEF' && $ticket->domain_contact_auto_notify == true && $ticket->domain_contact_reference != $ticket->ip_contact_reference && $only != 'ip') {
                     $selection[$ticket->domain_contact_reference]['domain'][] = $ticket;
                 }
             } else {
                 /*
                  * Notifications are forced, therefor we skip all the checks except empty/undef
                  */
                 // Conditions just for IP contacts
                 if (!empty($ticket->ip_contact_reference) && $ticket->ip_contact_reference != 'UNDEF' && $only != 'domain') {
                     $selection[$ticket->ip_contact_reference]['ip'][] = $ticket;
                 }
                 // Conditions just for Domain contacts
                 if (!empty($ticket->domain_contact_reference) && $ticket->domain_contact_reference != 'UNDEF' && $ticket->domain_contact_reference != $ticket->ip_contact_reference && $only != 'ip') {
                     $selection[$ticket->domain_contact_reference]['domain'][] = $ticket;
                 }
             }
         }
     }
     return $selection;
 }
Esempio n. 6
0
 /**
  * Execute the command.
  *
  * @param array $events
  * @param integer $evidenceID
  * @return array
  */
 public function save($events, $evidenceID)
 {
     $ticketCount = 0;
     $eventCount = 0;
     $eventsIgnored = 0;
     foreach ($events as $event) {
         /* Here we will seek through all the events and look if there is an existing ticket. We will split them up
          * into two seperate arrays: $eventsNew and $events$known. We can save all the known events in the DB with
          * a single event saving loads of queries
          *
          * IP Owner is leading, as in most cases even if the domain is moved
          * The server might still have a problem. Next to the fact that domains
          * Arent transferred to a new owner 'internally' anyways.
          *
          * So we do a lookup based on the IP same as with the 3.x engine. After
          * the lookup we check wither the domain contact was changed, if so we UPDATE
          * the ticket and put a note somewhere about it. This way the IP owner does
          * not get a new ticket on this matter and the new domain owner is getting updates.
          *
          * As the ASH link is based on the contact code, the old domain owner will not
          * have any access to the ticket anymore.
          */
         // If an event is too old we are ignoring it
         if (config('main.reports.min_lastseen') !== false && strtotime(config('main.reports.min_lastseen')) !== false && strtotime(config('main.reports.min_lastseen') . ' ago') > $event['timestamp']) {
             Log::debug(get_class($this) . ': ' . "is ignoring event because its older then " . config('main.reports.min_lastseen'));
             continue;
         }
         // Start with building a classification lookup table  and switch out name for ID
         foreach ((array) Lang::get('classifications') as $classID => $class) {
             if ($class['name'] == $event['class']) {
                 $event['class'] = $classID;
             }
         }
         // Also build a types lookup table and switch out name for ID
         foreach ((array) Lang::get('types.type') as $typeID => $type) {
             if ($type['name'] == $event['type']) {
                 $event['type'] = $typeID;
             }
         }
         // Lookup the ip contact and if needed the domain contact too
         $findContact = new FindContact();
         $ipContact = $findContact->byIP($event['ip']);
         if ($event['domain'] != '') {
             $domainContact = $findContact->byDomain($event['domain']);
         } else {
             $domainContact = $findContact->undefined();
         }
         /*
          * Ignore the event if both ip and domain contacts are undefined and the resolving of an contact
          * was required. This is handy to ignore any reports that are not considered local, but use
          * with caution as it might just ignore anything if your IP/domains are not correctly configured
          */
         if ($ipContact->reference == 'UNDEF' && $domainContact->reference == 'UNDEF' && config('main.reports.resolvable_only') === true) {
             if (!empty($domainContact) && $domainContact->reference == 'UNDEF' || empty($domainContact)) {
                 Log::debug(get_class($this) . ': ' . "is ignoring event because there is no IP or Domain contact");
                 continue;
             }
         }
         /*
          * Search to see if there is an existing ticket for this event classification
          */
         $ticket = Ticket::where('ip', '=', $event['ip'])->where('class_id', '=', $event['class'], 'AND')->where('type_id', '=', $event['type'], 'AND')->where('ip_contact_reference', '=', $ipContact->reference, 'AND')->where('status_id', '!=', 2, 'AND')->get();
         if ($ticket->count() === 0) {
             /*
              * If there are no search results then there is no existing ticket and we should create one
              */
             $ticketCount++;
             $newTicket = new Ticket();
             $newTicket->ip = $event['ip'];
             $newTicket->domain = empty($event['domain']) ? '' : $event['domain'];
             $newTicket->class_id = $event['class'];
             $newTicket->type_id = $event['type'];
             $newTicket->ip_contact_account_id = $ipContact->account_id;
             $newTicket->ip_contact_reference = $ipContact->reference;
             $newTicket->ip_contact_name = $ipContact->name;
             $newTicket->ip_contact_email = $ipContact->email;
             $newTicket->ip_contact_api_host = $ipContact->api_host;
             $newTicket->ip_contact_api_key = $ipContact->api_key;
             $newTicket->ip_contact_auto_notify = $ipContact->auto_notify;
             $newTicket->ip_contact_notified_count = 0;
             $newTicket->domain_contact_account_id = $domainContact->account_id;
             $newTicket->domain_contact_reference = $domainContact->reference;
             $newTicket->domain_contact_name = $domainContact->name;
             $newTicket->domain_contact_email = $domainContact->email;
             $newTicket->domain_contact_api_host = $domainContact->api_host;
             $newTicket->domain_contact_api_key = $domainContact->api_key;
             $newTicket->domain_contact_auto_notify = $domainContact->auto_notify;
             $newTicket->domain_contact_notified_count = 0;
             $newTicket->status_id = 1;
             $newTicket->last_notify_count = 0;
             $newTicket->last_notify_timestamp = 0;
             $newTicket->save();
             $newEvent = new Event();
             $newEvent->evidence_id = $evidenceID;
             $newEvent->information = $event['information'];
             $newEvent->source = $event['source'];
             $newEvent->ticket_id = $newTicket->id;
             $newEvent->timestamp = $event['timestamp'];
             $newEvent->save();
         } elseif ($ticket->count() === 1) {
             /*
              * There is an existing ticket, so we just need to add the event to this ticket. If the event is an
              * exact match we consider it a duplicate and will ignore it.
              */
             $ticket = $ticket[0];
             if (Event::where('information', '=', $event['information'])->where('source', '=', $event['source'])->where('ticket_id', '=', $ticket->id)->where('timestamp', '=', $event['timestamp'])->exists()) {
                 $eventsIgnored++;
             } else {
                 // New unique event, so we will save this
                 $eventCount++;
                 $newEvent = new Event();
                 $newEvent->evidence_id = $evidenceID;
                 $newEvent->information = $event['information'];
                 $newEvent->source = $event['source'];
                 $newEvent->ticket_id = $ticket->id;
                 $newEvent->timestamp = $event['timestamp'];
                 $newEvent->save();
                 /*
                  * If the reference has changed for the domain owner, then we update the ticket with the new
                  * domain owner. We not check if anything else then the reference has changed. If you change the
                  * contact data you have the option to propogate it onto open tickets.
                  */
                 if (!empty($event['domain']) && $domainContact !== false && $domainContact->reference !== $ticket->domain_contact_reference) {
                     $ticket->domain_contact_reference = $domainContact->reference;
                     $ticket->domain_contact_name = $domainContact->name;
                     $ticket->domain_contact_email = $domainContact->email;
                     $ticket->domain_contact_api_host = $domainContact->api_host;
                     $ticket->domain_contact_api_key = $domainContact->api_key;
                     $ticket->domain_contact_auto_notify = $domainContact->auto_notify;
                     $ticket->account_id = $domainContact->account->id;
                     $ticket->save();
                 }
                 // TODO: If this is an abuse/escalation ticket and currently 'resolved' then put status back to Open
                 // TODO: Implement escalation triggers
             }
         } else {
             /*
              * We should not never have more then two open tickets for the same case. If this happens there is a
              * fault in the aggregator which must be resolved first. Until then we will permfail here.
              */
             $this->failed('Unable to link to ticket, multiple open tickets found for same event type');
         }
     }
     Log::debug(get_class($this) . ': ' . "has completed creating {$ticketCount} new tickets, " . "linking {$eventCount} new events and ignored {$eventsIgnored} duplicates");
     $this->success('');
 }
Esempio n. 7
0
 /**
  * {@inheritdoc}.
  */
 protected function findWithCondition($filter)
 {
     return Ticket::where('id', $filter)->get();
 }
Esempio n. 8
0
 /**
  * Execute the command.
  *
  * @return array
  */
 public function handle()
 {
     // Start with building a classification lookup table
     $classNames = [];
     foreach (Lang::get('classifications') as $classID => $class) {
         $classNames[$class['name']] = $classID;
     }
     // Also build a types lookup table
     $typeNames = [];
     foreach (Lang::get('types.type') as $typeID => $type) {
         $typeNames[$type['name']] = $typeID;
     }
     // Also build a status lookup table
     $statusNames = [];
     foreach (Lang::get('types.status') as $statusID => $status) {
         $statusNames[$status['name']] = $statusID;
     }
     foreach ($this->events as $event) {
         /* Here we will thru all the events and look if these is an existing ticket. We will split them up into
          * two seperate arrays: $eventsNew and $events$known. We can save all the known events in the DB with
          * a single event saving loads of queries
          *
          * IP Owner is leading, as in most cases even if the domain is moved
          * The server might still have a problem. Next to the fact that domains
          * Arent transferred to a new owner 'internally' anyways.
          *
          * So we do a lookup based on the IP same as with the 3.x engine. After
          * the lookup we check wither the domain contact was changed, if so we UPDATE
          * the ticket and put a note somewhere about it. This way the IP owner does
          * not get a new ticket on this matter and the new domain owner is getting updates.
          *
          * As the ASH link is based on the contact code, the old domain owner will not
          * have any access to the ticket anymore.
          */
         // Lookup the ip contact and if needed the domain contact too
         $ipContact = FindContact::byIP($event['ip']);
         if ($event['domain'] != '') {
             $domainContact = FindContact::byDomain($event['domain']);
         }
         // Search to see if there is an existing ticket for this event classification
         // Todo: somehow add the domain too!!!!
         $search = Ticket::where('ip', '=', $event['ip'])->where('class_id', '=', $classNames[$event['class']], 'AND')->where('type_id', '=', $typeNames[$event['type']], 'AND')->where('ip_contact_reference', '=', $ipContact->reference, 'AND')->where('status_id', '!=', 2, 'AND')->get();
         if ($search->count() === 0) {
             // Build an array with all new tickes and save it with its related event and evidence link.
             $newTicket = new Ticket();
             $newTicket->ip = $event['ip'];
             $newTicket->domain = $event['domain'];
             $newTicket->class_id = $classNames[$event['class']];
             $newTicket->type_id = $typeNames[$event['type']];
             $newTicket->ip_contact_reference = $ipContact->reference;
             $newTicket->ip_contact_name = $ipContact->name;
             $newTicket->ip_contact_email = $ipContact->email;
             $newTicket->ip_contact_rpchost = $ipContact->rpc_host;
             $newTicket->ip_contact_rpckey = $ipContact->rpc_key;
             $newTicket->ip_contact_auto_notify = $ipContact->auto_notify;
             if ($event['domain'] != '') {
                 $newTicket->domain_contact_reference = $domainContact->reference;
                 $newTicket->domain_contact_name = $domainContact->name;
                 $newTicket->domain_contact_email = $domainContact->email;
                 $newTicket->domain_contact_rpchost = $domainContact->rpc_host;
                 $newTicket->domain_contact_rpckey = $domainContact->rpc_key;
                 $newTicket->domain_contact_auto_notify = $domainContact->auto_notify;
             }
             $newTicket->status_id = 1;
             $newTicket->notified_count = 0;
             $newTicket->last_notify_count = 0;
             $newTicket->last_notify_timestamp = 0;
             $newTicket->save();
             $newEvent = new Event();
             $newEvent->evidence_id = $this->evidenceID;
             $newEvent->information = $event['information'];
             $newEvent->source = $event['source'];
             $newEvent->ticket_id = $newTicket->id;
             $newEvent->timestamp = $event['timestamp'];
             $newEvent->save();
             // Call notifier action handler, type new
         } elseif ($search->count() === 1) {
             $ticketID = $search[0]->id;
             if (Event::where('information', '=', $event['information'])->where('source', '=', $event['source'])->where('ticket_id', '=', $ticketID)->where('timestamp', '=', $event['timestamp'])->exists()) {
                 // Exact duplicate match so we will ignore this event
             } else {
                 // New unique event, so we will save this
                 $newEvent = new Event();
                 $newEvent->evidence_id = $this->evidenceID;
                 $newEvent->information = $event['information'];
                 $newEvent->source = $event['source'];
                 $newEvent->ticket_id = $ticketID;
                 $newEvent->timestamp = $event['timestamp'];
                 $newEvent->save();
                 // Call notifier action handler, type update
             }
             // This is an existing ticket
         } else {
             $this->failed('Unable to link to ticket, multiple open tickets found for same event type');
         }
     }
     $this->success('');
 }
Esempio n. 9
0
 /**
  * Execute the command.
  *
  * @param array $incidents
  * @param int   $evidenceID
  *
  * @return array
  */
 public function save($incidents, $evidenceID)
 {
     $ticketCount = 0;
     $incidentCount = 0;
     $incidentsIgnored = 0;
     foreach ($incidents as $incident) {
         /* Here we will seek through all the incidents and look if there is an existing ticket. We will split
          * them up into two seperate arrays: $incidentsNew and $incidents$known. We can save all the known
          * incidents in the DB with a single incident saving loads of queries
          *
          * IP Owner is leading, as in most cases even if the domain is moved
          * The server might still have a problem. Next to the fact that domains
          * Arent transferred to a new owner 'internally' anyways.
          *
          * So we do a lookup based on the IP same as with the 3.x engine. After
          * the lookup we check wither the domain contact was changed, if so we UPDATE
          * the ticket and put a note somewhere about it. This way the IP owner does
          * not get a new ticket on this matter and the new domain owner is getting updates.
          *
          * As the ASH link is based on the contact code, the old domain owner will not
          * have any access to the ticket anymore.
          */
         // If an incident is too old we are ignoring it
         if (config('main.reports.min_lastseen') !== false && strtotime(config('main.reports.min_lastseen')) !== false && strtotime(config('main.reports.min_lastseen') . ' ago') > $incident->timestamp) {
             Log::debug(get_class($this) . ': ' . 'is ignoring incident because its older then ' . config('main.reports.min_lastseen'));
             continue;
         }
         // Lookup the ip contact and if needed the domain contact too
         $findContact = new FindContact();
         $ipContact = $findContact->byIP($incident->ip);
         if ($incident->domain != '') {
             $domainContact = $findContact->byDomain($incident->domain);
         } else {
             $domainContact = $findContact->undefined();
         }
         /*
          * Ignore the incident if both ip and domain contacts are undefined and the resolving of an contact
          * was required. This is handy to ignore any reports that are not considered local, but use
          * with caution as it might just ignore anything if your IP/domains are not correctly configured
          */
         if ($ipContact->reference == 'UNDEF' && $domainContact->reference == 'UNDEF' && config('main.reports.resolvable_only') === true) {
             if (!empty($domainContact) && $domainContact->reference == 'UNDEF' || empty($domainContact)) {
                 Log::debug(get_class($this) . ': ' . 'is ignoring incident because there is no IP or Domain contact');
                 continue;
             }
         }
         /*
          * Search to see if there is an existing ticket for this incident classification
          */
         $ticket = Ticket::where('ip', '=', $incident->ip)->where('class_id', '=', $incident->class, 'AND')->where('ip_contact_reference', '=', $ipContact->reference, 'AND')->where('status_id', '!=', 'CLOSED', 'AND')->get();
         if ($ticket->count() === 0) {
             /*
              * If there are no search results then there is no existing ticket and we should create one
              */
             $ticketCount++;
             $newTicket = new Ticket();
             $newTicket->ip = $incident->ip;
             $newTicket->domain = empty($incident->domain) ? '' : $incident->domain;
             $newTicket->class_id = $incident->class;
             $newTicket->type_id = $incident->type;
             $newTicket->ip_contact_account_id = $ipContact->account_id;
             $newTicket->ip_contact_reference = $ipContact->reference;
             $newTicket->ip_contact_name = $ipContact->name;
             $newTicket->ip_contact_email = $ipContact->email;
             $newTicket->ip_contact_api_host = $ipContact->api_host;
             $newTicket->ip_contact_auto_notify = $ipContact->auto_notify;
             $newTicket->ip_contact_notified_count = 0;
             $newTicket->domain_contact_account_id = $domainContact->account_id;
             $newTicket->domain_contact_reference = $domainContact->reference;
             $newTicket->domain_contact_name = $domainContact->name;
             $newTicket->domain_contact_email = $domainContact->email;
             $newTicket->domain_contact_api_host = $domainContact->api_host;
             $newTicket->domain_contact_auto_notify = $domainContact->auto_notify;
             $newTicket->domain_contact_notified_count = 0;
             $newTicket->status_id = 'OPEN';
             $newTicket->last_notify_count = 0;
             $newTicket->last_notify_timestamp = 0;
             // Validate the model before saving
             $validator = Validator::make(json_decode(json_encode($newTicket), true), Ticket::createRules());
             if ($validator->fails()) {
                 return $this->error('DevError: Internal validation failed when saving the Ticket object ' . implode(' ', $validator->messages()->all()));
             }
             $newTicket->save();
             $newEvent = new Event();
             $newEvent->evidence_id = $evidenceID;
             $newEvent->information = $incident->information;
             $newEvent->source = $incident->source;
             $newEvent->ticket_id = $newTicket->id;
             $newEvent->timestamp = $incident->timestamp;
             // Validate the model before saving
             $validator = Validator::make(json_decode(json_encode($newEvent), true), Event::createRules());
             if ($validator->fails()) {
                 return $this->error('DevError: Internal validation failed when saving the Event object ' . implode(' ', $validator->messages()->all()));
             }
             $newEvent->save();
         } elseif ($ticket->count() === 1) {
             /*
              * There is an existing ticket, so we just need to add the incident to this ticket. If the
              * incident is an exact match we consider it a duplicate and will ignore it.
              */
             $ticket = $ticket[0];
             if (Event::where('information', '=', $incident->information)->where('source', '=', $incident->source)->where('ticket_id', '=', $ticket->id)->where('timestamp', '=', $incident->timestamp)->exists()) {
                 $incidentsIgnored++;
             } else {
                 // New unique incident, so we will save this
                 $incidentCount++;
                 $newEvent = new Event();
                 $newEvent->evidence_id = $evidenceID;
                 $newEvent->information = $incident->information;
                 $newEvent->source = $incident->source;
                 $newEvent->ticket_id = $ticket->id;
                 $newEvent->timestamp = $incident->timestamp;
                 // Validate the model before saving
                 $validator = Validator::make(json_decode(json_encode($newEvent), true), Event::createRules());
                 if ($validator->fails()) {
                     return $this->error('DevError: Internal validation failed when saving the Event object ' . implode(' ', $validator->messages()->all()));
                 }
                 $newEvent->save();
                 /*
                  * If the reference has changed for the domain owner, then we update the ticket with the new
                  * domain owner. We not check if anything else then the reference has changed. If you change the
                  * contact data you have the option to propogate it onto open tickets.
                  */
                 if (!empty($incident->domain) && $domainContact !== false && $domainContact->reference !== $ticket->domain_contact_reference) {
                     $ticket->domain_contact_reference = $domainContact->reference;
                     $ticket->domain_contact_name = $domainContact->name;
                     $ticket->domain_contact_email = $domainContact->email;
                     $ticket->domain_contact_api_host = $domainContact->api_host;
                     $ticket->domain_contact_auto_notify = $domainContact->auto_notify;
                     $ticket->account_id = $domainContact->account->id;
                 }
                 /*
                  * Upgrade the type if the received event has a higher priority type included
                  */
                 $priority = ['INFO', 'ABUSE', 'ESCALATION'];
                 if (array_search($ticket->type_id, $priority) < array_search($incident->type, $priority)) {
                     $ticket->type_id = $incident->type;
                 }
                 /*
                  * If the ticket was set to resolved, move it back to open
                  */
                 if ($ticket->status_id == 'RESOLVED') {
                     $ticket->status_id = 'OPEN';
                 }
                 /*
                  * Walk thru the escalation upgrade path, and upgrade if required
                  */
                 //echo config("escalations.{$ticket->class_id}.abuse.enabled");
                 if (is_array(config("escalations.{$ticket->class_id}"))) {
                     // There is a specific escalation path for this class
                     $escalationPath = $ticket->class_id;
                 } else {
                     // Use the default escalation path
                     $escalationPath = 'DEFAULT';
                 }
                 // Check if all the values are set, or log a warning that were skipping escalation paths
                 if (!is_bool(empty(config("escalations.{$escalationPath}.abuse.enabled"))) || !is_numeric(config("escalations.{$escalationPath}.abuse.threshold")) || !is_bool(empty(config("escalations.{$escalationPath}.escalation.enabled"))) || !is_numeric(config("escalations.{$escalationPath}.escalation.threshold"))) {
                     Log::warning(get_class($this) . ': ' . 'Escalation path settings are missing or incomplete. Skipping this phase');
                 } else {
                     // Now actually check if anything needs to be changed and if so, change it.
                     if (!empty(config("escalations.{$escalationPath}.abuse.enabled")) && !empty(config("escalations.{$escalationPath}.abuse.threshold")) && $ticket->events->count() > config("escalations.{$escalationPath}.abuse.threshold") && $ticket->type_id == 'INFO') {
                         // Upgrade to abuse
                         Log::debug(get_class($this) . ': ' . "An escalation path threshold has been reached for ticket {$ticket->id}, " . 'threshold: ' . config("escalations.{$escalationPath}.abuse.threshold") . ', ' . 'setting: info -> abuse');
                         $ticket->type_id = 'ABUSE';
                     }
                     if (!empty(config("escalations.{$escalationPath}.escalation.enabled")) && !empty(config("escalations.{$escalationPath}.escalation.threshold")) && $ticket->events->count() > config("escalations.{$escalationPath}.escalation.threshold") && $ticket->type_id == 'ABUSE') {
                         // Upgrade to escalation
                         Log::debug(get_class($this) . ': ' . "An escalation path threshold has been reached for ticket {$ticket->id}, " . 'threshold: ' . config("escalations.{$escalationPath}.escalation.threshold") . ', ' . 'setting: abuse -> escalation');
                         $ticket->type_id = 'ESCALATION';
                     }
                 }
                 // Validate the model before saving
                 $validator = Validator::make(json_decode(json_encode($ticket), true), Ticket::createRules());
                 if ($validator->fails()) {
                     return $this->error('DevError: Internal validation failed when saving the Ticket object ' . implode(' ', $validator->messages()->all()));
                 }
                 $ticket->save();
             }
         } else {
             /*
              * We should not never have more then two open tickets for the same case. If this happens there is a
              * fault in the aggregator which must be resolved first. Until then we will permfail here.
              */
             $this->error('Unable to link to ticket, multiple open tickets found for same incident type');
         }
     }
     Log::debug(get_class($this) . ': ' . "has completed creating {$ticketCount} new tickets, " . "linking {$incidentCount} new incidents and ignored {$incidentsIgnored} duplicates");
     return $this->success('');
 }
Esempio n. 10
0
 /**
  * Execute the command.
  * @return array
  */
 public function handle()
 {
     $ticketCount = 0;
     $eventCount = 0;
     $eventsIgnored = 0;
     foreach ($this->events as $event) {
         /* Here we will thru all the events and look if these is an existing ticket. We will split them up into
          * two seperate arrays: $eventsNew and $events$known. We can save all the known events in the DB with
          * a single event saving loads of queries
          *
          * IP Owner is leading, as in most cases even if the domain is moved
          * The server might still have a problem. Next to the fact that domains
          * Arent transferred to a new owner 'internally' anyways.
          *
          * So we do a lookup based on the IP same as with the 3.x engine. After
          * the lookup we check wither the domain contact was changed, if so we UPDATE
          * the ticket and put a note somewhere about it. This way the IP owner does
          * not get a new ticket on this matter and the new domain owner is getting updates.
          *
          * As the ASH link is based on the contact code, the old domain owner will not
          * have any access to the ticket anymore.
          */
         // Start with building a classification lookup table  and switch out name for ID
         foreach ((array) Lang::get('classifications') as $classID => $class) {
             if ($class['name'] == $event['class']) {
                 $event['class'] = $classID;
             }
         }
         // Also build a types lookup table and switch out name for ID
         foreach ((array) Lang::get('types.type') as $typeID => $type) {
             if ($type['name'] == $event['type']) {
                 $event['type'] = $typeID;
             }
         }
         // Lookup the ip contact and if needed the domain contact too
         $ipContact = FindContact::byIP($event['ip']);
         if ($event['domain'] != '') {
             $domainContact = FindContact::byDomain($event['domain']);
         } else {
             $domainContact = false;
         }
         /*
          * Search to see if there is an existing ticket for this event classification
          */
         $search = Ticket::where('ip', '=', $event['ip'])->where('class_id', '=', $event['class'], 'AND')->where('type_id', '=', $event['type'], 'AND')->where('ip_contact_reference', '=', $ipContact->reference, 'AND')->where('status_id', '!=', 2, 'AND')->get();
         if ($search->count() === 0) {
             /*
              * If there are no search results then there is no existing ticket and we should create one
              */
             $ticketCount++;
             $newTicket = new Ticket();
             $newTicket->ip = $event['ip'];
             $newTicket->domain = $event['domain'];
             $newTicket->class_id = $event['class'];
             $newTicket->type_id = $event['type'];
             $newTicket->ip_contact_reference = $ipContact->reference;
             $newTicket->ip_contact_name = $ipContact->name;
             $newTicket->ip_contact_email = $ipContact->email;
             $newTicket->ip_contact_rpchost = $ipContact->rpc_host;
             $newTicket->ip_contact_rpckey = $ipContact->rpc_key;
             $newTicket->ip_contact_auto_notify = $ipContact->auto_notify;
             if (!empty($event['domain']) && $domainContact !== false) {
                 $newTicket->domain_contact_reference = $domainContact->reference;
                 $newTicket->domain_contact_name = $domainContact->name;
                 $newTicket->domain_contact_email = $domainContact->email;
                 $newTicket->domain_contact_rpchost = $domainContact->rpc_host;
                 $newTicket->domain_contact_rpckey = $domainContact->rpc_key;
                 $newTicket->domain_contact_auto_notify = $domainContact->auto_notify;
             }
             $newTicket->status_id = 1;
             $newTicket->notified_count = 0;
             $newTicket->last_notify_count = 0;
             $newTicket->last_notify_timestamp = 0;
             $newTicket->save();
             $newEvent = new Event();
             $newEvent->evidence_id = $this->evidenceID;
             $newEvent->information = $event['information'];
             $newEvent->source = $event['source'];
             $newEvent->ticket_id = $newTicket->id;
             $newEvent->timestamp = $event['timestamp'];
             $newEvent->save();
             // TODO - Call notifier action handler, type new
         } elseif ($search->count() === 1) {
             /*
              * There is an existing ticket, so we just need to add the event to this ticket. If the event is an
              * exact match we consider it a duplicate and will ignore it.
              */
             $ticketID = $search[0]->id;
             if (Event::where('information', '=', $event['information'])->where('source', '=', $event['source'])->where('ticket_id', '=', $ticketID)->where('timestamp', '=', $event['timestamp'])->exists()) {
                 $eventsIgnored++;
             } else {
                 // New unique event, so we will save this
                 $eventCount++;
                 $newEvent = new Event();
                 $newEvent->evidence_id = $this->evidenceID;
                 $newEvent->information = $event['information'];
                 $newEvent->source = $event['source'];
                 $newEvent->ticket_id = $ticketID;
                 $newEvent->timestamp = $event['timestamp'];
                 $newEvent->save();
                 // TODO - Update domain owner if changed based on the contactID (reference)
                 // TODO - Call notifier action handler, type update
             }
         } else {
             /*
              * We should not never have more then two open tickets for the same case. If this happens there is a
              * fault in the aggregator which must be resolved first. Until then we will permfail here.
              */
             $this->failed('Unable to link to ticket, multiple open tickets found for same event type');
         }
     }
     Log::debug('(JOB ' . getmypid() . ') ' . get_class($this) . ': ' . "has completed creating {$ticketCount} new tickets, " . "linking {$eventCount} new events and ignored {$eventsIgnored} duplicates");
     $this->success('');
 }
Esempio n. 11
0
 /**
  * Walk thru all tickets to see which need closing.
  *
  * @return bool
  */
 private function ticketsClosing()
 {
     Log::info(get_class($this) . ': Housekeeper is starting to close old tickets');
     $closeOlderThen = strtotime(config('main.housekeeping.tickets_close_after') . ' ago');
     $validator = Validator::make(['mailarchive_remove_after' => $closeOlderThen], ['mailarchive_remove_after' => 'required|timestamp']);
     if ($validator->fails()) {
         $messages = $validator->messages();
         $message = '';
         foreach ($messages->all() as $messagePart) {
             $message .= $messagePart . PHP_EOL;
         }
         echo $message;
         return false;
     } else {
         $tickets = Ticket::where('status_id', '!=', 'CLOSED')->get();
         foreach ($tickets as $ticket) {
             if ($ticket->lastEvent[0]->timestamp <= $closeOlderThen && strtotime($ticket->created_at) <= $closeOlderThen) {
                 $ticket->update(['status_id' => 'CLOSED']);
             }
         }
     }
     return true;
 }
Esempio n. 12
0
 /**
  * Retrieve a list of addresses based on open tickets and kick off scanAddress
  *
  * @return boolean
  */
 private function scanTickets()
 {
     $tickets = Ticket::where('status_id', '!=', '2')->get();
     foreach ($tickets as $ticket) {
         $this->scanAddress($ticket->ip);
     }
     return true;
 }