$antes = "";
$despues = $signame;
}
qroPrintEntry("{$antes} <a href='{$siglink}'>" . trim($despues) . "</a>", "left");
//if ($db->baseGetDBversion() >= 103) qroPrintEntry(GetSigClassName(GetSigClassID($sig_id, $db) , $db));
$perc = $avoid_counts != 1 ? ' (' . round($total_occurances / $event_cnt * 100) . '%)' : '';
//qroPrintEntry('<FONT>' . '<A HREF="base_qry_main.php?new=1amp;&sig%5B0%5D=%3D&sig%5B1%5D=' . (rawurlencode($sig_id)) . '&sig_type=1' . '&submit=' . gettext("Query+DB") . '&num_result_rows=-1">' . $total_occurances . '</A>' .
qroPrintEntry('<FONT>' . '<A HREF="' . $siglink . '">' . $total_occurances . '</A>' . $perc . '</FONT>', 'center', 'top', 'nowrap');
qroPrintEntry('<A HREF="base_stat_sensor.php?sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($sig_id) . '&sig_type=1">' . $num_sensors . '</A>');
if ($db->baseGetDBversion() >= 100) {
$addr_link = '&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($sig_id);
} else {
$addr_link = '&sig%5B0%5D=LIKE&sig%5B1%5D=' . urlencode($sigstr);
}
qroPrintEntry('<FONT>' . BuildUniqueAddressLink(1, $addr_link) . $num_src_ip . '</A></FONT>', 'center', 'top', 'nowrap');
qroPrintEntry('<FONT>' . BuildUniqueAddressLink(2, $addr_link) . $num_dst_ip . '</A></FONT>', 'center', 'top', 'nowrap');
qroPrintEntry('<FONT>' . $start_time . '</FONT>', 'center', 'top', 'nowrap');
qroPrintEntry('<FONT>' . $stop_time . '</FONT>', 'center', 'top', 'style="padding:0 10px 0 10px" nowrap');
qroPrintEntryFooter();
$i++;
$prev_time = null;
// report_data
$report_data[] = array(trim(html_entity_decode($despues)), html_entity_decode($total_occurances . $perc), $start_time, $stop_time, "", "", "", "", "", "", "", $num_sensors, $num_src_ip, $num_dst_ip);
}
$result->baseFreeRows();
$qro->PrintFooter();
$qs->PrintBrowseButtons();
$qs->PrintAlertActionButtons();
$qs->SaveReportData($report_data, $unique_events_report_type);
$qs->SaveState();
echo "\n</FORM>\n";
function PrintGeneralStats($db, $compact, $show_stats, $join = "", $where = "", $show_total_events = false)
{
global $events_report_type, $sensors_report_type, $unique_events_report_type, $unique_plugins_report_type;
global $unique_addr_report_type, $src_port_report_type, $dst_port_report_type, $unique_iplinks_report_type;
global $unique_country_events_report_type;
global $siem_events_title, $cloud_instance;
if ($show_stats == 1) {
$sensor_cnt = SensorCnt($db, $join, $where);
$sensor_total = SensorTotal($db);
$unique_alert_cnt = UniqueAlertCnt($db, $join, $where);
$event_cnt = EventCnt($db, $join, $where);
$unique_ip_cnt = UniqueIPCnt($db, $join, $where);
$unique_links_cnt = UniqueLinkCnt($db, $join, $where);
$unique_port_cnt = UniquePortCnt($db, $join, $where);
$unique_tcp_port_cnt = UniqueTCPPortCnt($db, $join, $where);
$unique_udp_port_cnt = UniqueUDPPortCnt($db, $join, $where);
}
/*if ($db->baseGetDBversion() >= 103) {
if ($show_stats == 1) {
$result = $db->baseExecute("SELECT categories FROM event_stats ORDER BY timestamp DESC LIMIT 1");
$myrow = $result->baseFetchRow();
$class_cnt = $myrow[0];
$result->baseFreeRows();
}
$class_cnt_info[0] = " <strong>" . gettext("Categories:") . " </strong>";
$class_cnt_info[1] = "<a style='color:black;font-weight:bold' href=\"base_stat_class.php?sort_order=class_a\">";
$class_cnt_info[2] = "</a><a style='color:black;font-weight:bold' href=\"base_stat_class_graph.php?sort_order=class_a\"> <img src=\"images/ico_graph.gif\" align=\"absmiddle\" border=0></a>";
}*/
$sensor_cnt_info[0] = "<strong>" . gettext("Sensors/Total:") . "</strong>\n";
$sensor_cnt_info[1] = "<a style='color:black;font-weight:bold' href=\"base_stat_sensor.php?sort_order=occur_d\">";
$sensor_cnt_info[2] = "</a>";
$unique_alert_cnt_info[0] = "<strong>" . gettext("Unique Events") . ":</strong>\n";
$unique_alert_cnt_info[1] = "<a style='color:black;font-weight:bold' href=\"base_stat_alerts.php?sort_order=occur_d\">";
$unique_alert_cnt_info[2] = "</a>";
$unique_plugin_cnt_info[0] = "<strong>" . _("Unique Data Sources") . "</strong>\n";
$unique_plugin_cnt_info[1] = "<a style='color:black;font-weight:bold' href=\"base_stat_plugins.php?sort_order=occur_d\">";
$unique_plugin_cnt_info[2] = "</a>";
$event_cnt_info[0] = "<strong>" . gettext("Total Number of Events:") . "</strong>\n";
$event_cnt_info[1] = '<a style=\'color:black;font-weight:bold\' href="base_qry_main.php?&num_result_rows=-1' . '&submit=' . gettext("Query+DB") . '&current_view=-1">';
$event_cnt_info[2] = "</a>";
$unique_src_ip_cnt_info[0] = gettext("Src IP addrs:");
$unique_src_ip_cnt_info[1] = " " . BuildUniqueAddressLink(1, "", "color:black;font-weight:bold");
$unique_src_ip_cnt_info[2] = "</a>";
$unique_dst_ip_cnt_info[0] = gettext("Dest. IP addrs:");
$unique_dst_ip_cnt_info[1] = " " . BuildUniqueAddressLink(2, "", "color:black;font-weight:bold");
$unique_dst_ip_cnt_info[2] = "</a>";
$unique_ip_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_uaddress.php?sort_order=occur_d\">";
$unique_ip_cnt_info[2] = "</a>";
$unique_links_info[0] = gettext("Unique IP links");
$unique_links_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_iplink.php?sort_order=events_d&fqdn=no\">";
$unique_links_info[2] = "</a>";
$unique_links_fqdn = " <a style='color:black;font-weight:bold' href=\"base_stat_iplink.php?sort_order=events_d&fqdn=yes\">[FQDN]</a>";
$unique_src_port_cnt_info[0] = gettext("Source Ports: ");
$unique_src_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=1&proto=-1\">";
$unique_src_port_cnt_info[2] = "</a>";
$unique_dst_port_cnt_info[0] = gettext("Dest Ports: ");
$unique_dst_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=2&proto=-1\">";
$unique_dst_port_cnt_info[2] = "</a>";
$unique_tcp_src_port_cnt_info[0] = "TCP (";
$unique_tcp_src_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=1&proto=" . TCP . "\">";
$unique_tcp_src_port_cnt_info[2] = "</a>)";
$unique_tcp_dst_port_cnt_info[0] = "TCP (";
$unique_tcp_dst_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=2&proto=" . TCP . "\">";
$unique_tcp_dst_port_cnt_info[2] = "</a>)";
$unique_udp_src_port_cnt_info[0] = "UDP (";
$unique_udp_src_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=1&proto=" . UDP . "\">";
$unique_udp_src_port_cnt_info[2] = "</a>)";
$unique_udp_dst_port_cnt_info[0] = "UDP (";
$unique_udp_dst_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=2&proto=" . UDP . "\">";
$unique_udp_dst_port_cnt_info[2] = "</a>)";
if ($show_stats == 1) {
echo $unique_alert_cnt_info[0] . $unique_alert_cnt_info[1] . $unique_alert_cnt . $unique_alert_cnt_info[2] . "\n<br />";
echo $sensor_cnt_info[0] . $sensor_cnt_info[1] . $sensor_cnt . $sensor_cnt_info[2] . $sensor_total . "\n<br />";
if ($db->baseGetDBversion() >= 103) {
echo "<br />" . $class_cnt_info[0] . $class_cnt_info[1] . $class_cnt . $class_cnt_info[2];
}
echo "<br />";
echo $event_cnt_info[0] . $event_cnt_info[1] . $event_cnt . $event_cnt_info[2];
echo "<ul>";
echo "<li>" . $unique_src_ip_cnt_info[0] . $unique_src_ip_cnt_info[1] . $unique_ip_cnt[0] . $unique_src_ip_cnt_info[2] . "</li>";
echo "<li>" . $unique_dst_ip_cnt_info[0] . $unique_dst_ip_cnt_info[1] . $unique_ip_cnt[1] . $unique_dst_ip_cnt_info[2] . "</li>";
echo "<li>" . $unique_links_info[0] . $unique_links_info[1] . $unique_links_cnt . $unique_links_info[2] . " (" . $unique_links_fqdn . ")</li>";
echo "<li>";
if ($compact == 0) {
echo "<p>";
}
echo $unique_src_port_cnt_info[0] . $unique_src_port_cnt_info[1] . $unique_port_cnt[0] . $unique_src_port_cnt_info[2] . "</li>";
if ($compact == 0) {
echo "<li><ul><li>";
} else {
echo "<li> -- ";
}
echo $unique_tcp_src_port_cnt_info[0] . $unique_tcp_src_port_cnt_info[1] . $unique_tcp_port_cnt[0] . $unique_tcp_src_port_cnt_info[2] . " " . $unique_udp_src_port_cnt_info[0] . $unique_udp_src_port_cnt_info[1] . $unique_udp_port_cnt[0] . $unique_udp_src_port_cnt_info[2];
if ($compact == 0) {
echo "</li></ul></li>";
}
echo "<li>" . $unique_dst_port_cnt_info[0] . $unique_dst_port_cnt_info[1] . $unique_port_cnt[1] . $unique_dst_port_cnt_info[2] . "</li>";
if ($compact == 0) {
echo "<li><ul><li>";
} else {
echo "<li> -- ";
}
echo $unique_tcp_dst_port_cnt_info[0] . $unique_tcp_dst_port_cnt_info[1] . $unique_tcp_port_cnt[1] . $unique_tcp_dst_port_cnt_info[2] . " " . $unique_udp_dst_port_cnt_info[0] . $unique_udp_dst_port_cnt_info[1] . $unique_udp_port_cnt[1] . $unique_udp_dst_port_cnt_info[2];
if ($compact == 0) {
echo "</li></ul>";
}
echo "</li></ul>";
} else {
echo "<table width='100%' cellpadding=0 cellspacing=0 border=0><tr><td valign='top'>";
if ($show_total_events) {
$event_cnt = EventCnt($db, $join, $where);
echo "<li>" . $event_cnt_info[0] . $event_cnt_info[1] . $event_cnt . $event_cnt_info[2] . "</li><li><p>";
}
//echo "<ul style='padding-left:20px'>";
?>
<table cellpadding=2 style="border-left:1px solid #CACACA;border-bottom:1px solid #CACACA;border-right:1px solid #CACACA" cellspacing=0 border=0 width="100%">
<tr>
<?php
//$li_style = (preg_match("/base_stat_sensor\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : "";
$color = preg_match("/base_qry_main\\.php/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF";
$fontcolor = preg_match("/base_qry_main\\.php/", $_SERVER['SCRIPT_NAME']) ? "white" : "black";
?>
<td nowrap align="center" style="border-right:1px solid #CACACA" bgcolor="<?php
echo $color;
?>
">
<a style="color:<?php
echo $fontcolor;
?>
;font-weight:bold" href='base_qry_main.php?num_result_rows=-1&submit=Query+DB¤t_view=-1'>
<?php
echo _("Events");
?>
</a>
<?php
if ($fontcolor == "white" && !$cloud_instance) {
?>
<a href="javascript:;" onclick="javascript:report_launcher('Events_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php
echo _("Launch PDF Report");
?>
"></a>
<a href="javascript:;" onclick="javascript:report_launcher('Events_Report','<?php
echo $events_report_type;
?>
');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php
echo _("Download data in csv format");
?>
"></a>
<?php
}
?>
</td>
<?php
//$li_style = (preg_match("/base_stat_alerts\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : "";
$color = preg_match("/base_stat_alerts\\.php|base_stat_alerts_graph\\.php/", $_SERVER['SCRIPT_NAME']) || preg_match("/base_stat_class\\.php|base_stat_class_graph\\.php/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF";
if ($color == "#28BC04") {
$unique_alert_cnt_info[1] = str_replace(":black", ":white", $unique_alert_cnt_info[1]);
$class_cnt_info[1] = str_replace(":black", ":white", $class_cnt_info[1]);
}
//echo " <li$li_style>".$unique_alert_cnt_info[1].gettext("Unique Events").$unique_alert_cnt_info[2] . "</li>";
?>
<td nowrap align="center" style="border-right:1px solid #CACACA" bgcolor="<?php
echo $color;
?>
"><?php
echo $unique_alert_cnt_info[1] . gettext("Unique Events") . $unique_alert_cnt_info[2];
?>
<a href="base_stat_alerts_graph.php?sort_order=occur_d"><img src="images/ico_graph.gif" align="absmiddle" border=0></a>
<?php
if ($color == "#28BC04" && !$cloud_instance && preg_match("/base_stat_alerts\\.php/", $_SERVER['SCRIPT_NAME'])) {
?>
<a href="javascript:;" onclick="javascript:report_launcher('UniqueEvents_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php
echo _("Launch PDF Report");
?>
"></a>
<a href="javascript:;" onclick="javascript:report_launcher('UniqueEvents_Report','<?php
echo $unique_events_report_type;
?>
');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php
echo _("Download data in csv format");
?>
"></a>
<?php
}
?>
<!--<br>
(<?php
echo $class_cnt_info[1] . gettext("classifications") . $class_cnt_info[2];
?>
)-->
</td>
<?php
//$li_style = (preg_match("/base_stat_sensor\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : "";
$color = preg_match("/base_stat_sensor\\.php/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF";
if ($color == "#28BC04") {
$sensor_cnt_info[1] = str_replace(":black", ":white", $sensor_cnt_info[1]);
}
//echo " <li$li_style>".$sensor_cnt_info[1]. gettext("Sensors") . "</a></li>";
?>
<td nowrap align="center" style="border-right:1px solid #CACACA" bgcolor="<?php
echo $color;
?>
"><?php
echo $sensor_cnt_info[1] . gettext("Sensors") . $sensor_cnt_info[2];
?>
<?php
if ($color == "#28BC04" && !$cloud_instance) {
?>
<a href="javascript:;" onclick="javascript:report_launcher('Sensors_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php
echo _("Launch PDF Report");
?>
"></a>
<a href="javascript:;" onclick="javascript:report_launcher('Sensors_Report','<?php
echo $sensors_report_type;
?>
');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php
echo _("Download data in csv format");
?>
"></a>
<?php
}
?>
</td>
<?php
if ($db->baseGetDBversion() >= 103) {
//$li_style = (preg_match("/base_stat_class\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : "";
$color = preg_match("/base_stat_plugins\\.php/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF";
if ($color == "#28BC04") {
$unique_plugin_cnt_info[1] = str_replace(":black", ":white", $unique_plugin_cnt_info[1]);
}
//echo "<li$li_style> ( ".$class_cnt_info[1].gettext("classifications")."</a> )</li>";
?>
<td nowrap align="center" bgcolor="<?php
echo $color;
?>
"><?php
echo $unique_plugin_cnt_info[1] . gettext("Unique Data Sources") . $unique_plugin_cnt_info[2];
?>
<?php
if ($color == "#28BC04" && !$cloud_instance) {
?>
<a href="javascript:;" onclick="javascript:report_launcher('UniquePlugin_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php
echo _("Launch PDF Report");
?>
"></a>
<a href="javascript:;" onclick="javascript:report_launcher('UniquePlugin_Report','<?php
echo $unique_plugins_report_type;
?>
');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php
echo _("Download data in csv format");
?>
"></a>
<?php
}
?>
</td>
<?php
}
?>
</tr>
<tr>
<?php
//$src_lnk = "<a href='base_stat_uaddr.php?addr_type=".$_GET['addr_type']."&addhomeips=src' title='Add home networks IPs to current search criteria'><img src='images/homelan.png' border=0 align='absmiddle'></a>";
//$dst_lnk = "<a href='base_stat_uaddr.php?addr_type=".$_GET['addr_type']."&addhomeips=dst' title='Add home networks IPs to current search criteria'><img src='images/homelan.png' border=0 align='absmiddle'></a>";
//$li_style = (preg_match("/base_stat_uaddr\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : "";
$color = preg_match("/base_stat_uaddr/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF";
if ($color == "#28BC04") {
$unique_src_ip_cnt_info[1] = str_replace(":black", ":white", $unique_src_ip_cnt_info[1]);
$unique_dst_ip_cnt_info[1] = str_replace(":black", ":white", $unique_dst_ip_cnt_info[1]);
$unique_ip_cnt_info[1] = str_replace(":black", ":white", $unique_ip_cnt_info[1]);
if (!$cloud_instance) {
$pdf = " <a href=\"javascript:;\" onclick=\"javascript:report_launcher('UniqueAddress_Report" . intval($_GET['addr_type']) . "','pdf');return false\"><img src=\"images/pdf-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Launch PDF Report") . "\"> ";
$csv = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('UniqueAddress_Report" . intval($_GET['addr_type']) . "','{$unique_addr_report_type}');return false\"><img src=\"images/csv-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Download data in csv format") . "\"></a> ";
} else {
$pdf = "";
$csv = "";
}
if ($_GET['addr_type'] == '1') {
$unique_src_ip_cnt_info[2] .= $pdf . $csv;
}
if ($_GET['addr_type'] == '2') {
$unique_dst_ip_cnt_info[2] .= $pdf . $csv;
}
} else {
$pdf = "<br>";
$csv = "";
}
// echo " <li$li_style>".gettext("Unique addresses: ").
// $unique_src_ip_cnt_info[1].gettext("Source").' | '.$unique_src_ip_cnt_info[2].
// $unique_dst_ip_cnt_info[1].gettext("Destination").$unique_dst_ip_cnt_info[2]."</li>";
//echo "</td><td valign='top' style='padding-left:10px'>";
$addrtype1 = $_GET['addr_type'] == '1' ? "underline" : "none";
$addrtype2 = $_GET['addr_type'] == '2' ? "underline" : "none";
$report_type = $_GET['proto'] == '6' ? 1 : ($_GET['proto'] == '17' ? 2 : 0);
?>
<td align="center" style='border-right:1px solid #CACACA;border-top:1px solid #CACACA;<?php
if ($color == "#28BC04") {
echo "color:white";
}
?>
' bgcolor="<?php
echo $color;
?>
"><?php
echo $unique_ip_cnt_info[1] . gettext("Unique addresses") . $unique_ip_cnt_info[2] . ":<br>" . $unique_src_ip_cnt_info[1] . "<font style='text-decoration:{$addrtype1}'>" . gettext("Source") . "</font>" . $unique_src_ip_cnt_info[2] . " | " . $unique_dst_ip_cnt_info[1] . "<font style='text-decoration:{$addrtype2}'>" . gettext("Destination") . "</font>" . $unique_dst_ip_cnt_info[2];
?>
</td>
<?php
//$li_style = (preg_match("/base_stat_ports\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : "";
$color = preg_match("/base_stat_ports\\.php/", $_SERVER['SCRIPT_NAME']) && $_GET['port_type'] == 1 ? "#28BC04" : "#FFFFFF";
if ($color == "#28BC04") {
$unique_src_port_cnt_info[1] = str_replace(":black", ":white", $unique_src_port_cnt_info[1]);
$unique_tcp_src_port_cnt_info[1] = str_replace(":black", ":white", $unique_tcp_src_port_cnt_info[1]);
$unique_udp_src_port_cnt_info[1] = str_replace(":black", ":white", $unique_udp_src_port_cnt_info[1]);
if (!$cloud_instance) {
$pdf = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('SourcePort_Report{$report_type}','pdf');return false\"><img src=\"images/pdf-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Launch PDF Report") . "\">";
$csv = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('SourcePort_Report{$report_type}','{$src_port_report_type}');return false\"><img src=\"images/csv-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Download data in csv format") . "\"></a><br>";
} else {
$pdf = "<br>";
$csv = "";
}
} else {
$pdf = "<br>";
$csv = "";
}
//echo "<li$li_style>".$unique_src_port_cnt_info[1].gettext("Source")." ".$unique_src_port_cnt_info[2].gettext("Port").": ".
// $unique_tcp_src_port_cnt_info[1]." TCP</a> | ".
// $unique_tcp_src_port_cnt_info[1]." TCP</a> | ".
// $unique_udp_src_port_cnt_info[1]." UDP</a>".
// "</li><li$li_style>".
// $unique_dst_port_cnt_info[1].gettext("Destination")." ".$unique_dst_port_cnt_info[2].gettext("Port").": ".
// $unique_tcp_dst_port_cnt_info[1]." TCP</a> | ".
// $unique_udp_dst_port_cnt_info[1]." UDP</a>" .
// "</li>";
$sprototcp = $_GET['proto'] == '6' && $_GET['port_type'] == '1' ? "underline" : "none";
$sprotoudp = $_GET['proto'] == '17' && $_GET['port_type'] == '1' ? "underline" : "none";
$dprototcp = $_GET['proto'] == '6' && $_GET['port_type'] == '2' ? "underline" : "none";
$dprotoudp = $_GET['proto'] == '17' && $_GET['port_type'] == '2' ? "underline" : "none";
?>
<td align="center" style='border-right:1px solid #CACACA;border-top:1px solid #CACACA;<?php
if ($color == "#28BC04") {
echo "color:white";
}
?>
' bgcolor="<?php
echo $color;
?>
"><?php
echo $unique_src_port_cnt_info[1] . gettext("Source Port") . $unique_src_port_cnt_info[2] . ": {$pdf} {$csv}" . $unique_tcp_src_port_cnt_info[1] . " <font style='text-decoration:{$sprototcp}'>TCP</font></a> | " . $unique_udp_src_port_cnt_info[1] . " <font style='text-decoration:{$sprotoudp}'>UDP</font></a>";
?>
</td>
<?php
$color = preg_match("/base_stat_ports\\.php/", $_SERVER['SCRIPT_NAME']) && $_GET['port_type'] == 2 ? "#28BC04" : "#FFFFFF";
if ($color == "#28BC04") {
$unique_dst_port_cnt_info[1] = str_replace(":black", ":white", $unique_dst_port_cnt_info[1]);
$unique_tcp_dst_port_cnt_info[1] = str_replace(":black", ":white", $unique_tcp_dst_port_cnt_info[1]);
$unique_udp_dst_port_cnt_info[1] = str_replace(":black", ":white", $unique_udp_dst_port_cnt_info[1]);
if (!$cloud_instance) {
$pdf = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('DestinationPort_Report{$report_type}','pdf');return false\"><img src=\"images/pdf-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Launch PDF Report") . "\">";
$csv = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('DestinationPort_Report{$report_type}','{$dst_port_report_type}');return false\"><img src=\"images/csv-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Download data in csv format") . "\"></a><br>";
} else {
$pdf = "<br>";
$csv = "";
}
} else {
$pdf = "<br>";
$csv = "";
}
?>
<td align="center" style='border-right:1px solid #CACACA;border-top:1px solid #CACACA;<?php
if ($color == "#28BC04") {
echo "color:white";
}
?>
' bgcolor="<?php
echo $color;
?>
"><?php
echo $unique_dst_port_cnt_info[1] . gettext("Destination Port") . $unique_dst_port_cnt_info[2] . ": {$pdf} {$csv}" . $unique_tcp_dst_port_cnt_info[1] . " <font style='text-decoration:{$dprototcp}'>TCP</font></a> | " . $unique_udp_dst_port_cnt_info[1] . " <font style='text-decoration:{$dprotoudp}'>UDP</font></a>";
?>
</td>
<?php
//$li_style = (preg_match("/base_stat_iplink\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : "";
$color = preg_match("/base_stat_iplink\\.php|base_stat_country\\.php/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF";
if ($color == "#28BC04") {
$unique_links_info[1] = str_replace(":black", ":white", $unique_links_info[1]);
$unique_links_fqdn = str_replace(":black", ":white", $unique_links_fqdn);
}
//echo "<li$li_style>".$unique_links_info[1].$unique_links_info[0].$unique_links_info[2]."</li>";
?>
<td nowrap align="center" style='border-top:1px solid #CACACA;' bgcolor="<?php
echo $color;
?>
"><?php
echo $unique_links_info[1] . $unique_links_info[0] . $unique_links_info[2] . $unique_links_fqdn;
?>
<?php
if ($color == "#28BC04" && !$cloud_instance && preg_match("/base_stat_iplink\\.php/", $_SERVER['SCRIPT_NAME']) && GET('fqdn') == 'no') {
?>
<a href="javascript:;" onclick="javascript:report_launcher('UniqueIPLinks_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php
echo _("Launch PDF Report");
?>
"></a>
<a href="javascript:;" onclick="javascript:report_launcher('UniqueIPLinks_Report','<?php
echo $unique_iplinks_report_type;
?>
');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php
echo _("Download data in csv format");
?>
"></a>
<?php
}
?>
<br><a style='color:<?php
echo $color == "#28BC04" ? "white" : "black";
?>
;font-weight:bold' href="base_stat_country.php"><?php
echo _("Unique Country Events");
?>
</a>
<?php
if ($color == "#28BC04" && !$cloud_instance && preg_match("/base_stat_country\\.php/", $_SERVER['SCRIPT_NAME'])) {
?>
<a href="javascript:;" onclick="javascript:report_launcher('UniqueCountryEvents_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php
echo _("Launch PDF Report");
?>
"></a>
<a href="javascript:;" onclick="javascript:report_launcher('UniqueCountryEvents_Report','<?php
echo $unique_country_events_report_type;
?>
');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php
echo _("Download data in csv format");
?>
"></a>
<?php
}
?>
</td>
<?php
//echo "</td></tr></table>";
?>
</tr>
</table>
<?php
echo "</td></tr></table>";
}
}
** (see the file 'base_main.php' for license details)
**
** Built upon work by Roman Danyliw <*****@*****.**>, <*****@*****.**>
** Built upon work by the BASE Project Team <*****@*****.**>
*/
require "base_conf.php";
require "vars_session.php";
require_once 'classes/Util.inc';
require "{$BASE_path}/includes/base_constants.inc.php";
require "{$BASE_path}/includes/base_include.inc.php";
include_once "{$BASE_path}/base_db_common.php";
include_once "{$BASE_path}/base_qry_common.php";
include_once "{$BASE_path}/base_stat_common.php";
if ($_SESSION['_siem_sensor_query'] == "") {
echo "-##-##-";
die;
}
$device_id = ImportHTTPVar("id", VAR_DIGIT);
$sql = str_replace("DEVICEID", $device_id, $_SESSION['_siem_sensor_query']);
session_write_close();
$qs = new QueryState();
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
$rs = $qs->ExecuteOutputQueryNoCanned($sql, $db);
if ($row = $rs->baseFetchRow()) {
$unique_addrs = BuildUniqueAlertLink("?sensor=" . urlencode($device_id)) . Util::number_format_locale($row[0], 0) . '</A>';
$src_addrs = BuildUniqueAddressLink(1, "&sensor=" . urlencode($device_id)) . Util::number_format_locale($row[1], 0) . '</A>';
$dst_addrs = BuildUniqueAddressLink(2, "&sensor=" . urlencode($device_id)) . Util::number_format_locale($row[2], 0) . '</A>';
}
$rs->baseFreeRows();
echo "{$unique_addrs}##{$src_addrs}##{$dst_addrs}";
$antes = "";
$despues = $signame;
}
qroPrintEntry("{$antes} <a href='{$siglink}' class='qlink'>" . trim($despues) . "</a>", "left", "", "style='vertical-align:middle'");
//qroPrintEntry(BuildSigByID($sig_id, $db),"left","middle");
$ocurrlink = 'base_qry_main.php?new=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($sig_id) . '&sig_type=1' . '&submit=' . gettext("Query DB") . '&num_result_rows=-1';
//$perc = (($avoid_counts != 1) ? (' (' . (round($total_occurances / $event_cnt * 100)) . '%)') : (''));
$pid = $myrow["plugin_id"] . "-" . $myrow["plugin_sid"];
qroPrintEntry('<A HREF="' . $ocurrlink . '" id="occur' . $pid . '" class="qlink">' . Util::number_format_locale($total_occurances, 0) . '</A>' . $perc, 'center', 'middle', 'nowrap');
if ($db->baseGetDBversion() >= 100) {
$addr_link = '&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($sig_id);
} else {
$addr_link = '&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($sigstr);
}
qroPrintEntry(BuildUniqueAddressLink(1, $addr_link, '', 'qlink') . Util::number_format_locale($num_src_ip, 0) . '</A>', 'center', 'middle', 'nowrap');
qroPrintEntry(BuildUniqueAddressLink(2, $addr_link, '', 'qlink') . Util::number_format_locale($num_dst_ip, 0) . '</A>', 'center', 'middle', 'nowrap');
qroPrintEntry('<div id="le' . $pid . '" style="padding:0px 4px"></div>', 'center', 'middle', 'nowrap');
// GRAPH
qroPrintEntry('<div id="plotarea' . $pid . '" class="plot"></div>', 'center', 'middle');
qroPrintEntryFooter();
$i++;
$prev_time = null;
// report_data
$report_data[] = array(trim(html_entity_decode($despues)), html_entity_decode($total_occurances . $perc), "", "", "", "", "", "", "", "", "", 0, $num_src_ip, $num_dst_ip);
}
$result->baseFreeRows();
$qro->PrintFooter();
$qs->PrintBrowseButtons();
$qs->PrintAlertActionButtons();
$qs->SaveReportData($report_data, $unique_events_report_type);
$qs->SaveState();
function PrintGeneralStats($db)
{
global $events_report_type, $sensors_report_type, $unique_events_report_type, $unique_plugins_report_type;
global $unique_addr_report_type, $src_port_report_type, $dst_port_report_type, $unique_iplinks_report_type;
global $unique_country_events_report_type;
global $siem_events_title, $cloud_instance;
$sensor_cnt_info[0] = gettext("Sensors/Total:") . "\n";
$sensor_cnt_info[1] = "<a style='color:black;' href=\"base_stat_sensor.php?sort_order=occur_d\">";
$sensor_cnt_info[2] = "</a>";
$unique_alert_cnt_info[0] = gettext("Unique Events") . ":\n";
$unique_alert_cnt_info[1] = "<a style='color:black;' href=\"base_stat_alerts.php?sort_order=occur_d\">";
$unique_alert_cnt_info[2] = "</a>";
$unique_plugin_cnt_info[0] = _("Unique Data Sources") . "\n";
$unique_plugin_cnt_info[1] = "<a style='color:black;' href=\"base_stat_plugins.php?sort_order=occur_d\">";
$unique_plugin_cnt_info[2] = "</a>";
$event_cnt_info[0] = "<strong>" . gettext("Total Number of Events:") . "</strong>\n";
$event_cnt_info[1] = '<a style=\'color:black;\' href="base_qry_main.php?&num_result_rows=-1' . '&submit=' . gettext("Query DB") . '&current_view=-1">';
$event_cnt_info[2] = "</a>";
$unique_src_ip_cnt_info[0] = gettext("Src IP addrs:");
$unique_src_ip_cnt_info[1] = " " . BuildUniqueAddressLink(1, "", "color:black;");
$unique_src_ip_cnt_info[2] = "</a>";
$unique_dst_ip_cnt_info[0] = gettext("Dest. IP addrs:");
$unique_dst_ip_cnt_info[1] = " " . BuildUniqueAddressLink(2, "", "color:black;");
$unique_dst_ip_cnt_info[2] = "</a>";
$unique_ip_cnt_info[1] = " <a style='color:black;' href=\"base_stat_uaddress.php?sort_order=occur_d\">";
$unique_ip_cnt_info[2] = "</a>";
$unique_links_info[0] = gettext("Unique IP links");
$unique_links_info[1] = " <a style='color:black;' href=\"base_stat_iplink.php?sort_order=events_d&fqdn=no\">";
$unique_links_info[2] = "</a>";
$unique_links_fqdn = " <a style='color:black;' href=\"base_stat_iplink.php?sort_order=events_d&fqdn=yes\">[FQDN]</a>";
$unique_src_port_cnt_info[0] = gettext("Source Ports: ");
$unique_src_port_cnt_info[1] = " <a style='color:black;' href=\"base_stat_ports.php?sort_order=occur_d&port_type=1&proto=-1\">";
$unique_src_port_cnt_info[2] = "</a>";
$unique_dst_port_cnt_info[0] = gettext("Dest Ports: ");
$unique_dst_port_cnt_info[1] = " <a style='color:black;' href=\"base_stat_ports.php?sort_order=occur_d&port_type=2&proto=-1\">";
$unique_dst_port_cnt_info[2] = "</a>";
$unique_tcp_src_port_cnt_info[0] = "TCP (";
$unique_tcp_src_port_cnt_info[1] = " <a style='color:black;' href=\"base_stat_ports.php?sort_order=occur_d&port_type=1&proto=6\">";
$unique_tcp_src_port_cnt_info[2] = "</a>)";
$unique_tcp_dst_port_cnt_info[0] = "TCP (";
$unique_tcp_dst_port_cnt_info[1] = " <a style='color:black;' href=\"base_stat_ports.php?sort_order=occur_d&port_type=2&proto=6\">";
$unique_tcp_dst_port_cnt_info[2] = "</a>)";
$unique_udp_src_port_cnt_info[0] = "UDP (";
$unique_udp_src_port_cnt_info[1] = " <a style='color:black;' href=\"base_stat_ports.php?sort_order=occur_d&port_type=1&proto=17\">";
$unique_udp_src_port_cnt_info[2] = "</a>)";
$unique_udp_dst_port_cnt_info[0] = "UDP (";
$unique_udp_dst_port_cnt_info[1] = " <a style='color:black;' href=\"base_stat_ports.php?sort_order=occur_d&port_type=2&proto=17\">";
$unique_udp_dst_port_cnt_info[2] = "</a>)";
$unique_ptypes_info[0] = gettext("Product Types");
$unique_ptypes_info[1] = " <a style='color:black;' href=\"base_stat_ptypes.php?sort_order=occur_d\">";
$unique_ptypes_info[2] = "</a>";
$unique_categories_info[0] = gettext("Categories");
$unique_categories_info[1] = " <a style='color:black;' href=\"base_stat_categories.php?sort_order=occur_d\">";
$unique_categories_info[2] = "</a>";
echo "<table class='transparent' width='100%' cellpadding=0 cellspacing=0 border=0><tr><td valign='top'>";
?>
<table class="transparent" cellpadding=5 style="border-left:1px solid #C4C0BB;border-bottom:1px solid #C4C0BB;border-right:1px solid #C4C0BB" cellspacing=0 border=0 width="100%">
<tr>
<?php
//$li_style = (preg_match("/base_stat_sensor\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : "";
$color = preg_match("/base_qry_main\\.php/", $_SERVER['SCRIPT_NAME']) ? "th" : "";
$fontcolor = preg_match("/base_qry_main\\.php/", $_SERVER['SCRIPT_NAME']) ? "white" : "black";
?>
<td nowrap align="center" style="border-right:1px solid #C4C0BB" class="<?php
echo $color;
?>
">
<a style="" href='base_qry_main.php?num_result_rows=-1&submit=Query+DB¤t_view=-1'>
<?php
echo _("Events");
?>
</a>
<?php
if ($fontcolor == "white" && !$cloud_instance) {
?>
<?php
if ($_SESSION['current_cview'] == "IDM" || $_SESSION['current_cview'] == "default") {
?>
<a href="javascript:;" onclick="javascript:report_launcher('Events_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php
echo _("Launch PDF Report");
?>
"></a><?php
}
?>
<a href="javascript:;" onclick="javascript:report_launcher('Events_Report','<?php
echo Util::htmlentities($events_report_type);
?>
');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php
echo _("Download data in csv format");
?>
"></a>
<?php
}
?>
</td>
<?php
//$li_style = (preg_match("/base_stat_alerts\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : "";
$color = preg_match("/base_stat_alerts\\.php|base_stat_alerts_graph\\.php/", $_SERVER['SCRIPT_NAME']) || preg_match("/base_stat_class\\.php|base_stat_class_graph\\.php/", $_SERVER['SCRIPT_NAME']) ? "th" : "";
if ($color == "th") {
//$unique_alert_cnt_info[1] = str_replace(":black",":white",$unique_alert_cnt_info[1]);
//$class_cnt_info[1] = str_replace(":black",":white",$class_cnt_info[1]);
}
//echo " <li$li_style>".$unique_alert_cnt_info[1].gettext("Unique Events").$unique_alert_cnt_info[2] . "</li>";
?>
<td nowrap align="center" style="border-right:1px solid #C4C0BB" class="<?php
echo $color;
?>
"><?php
echo $unique_alert_cnt_info[1] . gettext("Unique Events") . $unique_alert_cnt_info[2];
?>
<?php
if ($color == "th" && !$cloud_instance && preg_match("/base_stat_alerts\\.php/", $_SERVER['SCRIPT_NAME'])) {
?>
<a href="javascript:;" onclick="javascript:report_launcher('UniqueEvents_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php
echo _("Launch PDF Report");
?>
"></a>
<a href="javascript:;" onclick="javascript:report_launcher('UniqueEvents_Report','<?php
echo Util::htmlentities($unique_events_report_type);
?>
');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php
echo _("Download data in csv format");
?>
"></a>
<?php
}
?>
<!--<br>
(<?php
echo $class_cnt_info[1] . gettext("classifications") . $class_cnt_info[2];
?>
)-->
</td>
<?php
//$li_style = (preg_match("/base_stat_sensor\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : "";
$color = preg_match("/base_stat_sensor\\.php/", $_SERVER['SCRIPT_NAME']) ? "th" : "";
//if ($color == "th") $sensor_cnt_info[1] = str_replace(":black",":white",$sensor_cnt_info[1]);
//echo " <li$li_style>".$sensor_cnt_info[1]. gettext("Sensors") . "</a></li>";
?>
<td nowrap align="center" style="border-right:1px solid #C4C0BB" class="<?php
echo $color;
?>
"><?php
echo $sensor_cnt_info[1] . gettext("Sensors") . $sensor_cnt_info[2];
?>
<?php
if ($color == "th" && !$cloud_instance) {
?>
<a href="javascript:;" onclick="javascript:report_launcher('Sensors_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php
echo _("Launch PDF Report");
?>
"></a>
<a href="javascript:;" onclick="javascript:report_launcher('Sensors_Report','<?php
echo Util::htmlentities($sensors_report_type);
?>
');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php
echo _("Download data in csv format");
?>
"></a>
<?php
}
?>
</td>
<?php
if ($db->baseGetDBversion() >= 103) {
//$li_style = (preg_match("/base_stat_class\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : "";
$color = preg_match("/base_stat_plugins\\.php/", $_SERVER['SCRIPT_NAME']) ? "th" : "";
//if ($color == "th") $unique_plugin_cnt_info[1] = str_replace(":black",":white",$unique_plugin_cnt_info[1]);
//echo "<li$li_style> ( ".$class_cnt_info[1].gettext("classifications")."</a> )</li>";
?>
<td nowrap align="center" class="<?php
echo $color;
?>
"><?php
echo $unique_plugin_cnt_info[1] . gettext("Unique Data Sources") . $unique_plugin_cnt_info[2];
?>
<?php
if ($color == "th" && !$cloud_instance) {
?>
<a href="javascript:;" onclick="javascript:report_launcher('UniquePlugin_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php
echo _("Launch PDF Report");
?>
"></a>
<a href="javascript:;" onclick="javascript:report_launcher('UniquePlugin_Report','<?php
echo Util::htmlentities($unique_plugins_report_type);
?>
');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php
echo _("Download data in csv format");
?>
"></a>
<?php
}
?>
</td>
<?php
}
?>
</tr>
<tr>
<?php
//$src_lnk = "<a href='base_stat_uaddr.php?addr_type=".$_GET['addr_type']."&addhomeips=src' title='Add home networks IPs to current search criteria'><img src='images/homelan.png' border=0 align='absmiddle'></a>";
//$dst_lnk = "<a href='base_stat_uaddr.php?addr_type=".$_GET['addr_type']."&addhomeips=dst' title='Add home networks IPs to current search criteria'><img src='images/homelan.png' border=0 align='absmiddle'></a>";
//$li_style = (preg_match("/base_stat_uaddr\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : "";
$color = preg_match("/base_stat_uaddr|base_stat_uidm/", $_SERVER['SCRIPT_NAME']) ? "th" : "";
if ($color == "th") {
//$unique_src_ip_cnt_info[1] = str_replace(":black",":white",$unique_src_ip_cnt_info[1]);
//$unique_dst_ip_cnt_info[1] = str_replace(":black",":white",$unique_dst_ip_cnt_info[1]);
//$unique_ip_cnt_info[1] = str_replace(":black",":white",$unique_ip_cnt_info[1]);
if (!$cloud_instance) {
$pdf = " <a href=\"javascript:;\" onclick=\"javascript:report_launcher('UniqueAddress_Report" . intval($_GET['addr_type']) . "','pdf');return false\"><img src=\"images/pdf-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Launch PDF Report") . "\"> ";
$csv = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('UniqueAddress_Report" . intval($_GET['addr_type']) . "','" . Util::htmlentities($unique_addr_report_type) . "');return false\"><img src=\"images/csv-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Download data in csv format") . "\"></a> ";
} else {
$pdf = "";
$csv = "";
}
if ($_GET['addr_type'] == '1') {
$unique_src_ip_cnt_info[2] .= $pdf . $csv;
}
if ($_GET['addr_type'] == '2') {
$unique_dst_ip_cnt_info[2] .= $pdf . $csv;
}
} else {
$pdf = "<br>";
$csv = "";
}
// echo " <li$li_style>".gettext("Unique addresses: ").
// $unique_src_ip_cnt_info[1].gettext("Source").' | '.$unique_src_ip_cnt_info[2].
// $unique_dst_ip_cnt_info[1].gettext("Destination").$unique_dst_ip_cnt_info[2]."</li>";
//echo "</td><td valign='top' style='padding-left:10px'>";
$addrtype1 = $_GET['addr_type'] == '1' || preg_match("/src_/", $_GET['addr_type']) ? "underline" : "none";
$addrtype2 = $_GET['addr_type'] == '2' || preg_match("/dst_/", $_GET['addr_type']) ? "underline" : "none";
$report_type = $_GET['proto'] == '6' ? 1 : ($_GET['proto'] == '17' ? 2 : 0);
// IDM
if ($_SESSION["_idm"]) {
$uat = "<a style='' href='javascript:;' onclick=\"\$('#uniqueaddrsrc').hide();\$('#uniqueaddrdst').hide();\$('#uniqueaddr').toggle()\">" . gettext("Unique") . "</a>\n \t<div style='position:relative; z-index:2; text-align:left'><div id='uniqueaddr' style='position:absolute;top:0;display:none;padding:2px 5px;margin:-21px 0px 0px 115px;background-color:#fefefe;border:1px solid #C4C0BB;white-space:nowrap;'>\n \t<a style='color:black;font-weight:bold' href='base_stat_uaddress.php?sort_order=occur_d'>IP Addresses</a><br>\n \t<a style='color:black;font-weight:bold' href='base_stat_uidm.php?addr_type=userdomain&sort_order=occur_d'>User@Domains</a><br>\n \t<a style='color:black;font-weight:bold' href='base_stat_uidm.php?addr_type=hostname&sort_order=occur_d'>Hostnames</a><br>\n \t</div></div>";
$uatsrc = "<a style='' href='javascript:;' onclick=\"\$('#uniqueaddr').hide();\$('#uniqueaddrdst').hide();\$('#uniqueaddrsrc').toggle()\"><font style='text-decoration:{$addrtype1}'>" . gettext("Source") . "</font></a>" . ($_GET['addr_type'] == '1' && preg_match("/base_stat_uaddr/", $_SERVER['SCRIPT_NAME']) ? $pdf . $csv : "") . "\n \t<div style='display:inline;position:relative; z-index:2; text-align:left'><div id='uniqueaddrsrc' style='position:absolute;top:0;display:none;padding:2px 5px;margin:-7px 0px 0px 1px;background-color:#fefefe;border:1px solid #C4C0BB;white-space:nowrap;'>\n \t<a style='color:black;font-weight:bold' href='base_stat_uaddr.php?sort_order=occur_d&addr_type=1'>IP Addresses</a><br>\n \t<a style='color:black;font-weight:bold' href='base_stat_uidmsel.php?addr_type=src_userdomain&sort_order=occur_d'>User@Domains</a><br>\n \t<a style='color:black;font-weight:bold' href='base_stat_uidmsel.php?addr_type=src_hostname&sort_order=occur_d'>Hostnames</a><br>\n \t</div></div>";
$uatdst = "<a style='' href='javascript:;' onclick=\"\$('#uniqueaddr').hide();\$('#uniqueaddrsrc').hide();\$('#uniqueaddrdst').toggle()\"><font style='text-decoration:{$addrtype2}'>" . gettext("Destination") . "</font></a>" . ($_GET['addr_type'] == '2' && preg_match("/base_stat_uaddr/", $_SERVER['SCRIPT_NAME']) ? $pdf . $csv : "") . "\n \t<div style='position:relative; z-index:2; text-align:left'><div id='uniqueaddrdst' style='position:absolute;top:0;display:none;padding:2px 5px;margin:-21px 0px 0px 150px;background-color:#fefefe;border:1px solid #C4C0BB;white-space:nowrap;'>\n \t<a style='color:black;font-weight:bold' href='base_stat_uaddr.php?sort_order=occur_d&addr_type=2'>IP Addresses</a><br>\n \t<a style='color:black;font-weight:bold' href='base_stat_uidmsel.php?addr_type=dst_userdomain&sort_order=occur_d'>User@Domains</a><br>\n \t<a style='color:black;font-weight:bold' href='base_stat_uidmsel.php?addr_type=dst_hostname&sort_order=occur_d'>Hostnames</a><br>\n \t</div></div>";
} else {
$uat = $unique_ip_cnt_info[1] . gettext("Unique addresses") . $unique_ip_cnt_info[2] . ":<br>";
$uatsrc = $unique_src_ip_cnt_info[1] . "<font style='text-decoration:{$addrtype1}'>" . gettext("Source") . "</font>" . $unique_src_ip_cnt_info[2];
$uatdst = $unique_dst_ip_cnt_info[1] . "<font style='text-decoration:{$addrtype2}'>" . gettext("Destination") . "</font>" . $unique_dst_ip_cnt_info[2];
}
?>
<td align="center" style='border-right:1px solid #C4C0BB;border-top:1px solid #C4C0BB;<?php
if ($color == "th") {
echo "color:white";
}
?>
' class="<?php
echo $color;
?>
"><?php
echo $uat . $uatsrc . " | " . $uatdst;
?>
</td>
<?php
# SRC/DST PORTS
$color = preg_match("/base_stat_ports\\.php/", $_SERVER['SCRIPT_NAME']) ? "th" : "";
if ($color == "th" && $_GET['port_type'] == 1) {
/*
$unique_src_port_cnt_info[1] = str_replace(":black",":white",$unique_src_port_cnt_info[1]);
$unique_tcp_src_port_cnt_info[1] = str_replace(":black",":white",$unique_tcp_src_port_cnt_info[1]);
$unique_udp_src_port_cnt_info[1] = str_replace(":black",":white",$unique_udp_src_port_cnt_info[1]);
$unique_dst_port_cnt_info[1] = str_replace(":black",":white",$unique_dst_port_cnt_info[1]);
$unique_tcp_dst_port_cnt_info[1] = str_replace(":black",":white",$unique_tcp_dst_port_cnt_info[1]);
$unique_udp_dst_port_cnt_info[1] = str_replace(":black",":white",$unique_udp_dst_port_cnt_info[1]);
*/
if (!$cloud_instance) {
$pdfs = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('SourcePort_Report{$report_type}','pdf');return false\"><img src=\"images/pdf-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Launch PDF Report") . "\">";
$csvs = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('SourcePort_Report{$report_type}','" . Util::htmlentities($src_port_report_type) . "');return false\"><img src=\"images/csv-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Download data in csv format") . "\"></a> ";
} else {
$pdfs = "";
$csvs = " ";
}
} elseif ($color == "th" && $_GET['port_type'] == 2) {
/*
$unique_src_port_cnt_info[1] = str_replace(":black",":white",$unique_src_port_cnt_info[1]);
$unique_tcp_src_port_cnt_info[1] = str_replace(":black",":white",$unique_tcp_src_port_cnt_info[1]);
$unique_udp_src_port_cnt_info[1] = str_replace(":black",":white",$unique_udp_src_port_cnt_info[1]);
$unique_dst_port_cnt_info[1] = str_replace(":black",":white",$unique_dst_port_cnt_info[1]);
$unique_tcp_dst_port_cnt_info[1] = str_replace(":black",":white",$unique_tcp_dst_port_cnt_info[1]);
$unique_udp_dst_port_cnt_info[1] = str_replace(":black",":white",$unique_udp_dst_port_cnt_info[1]);
*/
if (!$cloud_instance) {
$pdfd = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('DestinationPort_Report{$report_type}','pdf');return false\"><img src=\"images/pdf-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Launch PDF Report") . "\">";
$csvd = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('DestinationPort_Report{$report_type}','" . Util::htmlentities($dst_port_report_type) . "');return false\"><img src=\"images/csv-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Download data in csv format") . "\"></a> ";
} else {
$pdfd = "";
$csvd = " ";
}
} else {
$pdfs = "";
$csvs = " ";
$pdfd = "";
$csvd = " ";
}
$sprototcp = $_GET['proto'] == '6' && $_GET['port_type'] == '1' ? "underline" : "none";
$sprotoudp = $_GET['proto'] == '17' && $_GET['port_type'] == '1' ? "underline" : "none";
$dprototcp = $_GET['proto'] == '6' && $_GET['port_type'] == '2' ? "underline" : "none";
$dprotoudp = $_GET['proto'] == '17' && $_GET['port_type'] == '2' ? "underline" : "none";
?>
<td align="center" style='border-right:1px solid #C4C0BB;border-top:1px solid #C4C0BB;<?php
if ($color == "th") {
echo "color:white";
}
?>
' class="<?php
echo $color;
?>
"><?php
echo $unique_src_port_cnt_info[1] . gettext("Source Port") . ":" . $unique_src_port_cnt_info[2] . " {$pdfs} {$csvs}" . $unique_tcp_src_port_cnt_info[1] . " <font style='text-decoration:{$sprototcp}'>TCP</font></a> | " . $unique_udp_src_port_cnt_info[1] . " <font style='text-decoration:{$sprotoudp}'>UDP</font></a>";
?>
<br>
<?php
echo $unique_dst_port_cnt_info[1] . gettext("Destination Port") . ":" . $unique_dst_port_cnt_info[2] . " {$pdfd} {$csvd}" . $unique_tcp_dst_port_cnt_info[1] . " <font style='text-decoration:{$dprototcp}'>TCP</font></a> | " . $unique_udp_dst_port_cnt_info[1] . " <font style='text-decoration:{$dprotoudp}'>UDP</font></a>";
?>
</td>
<?php
# TAXONOMY
$color = preg_match("/base_stat_ptypes\\.php|base_stat_categories\\.php/", $_SERVER['SCRIPT_NAME']) ? "th" : "";
/*
if ($color == "th") {
$unique_ptypes_info[1] = str_replace(":black",":white",$unique_ptypes_info[1]);
$unique_categories_info[1] = str_replace(":black",":white",$unique_categories_info[1]);
}
*/
?>
<td align="center" style='border-right:1px solid #C4C0BB;border-top:1px solid #C4C0BB;' class="<?php
echo $color;
?>
"><?php
echo gettext("Taxonomy");
?>
<br/><?php
echo $unique_ptypes_info[1] . $unique_ptypes_info[0] . $unique_ptypes_info[2] . " | " . $unique_categories_info[1] . $unique_categories_info[0] . $unique_categories_info[2];
?>
</td>
<?php
# IP / COUNTRY
$color = preg_match("/base_stat_iplink\\.php|base_stat_country\\.php/", $_SERVER['SCRIPT_NAME']) ? "th" : "";
/*
if ($color == "th") {
$unique_links_info[1] = str_replace(":black",":white",$unique_links_info[1]);
$unique_links_fqdn = str_replace(":black",":white",$unique_links_fqdn);
}
*/
?>
<td nowrap align="center" style='border-top:1px solid #C4C0BB;' class="<?php
echo $color;
?>
"><?php
echo $unique_links_info[1] . $unique_links_info[0] . $unique_links_info[2] . $unique_links_fqdn;
?>
<?php
if ($color == "th" && !$cloud_instance && preg_match("/base_stat_iplink\\.php/", $_SERVER['SCRIPT_NAME']) && GET('fqdn') == 'no') {
?>
<a href="javascript:;" onclick="javascript:report_launcher('UniqueIPLinks_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php
echo _("Launch PDF Report");
?>
"></a>
<a href="javascript:;" onclick="javascript:report_launcher('UniqueIPLinks_Report','<?php
echo Util::htmlentities($unique_iplinks_report_type);
?>
');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php
echo _("Download data in csv format");
?>
"></a>
<?php
}
?>
<br><a href="base_stat_country.php"><?php
echo _("Unique Country Events");
?>
</a>
<?php
if ($color == "th" && !$cloud_instance && preg_match("/base_stat_country\\.php/", $_SERVER['SCRIPT_NAME'])) {
?>
<a href="javascript:;" onclick="javascript:report_launcher('UniqueCountryEvents_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php
echo _("Launch PDF Report");
?>
"></a>
<a href="javascript:;" onclick="javascript:report_launcher('UniqueCountryEvents_Report','<?php
echo Util::htmlentities($unique_country_events_report_type);
?>
');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php
echo _("Download data in csv format");
?>
"></a>
<?php
}
?>
</td>
<?php
//echo "</td></tr></table>";
?>
</tr>
</table>
<?php
echo "</td></tr></table>";
}
$max_time = $myrow[7];
/* Print out */
qroPrintEntryHeader($i);
$tmp_rowid = rawurlencode($class_id);
echo ' <TD>
<INPUT TYPE="checkbox" NAME="action_chk_lst[' . $i . ']" VALUE="' . $tmp_rowid . '">
</TD>';
echo ' <INPUT TYPE="hidden" NAME="action_lst[' . $i . ']" VALUE="' . $tmp_rowid . '">';
qroPrintEntry(GetSigClassName($class_id, $db));
qroPrintEntry('<FONT>' . '<A HREF="base_qry_main.php?new=1&sig_class=' . $class_id . '&submit=' . gettext("Query+DB") . '&num_result_rows=-1">' . $total_occurances . '</A>
(' . round($total_occurances / $event_cnt * 100) . '%)' . '</FONT>');
qroPrintEntry('<FONT><A HREF="base_stat_sensor.php?sig_class=' . $class_id . '">' . $sensor_num . '</A>');
qroPrintEntry('<FONT><A HREF="base_stat_alerts.php?sig_class=' . $class_id . '">' . $sig_num . '</FONT>');
qroPrintEntry('<FONT>' . BuildUniqueAddressLink(1, '&sig_class=' . $class_id) . $sip_num . '</A></FONT>');
qroPrintEntry('<FONT>' . BuildUniqueAddressLink(2, '&sig_class=' . $class_id) . $dip_num . '</A></FONT>');
qroPrintEntry('<FONT>' . $min_time . '</FONT>');
qroPrintEntry('<FONT>' . $max_time . '</FONT>');
qroPrintEntryFooter();
$i++;
$prev_time = null;
}
$result->baseFreeRows();
$qro->PrintFooter();
$qs->PrintBrowseButtons();
$qs->PrintAlertActionButtons();
$qs->SaveState();
echo "\n</FORM>\n";
PrintBASESubFooter();
$et->Mark("Get Query Elements");
$et->PrintTiming();
$slnk = $current_url . "/pixmaps/flags/" . $country . ".png";
} else {
$country_img = "";
$slnk = $homelan != "" ? $current_url . "/forensics/images/homelan.png" : "";
}
/* Print out */
qroPrintEntryHeader($i);
$tmp_rowid = $sensor_id;
echo ' <TD><INPUT TYPE="checkbox" NAME="action_chk_lst[' . $i . ']" VALUE="' . $tmp_rowid . '">';
echo ' <INPUT TYPE="hidden" NAME="action_lst[' . $i . ']" VALUE="' . $tmp_rowid . '"></TD>';
qroPrintEntry($sensor_id);
qroPrintEntry((preg_match("/\\-.+/", $sname) ? $sname : $sname . "-snort") . $country_img . $homelan);
qroPrintEntry('<A HREF="base_qry_main.php?new=1&sensor=' . $sensor_id . '&num_result_rows=-1&submit=' . gettext("Query+DB") . '">' . $event_cnt . '</A>');
qroPrintEntry(BuildUniqueAlertLink("?sensor=" . $sensor_id) . $unique_event_cnt . '</A>');
qroPrintEntry(BuildUniqueAddressLink(1, "&sensor=" . $sensor_id) . $num_src_ip . '</A>');
qroPrintEntry(BuildUniqueAddressLink(2, "&sensor=" . $sensor_id) . $num_dst_ip . '</A>');
qroPrintEntry($start_time);
qroPrintEntry($stop_time);
qroPrintEntryFooter();
$i++;
// report_data
$report_data[] = array(trim(preg_match("/\\-.+/", $sname) ? $sname : $sname . "-snort"), $slnk, $num_src_ip, $num_dst_ip, $start_time, $stop_time, "", "", "", "", "", $sensor_id, $event_cnt, $unique_event_cnt);
}
$result->baseFreeRows();
$dbo->close($_conn);
$qro->PrintFooter();
$qs->PrintBrowseButtons();
$qs->PrintAlertActionButtons();
$qs->SaveReportData($report_data, $sensors_report_type);
$qs->SaveState();
echo "\n</FORM>\n";
die;
}
$tz = Util::get_timezone();
$plugin_id = ImportHTTPVar("id", VAR_DIGIT);
$plugin_sid = ImportHTTPVar("sid", VAR_DIGIT);
$sqlgraph = str_replace("PLUGINSID", $plugin_sid, str_replace("PLUGINID", $plugin_id, $_SESSION['siem_current_query_graph']));
$sql = str_replace("PLUGINSID", $plugin_sid, str_replace("PLUGINID", $plugin_id, $_SESSION['siem_alerts_query']));
session_write_close();
$qs = new QueryState();
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
$rs = $qs->ExecuteOutputQuery($sql, $db);
if ($row = $rs->baseFetchRow()) {
$addr_link = '&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($plugin_id . ";" . $plugin_sid);
$src_addrs = BuildUniqueAddressLink(1, $addr_link) . $row[0] . '</A>';
$dst_addrs = BuildUniqueAddressLink(2, $addr_link) . $row[1] . '</A>';
$last = get_utc_unixtime($db, $row[2]);
}
$rs->baseFreeRows();
if ($tz != 0) {
$last = gmdate("Y-m-d H:i:s", $last + 3600 * $tz);
} else {
$last = $row[2];
}
echo "{$src_addrs}##{$dst_addrs}##{$last}##";
$tr = $_SESSION["time_range"] != "" ? $_SESSION["time_range"] : "all";
$trdata = array(0, 0, $tr);
if ($tr == "range") {
$desde = strtotime($_SESSION["time"][0][4] . "-" . $_SESSION["time"][0][2] . "-" . $_SESSION["time"][0][3]) + 3600 * $tz;
$hasta = strtotime($_SESSION["time"][1][4] . "-" . $_SESSION["time"][1][2] . "-" . $_SESSION["time"][1][3]) + 3600 * $tz;
$diff = $hasta - $desde;
** (see the file 'base_main.php' for license details)
**
** Built upon work by Roman Danyliw <*****@*****.**>, <*****@*****.**>
** Built upon work by the BASE Project Team <*****@*****.**>
*/
require "base_conf.php";
require "vars_session.php";
require_once 'classes/Util.inc';
require "{$BASE_path}/includes/base_constants.inc.php";
require "{$BASE_path}/includes/base_include.inc.php";
include_once "{$BASE_path}/base_db_common.php";
include_once "{$BASE_path}/base_qry_common.php";
include_once "{$BASE_path}/base_stat_common.php";
if ($_SESSION['siem_sensor_query'] == "") {
echo "-##-##-";
die;
}
$device_id = ImportHTTPVar("id", VAR_DIGIT);
$sql = str_replace("DEVICEID", $device_id, $_SESSION['siem_sensor_query']);
session_write_close();
$qs = new QueryState();
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
$rs = $qs->ExecuteOutputQuery($sql, $db);
if ($row = $rs->baseFetchRow()) {
$unique_addrs = BuildUniqueAlertLink("?sensor=" . urlencode($device_id)) . Util::htmlentities($row[0]) . '</A>';
$src_addrs = BuildUniqueAddressLink(1, "&sensor=" . urlencode($device_id)) . Util::htmlentities($row[1]) . '</A>';
$dst_addrs = BuildUniqueAddressLink(2, "&sensor=" . urlencode($device_id)) . Util::htmlentities($row[2]) . '</A>';
}
$rs->baseFreeRows();
echo "{$unique_addrs}##{$src_addrs}##{$dst_addrs}";
