$antes = ""; $despues = $signame; } qroPrintEntry("{$antes} <a href='{$siglink}'>" . trim($despues) . "</a>", "left"); //if ($db->baseGetDBversion() >= 103) qroPrintEntry(GetSigClassName(GetSigClassID($sig_id, $db) , $db)); $perc = $avoid_counts != 1 ? ' (' . round($total_occurances / $event_cnt * 100) . '%)' : ''; //qroPrintEntry('<FONT>' . '<A HREF="base_qry_main.php?new=1amp;&sig%5B0%5D=%3D&sig%5B1%5D=' . (rawurlencode($sig_id)) . '&sig_type=1' . '&submit=' . gettext("Query+DB") . '&num_result_rows=-1">' . $total_occurances . '</A>' . qroPrintEntry('<FONT>' . '<A HREF="' . $siglink . '">' . $total_occurances . '</A>' . $perc . '</FONT>', 'center', 'top', 'nowrap'); qroPrintEntry('<A HREF="base_stat_sensor.php?sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($sig_id) . '&sig_type=1">' . $num_sensors . '</A>'); if ($db->baseGetDBversion() >= 100) { $addr_link = '&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($sig_id); } else { $addr_link = '&sig%5B0%5D=LIKE&sig%5B1%5D=' . urlencode($sigstr); } qroPrintEntry('<FONT>' . BuildUniqueAddressLink(1, $addr_link) . $num_src_ip . '</A></FONT>', 'center', 'top', 'nowrap'); qroPrintEntry('<FONT>' . BuildUniqueAddressLink(2, $addr_link) . $num_dst_ip . '</A></FONT>', 'center', 'top', 'nowrap'); qroPrintEntry('<FONT>' . $start_time . '</FONT>', 'center', 'top', 'nowrap'); qroPrintEntry('<FONT>' . $stop_time . '</FONT>', 'center', 'top', 'style="padding:0 10px 0 10px" nowrap'); qroPrintEntryFooter(); $i++; $prev_time = null; // report_data $report_data[] = array(trim(html_entity_decode($despues)), html_entity_decode($total_occurances . $perc), $start_time, $stop_time, "", "", "", "", "", "", "", $num_sensors, $num_src_ip, $num_dst_ip); } $result->baseFreeRows(); $qro->PrintFooter(); $qs->PrintBrowseButtons(); $qs->PrintAlertActionButtons(); $qs->SaveReportData($report_data, $unique_events_report_type); $qs->SaveState(); echo "\n</FORM>\n";
function PrintGeneralStats($db, $compact, $show_stats, $join = "", $where = "", $show_total_events = false) { global $events_report_type, $sensors_report_type, $unique_events_report_type, $unique_plugins_report_type; global $unique_addr_report_type, $src_port_report_type, $dst_port_report_type, $unique_iplinks_report_type; global $unique_country_events_report_type; global $siem_events_title, $cloud_instance; if ($show_stats == 1) { $sensor_cnt = SensorCnt($db, $join, $where); $sensor_total = SensorTotal($db); $unique_alert_cnt = UniqueAlertCnt($db, $join, $where); $event_cnt = EventCnt($db, $join, $where); $unique_ip_cnt = UniqueIPCnt($db, $join, $where); $unique_links_cnt = UniqueLinkCnt($db, $join, $where); $unique_port_cnt = UniquePortCnt($db, $join, $where); $unique_tcp_port_cnt = UniqueTCPPortCnt($db, $join, $where); $unique_udp_port_cnt = UniqueUDPPortCnt($db, $join, $where); } /*if ($db->baseGetDBversion() >= 103) { if ($show_stats == 1) { $result = $db->baseExecute("SELECT categories FROM event_stats ORDER BY timestamp DESC LIMIT 1"); $myrow = $result->baseFetchRow(); $class_cnt = $myrow[0]; $result->baseFreeRows(); } $class_cnt_info[0] = " <strong>" . gettext("Categories:") . " </strong>"; $class_cnt_info[1] = "<a style='color:black;font-weight:bold' href=\"base_stat_class.php?sort_order=class_a\">"; $class_cnt_info[2] = "</a><a style='color:black;font-weight:bold' href=\"base_stat_class_graph.php?sort_order=class_a\"> <img src=\"images/ico_graph.gif\" align=\"absmiddle\" border=0></a>"; }*/ $sensor_cnt_info[0] = "<strong>" . gettext("Sensors/Total:") . "</strong>\n"; $sensor_cnt_info[1] = "<a style='color:black;font-weight:bold' href=\"base_stat_sensor.php?sort_order=occur_d\">"; $sensor_cnt_info[2] = "</a>"; $unique_alert_cnt_info[0] = "<strong>" . gettext("Unique Events") . ":</strong>\n"; $unique_alert_cnt_info[1] = "<a style='color:black;font-weight:bold' href=\"base_stat_alerts.php?sort_order=occur_d\">"; $unique_alert_cnt_info[2] = "</a>"; $unique_plugin_cnt_info[0] = "<strong>" . _("Unique Data Sources") . "</strong>\n"; $unique_plugin_cnt_info[1] = "<a style='color:black;font-weight:bold' href=\"base_stat_plugins.php?sort_order=occur_d\">"; $unique_plugin_cnt_info[2] = "</a>"; $event_cnt_info[0] = "<strong>" . gettext("Total Number of Events:") . "</strong>\n"; $event_cnt_info[1] = '<a style=\'color:black;font-weight:bold\' href="base_qry_main.php?&num_result_rows=-1' . '&submit=' . gettext("Query+DB") . '&current_view=-1">'; $event_cnt_info[2] = "</a>"; $unique_src_ip_cnt_info[0] = gettext("Src IP addrs:"); $unique_src_ip_cnt_info[1] = " " . BuildUniqueAddressLink(1, "", "color:black;font-weight:bold"); $unique_src_ip_cnt_info[2] = "</a>"; $unique_dst_ip_cnt_info[0] = gettext("Dest. IP addrs:"); $unique_dst_ip_cnt_info[1] = " " . BuildUniqueAddressLink(2, "", "color:black;font-weight:bold"); $unique_dst_ip_cnt_info[2] = "</a>"; $unique_ip_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_uaddress.php?sort_order=occur_d\">"; $unique_ip_cnt_info[2] = "</a>"; $unique_links_info[0] = gettext("Unique IP links"); $unique_links_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_iplink.php?sort_order=events_d&fqdn=no\">"; $unique_links_info[2] = "</a>"; $unique_links_fqdn = " <a style='color:black;font-weight:bold' href=\"base_stat_iplink.php?sort_order=events_d&fqdn=yes\">[FQDN]</a>"; $unique_src_port_cnt_info[0] = gettext("Source Ports: "); $unique_src_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=1&proto=-1\">"; $unique_src_port_cnt_info[2] = "</a>"; $unique_dst_port_cnt_info[0] = gettext("Dest Ports: "); $unique_dst_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=2&proto=-1\">"; $unique_dst_port_cnt_info[2] = "</a>"; $unique_tcp_src_port_cnt_info[0] = "TCP ("; $unique_tcp_src_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=1&proto=" . TCP . "\">"; $unique_tcp_src_port_cnt_info[2] = "</a>)"; $unique_tcp_dst_port_cnt_info[0] = "TCP ("; $unique_tcp_dst_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=2&proto=" . TCP . "\">"; $unique_tcp_dst_port_cnt_info[2] = "</a>)"; $unique_udp_src_port_cnt_info[0] = "UDP ("; $unique_udp_src_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=1&proto=" . UDP . "\">"; $unique_udp_src_port_cnt_info[2] = "</a>)"; $unique_udp_dst_port_cnt_info[0] = "UDP ("; $unique_udp_dst_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=2&proto=" . UDP . "\">"; $unique_udp_dst_port_cnt_info[2] = "</a>)"; if ($show_stats == 1) { echo $unique_alert_cnt_info[0] . $unique_alert_cnt_info[1] . $unique_alert_cnt . $unique_alert_cnt_info[2] . "\n<br />"; echo $sensor_cnt_info[0] . $sensor_cnt_info[1] . $sensor_cnt . $sensor_cnt_info[2] . $sensor_total . "\n<br />"; if ($db->baseGetDBversion() >= 103) { echo "<br />" . $class_cnt_info[0] . $class_cnt_info[1] . $class_cnt . $class_cnt_info[2]; } echo "<br />"; echo $event_cnt_info[0] . $event_cnt_info[1] . $event_cnt . $event_cnt_info[2]; echo "<ul>"; echo "<li>" . $unique_src_ip_cnt_info[0] . $unique_src_ip_cnt_info[1] . $unique_ip_cnt[0] . $unique_src_ip_cnt_info[2] . "</li>"; echo "<li>" . $unique_dst_ip_cnt_info[0] . $unique_dst_ip_cnt_info[1] . $unique_ip_cnt[1] . $unique_dst_ip_cnt_info[2] . "</li>"; echo "<li>" . $unique_links_info[0] . $unique_links_info[1] . $unique_links_cnt . $unique_links_info[2] . " (" . $unique_links_fqdn . ")</li>"; echo "<li>"; if ($compact == 0) { echo "<p>"; } echo $unique_src_port_cnt_info[0] . $unique_src_port_cnt_info[1] . $unique_port_cnt[0] . $unique_src_port_cnt_info[2] . "</li>"; if ($compact == 0) { echo "<li><ul><li>"; } else { echo "<li> -- "; } echo $unique_tcp_src_port_cnt_info[0] . $unique_tcp_src_port_cnt_info[1] . $unique_tcp_port_cnt[0] . $unique_tcp_src_port_cnt_info[2] . " " . $unique_udp_src_port_cnt_info[0] . $unique_udp_src_port_cnt_info[1] . $unique_udp_port_cnt[0] . $unique_udp_src_port_cnt_info[2]; if ($compact == 0) { echo "</li></ul></li>"; } echo "<li>" . $unique_dst_port_cnt_info[0] . $unique_dst_port_cnt_info[1] . $unique_port_cnt[1] . $unique_dst_port_cnt_info[2] . "</li>"; if ($compact == 0) { echo "<li><ul><li>"; } else { echo "<li> -- "; } echo $unique_tcp_dst_port_cnt_info[0] . $unique_tcp_dst_port_cnt_info[1] . $unique_tcp_port_cnt[1] . $unique_tcp_dst_port_cnt_info[2] . " " . $unique_udp_dst_port_cnt_info[0] . $unique_udp_dst_port_cnt_info[1] . $unique_udp_port_cnt[1] . $unique_udp_dst_port_cnt_info[2]; if ($compact == 0) { echo "</li></ul>"; } echo "</li></ul>"; } else { echo "<table width='100%' cellpadding=0 cellspacing=0 border=0><tr><td valign='top'>"; if ($show_total_events) { $event_cnt = EventCnt($db, $join, $where); echo "<li>" . $event_cnt_info[0] . $event_cnt_info[1] . $event_cnt . $event_cnt_info[2] . "</li><li><p>"; } //echo "<ul style='padding-left:20px'>"; ?> <table cellpadding=2 style="border-left:1px solid #CACACA;border-bottom:1px solid #CACACA;border-right:1px solid #CACACA" cellspacing=0 border=0 width="100%"> <tr> <?php //$li_style = (preg_match("/base_stat_sensor\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_qry_main\\.php/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF"; $fontcolor = preg_match("/base_qry_main\\.php/", $_SERVER['SCRIPT_NAME']) ? "white" : "black"; ?> <td nowrap align="center" style="border-right:1px solid #CACACA" bgcolor="<?php echo $color; ?> "> <a style="color:<?php echo $fontcolor; ?> ;font-weight:bold" href='base_qry_main.php?num_result_rows=-1&submit=Query+DB¤t_view=-1'> <?php echo _("Events"); ?> </a> <?php if ($fontcolor == "white" && !$cloud_instance) { ?> <a href="javascript:;" onclick="javascript:report_launcher('Events_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('Events_Report','<?php echo $events_report_type; ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> </td> <?php //$li_style = (preg_match("/base_stat_alerts\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_alerts\\.php|base_stat_alerts_graph\\.php/", $_SERVER['SCRIPT_NAME']) || preg_match("/base_stat_class\\.php|base_stat_class_graph\\.php/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF"; if ($color == "#28BC04") { $unique_alert_cnt_info[1] = str_replace(":black", ":white", $unique_alert_cnt_info[1]); $class_cnt_info[1] = str_replace(":black", ":white", $class_cnt_info[1]); } //echo " <li$li_style>".$unique_alert_cnt_info[1].gettext("Unique Events").$unique_alert_cnt_info[2] . "</li>"; ?> <td nowrap align="center" style="border-right:1px solid #CACACA" bgcolor="<?php echo $color; ?> "><?php echo $unique_alert_cnt_info[1] . gettext("Unique Events") . $unique_alert_cnt_info[2]; ?> <a href="base_stat_alerts_graph.php?sort_order=occur_d"><img src="images/ico_graph.gif" align="absmiddle" border=0></a> <?php if ($color == "#28BC04" && !$cloud_instance && preg_match("/base_stat_alerts\\.php/", $_SERVER['SCRIPT_NAME'])) { ?> <a href="javascript:;" onclick="javascript:report_launcher('UniqueEvents_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('UniqueEvents_Report','<?php echo $unique_events_report_type; ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> <!--<br> (<?php echo $class_cnt_info[1] . gettext("classifications") . $class_cnt_info[2]; ?> )--> </td> <?php //$li_style = (preg_match("/base_stat_sensor\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_sensor\\.php/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF"; if ($color == "#28BC04") { $sensor_cnt_info[1] = str_replace(":black", ":white", $sensor_cnt_info[1]); } //echo " <li$li_style>".$sensor_cnt_info[1]. gettext("Sensors") . "</a></li>"; ?> <td nowrap align="center" style="border-right:1px solid #CACACA" bgcolor="<?php echo $color; ?> "><?php echo $sensor_cnt_info[1] . gettext("Sensors") . $sensor_cnt_info[2]; ?> <?php if ($color == "#28BC04" && !$cloud_instance) { ?> <a href="javascript:;" onclick="javascript:report_launcher('Sensors_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('Sensors_Report','<?php echo $sensors_report_type; ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> </td> <?php if ($db->baseGetDBversion() >= 103) { //$li_style = (preg_match("/base_stat_class\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_plugins\\.php/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF"; if ($color == "#28BC04") { $unique_plugin_cnt_info[1] = str_replace(":black", ":white", $unique_plugin_cnt_info[1]); } //echo "<li$li_style> ( ".$class_cnt_info[1].gettext("classifications")."</a> )</li>"; ?> <td nowrap align="center" bgcolor="<?php echo $color; ?> "><?php echo $unique_plugin_cnt_info[1] . gettext("Unique Data Sources") . $unique_plugin_cnt_info[2]; ?> <?php if ($color == "#28BC04" && !$cloud_instance) { ?> <a href="javascript:;" onclick="javascript:report_launcher('UniquePlugin_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('UniquePlugin_Report','<?php echo $unique_plugins_report_type; ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> </td> <?php } ?> </tr> <tr> <?php //$src_lnk = "<a href='base_stat_uaddr.php?addr_type=".$_GET['addr_type']."&addhomeips=src' title='Add home networks IPs to current search criteria'><img src='images/homelan.png' border=0 align='absmiddle'></a>"; //$dst_lnk = "<a href='base_stat_uaddr.php?addr_type=".$_GET['addr_type']."&addhomeips=dst' title='Add home networks IPs to current search criteria'><img src='images/homelan.png' border=0 align='absmiddle'></a>"; //$li_style = (preg_match("/base_stat_uaddr\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_uaddr/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF"; if ($color == "#28BC04") { $unique_src_ip_cnt_info[1] = str_replace(":black", ":white", $unique_src_ip_cnt_info[1]); $unique_dst_ip_cnt_info[1] = str_replace(":black", ":white", $unique_dst_ip_cnt_info[1]); $unique_ip_cnt_info[1] = str_replace(":black", ":white", $unique_ip_cnt_info[1]); if (!$cloud_instance) { $pdf = " <a href=\"javascript:;\" onclick=\"javascript:report_launcher('UniqueAddress_Report" . intval($_GET['addr_type']) . "','pdf');return false\"><img src=\"images/pdf-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Launch PDF Report") . "\"> "; $csv = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('UniqueAddress_Report" . intval($_GET['addr_type']) . "','{$unique_addr_report_type}');return false\"><img src=\"images/csv-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Download data in csv format") . "\"></a> "; } else { $pdf = ""; $csv = ""; } if ($_GET['addr_type'] == '1') { $unique_src_ip_cnt_info[2] .= $pdf . $csv; } if ($_GET['addr_type'] == '2') { $unique_dst_ip_cnt_info[2] .= $pdf . $csv; } } else { $pdf = "<br>"; $csv = ""; } // echo " <li$li_style>".gettext("Unique addresses: "). // $unique_src_ip_cnt_info[1].gettext("Source").' | '.$unique_src_ip_cnt_info[2]. // $unique_dst_ip_cnt_info[1].gettext("Destination").$unique_dst_ip_cnt_info[2]."</li>"; //echo "</td><td valign='top' style='padding-left:10px'>"; $addrtype1 = $_GET['addr_type'] == '1' ? "underline" : "none"; $addrtype2 = $_GET['addr_type'] == '2' ? "underline" : "none"; $report_type = $_GET['proto'] == '6' ? 1 : ($_GET['proto'] == '17' ? 2 : 0); ?> <td align="center" style='border-right:1px solid #CACACA;border-top:1px solid #CACACA;<?php if ($color == "#28BC04") { echo "color:white"; } ?> ' bgcolor="<?php echo $color; ?> "><?php echo $unique_ip_cnt_info[1] . gettext("Unique addresses") . $unique_ip_cnt_info[2] . ":<br>" . $unique_src_ip_cnt_info[1] . "<font style='text-decoration:{$addrtype1}'>" . gettext("Source") . "</font>" . $unique_src_ip_cnt_info[2] . " | " . $unique_dst_ip_cnt_info[1] . "<font style='text-decoration:{$addrtype2}'>" . gettext("Destination") . "</font>" . $unique_dst_ip_cnt_info[2]; ?> </td> <?php //$li_style = (preg_match("/base_stat_ports\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_ports\\.php/", $_SERVER['SCRIPT_NAME']) && $_GET['port_type'] == 1 ? "#28BC04" : "#FFFFFF"; if ($color == "#28BC04") { $unique_src_port_cnt_info[1] = str_replace(":black", ":white", $unique_src_port_cnt_info[1]); $unique_tcp_src_port_cnt_info[1] = str_replace(":black", ":white", $unique_tcp_src_port_cnt_info[1]); $unique_udp_src_port_cnt_info[1] = str_replace(":black", ":white", $unique_udp_src_port_cnt_info[1]); if (!$cloud_instance) { $pdf = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('SourcePort_Report{$report_type}','pdf');return false\"><img src=\"images/pdf-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Launch PDF Report") . "\">"; $csv = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('SourcePort_Report{$report_type}','{$src_port_report_type}');return false\"><img src=\"images/csv-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Download data in csv format") . "\"></a><br>"; } else { $pdf = "<br>"; $csv = ""; } } else { $pdf = "<br>"; $csv = ""; } //echo "<li$li_style>".$unique_src_port_cnt_info[1].gettext("Source")." ".$unique_src_port_cnt_info[2].gettext("Port").": ". // $unique_tcp_src_port_cnt_info[1]." TCP</a> | ". // $unique_tcp_src_port_cnt_info[1]." TCP</a> | ". // $unique_udp_src_port_cnt_info[1]." UDP</a>". // "</li><li$li_style>". // $unique_dst_port_cnt_info[1].gettext("Destination")." ".$unique_dst_port_cnt_info[2].gettext("Port").": ". // $unique_tcp_dst_port_cnt_info[1]." TCP</a> | ". // $unique_udp_dst_port_cnt_info[1]." UDP</a>" . // "</li>"; $sprototcp = $_GET['proto'] == '6' && $_GET['port_type'] == '1' ? "underline" : "none"; $sprotoudp = $_GET['proto'] == '17' && $_GET['port_type'] == '1' ? "underline" : "none"; $dprototcp = $_GET['proto'] == '6' && $_GET['port_type'] == '2' ? "underline" : "none"; $dprotoudp = $_GET['proto'] == '17' && $_GET['port_type'] == '2' ? "underline" : "none"; ?> <td align="center" style='border-right:1px solid #CACACA;border-top:1px solid #CACACA;<?php if ($color == "#28BC04") { echo "color:white"; } ?> ' bgcolor="<?php echo $color; ?> "><?php echo $unique_src_port_cnt_info[1] . gettext("Source Port") . $unique_src_port_cnt_info[2] . ": {$pdf} {$csv}" . $unique_tcp_src_port_cnt_info[1] . " <font style='text-decoration:{$sprototcp}'>TCP</font></a> | " . $unique_udp_src_port_cnt_info[1] . " <font style='text-decoration:{$sprotoudp}'>UDP</font></a>"; ?> </td> <?php $color = preg_match("/base_stat_ports\\.php/", $_SERVER['SCRIPT_NAME']) && $_GET['port_type'] == 2 ? "#28BC04" : "#FFFFFF"; if ($color == "#28BC04") { $unique_dst_port_cnt_info[1] = str_replace(":black", ":white", $unique_dst_port_cnt_info[1]); $unique_tcp_dst_port_cnt_info[1] = str_replace(":black", ":white", $unique_tcp_dst_port_cnt_info[1]); $unique_udp_dst_port_cnt_info[1] = str_replace(":black", ":white", $unique_udp_dst_port_cnt_info[1]); if (!$cloud_instance) { $pdf = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('DestinationPort_Report{$report_type}','pdf');return false\"><img src=\"images/pdf-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Launch PDF Report") . "\">"; $csv = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('DestinationPort_Report{$report_type}','{$dst_port_report_type}');return false\"><img src=\"images/csv-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Download data in csv format") . "\"></a><br>"; } else { $pdf = "<br>"; $csv = ""; } } else { $pdf = "<br>"; $csv = ""; } ?> <td align="center" style='border-right:1px solid #CACACA;border-top:1px solid #CACACA;<?php if ($color == "#28BC04") { echo "color:white"; } ?> ' bgcolor="<?php echo $color; ?> "><?php echo $unique_dst_port_cnt_info[1] . gettext("Destination Port") . $unique_dst_port_cnt_info[2] . ": {$pdf} {$csv}" . $unique_tcp_dst_port_cnt_info[1] . " <font style='text-decoration:{$dprototcp}'>TCP</font></a> | " . $unique_udp_dst_port_cnt_info[1] . " <font style='text-decoration:{$dprotoudp}'>UDP</font></a>"; ?> </td> <?php //$li_style = (preg_match("/base_stat_iplink\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_iplink\\.php|base_stat_country\\.php/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF"; if ($color == "#28BC04") { $unique_links_info[1] = str_replace(":black", ":white", $unique_links_info[1]); $unique_links_fqdn = str_replace(":black", ":white", $unique_links_fqdn); } //echo "<li$li_style>".$unique_links_info[1].$unique_links_info[0].$unique_links_info[2]."</li>"; ?> <td nowrap align="center" style='border-top:1px solid #CACACA;' bgcolor="<?php echo $color; ?> "><?php echo $unique_links_info[1] . $unique_links_info[0] . $unique_links_info[2] . $unique_links_fqdn; ?> <?php if ($color == "#28BC04" && !$cloud_instance && preg_match("/base_stat_iplink\\.php/", $_SERVER['SCRIPT_NAME']) && GET('fqdn') == 'no') { ?> <a href="javascript:;" onclick="javascript:report_launcher('UniqueIPLinks_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('UniqueIPLinks_Report','<?php echo $unique_iplinks_report_type; ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> <br><a style='color:<?php echo $color == "#28BC04" ? "white" : "black"; ?> ;font-weight:bold' href="base_stat_country.php"><?php echo _("Unique Country Events"); ?> </a> <?php if ($color == "#28BC04" && !$cloud_instance && preg_match("/base_stat_country\\.php/", $_SERVER['SCRIPT_NAME'])) { ?> <a href="javascript:;" onclick="javascript:report_launcher('UniqueCountryEvents_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('UniqueCountryEvents_Report','<?php echo $unique_country_events_report_type; ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> </td> <?php //echo "</td></tr></table>"; ?> </tr> </table> <?php echo "</td></tr></table>"; } }
** (see the file 'base_main.php' for license details) ** ** Built upon work by Roman Danyliw <*****@*****.**>, <*****@*****.**> ** Built upon work by the BASE Project Team <*****@*****.**> */ require "base_conf.php"; require "vars_session.php"; require_once 'classes/Util.inc'; require "{$BASE_path}/includes/base_constants.inc.php"; require "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_qry_common.php"; include_once "{$BASE_path}/base_stat_common.php"; if ($_SESSION['_siem_sensor_query'] == "") { echo "-##-##-"; die; } $device_id = ImportHTTPVar("id", VAR_DIGIT); $sql = str_replace("DEVICEID", $device_id, $_SESSION['_siem_sensor_query']); session_write_close(); $qs = new QueryState(); $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); $rs = $qs->ExecuteOutputQueryNoCanned($sql, $db); if ($row = $rs->baseFetchRow()) { $unique_addrs = BuildUniqueAlertLink("?sensor=" . urlencode($device_id)) . Util::number_format_locale($row[0], 0) . '</A>'; $src_addrs = BuildUniqueAddressLink(1, "&sensor=" . urlencode($device_id)) . Util::number_format_locale($row[1], 0) . '</A>'; $dst_addrs = BuildUniqueAddressLink(2, "&sensor=" . urlencode($device_id)) . Util::number_format_locale($row[2], 0) . '</A>'; } $rs->baseFreeRows(); echo "{$unique_addrs}##{$src_addrs}##{$dst_addrs}";
$antes = ""; $despues = $signame; } qroPrintEntry("{$antes} <a href='{$siglink}' class='qlink'>" . trim($despues) . "</a>", "left", "", "style='vertical-align:middle'"); //qroPrintEntry(BuildSigByID($sig_id, $db),"left","middle"); $ocurrlink = 'base_qry_main.php?new=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($sig_id) . '&sig_type=1' . '&submit=' . gettext("Query DB") . '&num_result_rows=-1'; //$perc = (($avoid_counts != 1) ? (' (' . (round($total_occurances / $event_cnt * 100)) . '%)') : ('')); $pid = $myrow["plugin_id"] . "-" . $myrow["plugin_sid"]; qroPrintEntry('<A HREF="' . $ocurrlink . '" id="occur' . $pid . '" class="qlink">' . Util::number_format_locale($total_occurances, 0) . '</A>' . $perc, 'center', 'middle', 'nowrap'); if ($db->baseGetDBversion() >= 100) { $addr_link = '&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($sig_id); } else { $addr_link = '&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($sigstr); } qroPrintEntry(BuildUniqueAddressLink(1, $addr_link, '', 'qlink') . Util::number_format_locale($num_src_ip, 0) . '</A>', 'center', 'middle', 'nowrap'); qroPrintEntry(BuildUniqueAddressLink(2, $addr_link, '', 'qlink') . Util::number_format_locale($num_dst_ip, 0) . '</A>', 'center', 'middle', 'nowrap'); qroPrintEntry('<div id="le' . $pid . '" style="padding:0px 4px"></div>', 'center', 'middle', 'nowrap'); // GRAPH qroPrintEntry('<div id="plotarea' . $pid . '" class="plot"></div>', 'center', 'middle'); qroPrintEntryFooter(); $i++; $prev_time = null; // report_data $report_data[] = array(trim(html_entity_decode($despues)), html_entity_decode($total_occurances . $perc), "", "", "", "", "", "", "", "", "", 0, $num_src_ip, $num_dst_ip); } $result->baseFreeRows(); $qro->PrintFooter(); $qs->PrintBrowseButtons(); $qs->PrintAlertActionButtons(); $qs->SaveReportData($report_data, $unique_events_report_type); $qs->SaveState();
function PrintGeneralStats($db) { global $events_report_type, $sensors_report_type, $unique_events_report_type, $unique_plugins_report_type; global $unique_addr_report_type, $src_port_report_type, $dst_port_report_type, $unique_iplinks_report_type; global $unique_country_events_report_type; global $siem_events_title, $cloud_instance; $sensor_cnt_info[0] = gettext("Sensors/Total:") . "\n"; $sensor_cnt_info[1] = "<a style='color:black;' href=\"base_stat_sensor.php?sort_order=occur_d\">"; $sensor_cnt_info[2] = "</a>"; $unique_alert_cnt_info[0] = gettext("Unique Events") . ":\n"; $unique_alert_cnt_info[1] = "<a style='color:black;' href=\"base_stat_alerts.php?sort_order=occur_d\">"; $unique_alert_cnt_info[2] = "</a>"; $unique_plugin_cnt_info[0] = _("Unique Data Sources") . "\n"; $unique_plugin_cnt_info[1] = "<a style='color:black;' href=\"base_stat_plugins.php?sort_order=occur_d\">"; $unique_plugin_cnt_info[2] = "</a>"; $event_cnt_info[0] = "<strong>" . gettext("Total Number of Events:") . "</strong>\n"; $event_cnt_info[1] = '<a style=\'color:black;\' href="base_qry_main.php?&num_result_rows=-1' . '&submit=' . gettext("Query DB") . '&current_view=-1">'; $event_cnt_info[2] = "</a>"; $unique_src_ip_cnt_info[0] = gettext("Src IP addrs:"); $unique_src_ip_cnt_info[1] = " " . BuildUniqueAddressLink(1, "", "color:black;"); $unique_src_ip_cnt_info[2] = "</a>"; $unique_dst_ip_cnt_info[0] = gettext("Dest. IP addrs:"); $unique_dst_ip_cnt_info[1] = " " . BuildUniqueAddressLink(2, "", "color:black;"); $unique_dst_ip_cnt_info[2] = "</a>"; $unique_ip_cnt_info[1] = " <a style='color:black;' href=\"base_stat_uaddress.php?sort_order=occur_d\">"; $unique_ip_cnt_info[2] = "</a>"; $unique_links_info[0] = gettext("Unique IP links"); $unique_links_info[1] = " <a style='color:black;' href=\"base_stat_iplink.php?sort_order=events_d&fqdn=no\">"; $unique_links_info[2] = "</a>"; $unique_links_fqdn = " <a style='color:black;' href=\"base_stat_iplink.php?sort_order=events_d&fqdn=yes\">[FQDN]</a>"; $unique_src_port_cnt_info[0] = gettext("Source Ports: "); $unique_src_port_cnt_info[1] = " <a style='color:black;' href=\"base_stat_ports.php?sort_order=occur_d&port_type=1&proto=-1\">"; $unique_src_port_cnt_info[2] = "</a>"; $unique_dst_port_cnt_info[0] = gettext("Dest Ports: "); $unique_dst_port_cnt_info[1] = " <a style='color:black;' href=\"base_stat_ports.php?sort_order=occur_d&port_type=2&proto=-1\">"; $unique_dst_port_cnt_info[2] = "</a>"; $unique_tcp_src_port_cnt_info[0] = "TCP ("; $unique_tcp_src_port_cnt_info[1] = " <a style='color:black;' href=\"base_stat_ports.php?sort_order=occur_d&port_type=1&proto=6\">"; $unique_tcp_src_port_cnt_info[2] = "</a>)"; $unique_tcp_dst_port_cnt_info[0] = "TCP ("; $unique_tcp_dst_port_cnt_info[1] = " <a style='color:black;' href=\"base_stat_ports.php?sort_order=occur_d&port_type=2&proto=6\">"; $unique_tcp_dst_port_cnt_info[2] = "</a>)"; $unique_udp_src_port_cnt_info[0] = "UDP ("; $unique_udp_src_port_cnt_info[1] = " <a style='color:black;' href=\"base_stat_ports.php?sort_order=occur_d&port_type=1&proto=17\">"; $unique_udp_src_port_cnt_info[2] = "</a>)"; $unique_udp_dst_port_cnt_info[0] = "UDP ("; $unique_udp_dst_port_cnt_info[1] = " <a style='color:black;' href=\"base_stat_ports.php?sort_order=occur_d&port_type=2&proto=17\">"; $unique_udp_dst_port_cnt_info[2] = "</a>)"; $unique_ptypes_info[0] = gettext("Product Types"); $unique_ptypes_info[1] = " <a style='color:black;' href=\"base_stat_ptypes.php?sort_order=occur_d\">"; $unique_ptypes_info[2] = "</a>"; $unique_categories_info[0] = gettext("Categories"); $unique_categories_info[1] = " <a style='color:black;' href=\"base_stat_categories.php?sort_order=occur_d\">"; $unique_categories_info[2] = "</a>"; echo "<table class='transparent' width='100%' cellpadding=0 cellspacing=0 border=0><tr><td valign='top'>"; ?> <table class="transparent" cellpadding=5 style="border-left:1px solid #C4C0BB;border-bottom:1px solid #C4C0BB;border-right:1px solid #C4C0BB" cellspacing=0 border=0 width="100%"> <tr> <?php //$li_style = (preg_match("/base_stat_sensor\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_qry_main\\.php/", $_SERVER['SCRIPT_NAME']) ? "th" : ""; $fontcolor = preg_match("/base_qry_main\\.php/", $_SERVER['SCRIPT_NAME']) ? "white" : "black"; ?> <td nowrap align="center" style="border-right:1px solid #C4C0BB" class="<?php echo $color; ?> "> <a style="" href='base_qry_main.php?num_result_rows=-1&submit=Query+DB¤t_view=-1'> <?php echo _("Events"); ?> </a> <?php if ($fontcolor == "white" && !$cloud_instance) { ?> <?php if ($_SESSION['current_cview'] == "IDM" || $_SESSION['current_cview'] == "default") { ?> <a href="javascript:;" onclick="javascript:report_launcher('Events_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a><?php } ?> <a href="javascript:;" onclick="javascript:report_launcher('Events_Report','<?php echo Util::htmlentities($events_report_type); ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> </td> <?php //$li_style = (preg_match("/base_stat_alerts\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_alerts\\.php|base_stat_alerts_graph\\.php/", $_SERVER['SCRIPT_NAME']) || preg_match("/base_stat_class\\.php|base_stat_class_graph\\.php/", $_SERVER['SCRIPT_NAME']) ? "th" : ""; if ($color == "th") { //$unique_alert_cnt_info[1] = str_replace(":black",":white",$unique_alert_cnt_info[1]); //$class_cnt_info[1] = str_replace(":black",":white",$class_cnt_info[1]); } //echo " <li$li_style>".$unique_alert_cnt_info[1].gettext("Unique Events").$unique_alert_cnt_info[2] . "</li>"; ?> <td nowrap align="center" style="border-right:1px solid #C4C0BB" class="<?php echo $color; ?> "><?php echo $unique_alert_cnt_info[1] . gettext("Unique Events") . $unique_alert_cnt_info[2]; ?> <?php if ($color == "th" && !$cloud_instance && preg_match("/base_stat_alerts\\.php/", $_SERVER['SCRIPT_NAME'])) { ?> <a href="javascript:;" onclick="javascript:report_launcher('UniqueEvents_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('UniqueEvents_Report','<?php echo Util::htmlentities($unique_events_report_type); ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> <!--<br> (<?php echo $class_cnt_info[1] . gettext("classifications") . $class_cnt_info[2]; ?> )--> </td> <?php //$li_style = (preg_match("/base_stat_sensor\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_sensor\\.php/", $_SERVER['SCRIPT_NAME']) ? "th" : ""; //if ($color == "th") $sensor_cnt_info[1] = str_replace(":black",":white",$sensor_cnt_info[1]); //echo " <li$li_style>".$sensor_cnt_info[1]. gettext("Sensors") . "</a></li>"; ?> <td nowrap align="center" style="border-right:1px solid #C4C0BB" class="<?php echo $color; ?> "><?php echo $sensor_cnt_info[1] . gettext("Sensors") . $sensor_cnt_info[2]; ?> <?php if ($color == "th" && !$cloud_instance) { ?> <a href="javascript:;" onclick="javascript:report_launcher('Sensors_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('Sensors_Report','<?php echo Util::htmlentities($sensors_report_type); ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> </td> <?php if ($db->baseGetDBversion() >= 103) { //$li_style = (preg_match("/base_stat_class\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_plugins\\.php/", $_SERVER['SCRIPT_NAME']) ? "th" : ""; //if ($color == "th") $unique_plugin_cnt_info[1] = str_replace(":black",":white",$unique_plugin_cnt_info[1]); //echo "<li$li_style> ( ".$class_cnt_info[1].gettext("classifications")."</a> )</li>"; ?> <td nowrap align="center" class="<?php echo $color; ?> "><?php echo $unique_plugin_cnt_info[1] . gettext("Unique Data Sources") . $unique_plugin_cnt_info[2]; ?> <?php if ($color == "th" && !$cloud_instance) { ?> <a href="javascript:;" onclick="javascript:report_launcher('UniquePlugin_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('UniquePlugin_Report','<?php echo Util::htmlentities($unique_plugins_report_type); ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> </td> <?php } ?> </tr> <tr> <?php //$src_lnk = "<a href='base_stat_uaddr.php?addr_type=".$_GET['addr_type']."&addhomeips=src' title='Add home networks IPs to current search criteria'><img src='images/homelan.png' border=0 align='absmiddle'></a>"; //$dst_lnk = "<a href='base_stat_uaddr.php?addr_type=".$_GET['addr_type']."&addhomeips=dst' title='Add home networks IPs to current search criteria'><img src='images/homelan.png' border=0 align='absmiddle'></a>"; //$li_style = (preg_match("/base_stat_uaddr\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_uaddr|base_stat_uidm/", $_SERVER['SCRIPT_NAME']) ? "th" : ""; if ($color == "th") { //$unique_src_ip_cnt_info[1] = str_replace(":black",":white",$unique_src_ip_cnt_info[1]); //$unique_dst_ip_cnt_info[1] = str_replace(":black",":white",$unique_dst_ip_cnt_info[1]); //$unique_ip_cnt_info[1] = str_replace(":black",":white",$unique_ip_cnt_info[1]); if (!$cloud_instance) { $pdf = " <a href=\"javascript:;\" onclick=\"javascript:report_launcher('UniqueAddress_Report" . intval($_GET['addr_type']) . "','pdf');return false\"><img src=\"images/pdf-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Launch PDF Report") . "\"> "; $csv = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('UniqueAddress_Report" . intval($_GET['addr_type']) . "','" . Util::htmlentities($unique_addr_report_type) . "');return false\"><img src=\"images/csv-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Download data in csv format") . "\"></a> "; } else { $pdf = ""; $csv = ""; } if ($_GET['addr_type'] == '1') { $unique_src_ip_cnt_info[2] .= $pdf . $csv; } if ($_GET['addr_type'] == '2') { $unique_dst_ip_cnt_info[2] .= $pdf . $csv; } } else { $pdf = "<br>"; $csv = ""; } // echo " <li$li_style>".gettext("Unique addresses: "). // $unique_src_ip_cnt_info[1].gettext("Source").' | '.$unique_src_ip_cnt_info[2]. // $unique_dst_ip_cnt_info[1].gettext("Destination").$unique_dst_ip_cnt_info[2]."</li>"; //echo "</td><td valign='top' style='padding-left:10px'>"; $addrtype1 = $_GET['addr_type'] == '1' || preg_match("/src_/", $_GET['addr_type']) ? "underline" : "none"; $addrtype2 = $_GET['addr_type'] == '2' || preg_match("/dst_/", $_GET['addr_type']) ? "underline" : "none"; $report_type = $_GET['proto'] == '6' ? 1 : ($_GET['proto'] == '17' ? 2 : 0); // IDM if ($_SESSION["_idm"]) { $uat = "<a style='' href='javascript:;' onclick=\"\$('#uniqueaddrsrc').hide();\$('#uniqueaddrdst').hide();\$('#uniqueaddr').toggle()\">" . gettext("Unique") . "</a>\n \t<div style='position:relative; z-index:2; text-align:left'><div id='uniqueaddr' style='position:absolute;top:0;display:none;padding:2px 5px;margin:-21px 0px 0px 115px;background-color:#fefefe;border:1px solid #C4C0BB;white-space:nowrap;'>\n \t<a style='color:black;font-weight:bold' href='base_stat_uaddress.php?sort_order=occur_d'>IP Addresses</a><br>\n \t<a style='color:black;font-weight:bold' href='base_stat_uidm.php?addr_type=userdomain&sort_order=occur_d'>User@Domains</a><br>\n \t<a style='color:black;font-weight:bold' href='base_stat_uidm.php?addr_type=hostname&sort_order=occur_d'>Hostnames</a><br>\n \t</div></div>"; $uatsrc = "<a style='' href='javascript:;' onclick=\"\$('#uniqueaddr').hide();\$('#uniqueaddrdst').hide();\$('#uniqueaddrsrc').toggle()\"><font style='text-decoration:{$addrtype1}'>" . gettext("Source") . "</font></a>" . ($_GET['addr_type'] == '1' && preg_match("/base_stat_uaddr/", $_SERVER['SCRIPT_NAME']) ? $pdf . $csv : "") . "\n \t<div style='display:inline;position:relative; z-index:2; text-align:left'><div id='uniqueaddrsrc' style='position:absolute;top:0;display:none;padding:2px 5px;margin:-7px 0px 0px 1px;background-color:#fefefe;border:1px solid #C4C0BB;white-space:nowrap;'>\n \t<a style='color:black;font-weight:bold' href='base_stat_uaddr.php?sort_order=occur_d&addr_type=1'>IP Addresses</a><br>\n \t<a style='color:black;font-weight:bold' href='base_stat_uidmsel.php?addr_type=src_userdomain&sort_order=occur_d'>User@Domains</a><br>\n \t<a style='color:black;font-weight:bold' href='base_stat_uidmsel.php?addr_type=src_hostname&sort_order=occur_d'>Hostnames</a><br>\n \t</div></div>"; $uatdst = "<a style='' href='javascript:;' onclick=\"\$('#uniqueaddr').hide();\$('#uniqueaddrsrc').hide();\$('#uniqueaddrdst').toggle()\"><font style='text-decoration:{$addrtype2}'>" . gettext("Destination") . "</font></a>" . ($_GET['addr_type'] == '2' && preg_match("/base_stat_uaddr/", $_SERVER['SCRIPT_NAME']) ? $pdf . $csv : "") . "\n \t<div style='position:relative; z-index:2; text-align:left'><div id='uniqueaddrdst' style='position:absolute;top:0;display:none;padding:2px 5px;margin:-21px 0px 0px 150px;background-color:#fefefe;border:1px solid #C4C0BB;white-space:nowrap;'>\n \t<a style='color:black;font-weight:bold' href='base_stat_uaddr.php?sort_order=occur_d&addr_type=2'>IP Addresses</a><br>\n \t<a style='color:black;font-weight:bold' href='base_stat_uidmsel.php?addr_type=dst_userdomain&sort_order=occur_d'>User@Domains</a><br>\n \t<a style='color:black;font-weight:bold' href='base_stat_uidmsel.php?addr_type=dst_hostname&sort_order=occur_d'>Hostnames</a><br>\n \t</div></div>"; } else { $uat = $unique_ip_cnt_info[1] . gettext("Unique addresses") . $unique_ip_cnt_info[2] . ":<br>"; $uatsrc = $unique_src_ip_cnt_info[1] . "<font style='text-decoration:{$addrtype1}'>" . gettext("Source") . "</font>" . $unique_src_ip_cnt_info[2]; $uatdst = $unique_dst_ip_cnt_info[1] . "<font style='text-decoration:{$addrtype2}'>" . gettext("Destination") . "</font>" . $unique_dst_ip_cnt_info[2]; } ?> <td align="center" style='border-right:1px solid #C4C0BB;border-top:1px solid #C4C0BB;<?php if ($color == "th") { echo "color:white"; } ?> ' class="<?php echo $color; ?> "><?php echo $uat . $uatsrc . " | " . $uatdst; ?> </td> <?php # SRC/DST PORTS $color = preg_match("/base_stat_ports\\.php/", $_SERVER['SCRIPT_NAME']) ? "th" : ""; if ($color == "th" && $_GET['port_type'] == 1) { /* $unique_src_port_cnt_info[1] = str_replace(":black",":white",$unique_src_port_cnt_info[1]); $unique_tcp_src_port_cnt_info[1] = str_replace(":black",":white",$unique_tcp_src_port_cnt_info[1]); $unique_udp_src_port_cnt_info[1] = str_replace(":black",":white",$unique_udp_src_port_cnt_info[1]); $unique_dst_port_cnt_info[1] = str_replace(":black",":white",$unique_dst_port_cnt_info[1]); $unique_tcp_dst_port_cnt_info[1] = str_replace(":black",":white",$unique_tcp_dst_port_cnt_info[1]); $unique_udp_dst_port_cnt_info[1] = str_replace(":black",":white",$unique_udp_dst_port_cnt_info[1]); */ if (!$cloud_instance) { $pdfs = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('SourcePort_Report{$report_type}','pdf');return false\"><img src=\"images/pdf-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Launch PDF Report") . "\">"; $csvs = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('SourcePort_Report{$report_type}','" . Util::htmlentities($src_port_report_type) . "');return false\"><img src=\"images/csv-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Download data in csv format") . "\"></a> "; } else { $pdfs = ""; $csvs = " "; } } elseif ($color == "th" && $_GET['port_type'] == 2) { /* $unique_src_port_cnt_info[1] = str_replace(":black",":white",$unique_src_port_cnt_info[1]); $unique_tcp_src_port_cnt_info[1] = str_replace(":black",":white",$unique_tcp_src_port_cnt_info[1]); $unique_udp_src_port_cnt_info[1] = str_replace(":black",":white",$unique_udp_src_port_cnt_info[1]); $unique_dst_port_cnt_info[1] = str_replace(":black",":white",$unique_dst_port_cnt_info[1]); $unique_tcp_dst_port_cnt_info[1] = str_replace(":black",":white",$unique_tcp_dst_port_cnt_info[1]); $unique_udp_dst_port_cnt_info[1] = str_replace(":black",":white",$unique_udp_dst_port_cnt_info[1]); */ if (!$cloud_instance) { $pdfd = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('DestinationPort_Report{$report_type}','pdf');return false\"><img src=\"images/pdf-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Launch PDF Report") . "\">"; $csvd = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('DestinationPort_Report{$report_type}','" . Util::htmlentities($dst_port_report_type) . "');return false\"><img src=\"images/csv-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Download data in csv format") . "\"></a> "; } else { $pdfd = ""; $csvd = " "; } } else { $pdfs = ""; $csvs = " "; $pdfd = ""; $csvd = " "; } $sprototcp = $_GET['proto'] == '6' && $_GET['port_type'] == '1' ? "underline" : "none"; $sprotoudp = $_GET['proto'] == '17' && $_GET['port_type'] == '1' ? "underline" : "none"; $dprototcp = $_GET['proto'] == '6' && $_GET['port_type'] == '2' ? "underline" : "none"; $dprotoudp = $_GET['proto'] == '17' && $_GET['port_type'] == '2' ? "underline" : "none"; ?> <td align="center" style='border-right:1px solid #C4C0BB;border-top:1px solid #C4C0BB;<?php if ($color == "th") { echo "color:white"; } ?> ' class="<?php echo $color; ?> "><?php echo $unique_src_port_cnt_info[1] . gettext("Source Port") . ":" . $unique_src_port_cnt_info[2] . " {$pdfs} {$csvs}" . $unique_tcp_src_port_cnt_info[1] . " <font style='text-decoration:{$sprototcp}'>TCP</font></a> | " . $unique_udp_src_port_cnt_info[1] . " <font style='text-decoration:{$sprotoudp}'>UDP</font></a>"; ?> <br> <?php echo $unique_dst_port_cnt_info[1] . gettext("Destination Port") . ":" . $unique_dst_port_cnt_info[2] . " {$pdfd} {$csvd}" . $unique_tcp_dst_port_cnt_info[1] . " <font style='text-decoration:{$dprototcp}'>TCP</font></a> | " . $unique_udp_dst_port_cnt_info[1] . " <font style='text-decoration:{$dprotoudp}'>UDP</font></a>"; ?> </td> <?php # TAXONOMY $color = preg_match("/base_stat_ptypes\\.php|base_stat_categories\\.php/", $_SERVER['SCRIPT_NAME']) ? "th" : ""; /* if ($color == "th") { $unique_ptypes_info[1] = str_replace(":black",":white",$unique_ptypes_info[1]); $unique_categories_info[1] = str_replace(":black",":white",$unique_categories_info[1]); } */ ?> <td align="center" style='border-right:1px solid #C4C0BB;border-top:1px solid #C4C0BB;' class="<?php echo $color; ?> "><?php echo gettext("Taxonomy"); ?> <br/><?php echo $unique_ptypes_info[1] . $unique_ptypes_info[0] . $unique_ptypes_info[2] . " | " . $unique_categories_info[1] . $unique_categories_info[0] . $unique_categories_info[2]; ?> </td> <?php # IP / COUNTRY $color = preg_match("/base_stat_iplink\\.php|base_stat_country\\.php/", $_SERVER['SCRIPT_NAME']) ? "th" : ""; /* if ($color == "th") { $unique_links_info[1] = str_replace(":black",":white",$unique_links_info[1]); $unique_links_fqdn = str_replace(":black",":white",$unique_links_fqdn); } */ ?> <td nowrap align="center" style='border-top:1px solid #C4C0BB;' class="<?php echo $color; ?> "><?php echo $unique_links_info[1] . $unique_links_info[0] . $unique_links_info[2] . $unique_links_fqdn; ?> <?php if ($color == "th" && !$cloud_instance && preg_match("/base_stat_iplink\\.php/", $_SERVER['SCRIPT_NAME']) && GET('fqdn') == 'no') { ?> <a href="javascript:;" onclick="javascript:report_launcher('UniqueIPLinks_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('UniqueIPLinks_Report','<?php echo Util::htmlentities($unique_iplinks_report_type); ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> <br><a href="base_stat_country.php"><?php echo _("Unique Country Events"); ?> </a> <?php if ($color == "th" && !$cloud_instance && preg_match("/base_stat_country\\.php/", $_SERVER['SCRIPT_NAME'])) { ?> <a href="javascript:;" onclick="javascript:report_launcher('UniqueCountryEvents_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('UniqueCountryEvents_Report','<?php echo Util::htmlentities($unique_country_events_report_type); ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> </td> <?php //echo "</td></tr></table>"; ?> </tr> </table> <?php echo "</td></tr></table>"; }
$max_time = $myrow[7]; /* Print out */ qroPrintEntryHeader($i); $tmp_rowid = rawurlencode($class_id); echo ' <TD> <INPUT TYPE="checkbox" NAME="action_chk_lst[' . $i . ']" VALUE="' . $tmp_rowid . '"> </TD>'; echo ' <INPUT TYPE="hidden" NAME="action_lst[' . $i . ']" VALUE="' . $tmp_rowid . '">'; qroPrintEntry(GetSigClassName($class_id, $db)); qroPrintEntry('<FONT>' . '<A HREF="base_qry_main.php?new=1&sig_class=' . $class_id . '&submit=' . gettext("Query+DB") . '&num_result_rows=-1">' . $total_occurances . '</A> (' . round($total_occurances / $event_cnt * 100) . '%)' . '</FONT>'); qroPrintEntry('<FONT><A HREF="base_stat_sensor.php?sig_class=' . $class_id . '">' . $sensor_num . '</A>'); qroPrintEntry('<FONT><A HREF="base_stat_alerts.php?sig_class=' . $class_id . '">' . $sig_num . '</FONT>'); qroPrintEntry('<FONT>' . BuildUniqueAddressLink(1, '&sig_class=' . $class_id) . $sip_num . '</A></FONT>'); qroPrintEntry('<FONT>' . BuildUniqueAddressLink(2, '&sig_class=' . $class_id) . $dip_num . '</A></FONT>'); qroPrintEntry('<FONT>' . $min_time . '</FONT>'); qroPrintEntry('<FONT>' . $max_time . '</FONT>'); qroPrintEntryFooter(); $i++; $prev_time = null; } $result->baseFreeRows(); $qro->PrintFooter(); $qs->PrintBrowseButtons(); $qs->PrintAlertActionButtons(); $qs->SaveState(); echo "\n</FORM>\n"; PrintBASESubFooter(); $et->Mark("Get Query Elements"); $et->PrintTiming();
$slnk = $current_url . "/pixmaps/flags/" . $country . ".png"; } else { $country_img = ""; $slnk = $homelan != "" ? $current_url . "/forensics/images/homelan.png" : ""; } /* Print out */ qroPrintEntryHeader($i); $tmp_rowid = $sensor_id; echo ' <TD><INPUT TYPE="checkbox" NAME="action_chk_lst[' . $i . ']" VALUE="' . $tmp_rowid . '">'; echo ' <INPUT TYPE="hidden" NAME="action_lst[' . $i . ']" VALUE="' . $tmp_rowid . '"></TD>'; qroPrintEntry($sensor_id); qroPrintEntry((preg_match("/\\-.+/", $sname) ? $sname : $sname . "-snort") . $country_img . $homelan); qroPrintEntry('<A HREF="base_qry_main.php?new=1&sensor=' . $sensor_id . '&num_result_rows=-1&submit=' . gettext("Query+DB") . '">' . $event_cnt . '</A>'); qroPrintEntry(BuildUniqueAlertLink("?sensor=" . $sensor_id) . $unique_event_cnt . '</A>'); qroPrintEntry(BuildUniqueAddressLink(1, "&sensor=" . $sensor_id) . $num_src_ip . '</A>'); qroPrintEntry(BuildUniqueAddressLink(2, "&sensor=" . $sensor_id) . $num_dst_ip . '</A>'); qroPrintEntry($start_time); qroPrintEntry($stop_time); qroPrintEntryFooter(); $i++; // report_data $report_data[] = array(trim(preg_match("/\\-.+/", $sname) ? $sname : $sname . "-snort"), $slnk, $num_src_ip, $num_dst_ip, $start_time, $stop_time, "", "", "", "", "", $sensor_id, $event_cnt, $unique_event_cnt); } $result->baseFreeRows(); $dbo->close($_conn); $qro->PrintFooter(); $qs->PrintBrowseButtons(); $qs->PrintAlertActionButtons(); $qs->SaveReportData($report_data, $sensors_report_type); $qs->SaveState(); echo "\n</FORM>\n";
die; } $tz = Util::get_timezone(); $plugin_id = ImportHTTPVar("id", VAR_DIGIT); $plugin_sid = ImportHTTPVar("sid", VAR_DIGIT); $sqlgraph = str_replace("PLUGINSID", $plugin_sid, str_replace("PLUGINID", $plugin_id, $_SESSION['siem_current_query_graph'])); $sql = str_replace("PLUGINSID", $plugin_sid, str_replace("PLUGINID", $plugin_id, $_SESSION['siem_alerts_query'])); session_write_close(); $qs = new QueryState(); $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); $rs = $qs->ExecuteOutputQuery($sql, $db); if ($row = $rs->baseFetchRow()) { $addr_link = '&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($plugin_id . ";" . $plugin_sid); $src_addrs = BuildUniqueAddressLink(1, $addr_link) . $row[0] . '</A>'; $dst_addrs = BuildUniqueAddressLink(2, $addr_link) . $row[1] . '</A>'; $last = get_utc_unixtime($db, $row[2]); } $rs->baseFreeRows(); if ($tz != 0) { $last = gmdate("Y-m-d H:i:s", $last + 3600 * $tz); } else { $last = $row[2]; } echo "{$src_addrs}##{$dst_addrs}##{$last}##"; $tr = $_SESSION["time_range"] != "" ? $_SESSION["time_range"] : "all"; $trdata = array(0, 0, $tr); if ($tr == "range") { $desde = strtotime($_SESSION["time"][0][4] . "-" . $_SESSION["time"][0][2] . "-" . $_SESSION["time"][0][3]) + 3600 * $tz; $hasta = strtotime($_SESSION["time"][1][4] . "-" . $_SESSION["time"][1][2] . "-" . $_SESSION["time"][1][3]) + 3600 * $tz; $diff = $hasta - $desde;
** (see the file 'base_main.php' for license details) ** ** Built upon work by Roman Danyliw <*****@*****.**>, <*****@*****.**> ** Built upon work by the BASE Project Team <*****@*****.**> */ require "base_conf.php"; require "vars_session.php"; require_once 'classes/Util.inc'; require "{$BASE_path}/includes/base_constants.inc.php"; require "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_qry_common.php"; include_once "{$BASE_path}/base_stat_common.php"; if ($_SESSION['siem_sensor_query'] == "") { echo "-##-##-"; die; } $device_id = ImportHTTPVar("id", VAR_DIGIT); $sql = str_replace("DEVICEID", $device_id, $_SESSION['siem_sensor_query']); session_write_close(); $qs = new QueryState(); $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); $rs = $qs->ExecuteOutputQuery($sql, $db); if ($row = $rs->baseFetchRow()) { $unique_addrs = BuildUniqueAlertLink("?sensor=" . urlencode($device_id)) . Util::htmlentities($row[0]) . '</A>'; $src_addrs = BuildUniqueAddressLink(1, "&sensor=" . urlencode($device_id)) . Util::htmlentities($row[1]) . '</A>'; $dst_addrs = BuildUniqueAddressLink(2, "&sensor=" . urlencode($device_id)) . Util::htmlentities($row[2]) . '</A>'; } $rs->baseFreeRows(); echo "{$unique_addrs}##{$src_addrs}##{$dst_addrs}";