"><?php
echo Util::number_format_locale($country_uhn['dstnum'], 0);
?>
</a>
<?php
} else {
echo "0";
}
?>
</td>
</TR>
</TABLE>
</TD>
</tr>
<?php
$report_data[] = array($country, "", "", "", "", "", "", "", "", "", "", $country_uhn['Unknown'], $country_uhn['srcnum'] + $country_uhn['dstnum'], 0);
}
echo '</TABLE>';
$result->baseFreeRows();
$dbo->close($_conn);
$qro->PrintFooter();
//$qs->PrintBrowseButtons();
$qs->PrintAlertActionButtons();
$qs->SaveReportData($report_data, $unique_country_events_report_type);
$qs->SaveState();
ExportHTTPVar("addr_type", $addr_type);
PrintBASESubFooter();
$et->Mark("Get Query Elements");
$et->PrintTiming();
echo "</body>\r\n</html>";
geoip_close($gi);
}
}
}
}
}
}
}
echo '<input type="submit" name="submit" value="' . $button_text . '">';
echo '</div>';
}
}
// if ($ag_action != "list")
echo '<input type="hidden" name="ag_action" value="' . htmlspecialchars($ag_action) . '">';
if ($ag_action == "view" && $submit != "") {
/* Calculate the Number of Alerts */
$cnt_sql = "SELECT count(ag_sid) FROM acid_ag_alert WHERE ag_id='" . $ag_id . "'";
$save_sql = "SELECT acid_event.sid, acid_event.cid, signature, timestamp, " . "ip_src, ip_dst, ip_proto " . "FROM acid_event " . "LEFT JOIN acid_ag_alert ON acid_event.sid=ag_sid AND acid_event.cid=ag_cid " . "WHERE acid_event.cid > '0' AND ag_id = '" . $ag_id . "'";
$printing_ag = true;
$ag = $ag_id;
include "{$BASE_path}/base_qry_sqlcalls.php";
}
$qs->SaveState();
/* Export action_arg = current AG ID, so that Actions work */
ExportHTTPVar($ag_id, "action_arg");
echo "\n</form>\n";
PrintBASESubFooter();
if ($debug_time_mode > 0) {
$et->Mark("Get Query Elements");
$et->PrintTiming();
}
echo "</body>\r\n</html>";
$val = explode(":", $dat);
if ($val[0] != "") {
echo "<div class='siem_detail_snortattr siem_detail_snorttab'><b>" . Util::htmlentities(trim($val[0])) . ":</b> " . Util::htmlentities($val[1]) . "</div>\n";
}
}
}
echo '</div>';
}
//
// pcap
//
if (!empty($binary)) {
include "base_payload_pcap.php";
}
}
ExportHTTPVar("caller", $caller);
echo "</FORM>\n\n";
if (array_key_exists("minimal_view", $_GET)) {
echo "</FORM>\n\n";
?>
</div><br/><div class="center">
<button class="button" id="view_more" data-url="<?php
echo Menu::get_menu_url(AV_MAIN_PATH . "/forensics/base_qry_alert.php?noheader=true&pag={$pag}&submit=" . rawurlencode($submit), 'analysis', 'security_events', 'security_events');
?>
"><?php
echo _('View More');
?>
</button>
</div><br/>
<?php
}
function SaveState()
{
echo "<!-- Saving Query State -->\n";
ExportHTTPVar("caller", $this->current_canned_query);
ExportHTTPVar("num_result_rows", $this->num_result_rows);
// The below line is commented to fix bug #1761605 please verify this doesnt break anything else -- Kevin Johnson
ExportHTTPVar("sort_order", $this->current_sort_order);
ExportHTTPVar("current_view", $this->current_view);
}
$pid = $myrow[0] . '-' . $ctx;
qroPrintEntry('<div class="upr" id="us' . $pid . '">-</div>', 'center', 'middle');
qroPrintEntry('<div id="ud' . $pid . '">-</div>', 'center', 'middle');
qroPrintEntryFooter();
++$i;
// report_data
$report_data[] = array(trim($crPort), $num_sig, $num_sip, $num_dip, $first_time, $last_time, "", "", "", "", $sens, $proto < 0 ? 0 : ($proto == TCP ? 1 : 2), 0, $num_events);
}
$result->baseFreeRows();
$qro->PrintFooter();
$qs->PrintBrowseButtons();
$qs->PrintAlertActionButtons();
$qs->SaveReportData($report_data, $port_type == SOURCE_PORT ? $src_port_report_type : $dst_port_report_type);
$qs->SaveState();
ExportHTTPVar("port_type", $port_type);
ExportHTTPVar("proto", $proto);
echo "\n</FORM>\n";
PrintBASESubFooter();
$et->Mark("Get Query Elements");
$et->PrintTiming();
$db->baseClose();
// Do not load javascript if we are exporting with report_launcher.php
if (!$export) {
?>
<script>
var tmpimg = '<img alt="" src="data:image/gif;base64,R0lGODlhEAALAPQAAOPj4wAAAMLCwrm5udHR0QUFBQAAACkpKXR0dFVVVaamph4eHkJCQnt7e1lZWampqSEhIQMDA0VFRc3NzcHBwdra2jIyMsTExNjY2KKioo6OjrS0tNTU1AAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/hpDcmVhdGVkIHdpdGggYWpheGxvYWQuaW5mbwAh+QQJCwAAACwAAAAAEAALAAAFLSAgjmRpnqSgCuLKAq5AEIM4zDVw03ve27ifDgfkEYe04kDIDC5zrtYKRa2WQgAh+QQJCwAAACwAAAAAEAALAAAFJGBhGAVgnqhpHIeRvsDawqns0qeN5+y967tYLyicBYE7EYkYAgAh+QQJCwAAACwAAAAAEAALAAAFNiAgjothLOOIJAkiGgxjpGKiKMkbz7SN6zIawJcDwIK9W/HISxGBzdHTuBNOmcJVCyoUlk7CEAAh+QQJCwAAACwAAAAAEAALAAAFNSAgjqQIRRFUAo3jNGIkSdHqPI8Tz3V55zuaDacDyIQ+YrBH+hWPzJFzOQQaeavWi7oqnVIhACH5BAkLAAAALAAAAAAQAAsAAAUyICCOZGme1rJY5kRRk7hI0mJSVUXJtF3iOl7tltsBZsNfUegjAY3I5sgFY55KqdX1GgIAIfkECQsAAAAsAAAAABAACwAABTcgII5kaZ4kcV2EqLJipmnZhWGXaOOitm2aXQ4g7P2Ct2ER4AMul00kj5g0Al8tADY2y6C+4FIIACH5BAkLAAAALAAAAAAQAAsAAAUvICCOZGme5ERRk6iy7qpyHCVStA3gNa/7txxwlwv2isSacYUc+l4tADQGQ1mvpBAAIfkECQsAAAAsAAAAABAACwAABS8gII5kaZ7kRFGTqLLuqnIcJVK0DeA1r/u3HHCXC/aKxJpxhRz6Xi0ANAZDWa+kEAA7AAAAAAAAAAAA" />';
var plots=new Array();
var pi = 0;
function load_content() {
if (pi>=plots.length) return;
var item = plots[pi]; pi++;
} elseif ($sort_order == "oriskd_a") {
$sort_sql = " ORDER BY ossim_risk_a ASC,timestamp DESC";
} elseif ($sort_order == "oriskd_d") {
$sort_sql = " ORDER BY ossim_risk_a DESC,timestamp DESC";
} elseif ($sort_order == "oreli_a") {
$sort_sql = " ORDER BY ossim_reliability ASC,timestamp DESC";
} elseif ($sort_order == "oreli_d") {
$sort_sql = " ORDER BY ossim_reliability DESC,timestamp DESC";
} elseif ($sort_order == "proto_a") {
$sort_sql = " ORDER BY ip_proto ASC,timestamp DESC";
$criteria_sql = preg_replace("/1 AND \\( timestamp/", "ip_proto > 0 AND ( timestamp", $criteria_sql);
} elseif ($sort_order == "proto_d") {
$sort_sql = " ORDER BY ip_proto DESC,timestamp DESC";
$criteria_sql = preg_replace("/1 AND \\( timestamp/", "ip_proto > 0 AND ( timestamp", $criteria_sql);
}
ExportHTTPVar("prev_sort_order", $sort_order);
}
// Choose the correct INDEX for select
if (preg_match("/^time/", $sort_order)) {
$sql .= " FORCE INDEX (timestamp)";
}
//elseif (preg_match("/^sip/", $sort_order)) $sql.= " FORCE INDEX (ip_src)";
//elseif (preg_match("/^dip/", $sort_order)) $sql.= " FORCE INDEX (ip_dst)";
//elseif (preg_match("/^sig/", $sort_order)) $sql.= " FORCE INDEX (sig_name)";
//elseif (preg_match("/^oasset/", $sort_order)) $sql.= " FORCE INDEX (ossim_asset_dst)";
//elseif (preg_match("/^oprio/", $sort_order)) $sql.= " FORCE INDEX (acid_event_ossim_priority)";
//elseif (preg_match("/^oriska/", $sort_order)) $sql.= " FORCE INDEX (acid_event_ossim_risk_a)";
//elseif (preg_match("/^oriskd/", $sort_order)) $sql.= " FORCE INDEX (acid_event_ossim_risk_c)";
//elseif (preg_match("/^oreli/", $sort_order)) $sql.= " FORCE INDEX (acid_event_ossim_reliability)";
//elseif (preg_match("/^proto/", $sort_order)) $sql.= " FORCE INDEX (ip_proto)";
// Make SQL string with criterias