コード例 #1
0
 if ($no_resolv || !$dst_host) {
     $s_dst_name = $s_dst_ip;
     $ctx_dst = $ctx;
 } elseif ($dst_host) {
     $s_dst_name = $dst_host->get_name();
     $ctx_dst = $dst_host->get_ctx();
 }
 // Dst icon and bold
 $dst_output = Asset_host::get_extended_name($conn, $geoloc, $s_dst_ip, $ctx_dst, $event_info["dst_host"], $event_info["dst_net"]);
 $homelan_dst = $dst_output['is_internal'];
 $dst_img = $dst_output['html_icon'];
 // Clean icon hover tiptip
 $s_src_link = Menu::get_menu_url("../forensics/base_stat_ipaddr.php?clear_allcriteria=1&ip={$s_src_ip}", 'analysis', 'security_events', 'security_events');
 $s_dst_link = Menu::get_menu_url("../forensics/base_stat_ipaddr.php?clear_allcriteria=1&ip={$s_dst_ip}", 'analysis', 'security_events', 'security_events');
 $s_src_port = $s_src_port != 0 ? ":" . Port::port2service($conn, $s_src_port) : "";
 $s_dst_port = $s_dst_port != 0 ? ":" . Port::port2service($conn, $s_dst_port) : "";
 // Reputation info
 $rep_src_icon = Reputation::getrepimg($event_info["rep_prio_src"], $event_info["rep_rel_src"], $event_info["rep_act_src"], $s_src_ip);
 //$rep_src_bgcolor  = Reputation::getrepbgcolor($event_info["rep_prio_src"]);
 $rep_dst_icon = Reputation::getrepimg($event_info["rep_prio_dst"], $event_info["rep_rel_dst"], $event_info["rep_act_dst"], $s_dst_ip);
 //$rep_dst_bgcolor  = Reputation::getrepbgcolor($event_info["rep_prio_dst"]);
 $c_src_homelan = $homelan_src ? 'bold alarm_netlookup' : '';
 $source_link = $src_img . " <a href='{$s_src_link}' class='{$c_src_homelan}' data-title='{$s_src_ip}-{$ctx_src}' title='{$s_src_ip}'>" . $s_src_name . $s_src_port . "</a> {$rep_src_icon}";
 $source_balloon = "<div id='" . $s_src_ip . ";" . $s_src_name . ";" . $event_info["src_host"] . "' ctx='{$ctx}' id2='" . $s_src_ip . ";" . $s_dst_ip . "' class='HostReportMenu'>";
 $source_balloon .= $source_link;
 $source_balloon .= "</div>";
 $c_dst_homelan = $homelan_dst ? 'bold alarm_netlookup' : '';
 $dest_link = $dst_img . " <a href='{$s_dst_link}' class='{$c_dst_homelan}' data-title='{$s_dst_ip}-{$ctx_dst}' title='{$s_dst_ip}'>" . $s_dst_name . $s_dst_port . "</a> {$rep_dst_icon}";
 $dest_balloon = "<div id='" . $s_dst_ip . ";" . $s_dst_name . ";" . $event_info["dst_host"] . "' ctx='{$ctx}' id2='" . $s_dst_ip . ";" . $s_src_ip . "' class='HostReportMenu'>";
 $dest_balloon .= $dest_link;
 $dest_balloon .= "</div>";
コード例 #2
0
	<table class='transparent' width='100%'>
	<tr>
		<td class='medium' style='vertical-align:top;white-space:nowrap;text-align:left;width:1%;'>
			<img src='/ossim/alarm/style/img/port.png' height='15' align='absmiddle' style='padding-bottom:3px;'/> <?php 
echo _('Ports');
?>
		</td>
		<td>
			<div id="cloud_port<?php 
echo $prefix;
?>
" style='width:99%;text-align:center'>
				<?php 
foreach ($ports as $port => $np) {
    $tooltip = _('Port') . " {$port} - {$np} " . ($np == 1 ? _('Occurrence') : _('Occurrences'));
    $port = $port == 0 ? _('Unknown') : strtoupper(Port::port2service($conn, $port));
    ?>
					<a href="#" class='alarm-help' style='text-decoration:none' title='<?php 
    echo $tooltip;
    ?>
' rel="<?php 
    echo $np;
    ?>
"><?php 
    echo $port;
    ?>
</a>
				<?php 
}
?>
			</div>
コード例 #3
0
ファイル: alarm_console.php プロジェクト: jhbsz/ossimTest 
        ?>
        </span>
        </td>
        </tr></table>
        </td>
        
        <!-- risk -->
<?php 
        $src_ip = $alarm->get_src_ip();
        $dst_ip = $alarm->get_dst_ip();
        $src_port = $alarm->get_src_port();
        $dst_port = $alarm->get_dst_port();
        //$src_port = Port::port2service($conn, $alarm->get_src_port());
        //$dst_port = Port::port2service($conn, $alarm->get_dst_port());
        $src_port = Port::port2service($conn, $src_port);
        $dst_port = Port::port2service($conn, $dst_port);
        $sensors = $alarm->get_sensors();
        $risk = $alarm->get_risk();
        if ($risk > 7) {
            echo "\n            <td class='nobborder' style='text-align:center;background-color:red'>\n              <b>\n                <a href=\"{$events_link}\">\n                  <font color=\"white\">{$risk}</font>\n                </a>\n              </b>\n            </td>\n            ";
        } elseif ($risk > 4) {
            echo "\n            <td class='nobborder' style='text-align:center;background-color:orange'>\n              <b>\n                <a href=\"{$events_link}\">\n                  <font color=\"black\">{$risk}</font>\n                </a>\n              </b>\n            </td>\n            ";
        } elseif ($risk > 2) {
            echo "\n            <td class='nobborder' style='text-align:center;background-color:green'>\n              <b>\n                <a href=\"{$events_link}\">\n                  <font color=\"white\">{$risk}</font>\n                </a>\n              </b>\n            </td>\n            ";
        } else {
            echo "\n            <td class='nobborder' style='text-align:center'><a href=\"{$events_link}\">{$risk}</a></td>\n            ";
        }
        ?>
        <!-- end risk -->
コード例 #4
0
ファイル: alarm_console.php プロジェクト: jhbsz/ossimTest 
        $datemark = $date_slices[0];
        $alarm_name = ereg_replace("directive_event: ", "", $sid_name);
        $alarm_name = Util::translate_alarm($conn, $alarm_name, $alarm);
        $alarm_name_orig = $alarm_name;
        if ($backlog_id != 0) {
            $events_link = "events.php?backlog_id={$backlog_id}";
            $alarm_name = $events_link;
        } else {
            $events_link = $_SERVER["SCRIPT_NAME"];
            $alarm_link = Util::get_acid_pair_link($date, $alarm->get_src_ip(), $alarm->get_dst_ip());
            $alarm_name = $alarm_link;
        }
        $src_ip = $alarm->get_src_ip();
        $dst_ip = $alarm->get_dst_ip();
        $src_port = Port::port2service($conn, $alarm->get_src_port());
        $dst_port = Port::port2service($conn, $alarm->get_dst_port());
        $sensors = $alarm->get_sensors();
        $risk = $alarm->get_risk();
        $src_link = "report/index.php?host={$src_ip}&section=events";
        $dst_link = "report/index.php?host={$dst_ip}&section=events";
        $src_name = Host::ip2hostname($conn, $src_ip);
        $dst_name = Host::ip2hostname($conn, $dst_ip);
        $event_id = $alarm->get_event_id();
        $status = $alarm->get_status();
        echo "\n    <entry>\n    <title>\n Alarm: {$alarm_name_orig} Risk: {$risk}</title>\n    <id>http://" . $_SERVER['SERVER_ADDR'] . "/" . urlencode($alarm_name) . "</id>\n    <link href=\"http://" . $_SERVER['SERVER_ADDR'] . "/" . urlencode($alarm_name) . "\"/>\n    <summary>{$alarm_name_orig}</summary>\n    <content type=\"application/xhtml+xml\" xml:space=\"preserve\">\n    <div xmlns=\"http://www.w3.org/1999/xhtml\">\n    <strong>Alarm:</strong>  {$alarm_name_orig}<br/>\n    <strong>Risk:</strong> {$risk}<br/>\n    <strong>Date:</strong> {$since}<br/>\n";
        foreach ($sensors as $sensor) {
            echo "\n    <strong>Sensor:</strong>\n    <a href=\"http://" . $_SERVER['SERVER_ADDR'] . "/ossim/sensor/sensor_plugins.php?sensor={$sensor}\" >{$sensor}</a>\n    (" . Host::ip2hostname($conn, $sensor) . ")<br/>\n        ";
        }
        echo "\n    <strong>Source IP:</strong>\n    <a href=\"http://" . $_SERVER['SERVER_ADDR'] . "/ossim/" . urlencode($src_link) . "\">{$src_ip}</a><br/>\n    <strong>Destination IP:</strong>\n    <a href=\"http://" . $_SERVER['SERVER_ADDR'] . "/ossim/" . urlencode($dst_link) . "\">{$dst_ip}</a><br/>\n    </div>\n    </content>\n    <author>\n    <name>\nOSSIM at " . $_SERVER['SERVER_ADDR'] . "\n </name>\n    </author>\n    <updated>" . Util::timestamp2RFC1459($alarm->get_timestamp()) . "</updated>\n    </entry>\n";
    }
}