function jgraph_attack_graph($target, $hosts, $type = "Bar3D", $width = 450, $height = 250) { global $security_report; global $datapath; global $base_dir; global $date_from, $date_to; if (!strcmp($target, "ip_src")) { if (!($fp = @fopen("{$base_dir}/tmp/ip_src.xml", "w"))) { print "Error: <b>{$datapath}</b> directory must exists and be <br/>\n"; print "writable by the user the webserver runs as"; exit; } } else { if (!($fp = @fopen("{$base_dir}/tmp/ip_dst.xml", "w"))) { print "Error: <b>{$datapath}</b> directory must exists and be <br/>\n"; print "writable by the user the webserver runs as"; exit; } } fwrite($fp, "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n" . "<CategoryDataset>\n <Series name=\"{$target}\">\n"); $list = $security_report->AttackHost($target, $hosts, "event", $date_from, $date_to); foreach ($list as $l) { $ip = $l[0]; $ctx = $l[2] != '' ? $l[2] : Session::get_default_ctx(); $occurrences = $l[1]; $_names_aux = Asset_host::get_name_by_ip($security_report->ossim_conn, $ip, $ctx); $hostname = array_shift($_names_aux); if (strlen($hostname) > MAX_HOSTNAME_LEN) { $hostname = $ip; } fwrite($fp, " <Item>\n <Key>{$hostname}</Key>\n <Value>{$occurrences}</Value>\n </Item>\n"); } fwrite($fp, " </Series>\n</CategoryDataset>\n\n"); fclose($fp); echo "\n<applet archive=\"../java/jcommon-0.9.5.jar,../java/jfreechart-0.9.20.jar,../java/jossim-graph.jar\" code=\"net.ossim.graph.applet.OssimGraphApplet\" width=\"{$width}\" height=\"{$height}\" alt=\"You should see an applet, not this text.\">\n <param name=\"graphType\" value=\"{$type}\">"; if (!strcmp($target, "ip_src")) { echo " <param name=\"xmlDataUrl\" value=\"{$datapath}/ip_src.xml\">"; } else { echo " <param name=\"xmlDataUrl\" value=\"{$datapath}/ip_dst.xml\">"; } echo "\n <param name=\"alpha\" value=\"0.42f\">\n <param name=\"legend\" value=\"false\">\n <param name=\"tooltips\" value=\"false\">\n <param name=\"orientation\" value=\"HORIZONTAL\">\n</applet>\n"; }
<tr> <td style="height:106px" align="center"> <div id="graph2" style="text-align:center;margin:0px;height:104px;width:98%"></div> </td> </tr> <script language="javascript" type="text/javascript"> $( function () { $.plot($("#graph2"), [ <?php $i = 0; foreach ($list2 as $l) { $ip = $l[0]; $occurrences = Util::number_format_locale($l[1], 0); $_hostnames = Asset_host::get_name_by_ip($conn, $ip); $hostname = count($_hostnames) > 0 ? array_shift($_hostnames) : $ip; $label = str_replace("'", "\\'", "[<b>{$occurrences}</b>] {$hostname}"); //if (strlen($label)>31) $label = substr($label, 0, 30).".."; ?> <?php echo $i++ == 0 ? "" : ","; ?> { label: '<?php echo $label; ?> ', data: <?php echo $l[1]; ?> } <?php
$me = NULL; } $_country_aux = $geoloc->get_country_by_host($conn, $user->get_ip()); $s_country = strtolower($_country_aux[0]); $s_country_name = $_country_aux[1]; $geo_code = get_country($s_country); $flag = !empty($geo_code) ? "<img src='" . $geo_code . "' border='0' align='top'/>" : ''; $logon_date = gmdate('Y-m-d H:i:s', Util::get_utc_unixtime($user->get_logon_date()) + 3600 * Util::get_timezone()); $activity_date = Util::get_utc_unixtime($user->get_activity()); $background = Session_activity::is_expired($activity_date) ? 'background:#FFD8D6;' : ''; $expired = Session_activity::is_expired($activity_date) ? "<span style='color:red'>(" . _('Expired') . ")</span>" : ""; $agent = explode('###', $user->get_agent()); if ($agent[1] == 'av report scheduler') { $agent = array('AV Report Scheduler', 'wget'); } $host = @array_shift(Asset_host::get_name_by_ip($conn, $user->get_ip())); $host = $host == '' ? $user->get_ip() : $host; echo " <tr id='" . $user->get_id() . "'>\n\t\t\t\t\t\t\t\t\t<td class='ops_user' {$me}><img class='user_icon' src='" . get_user_icon($user->get_login(), $pro) . "' alt='" . _('User icon') . "' title='" . _('User icon') . "' align='absmiddle'/> " . $user->get_login() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_ip'>" . $user->get_ip() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_host'>" . $host . $flag . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_agent'><a title='" . htmlentities($agent[1]) . "' class='info_agent'>" . htmlentities($agent[0]) . "</a></td>\n\t\t\t\t\t\t\t\t\t<td class='ops_id'>" . $user->get_id() . " {$expired}</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_logon'>" . $logon_date . "</td>\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<td class='ops_activity'>" . _(TimeAgo($activity_date, gmdate('U'))) . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_actions'>{$action}</td>\t\n\t\t\t\t\t\t\t\t</tr>"; } } ?> </tbody> </table> </div> </div> </body> </html> <?php $db->close();
print_incident_fields(_('Port'), $a_port); print_incident_fields(_('Previous Protocol [Version]'), "{$a_prot_o} [{$a_ver_o}]"); print_incident_fields(_('New Protocol [Version]'), "{$a_prot} [{$a_ver}]"); } elseif ($anom_type == 'os') { list($a_sen, $a_date, $a_os_o) = explode(",", $anom_info_o); list($a_sen, $a_date, $a_os) = explode(",", $anom_info); print_incident_fields(_('Host'), $anom_ip); print_incident_fields(_('Previous OS'), $a_os_o); print_incident_fields(_('New OS'), $a_os); } } } elseif ($ref == 'Vulnerability') { $vulnerability_list = $incident->get_vulnerabilities($conn); foreach ($vulnerability_list as $vulnerability_data) { $nessus_id = $vulnerability_data->get_nessus_id(); $hostname_temp = Asset_host::get_name_by_ip($conn, $vulnerability_data->get_ip()); $hostname_temp = array_shift($hostname_temp); print_incident_fields(_('IP'), $vulnerability_data->get_ip() . $hostname_temp); print_incident_fields(_('Port'), $vulnerability_data->get_port()); print_incident_fields(_('Scanner ID'), $nessus_id); print_incident_fields(_('Risk'), $vulnerability_data->get_risk()); print_incident_fields(_('Description'), nl2br($vulnerability_data->get_description())); } } elseif ($ref == 'Custom') { $custom_list = $incident->get_custom($conn); foreach ($custom_list as $custom) { $c_val = Incident::format_custom_field($custom[3], $id, $custom[1], $custom[2]); print_incident_fields($custom[0], $c_val); } } ?>