if (is_array($_SESSION["server"]) && $_SESSION["server"][0] != "") {
$_conn = $dbo->custom_connect($_SESSION["server"][0], $_SESSION["server"][2], $_SESSION["server"][3]);
} else {
$_conn = $dbo->connect();
}
while (($myrow = $result->baseFetchRow()) && $i < $qs->GetDisplayRowCnt()) {
$device_id = $myrow['device_id'];
list($myrow['name'], $myrow['sensor_ip']) = explode(' - ', GetSensorName($myrow['sensor_id'], $db, true));
$sensor_ip = $myrow['name'] == 'N/A' ? 'N/A' : $myrow['sensor_ip'];
$device_ip = $myrow['device_ip'] != '' ? $myrow['device_ip'] . ($myrow['interface'] != '' ? ':' . $myrow['interface'] : '') : '-';
$sname = $myrow['name'];
$event_cnt = $myrow['event_cnt'];
$unique_event_cnt = $myrow['sig_cnt'] != "" ? $myrow['sig_cnt'] : "-";
$num_src_ip = $myrow['saddr_cnt'] != "" ? $myrow['saddr_cnt'] : "-";
$num_dst_ip = $myrow['daddr_cnt'] != "" ? $myrow['daddr_cnt'] : "-";
$_country_aux = $geoloc->get_country_by_host($conn, $sensor_ip);
$country = strtolower($_country_aux[0]);
$country_name = $_country_aux[1];
$homelan = "";
if ($country) {
$country_img = " <img src=\"/ossim/pixmaps/flags/" . $country . ".png\" alt=\"{$country_name}\" title=\"{$country_name}\">";
$slnk = $current_url . "/pixmaps/flags/" . $country . ".png";
} else {
$country_img = "";
$slnk = "";
}
/* Print out */
qroPrintEntryHeader($i);
$tmp_rowid = $device_id;
echo ' <TD><INPUT TYPE="checkbox" NAME="action_chk_lst[' . $i . ']" VALUE="' . $tmp_rowid . '">';
echo ' <INPUT TYPE="hidden" NAME="action_lst[' . $i . ']" VALUE="' . $tmp_rowid . '"></TD>';
$where = Security_report::make_where($conn, $date_from, $date_to, $plugin_list, $dDB);
$ejoin = preg_match('/plist_[a-z]+/', $where) ? preg_replace('/.*(plist_[a-z]+)\\.id .*/', ',\\1', $where) : '';
$query = "SELECT DISTINCT ip_src AS ip FROM alienvault_siem.acid_event {$ejoin} WHERE 1=1 {$where}\n UNION SELECT DISTINCT ip_dst as ip FROM alienvault_siem.acid_event {$ejoin} WHERE 1=1 {$where}";
$rs = $conn->Execute($query);
if (!$rs) {
Av_exception::throw_error(Av_exception::DB_ERROR, $conn->ErrorMsg());
}
$already = array();
while (!$rs->EOF) {
$ip = inet_ntop($rs->fields['ip']);
if (!isset($already[$ip])) {
//Session::hostAllowed($conn,$ip) => not necessary here?
$already[$ip]++;
if (!Asset_host::is_ip_in_cache_cidr($conn, $ip)) {
// geoip
$_country_aux = $geoloc->get_country_by_host($conn, $ip);
$s_country = strtolower($_country_aux[0]);
$s_country_name = $_country_aux[1];
if ($s_country == '') {
$ips[':Unknown']++;
} else {
$ips["{$s_country}:{$s_country_name}"]++;
}
}
}
$rs->MoveNext();
}
//
arsort($ips);
$ips = array_slice($ips, 0, $limit);
$totalValue = array_sum($ips);
</th>
</tr>
</thead>
<tbody>
<?php
if (!empty($allowed_users) && is_array($allowed_users)) {
foreach ($allowed_users as $user) {
if ($user->get_id() == $my_session) {
$me = "style='font-weight: bold;'";
$action = "<img class='info_logout dis_logout' src='../pixmaps/menu/logout.gif' alt='" . $user->get_login() . "' title='" . $user->get_login() . "'/>";
} else {
$action = "<a onclick=\"logout('" . $user->get_id() . "');\">\n\t\t\t\t\t\t\t <img class='info_logout' src='../pixmaps/menu/logout.gif' alt='" . _('Logout') . " " . $user->get_login() . "' title='" . _('Logout') . " " . $user->get_login() . "'/>\n\t\t\t\t\t\t\t </a>";
$me = NULL;
}
$_country_aux = $geoloc->get_country_by_host($conn, $user->get_ip());
$s_country = strtolower($_country_aux[0]);
$s_country_name = $_country_aux[1];
$geo_code = get_country($s_country);
$flag = !empty($geo_code) ? "<img src='" . $geo_code . "' border='0' align='top'/>" : '';
$logon_date = gmdate('Y-m-d H:i:s', Util::get_utc_unixtime($user->get_logon_date()) + 3600 * Util::get_timezone());
$activity_date = Util::get_utc_unixtime($user->get_activity());
$background = Session_activity::is_expired($activity_date) ? 'background:#FFD8D6;' : '';
$expired = Session_activity::is_expired($activity_date) ? "<span style='color:red'>(" . _('Expired') . ")</span>" : "";
$agent = explode('###', $user->get_agent());
if ($agent[1] == 'av report scheduler') {
$agent = array('AV Report Scheduler', 'wget');
}
$host = @array_shift(Asset_host::get_name_by_ip($conn, $user->get_ip()));
$host = $host == '' ? $user->get_ip() : $host;
echo " <tr id='" . $user->get_id() . "'>\n\t\t\t\t\t\t\t\t\t<td class='ops_user' {$me}><img class='user_icon' src='" . get_user_icon($user->get_login(), $pro) . "' alt='" . _('User icon') . "' title='" . _('User icon') . "' align='absmiddle'/> " . $user->get_login() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_ip'>" . $user->get_ip() . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_host'>" . $host . $flag . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_agent'><a title='" . htmlentities($agent[1]) . "' class='info_agent'>" . htmlentities($agent[0]) . "</a></td>\n\t\t\t\t\t\t\t\t\t<td class='ops_id'>" . $user->get_id() . " {$expired}</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_logon'>" . $logon_date . "</td>\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<td class='ops_activity'>" . _(TimeAgo($activity_date, gmdate('U'))) . "</td>\n\t\t\t\t\t\t\t\t\t<td class='ops_actions'>{$action}</td>\t\n\t\t\t\t\t\t\t\t</tr>";
break;
// Honeypot Countries - Last Week
// Honeypot Countries - Last Week
case "honeypot_countries":
$geoloc = new Geolocation("/usr/share/geoip/GeoLiteCity.dat");
$nodata_text .= _(" for <i>Honeypot</i>");
$sqlgraph = "select INET_NTOA(a.ip_src) as ip, sum(cnt) as num_events FROM alienvault_siem.po_acid_event a, alienvault.plugin pl, alienvault.plugin_sid p WHERE p.plugin_id=a.plugin_id AND p.sid=a.plugin_sid AND p.plugin_id=pl.id AND p.category_id=19 AND a.timestamp BETWEEN '" . gmdate("Y-m-d H:i:s", gmdate("U") - $range) . "' AND '" . gmdate("Y-m-d H:i:s") . "' {$sensor_where} group by a.ip_src order by num_events desc";
//echo $sqlgraph;
$countries = array();
$country_names = array();
//echo $sqlgraph;
if (!($rg = $conn->CacheExecute($sqlgraph))) {
print $conn->ErrorMsg();
} else {
while (!$rg->EOF && count($countries) < 10) {
$_country_aux = $geoloc->get_country_by_host($conn, $rg->fields['ip']);
$country = strtolower($_country_aux[0]);
$country_name = $_country_aux[1];
if ($country_name != '') {
$countries[$country] += $rg->fields['num_events'];
$country_names[$country] = $country_name;
}
$rg->MoveNext();
}
}
arsort($countries);
foreach ($countries as $c => $val) {
$url = Menu::get_menu_url("forensics/base_stat_country_alerts.php?cc={$c}&location=alerts&category=19", 'analysis', 'security_events', 'security_events');
$data .= "['<a class=\"no_text_decoration\" href=\"{$url}\">" . $country_names[$c] . "</a>'," . $val . "],";
$urls .= "'{$url}',";
}
break;
case "countries":
//Filters of sensors.
//Date range.
$range = $chart_info['range'] > 0 ? $chart_info['range'] * 86400 : 604800;
//Limit of host to show in the widget.
$limit = $chart_info['top'] != '' ? $chart_info['top'] : 10;
$geoloc = new Geolocation("/usr/share/geoip/GeoLiteCity.dat");
$sqlgraph = "select acid_event.ip_src as ip, count(*) as num_events FROM alienvault_siem.acid_event, alienvault.plugin pl, alienvault.plugin_sid p WHERE p.plugin_id=acid_event.plugin_id AND p.sid=acid_event.plugin_sid AND p.plugin_id=pl.id AND p.category_id in (" . implode(',', $honeypot_category) . ") AND acid_event.timestamp BETWEEN '" . gmdate("Y-m-d H:i:s", gmdate("U") - $range) . "' AND '" . gmdate("Y-m-d H:i:s") . "' {$query_where} group by acid_event.ip_src order by num_events desc";
$countries = array();
$country_names = array();
if (!($rg =& $conn->CacheExecute($sqlgraph))) {
print $conn->ErrorMsg();
} else {
while (!$rg->EOF && count($countries) < $limit) {
$_country_aux = $geoloc->get_country_by_host($conn, inet_ntop($rg->fields['ip']));
$country = strtolower($_country_aux[0]);
$country_name = $_country_aux[1];
if ($country_name != "") {
$countries[$country] += $rg->fields['num_events'];
$country_names[$country] = $country_name;
}
$rg->MoveNext();
}
}
arsort($countries);
foreach ($countries as $c => $val) {
$data[] = $val;
$label[] = $country_names[$c];
$link = Menu::get_menu_url("/ossim/forensics/base_stat_country_alerts.php?cc={$c}&location=alerts&category=19", 'analysis', 'security_events');
$links[] = "'{$link}'";
$_conn = $dbo->custom_connect($_SESSION["server"][0],$_SESSION["server"][2],$_SESSION["server"][3]);
}
else
{
$_conn = $dbo->connect();
}
while (($myrow = $result->baseFetchRow()))
{
if ($myrow[0] == NULL) continue;
$currentIP = inet_ntop($myrow[0]);
$ip_type = $myrow[1];
$num_events = $myrow[2];
$field = ($ip_type=='S') ? 'srcnum' : 'dstnum';
$_country_aux = $geoloc->get_country_by_host($_conn, $currentIP);
$country = strtolower($_country_aux[0]);
$country_name = $_country_aux[1];
if ($country_name == "") $country_name = _("Unknown Country");
//echo "IP $currentIP $country_name <br>";
if ($country_name!=_("Unknown Country")) {
$countries[$country_name] += $num_events;
$country_acc[$country_name][$field]++;
$country_acc[$country_name]['events'] += $num_events;
$country_acc[$country_name]['flag'] = ($country_name != _("Unknown Country")) ? (($country=="local") ? "<img src=\"images/homelan.png\" border=0 title=\"$country_name\">" : " <img src=\"/ossim/pixmaps/flags/" . $country . ".png\" title=\"$country_name\">") : "";
$country_acc[$country_name]['flagr'] = ($country_name != _("Unknown Country")) ? (($country=="local") ? $current_url."/forensics/images/homelan.png" : $current_url."/pixmaps/flags/".$country.".png") : "";
$country_acc[$country_name]['code'] = $country;
} else {
$country_uhn['Unknown'] += $num_events;
$country_uhn[$field]++;
