$qs->PrintResultCnt("", array(), $displaying);
echo '<FORM METHOD="post" name="PacketForm" id="PacketForm" ACTION="base_stat_alerts.php">';
$qro->PrintHeader();
$i = 0;
$report_data = array();
// data to fill report_data
// The below is due to changes in the queries...
// We need to verify that it works all the time -- Kevin
$and = strpos($where, "WHERE") != 0 ? " AND " : " WHERE ";
while (($myrow = $result->baseFetchRow()) && $i < $qs->GetDisplayRowCnt()) {
if ($myrow["plugin_id"] == "" || $myrow["plugin_sid"] == "") {
continue;
}
//
$sig_id = $myrow["plugin_id"] . ";" . $myrow["plugin_sid"];
$signame = BuildSigByPlugin($myrow["plugin_id"], $myrow["plugin_sid"], $db);
//
/* get Total Occurrence */
$total_occurances = $myrow["sig_cnt"];
/* Get other data */
$num_sensors = $myrow["sid_cnt"];
$num_src_ip = $myrow["saddr_cnt"];
$num_dst_ip = $myrow["daddr_cnt"];
/* First and Last timestamp of this signature */
$start_time = $myrow["first_timestamp"];
$stop_time = $myrow["last_timestamp"];
if ($tz != 0) {
$start_time = gmdate("Y-m-d H:i:s", get_utc_unixtime($db, $start_time) + 3600 * $tz);
$stop_time = gmdate("Y-m-d H:i:s", get_utc_unixtime($db, $stop_time) + 3600 * $tz);
}
/* Print out (Colored Version) -- Alejandro */
function PrintEventsByIP($db, $ip)
{
$ip = Util::htmlentities($ip);
global $debug_mode;
$count = 0;
/* Jeffs stuff */
/* Count total events for the given address */
$event_cnt = EventCntByAddr($db, $ip);
/* Grab unique alerts and count them */
$unique_events = UniqueEventCntByAddr($db, $ip, $count);
$unique_event_cnt = count($unique_events);
printf("<B>" . gettext("%d unique events detected among %d events on %s") . "/32</B><BR>", $unique_event_cnt, $event_cnt, Util::htmlentities($ip));
/* Print the Statistics on Each of the Unique Alerts */
echo '<TABLE BORDER=0 class="table_list">
<TR>
<TD CLASS="headerbasestat">' . gettext("TCP Flags") . '</TD>
<TD CLASS="headerbasestat">' . gettext("Total<BR> Occurrences") . '</TD>
<TD CLASS="headerbasestat">' . gettext("Num of Sensors") . '</TD>
<TD CLASS="headerbasestat">' . gettext("First<BR> Occurrence") . '</TD>
<TD CLASS="headerbasestat">' . gettext("Last<BR> Occurrence") . '</TD>
</TR>';
for ($i = 0; $i < $unique_event_cnt; $i++) {
$current_event = $unique_events[$i];
$total = UniqueEventTotalsByAddr($db, $ip, $current_event);
$num_sensors = UniqueSensorCntByAddr($db, $ip, $current_event);
$start_time = StartTimeForUniqueEventByAddr($db, $ip, $current_event);
$stop_time = StopTimeForUniqueEventByAddr($db, $ip, $current_event);
$cellcolor = $i % 2 != 0 ? "bgcolor='#f2f2f2'" : "";
/* Print out */
echo "<TR {$cellcolor}>";
// if ($debug_mode > 1) {
// SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": Before BuildSigByID()");
// }
$signame = BuildSigByPlugin($unique_events[$i][0], $unique_events[$i][1], $db);
echo " <TD ALIGN='center'> " . str_replace("##", "", html_entity_decode($signame));
// if ($debug_mode > 1) {
// SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": After BuildSigByID()");
// }
$tmp_iplookup = 'base_qry_main.php?new=1&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($unique_events[$i][0] . ";" . $unique_events[$i][1]) . '&num_result_rows=-1&submit=' . gettext("Query DB") . '¤t_view=-1&ip_addr_cnt=2' . BuildIPFormVars(urlencode($ip));
$tmp_sensor_lookup = 'base_stat_sensor.php?sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($unique_events[$i][0] . ";" . $unique_events[$i][1]) . '&ip_addr_cnt=2' . BuildIPFormVars(urlencode($ip));
echo " <TD align='center'> <A HREF=\"{$tmp_iplookup}\">" . Util::htmlentities($total) . "</A> ";
echo " <TD align='center'> <A HREF=\"{$tmp_sensor_lookup}\">" . Util::htmlentities($num_sensors) . "</A> ";
//echo " <TD align='center'> $num_sensors";
echo " <TD align='center'> {$start_time}";
echo " <TD align='center' valign='middle'> {$stop_time}";
echo '</TR>';
}
echo "</TABLE>\n";
}
}
}
if (!$dst_latitude && !$dst_longitude) {
$record = $geoloc->get_location_from_file($current_dip);
if ($record->latitude != 0 && $record->longitude != 0) {
$dst_latitude = $record->latitude;
$dst_longitude = $record->longitude;
}
if (empty($dst_loc) && $record->country_name != '') {
$dst_loc = '<img src="../pixmaps/flags/' . strtolower($record->country_code) . '.png"/> <a target="_blank" href="' . $gmaps_url . '">' . $record->country_name . '</a>';
}
}
$dst_loc = str_replace('__LAT__', $src_latitude, str_replace('__LONG__', $src_longitude, $dst_loc));
$dbo->close($_conn);
// Signature
$htmlTriggeredSignature = explode("##", BuildSigByPlugin($plugin_id, $plugin_sid, $db));
// Extradata translation adding
$myrow2['filename'] = $myrow6['filename'];
$myrow2['username'] = $myrow6['username'];
for ($k = 1; $k <= 9; $k++) {
$myrow2['userdata' . $k] = $myrow6['userdata' . $k];
}
$signature = TranslateSignature($htmlTriggeredSignature[1], $myrow2);
// VIEW
$back = "<a href=\"base_qry_main.php?num_result_rows=-1&submit=Query+DB&caller=&pag={$pag}¤t_view={$pag}\">" . _('Security Events') . "</a>";
if (!array_key_exists("minimal_view", $_GET)) {
PrintPacketLookupBrowseButtons2($seq, $tmp_sql, $sort_sql[0] . $from . $where, $db, $previous, $next);
?>
<!-- Breadcrum -->
<div id="bread_crumb" class="av_breadcrumb">
<div class="av_breadcrumb_item av_link"><?php
' . ($tzcell ? '<TD nowrap>' . $event_date . ' ' . Util::timezone($tzone) . '</TD>' : '') . '
<TD>' . htmlspecialchars(@inet_ntop($myrow4["ip"]) ? $myrow4["name"] . " [" . inet_ntop($myrow4["ip"]) . "]" : _("Unknown")) . '</TD>
<TD>' . ($myrow4["interface"] == "" ? " <I>-</I> " : $myrow4["interface"]) . '</TD>
</TR>
</TABLE>
<br/>
<TABLE class="table_list">
<TR>
<th>' . _("Triggered Signature") . '</th>
<th>' . _("Event Type ID") . '</th>
<th>' . _("Category") . '</th>
<th>' . _("Sub-Category") . '</th>
</TR>
<TR>
<TD><a href="javascript:;" class="trlnka" id="' . $plugin_id . ';' . $plugin_sid . '">';
$htmlTriggeredSignature = str_replace("##", "", BuildSigByPlugin($plugin_id, $plugin_sid, $db));
// Extradata translation adding
$myrow2['filename'] = $myrow6['filename'];
$myrow2['username'] = $myrow6['username'];
for ($k = 1; $k <= 9; $k++) {
$myrow2['userdata' . $k] = $myrow6['userdata' . $k];
}
echo TranslateSignature($htmlTriggeredSignature, $myrow2) . '</a></TD>
<TD>' . $plugin_sid . '</TD>
<TD>' . $cat . '</TD>
<TD>' . $subcat . '</TD>
</TR>
</TABLE>
<br/>
<TABLE class="table_list">
<TR>
if ($tz != 0) {
$myrow["timestamp"] = gmdate("Y-m-d H:i:s", get_utc_unixtime($db, $myrow["timestamp"]) + 3600 * $tz);
}
$current_sip32 = $myrow["ip_src"];
$current_sip = baseLong2IP($current_sip32);
$current_dip32 = $myrow["ip_dst"];
$current_dip = baseLong2IP($current_dip32);
$current_proto = $myrow["ip_proto"];
$current_sport = $current_dport = "";
if ($myrow["layer4_sport"] != 0) {
$current_sport = ":" . $myrow["layer4_sport"];
}
if ($myrow["layer4_dport"] != 0) {
$current_dport = ":" . $myrow["layer4_dport"];
}
$current_sig = BuildSigByPlugin($myrow["plugin_id"], $myrow["plugin_sid"], $db);
$current_sig_txt = trim(html_entity_decode(strip_tags($current_sig)));
$current_otype = $myrow["ossim_type"];
$current_oprio = $myrow["ossim_priority"];
$current_oreli = $myrow["ossim_reliability"];
$current_oasset_s = $myrow["ossim_asset_src"];
$current_oasset_d = $myrow["ossim_asset_dst"];
$current_oriskc = $myrow["ossim_risk_c"];
$current_oriska = $myrow["ossim_risk_a"];
//
if ($portscan_payload_in_signature == 1) {
/* fetch from payload portscan open port number */
if (stristr($current_sig_txt, "(portscan) Open Port")) {
$sql2 = "SELECT data_payload FROM data WHERE sid='" . $myrow["sid"] . "' AND cid='" . $myrow["cid"] . "'";
$result2 = $db->baseExecute($sql2);
$myrow_payload = $result2->baseFetchRow();
function Description()
{
$tmp = $tmp_human = "";
if (isset($this->criteria[0]) && $this->criteria[0] != " " && isset($this->criteria[1]) && $this->criteria[1] != "") {
if ($this->criteria[0] == '=' && $this->criteria[2] == '!=') {
$tmp_human = '!=';
} else {
if ($this->criteria[0] == '=' && $this->criteria[2] == '=') {
$tmp_human = '=';
} else {
if ($this->criteria[0] == 'LIKE' && $this->criteria[2] == '!=') {
$tmp_human = ' ' . gettext("does not contain") . ' ';
} else {
if ($this->criteria[0] == 'LIKE' && $this->criteria[2] == '=') {
$tmp_human = ' ' . gettext("contains") . ' ';
}
}
}
}
$tmp = $tmp . gettext("Signature") . ' ' . $tmp_human . ' "';
$pidsid = explode(";", $this->criteria[1]);
if ($this->db->baseGetDBversion() >= 100 && $this->sig_type == 1) {
$tmp = $tmp . html_entity_decode(preg_replace("/.*##/", "", BuildSigByPlugin(intval($pidsid[0]), intval($pidsid[1]), $this->db))) . '" ' . $this->cs->GetClearCriteriaString($this->export_name);
} else {
$tmp = $tmp . Util::htmlentities($this->criteria[1], ENT_COMPAT, "UTF-8") . '"' . $this->cs->GetClearCriteriaString($this->export_name);
}
$tmp = $tmp . '<BR>';
}
return $tmp;
}
<TR><TD CLASS="header3" WIDTH=50 ALIGN=CENTER ROWSPAN=4>Meta</TD>
<TD>
<TABLE BORDER=0 CELLPADDING=4>
<TR><TD CLASS="header" >' . _("ID") . ' #</TD>
<TD CLASS="header" nowrap>' . _("Date") . " " . Util::timezone($tz) . '</TD>
' . ($tzcell ? '<TD CLASS="header" nowrap>' . _("Event date") . '</TD>' : '') . '
<TD CLASS="header">' . _("Triggered Signature") . '</TD>
<TD CLASS="header" nowrap>' . _("Data Source Name") . '</TD>
<TD CLASS="header" nowrap>' . _("Data Source ID") . '</TD>
<TD CLASS="header" nowrap>' . _("Event Type ID") . '</TD>
<TD></td></TR>
<TR><TD CLASS="plfield" nowrap>' . ($sid . " - " . $cid) . '</TD>
<TD CLASS="plfield" nowrap>' . htmlspecialchars($tzdate) . '</TD>
' . ($tzcell ? '<TD CLASS="plfield" nowrap>' . $event_date . '<br>' . Util::timezone($tzone) . '</TD>' : '') . '
<TD CLASS="plfield">';
$htmlTriggeredSignature = html_entity_decode(htmlspecialchars(str_replace("##", "", BuildSigByPlugin($plugin_id, $plugin_sid, $db))));
echo $htmlTriggeredSignature . '</TD>
<TD CLASS="plfield">' . $plugin_name . '</TD>
<TD CLASS="plfield">' . $plugin_id . '</TD>
<TD CLASS="plfield">' . $plugin_sid . '</TD>
' . ($_GET['minimal_view'] == "" ? '<TD CLASS="plfield"><a href="javascript:;" onclick="GB_show(\'' . _("Modify Rel/Prio") . '\',\'modify_relprio.php?id=' . $plugin_id . '&sid=' . $plugin_sid . '\',280,450)" class="greybox"><img src="../vulnmeter/images/pencil.png" border="0" alt="' . _("Modify Rel/Prio") . '" title="' . _("Modify Rel/Prio") . '"></a></td>' : '');
'<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0033" target="_blank"><img src="manage_references_icon.php?id=5" alt="cve" title="cve" border="0"></a> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-5976" target="_blank"><img src="manage_references_icon.php?id=5" alt="cve" title="cve" border="0"></a> pads: New service detectedArray
';
//<--
$return;
foreach (explode('http://cve.mitre.org/cgi-bin/cvename.cgi?name=', $htmlTriggeredSignature) as $key => $value) {
if ($key != 0) {
$posIni = strpos($value, "'");
if ($posIni !== false) {
$return[] = 'CVE-' . substr($value, 0, $posIni);
}
