Exemplo n.º 1
0
echo '<FORM METHOD="post" NAME="PacketForm" id="PacketForm" ACTION="base_stat_sensor.php">';
if ($qs->num_result_rows > 0) {
    $qro->PrintHeader();
}
$i = 0;
$sensorips = GetSensorSidsNames($db);
$report_data = array();
// data to fill report_data
if (is_array($_SESSION["server"]) && $_SESSION["server"][0] != "") {
    $_conn = $dbo->custom_connect($_SESSION["server"][0], $_SESSION["server"][2], $_SESSION["server"][3]);
} else {
    $_conn = $dbo->connect();
}
while (($myrow = $result->baseFetchRow()) && $i < $qs->GetDisplayRowCnt()) {
    $device_id = $myrow['device_id'];
    list($myrow['name'], $myrow['sensor_ip']) = explode(' - ', GetSensorName($myrow['sensor_id'], $db, true));
    $sensor_ip = $myrow['name'] == 'N/A' ? 'N/A' : $myrow['sensor_ip'];
    $device_ip = $myrow['device_ip'] != '' ? $myrow['device_ip'] . ($myrow['interface'] != '' ? ':' . $myrow['interface'] : '') : '-';
    $sname = $myrow['name'];
    $event_cnt = $myrow['event_cnt'];
    $unique_event_cnt = $myrow['sig_cnt'] != "" ? $myrow['sig_cnt'] : "-";
    $num_src_ip = $myrow['saddr_cnt'] != "" ? $myrow['saddr_cnt'] : "-";
    $num_dst_ip = $myrow['daddr_cnt'] != "" ? $myrow['daddr_cnt'] : "-";
    $_country_aux = $geoloc->get_country_by_host($conn, $sensor_ip);
    $country = strtolower($_country_aux[0]);
    $country_name = $_country_aux[1];
    $homelan = "";
    if ($country) {
        $country_img = " <img src=\"/ossim/pixmaps/flags/" . $country . ".png\" alt=\"{$country_name}\" title=\"{$country_name}\">";
        $slnk = $current_url . "/pixmaps/flags/" . $country . ".png";
    } else {
Exemplo n.º 2
0
// data to fill report_data
if (is_array($_SESSION["server"]) && $_SESSION["server"][0] != "") {
    $_conn = $dbo->custom_connect($_SESSION["server"][0], $_SESSION["server"][2], $_SESSION["server"][3]);
} else {
    $_conn = $dbo->connect();
}
while (($myrow = $result->baseFetchRow()) && $i < $qs->GetDisplayRowCnt()) {
    $ctx = $myrow["ctx"];
    $product_type = GetSourceType($myrow["product_type"], $db);
    $total_occurances = $myrow["events"];
    $urlp = "base_qry_main.php?new=1&submit=" . gettext("Query DB") . "&sourcetype=" . urlencode($myrow["product_type"]);
    //$urlp = "base_stat_ptypes.php?sort=occur_d&sourcetype=".urlencode($myrow["product_type"]);
    qroPrintEntryHeader($i);
    qroPrintEntry('&nbsp;&nbsp<a href="' . $urlp . '">' . $product_type . '</a>', 'left', "", "nowrap");
    qroPrintEntry('&nbsp;<a href="' . $urlp . '">' . Util::number_format_locale($total_occurances, 0) . '</a>', "center", "", "");
    qroPrintEntry(Session::show_entities() && !empty($entities[$ctx]) ? $entities[$ctx] : (Session::show_entities() ? _("Unknown") : GetSensorName($ctx, $db)), "center", "", "");
    qroPrintEntry("&nbsp<A class='usig' id='sg" . $myrow["product_type"] . "-{$ctx}' HREF='{$urlp}'>-</a>", "left", "", "");
    qroPrintEntry("<div id='ts" . $myrow["product_type"] . "-{$ctx}'>-</div>", "center", "", "nowrap");
    qroPrintEntryFooter();
    $i++;
    $prev_time = null;
}
$result->baseFreeRows();
$dbo->close($_conn);
$qro->PrintFooter();
$qs->PrintBrowseButtons();
$qs->PrintAlertActionButtons();
$qs->SaveState();
echo "\n</FORM>\n";
PrintBASESubFooter();
if ($debug_time_mode >= 1) {
Exemplo n.º 3
0
    if ($addr_type == 1) {
        if ($no_ip) {
            $url_criteria = BuildSrcIPFormVars(NULL_IP);
        } else {
            $url_criteria = BuildSrcIPFormVars($currentIP);
        }
    } else {
        if ($addr_type == 2) {
            if ($no_ip) {
                $url_criteria = BuildDstIpFormVars(NULL_IP);
            } else {
                $url_criteria = BuildDstIPFormVars($currentIP);
            }
        }
    }
    $sens = Session::show_entities() && !empty($entities[$ctx]) ? $entities[$ctx] : (Session::show_entities() ? _("Unknown") : GetSensorName($ctx, $db));
    qroPrintEntry($sens, "center", "middle");
    qroPrintEntry('<A HREF="' . $tmp_iplookup . $url_criteria . '">' . Util::number_format_locale($num_events, 0) . '</A>', "center", "middle");
    qroPrintEntry('<A HREF="' . $tmp_iplookup2 . $url_criteria . '">' . Util::number_format_locale($num_sig, 0) . '</A>', "center", "middle");
    qroPrintEntry(Util::number_format_locale($num_ip, 0), "center", "middle");
    if (file_exists("../kml/GoogleEarth.php") && $currentIP != "0.0.0.0" && $currentIP != "::") {
        qroPrintEntry("<a href='' onclick='window.open(\"../kml/TourConfig.php?type={$addr_type_name}&ip={$currentIP}\",\"IP {$currentIP} " . ($addr_type == 2 ? _("sources") : _("destinations")) . " - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' title='" . _("Geolocation Tour") . "' src='../pixmaps/google_earth_icon.png' border='0'></a>&nbsp;&nbsp;<a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type={$addr_type_name}&ip={$currentIP}\",\"IP {$currentIP} " . ($addr_type == 2 ? _("sources") : _("destinations")) . " - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img title='" . _("Geolocation Map") . "' align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>");
    } else {
        qroPrintEntry('');
    }
    qroPrintEntryFooter();
    ++$i;
    // report_data
    $report_data[] = array($currentIP, '', $num_sig, $num_ip, "", "", "", "", "", "", $sens, intval($_GET['addr_type']), 0, $num_events, $country_img);
}
$result->baseFreeRows();
Exemplo n.º 4
0
 function Description()
 {
     $tmp = "";
     //if ($this->criteria != " " && $this->criteria != "") $tmp = $tmp . gettext("Sensor") . ' = [' . Util::htmlentities($this->criteria, ENT_COMPAT, "UTF-8") . '] (' . GetSensorName($this->criteria, $this->db) .')'. $this->cs->GetClearCriteriaString($this->export_name) . '<BR>';
     if ($this->criteria != " " && $this->criteria != "") {
         $tmp = $tmp . gettext("Sensor") . ' = (' . GetSensorName($this->criteria, $this->db) . ')' . $this->cs->GetClearCriteriaString($this->export_name) . '<BR>';
     }
     return $tmp;
 }
Exemplo n.º 5
0
    }
    // SENSOR Filter mysql layer (not implemented)
    //$query = "SELECT DISTINCT ac_sensor_sid.sid, sum(ac_sensor_sid.cid) as event_cnt, (select count(distinct plugin_id, plugin_sid) from ac_sensor_signature where ac_sensor_signature.sid=ac_sensor_sid.sid and ac_sensor_sid.day=ac_sensor_signature.day) as sig_cnt, (select count(distinct(ip_src)) from ac_sensor_ipsrc where ac_sensor_sid.sid=ac_sensor_ipsrc.sid and ac_sensor_sid.day=ac_sensor_ipsrc.day) as saddr_cnt, (select count(distinct(ip_dst)) from ac_sensor_ipdst where ac_sensor_sid.sid=ac_sensor_ipdst.sid and ac_sensor_sid.day=ac_sensor_ipdst.day) as daddr_cnt, min(ac_sensor_sid.first_timestamp) as first_timestamp, max(ac_sensor_sid.last_timestamp) as last_timestamp FROM ac_sensor_sid FORCE INDEX(primary) GROUP BY ac_sensor_sid.sid ORDER BY event_cnt DESC LIMIT 10";
    $query = "SELECT DISTINCT sid, sum(cid) as event_cnt FROM ac_sensor_sid GROUP BY sid ORDER BY event_cnt DESC";
} else {
    $query = "SELECT DISTINCT sid, sum(cid) as event_cnt FROM ac_sensor_sid GROUP BY sid ORDER BY event_cnt DESC";
}
if (!($rs =& $conn->Execute($query))) {
    print $conn->ErrorMsg();
    exit;
}
$s = 0;
$data = array();
while (!$rs->EOF) {
    // SENSOR Filter PHP layer
    $sensor_plugin = explode("-", GetSensorName($rs->fields["sid"], $conn), 2);
    if ($s < 20 && (Session::allowedSensors() == "" || $sensorkeys[$sensor_plugin[0]] > 0)) {
        $plugin = $sensor_plugin[1] != "" ? preg_replace("/:.*/", "", $sensor_plugin[1]) : "snort";
        if ($plugin == "") {
            $plugin = "snort";
        }
        $plugin = preg_replace("/ossec-.*/", "ossec", $plugin);
        $sensor_plugin[0] = preg_replace("/:.*/", "", $sensor_plugin[0]);
        $sensor = $sensors[$sensor_plugin[0]] != "" ? $sensors[$sensor_plugin[0]] : $sensor_plugin[0];
        $data[$sensor][$plugin] += $rs->fields["event_cnt"];
        $s++;
    }
    $rs->MoveNext();
}
$header = $events = array();
$header[] = "";
Exemplo n.º 6
0
             $srcud[] = Util::htmlentities($idm_u . $idm_d);
         } else {
             $dstud[] = Util::htmlentities($idm_u . $idm_d);
         }
     }
 }
 $myrow["src_userdomain"] = implode(", ", $srcud);
 $myrow["dst_userdomain"] = implode(", ", $dstud);
 $rs_id->baseFreeRows();
 $myrow["src_mac"] = formatMAC($myrow["src_mac"]);
 $myrow["dst_mac"] = formatMAC($myrow["dst_mac"]);
 //
 // SID, CID, PLUGIN_*
 $cell_data['ID'] = $eid;
 $cell_align['ID'] = "center";
 $sensor_name = GetSensorName($myrow["device_id"], $db);
 if ($sensor_name == 'Unknown' || $sensor_name == 'N/A') {
     $sensor_msg = _("Directive events are generated in servers, not in sensors");
     $cell_data['SENSOR'] = '<A class="trlnk" alt="' . $sensor_msg . '" title="' . $sensor_msg . '" HREF="#">' . _("N/A") . '</A>';
     $cell_pdfdata['SENSOR'] = _("N/A");
 } else {
     $sensor_msg = $sensorips[$myrow["device_id"]];
     $s_url = Menu::get_menu_url("base_qry_main.php?new=2&num_result_rows=-1&submit=Query+DB&current_view=-1&sensor=" . $myrow["device_id"], 'analysis', 'security_events', 'security_events');
     $cell_data['SENSOR'] = '<a class="trlnk" alt="' . Util::htmlentities($sensor_msg) . '" title="' . Util::htmlentities($sensor_msg) . '" href="' . $s_url . '">' . Util::htmlentities($sensor_name) . '</a>';
     $cell_pdfdata['SENSOR'] = Util::htmlentities($sensor_name);
 }
 $cell_align['SENSOR'] = "center";
 $e_url = Menu::get_menu_url("base_qry_main.php?new=2&num_result_rows=-1&submit=Query+DB&current_view=-1&ctx={$ctx}", 'analysis', 'security_events', 'security_events');
 $cell_data['ENTITY'] = '<a class="trlnk" href="' . $e_url . '">' . Util::htmlentities(!empty($entities[$ctx]) ? $entities[$ctx] : _("Unknown")) . '</a>';
 $cell_align['ENTITY'] = "center";
 $cell_data['ENTITY'] = Util::htmlentities(!empty($entities[$ctx]) ? $entities[$ctx] : _("Unknown"));