Exemplo n.º 1
0
function update_ossim_incidents($dbconn, $vuln_incident_threshold, $hostip, $port, $risk, $desc, $scanid, $currentuser, $assignto)
{
    $id_pending = 65001;
    $id_false_positive = 6002;
    $risk = 8 - $risk;
    if ($vuln_incident_threshold >= $risk) {
        return;
    }
    $sql_inc = $dbconn->execute("SELECT incident_id FROM incident_vulns WHERE ip = '{$hostip}' AND port = '{$port}' AND nessus_id = '{$scanid}'");
    $id_inc = $sql_inc->fields["incident_id"];
    if ($id_inc != "") {
        $dbconn->execute("UPDATE incident SET last_update = now() WHERE id = '{$id_inc}'");
        $sql_inc = $dbconn->execute("SELECT priority FROM incident WHERE status='Closed' and id = '{$id_inc}'");
        $priority = $sql_inc->fields["priority"];
        if ($priority != "") {
            $sql_inc = $dbconn->execute("SELECT incident_id FROM incident_tag WHERE incident_tag.incident_id = '{$id_inc}' AND incident_tag.tag_id = '{$id_false_positive}'");
            $hash_false_incident = $sql_inc->fields["incident_id"];
            if ($hash_false_incident == "") {
                $dbconn->execute("UPDATE incident SET status = 'Open' WHERE id = '{$id_inc}'");
                $ticket_id = genID($dbconn, "incident_ticket_seq");
                $dbconn->execute("INSERT INTO incident_ticket (id, incident_id, date, status, priority, users, description) values ('{$ticket_id}', '{$id_inc}', now(), 'Open', '{$priority}', '{$assignto}','Automatic open of the incident')");
            }
        }
    } else {
        $sql_inc = $dbconn->execute("SELECT name,reliability,priority FROM plugin_sid where plugin_id = 3001 and sid = '{$scanid}'");
        $name_psid = $sql_inc->fields["name"];
        $reliability_psid = $sql_inc->fields["reliability"];
        $priority_psid = $sql_inc->fields["priority"];
        $vuln_name = "";
        if ($name_psid != "") {
            $vuln_name = $name_psid;
        } else {
            $vuln_name = "Vulnerability - Unknown detail";
        }
        $priority = calc_priority($dbconn, $risk, $hostip, $scanid);
        $dbconn->execute("INSERT INTO incident(title, date, ref, type_id, priority, status, last_update, in_charge, submitter, event_start, event_end) VALUES('{$vuln_name}', now(), 'Vulnerability', 'Nessus Vulnerability', '{$priority}', 'Open', now(), '{$assignto}', '{$currentuser}', '0000-00-00 00:00:00', '0000-00-00 00:00:00')");
        $sql_inc = $dbconn->execute("SELECT MAX(id) id from incident");
        $incident_id = $sql_inc->fields["id"];
        #sanity check
        $desc = str_replace("\"", "'", $desc);
        $desc = trim($desc);
        $incident_vulns_id = genID($dbconn, "incident_vulns_seq");
        $dbconn->execute("INSERT INTO incident_vulns(id, incident_id, ip, port, nessus_id, risk, description) VALUES('{$incident_vulns_id}', '{$incident_id}', '{$hostip}', '{$port}', '{$scanid}', '{$risk}', \"{$desc}\")");
        $dbconn->execute("INSERT INTO incident_tag(tag_id, incident_id) VALUES({$id_pending}, '{$incident_id}')");
        Incident::insert_subscription($dbconn, $incident_id, $assignto);
    }
}
Exemplo n.º 2
0
            $data['status'] = 'error';
            echo json_encode($data);
        } else {
            $data['status'] = 'OK';
            echo json_encode($data);
        }
        exit;
    } else {
        if (is_array($validation_errors) && !empty($validation_errors)) {
            $data['status'] = 'error';
            $data['data'] = $validation_errors;
        } else {
            $data['status'] = 'OK';
            $action = POST('s_action');
            if ($action == 'subscribe') {
                Incident::insert_subscription($conn, $incident_id, $login);
            } elseif ($action == 'unsubscribe') {
                Incident::delete_subscriptions($conn, $incident_id, $login);
            }
            $db->close();
            header("Location: incident.php?id={$incident_id}&edit={$edit}");
            exit;
        }
    }
}
if (is_array($data['data']) && !empty($data['data'])) {
    $txt_error = "<div>" . _('We found the following errors') . ":</div>\n\t\t\t\t\t\t  <div style='padding:0px 3px 3px 15px;'>" . implode("<br/>", $data['data']) . "</div>";
    $config_nt = array('content' => $txt_error, 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'width: 80%; margin: 20px auto; text-align: left;');
    $nt = new Notification('nt_1', $config_nt);
    $nt->show();
}
Exemplo n.º 3
0
if ($id != "" && !Incident::user_incident_perms($conn, $id, 'show')) {
    die_error(_("Sorry, you are not allowed to perform this action"));
}
/* Subscriptions Management */
if ($action == 'subscrip') {
    // Only admin, entity admin and ticket owner
    if (!Incident::user_incident_perms($conn, $id, $action)) {
        die_error(_("You are not allowed to subscribe a new user because you are neither *admin* or the ticket owner"));
    }
    if (POST('login')) {
        if (!ossim_valid($id, OSS_DIGIT)) {
            die_error("Wrong ID");
        }
        if (ossim_valid(POST('login'), OSS_USER)) {
            if (POST('subscribe')) {
                Incident::insert_subscription($conn, $id, $_POST['login']);
            } elseif (POST('unsubscribe')) {
                Incident::delete_subscriptions($conn, $id, $_POST['login']);
            }
        } else {
            die_error("Invalid user");
        }
    }
    if (intval(POST('nohmenu')) == 1) {
        header("Location: incident.php?id={$id}&edit={$edit}&nohmenu=1");
    } else {
        header("Location: incident.php?id={$id}&edit={$edit}");
    }
    exit;
}
/* New ticket */