function DisplayGraphs($type)
{
$self = Menu::get_menu_url('/ossim/nfsen/nfsen.php?tab=2', 'environment', 'netflow', 'details');
$profile = $_SESSION['profile'];
$profilegroup = $_SESSION['profilegroup'];
if ($profilegroup == '.') {
print "<h2>Profile: " . Util::htmlentities($profile) . ", Group: (nogroup) - " . Util::htmlentities($type) . "</h2>\n";
} else {
print "<h2>Profile: " . Util::htmlentities($profile) . ", Group: " . Util::htmlentities($profilegroup . " - " . $type) . "</h2>\n";
}
if ($_SESSION['profileinfo']['graphs'] != 'ok') {
print "<h2>No data available!</h2>\n";
return;
}
$profileswitch = "{$profilegroup}/{$profile}";
print "<center><a href='" . Util::htmlentities($self) . (preg_match("/\\?/", $self) ? "&" : "?") . "tab=2&win=day&type=" . urlencode($type) . "'> <IMG src='pic.php?profileswitch=" . urlencode($profileswitch) . "&file={$type}-day' width='669' height='281' border='0'></a>\n";
print "<br>";
print "<a href='" . Util::htmlentities($self) . (preg_match("/\\?/", $self) ? "&" : "?") . "tab=2&win=week&type=" . urlencode($type) . "'> <IMG src='pic.php?profileswitch=" . urlencode($profileswitch) . "&file={$type}-week' width='669' height='281' border='0'></a>\n";
print "<br>";
print "<a href='" . Util::htmlentities($self) . (preg_match("/\\?/", $self) ? "&" : "?") . "tab=2&win=month&type=" . urlencode($type) . "'> <IMG src='pic.php?profileswitch=" . urlencode($profileswitch) . "&file={$type}-month' width='669' height='281' border='0'></a>\n";
print "<br>";
print "<a href='" . Util::htmlentities($self) . (preg_match("/\\?/", $self) ? "&" : "?") . "tab=2&win=year&type=" . urlencode($type) . "'> <IMG src='pic.php?profileswitch=" . urlencode($profileswitch) . "&file={$type}-year' width='669' height='281' border='0'></a>\n";
print "<br></center>";
}
<tr>
<td class="nobborder"><img src="../pixmaps/loading3.gif"></td>
<td class="nobborder"><?php
echo _("Loading data...");
?>
</td>
</tr>
</table>
</div>
<?php
// Honeypot Events List
if ($type == "honeypot_events") {
$text_column = _("Event");
$value_column = _("Count");
$nodata_text .= _(" for <i>Honeypot</i>");
$f_url = Menu::get_menu_url("../forensics/base_qry_main.php?clear_allcriteria=1&time_range=week&time[0][0]=+&time[0][1]=>%3D&time[0][2]=" . gmdate("m", $timetz - $range) . "&time[0][3]=" . gmdate("d", $timetz - $range) . "&time[0][4]=" . gmdate("Y", $timetz - $range) . "&time[0][5]=&time[0][6]=&time[0][7]=&time[0][8]=+&time[0][9]=+&submit=Query+DB&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=QQQ&sort_order=time_d", 'analysis', 'security_events', 'security_events');
$query = "select count(*) as val,p.name,p.plugin_id,p.sid FROM snort.acid_event a,ossim.plugin_sid p WHERE p.plugin_id=a.plugin_id AND p.sid=a.plugin_sid AND p.category_id=19 AND a.timestamp BETWEEN '" . gmdate("Y-m-d H:i:s", gmdate("U") - $range) . "' AND '" . gmdate("Y-m-d H:i:s") . "' {$sensor_where} group by p.name order by val desc limit 10";
}
if (!($rs =& $conn->Execute($query))) {
print $conn->ErrorMsg();
exit;
}
$data = array();
while (!$rs->EOF) {
$data[] = array("text" => $rs->fields['name'], "value" => $rs->fields['val'], "link" => str_replace("QQQ", $rs->fields["plugin_id"] . "%3B" . $rs->fields["sid"], $f_url));
$rs->MoveNext();
}
$db->close();
?>
<div id="content" style="display:none;height:100%">
<table width="100%" height="100%" cellpadding=3 cellspacing=0 style="border:0px">
break;
case 'siemdays':
//Amount of days to show in the widget.
$max = $chart_info['range'] == '' ? 7 : $chart_info['range'];
//Type of graph. In this case is the simple raphael.
$js = "analytics";
//Retrieving the data of the widget
$values = SIEM_trends_week("", $max, $assets_filters);
//Formating the info into a generinf format valid for the handler.
for ($i = $max - 1; $i >= 0; $i--) {
$tref = $timetz - 86400 * $i;
$d = gmdate("j M", $tref);
$label[] = $d;
$key = $d;
$data[] = $values[$d] != "" ? $values[$d] : 0;
$link = Menu::get_menu_url("/ossim/forensics/base_qry_main.php?clear_allcriteria=1&time_range=range&time[0][0]=+&time[0][1]=>%3D&time[0][2]=" . gmdate("m", $tref) . "&time[0][3]=" . gmdate("d", $tref) . "&time[0][4]=" . gmdate("Y", $tref) . "&time[0][5]=00&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=" . gmdate("m", $tref) . "&time[1][3]=" . gmdate("d", $tref) . "&time[1][4]=" . gmdate("Y", $tref) . "&time[1][5]=23&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d&hmenu=Forensics&smenu=Forensics", 'analysis', 'security_events');
$links[$key] = $link;
}
//Widget's links
$siem_url = $links;
$colors = "'#444444'";
//Message in case of empty widget.
$nodata_text = "No data available yet";
break;
//In case of error a message will be shown.
//In case of error a message will be shown.
default:
$nodata_text = _("Unknown Type");
}
$db->close();
//Now the handler is called to draw the proper widget, this is: any kind of chart, tag_cloud, etc...
$(document).ready(function(){
GB_TYPE = 'w';
$("a.greybox").click(function(){
var t = this.title || $(this).text() || this.href;
GB_show(t,this.href, 400, 600);
return false;
});
if (!parent.is_lightbox_loaded(window.name))
{
$('.c_back_button').show();
}
<?php
$p_url = Menu::get_menu_url('/ossim/conf/plugin.php', 'configuration', 'threat_intelligence', 'data_source');
?>
$(".c_back_button").click(function(){
document.location.href='<?php
echo $p_url;
?>
';
});
});
</script>
<style type='text/css'>
#t_ref{
margin: 50px auto;
max-width: 1200px;
white-space: nowrap;
function get_report_data($id = NULL)
{
$conf = $GLOBALS['CONF'];
$conf = !$conf ? new Ossim_conf() : $conf;
$y = strftime('%Y', time() - 24 * 60 * 60 * 30);
$m = strftime('%m', time() - 24 * 60 * 60 * 30);
$d = strftime('%d', time() - 24 * 60 * 60 * 30);
$reports['asset_report'] = array('report_name' => _('Asset Details'), 'report_id' => 'asset_report', 'type' => 'external', 'link_id' => 'link_ar_asset', 'link' => '', 'parameters' => array(array('name' => _('Host Name/IP/Network'), 'id' => 'ar_asset', 'type' => 'asset', 'default_value' => '')), 'access' => Session::menu_perms('environment-menu', 'PolicyHosts') || Session::menu_perms('environment-menu', 'PolicyNetworks'), 'send_by_email' => 0);
$status_values = array('All' => array('text' => _('All')), 'Open' => array('text' => _('Open')), 'Assigned' => array('text' => _('Assigned')), 'Studying' => array('text' => _('Studying')), 'Waiting' => array('text' => _('Waiting')), 'Testing' => array('text' => _('Testing')), 'Closed' => array('text' => _('Closed')));
$types_values = array('ALL' => array('text' => _('ALL')), 'Expansion Virus' => array('text' => _('Expansion Virus')), 'Corporative Nets Attack' => array('text' => _('Corporative Nets Attack')), 'Policy Violation' => array('text' => _('Policy Violation')), 'Security Weakness' => array('text' => _('Security Weakness')), 'Net Performance' => array('text' => _('Net Performance')), 'Applications and Systems Failures' => array('text' => _('Applications and Systems Failures')), 'Anomalies' => array('text' => _('Anomalies')), 'Vulnerability' => array('text' => _('Vulnerability')));
$priority_values = array('High' => _('High'), 'Medium' => _('Medium'), 'Low' => _('Low'));
$reports['tickets_report'] = array('report_name' => _('Tickets Report'), 'report_id' => 'tickets_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'alarm' => array('id' => 'alarm', 'name' => _('Alarm'), 'report_file' => 'os_reports/Tickets/Alarm.php'), 'event' => array('id' => 'event', 'name' => _('Event'), 'report_file' => 'os_reports/Tickets/Event.php'), 'anomaly' => array('id' => 'anomaly', 'name' => _('Anomaly'), 'report_file' => 'os_reports/Tickets/Anomaly.php'), 'vulnerability' => array('id' => 'vulnerability', 'name' => _('Vulnerability'), 'report_file' => 'os_reports/Tickets/Vulnerability.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'tr_date_from', 'date_to_id' => 'tr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d'))), array('name' => _('Status'), 'id' => 'tr_status', 'type' => 'select', 'values' => $status_values), array('name' => _('Type'), 'id' => 'tr_type', 'type' => 'select', 'values' => $types_values), array('name' => _('Priority'), 'id' => 'tr_priority', 'type' => 'checkbox', 'values' => $priority_values)), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 1);
$reports['alarm_report'] = array('report_name' => _('Alarms Report'), 'report_id' => 'alarm_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Alarms/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Alarms/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Alarms/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Alarms'), 'report_file' => 'os_reports/Alarms/TopAlarms.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Alarms by Risk'), 'report_file' => 'os_reports/Alarms/TopAlarmsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'ar_date_from', 'date_to_id' => 'ar_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'ControlPanelAlarms'), 'send_by_email' => 1);
$reports['bc_pci_report'] = array('report_name' => _('Business & Compliance ISO PCI Report'), 'report_id' => 'bc_pci_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'threat_overview' => array('id' => 'threat_overview', 'name' => _('Threat overview'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ThreatOverview.php'), 'bri_risks' => array('id' => 'bri_risks', 'name' => _('Business real impact risks'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/BusinessPotentialImpactsRisks.php'), 'ciap_impact' => array('id' => 'ciap_impact', 'name' => _('C.I.A Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/CIAPotentialImpactsRisks.php'), 'pci_dss' => array('id' => 'pci_dss', 'name' => _('PCI-DSS 2.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS.php'), 'pci_dss3' => array('id' => 'pci_dss3', 'name' => _('PCI-DSS 3.0'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/PCI-DSS3.php'), 'trends' => array('id' => 'trends', 'name' => _('Trends'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/Trends.php'), 'iso27002_p_impact' => array('id' => 'iso27002_p_impact', 'name' => _('ISO27002 Potential impact'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27002PotentialImpact.php'), 'iso27001' => array('id' => 'iso27001', 'name' => _('ISO27001'), 'report_file' => 'os_reports/BusinessAndComplianceISOPCI/ISO27001.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'bc_pci_date_from', 'date_to_id' => 'bc_pci_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('report-menu', 'ReportsReportServer'), 'send_by_email' => 1);
$reports['siem_report'] = array('report_name' => _('SIEM Events'), 'report_id' => 'siem_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'top_attacker_host' => array('id' => 'top_attacker_host', 'name' => _('Top 10 Attacker Host'), 'report_file' => 'os_reports/Siem/AttackerHosts.php'), 'top_attacked_host' => array('id' => 'top_attacked_host', 'name' => _('Top 10 Attacked Host'), 'report_file' => 'os_reports/Siem/AttackedHosts.php'), 'used_port' => array('id' => 'used_port', 'name' => _('Top 10 Used Ports'), 'report_file' => 'os_reports/Siem/UsedPorts.php'), 'top_events' => array('id' => 'top_events', 'name' => _('Top 15 Events'), 'report_file' => 'os_reports/Siem/TopEvents.php'), 'events_by_risk' => array('id' => 'events_by_risk', 'name' => _('Top 15 Events by Risk'), 'report_file' => 'os_reports/Siem/TopEventsByRisk.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'sr_date_from', 'date_to_id' => 'sr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
$reports['vulnerabilities_report'] = array('report_name' => _('Vulnerabilities Report'), 'report_id' => 'vulnerabilities_report', 'type' => 'external', 'target' => '_blank', 'link_id' => 'link_vr', 'link' => Menu::get_menu_url('../vulnmeter/lr_respdf.php?ipl=all&scantype=M', 'environment', 'vulnerabilities', 'overview'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
$reports['th_vuln_db'] = array('report_name' => _('Threats & Vulnerabilities Database'), 'report_id' => 'th_vuln_db', 'type' => 'external', 'link_id' => 'link_tvd', 'link' => Menu::get_menu_url('../vulnmeter/threats-db.php', 'environment', 'vulnerabilities', 'threat_database'), 'access' => Session::menu_perms('analysis-menu', 'EventsVulnerabilities'), 'send_by_email' => 0);
$reports['ticket_status'] = array('report_name' => _('Tickets Status'), 'report_id' => 'ticket_status', 'type' => 'external', 'link_id' => 'link_tr', 'link' => Menu::get_menu_url('../report/incidentreport.php', 'analysis', 'tickets', 'tickets'), 'access' => Session::menu_perms('analysis-menu', 'IncidentsIncidents'), 'send_by_email' => 0);
$db = new ossim_db();
$conn = $db->connect();
$user = Session::get_session_user();
$session_list = Session::get_list($conn, 'ORDER BY login');
if (preg_match('/pro|demo/', $conf->get_conf('ossim_server_version')) && !Session::am_i_admin()) {
$myusers = Acl::get_my_users($conn, Session::get_session_user());
if (count($myusers) > 0) {
$is_pro_admin = 1;
}
}
// User Log lists
if (Session::am_i_admin()) {
$user_values[''] = array('text' => _('All'));
if ($session_list) {
foreach ($session_list as $session) {
$login = $session->get_login();
$user_values[$login] = $login == $user ? array('text' => $login, 'selected' => TRUE) : array('text' => $login);
}
}
} elseif ($is_pro_admin) {
foreach ($myusers as $myuser) {
$user_values[$myuser['login']] = array('text' => $myuser['login']);
$user_values[$user] = array('text' => $user, 'selected' => TRUE);
}
} else {
$user_values[$user] = array('text' => $user);
}
$code_list = Log_config::get_list($conn, 'ORDER BY descr');
$action_values[''] = array('text' => _('All'));
if ($code_list) {
foreach ($code_list as $code_log) {
$code_aux = $code_log->get_code();
$action_values[$code_aux] = array('text' => '[' . sprintf("%02d", $code_aux) . '] ' . _(preg_replace('|%.*?%|', " ", $code_log->get_descr())));
}
}
$reports['user_activity'] = array('report_name' => _('User Activity Report'), 'report_id' => 'user_activity', 'type' => 'external', 'link_id' => 'link_ua', 'link' => Menu::get_menu_url('../userlog/user_action_log.php', 'settings', 'settings', 'user_activity'), 'parameters' => array(array('name' => _('User'), 'id' => 'ua_user', 'type' => 'select', 'values' => $user_values), array('name' => _('Action'), 'id' => 'ua_action', 'type' => 'select', 'values' => $action_values)), 'access' => Session::menu_perms('settings-menu', 'ToolsUserLog'), 'send_by_email' => 0);
$reports['geographic_report'] = array('report_name' => _('Geographic Report'), 'report_id' => 'geographic_report', 'type' => 'pdf', 'subreports' => array('title_page' => array('id' => 'title_page', 'name' => _('Title Page'), 'report_file' => 'os_reports/Common/titlepage.php'), 'geographic_report' => array('id' => 'geographic_report', 'name' => _('Geographic Report'), 'report_file' => 'os_reports/Various/Geographic.php')), 'parameters' => array(array('name' => _('Date Range'), 'date_from_id' => 'gr_date_from', 'date_to_id' => 'gr_date_to', 'type' => 'date_range', 'default_value' => array('date_from' => $y . '-' . $m . '-' . $d, 'date_to' => date('Y') . '-' . date('m') . '-' . date('d')))), 'access' => Session::menu_perms('analysis-menu', 'EventsForensics'), 'send_by_email' => 1);
//Sensor list
$sensor_values[''] = array('text' => ' -- ' . _('Sensors no found') . ' -- ');
$filters = array('order_by' => 'name');
$sensor_list = Av_sensor::get_basic_list($conn, $filters);
$filters = array('order_by' => 'priority desc');
list($sensor_list, $sensor_total) = Av_sensor::get_list($conn, $filters);
if ($sensor_total > 0) {
$sensor_values = array();
foreach ($sensor_list as $s) {
$properties = $s['properties'];
if ($properties['has_nagios']) {
$sensor_values[$s['ip']] = array('text' => $s['name']);
}
}
}
/* Nagios link */
$nagios_link = $conf->get_conf('nagios_link');
$scheme = empty($_SERVER['HTTPS']) ? 'http://' : 'https://';
$path = !empty($nagios_link) ? $nagios_link : '/nagios3/';
$port = !empty($_SERVER['SERVER_PORT']) ? ':' . $_SERVER['SERVER_PORT'] : "";
$nagios = $port . $path;
$section_values = array(urlencode($nagios . 'cgi-bin/trends.cgi') => array('text' => _('Trends')), urlencode($nagios . 'cgi-bin/avail.cgi') => array('text' => _('Availability')), urlencode($nagios . 'cgi-bin/histogram.cgi') => array('text' => _('Event Histogram')), urlencode($nagios . 'cgi-bin/history.cgi?host=all') => array('text' => _('Event History')), urlencode($nagios . 'cgi-bin/summary.cgi') => array('text' => _('Event Summary')), urlencode($nagios . 'cgi-bin/notifications.cgi') => array('text' => _('Notifications')), urlencode($nagios . 'cgi-bin/showlog.cgi') => array('text' => _('Performance Info')));
$reports['availability_report'] = array('report_name' => _('Availability Report'), 'report_id' => 'availability_report', 'type' => 'external', 'link_id' => 'link_avr', 'click' => "nagios_link('avr_nagios_link', 'avr_sensor', 'avr_section');", 'parameters' => array(array('name' => _('Sensor'), 'id' => 'avr_sensor', 'type' => 'select', 'values' => $sensor_values), array('name' => 'Nagioslink', 'id' => 'avr_nagios_link', 'type' => 'hidden', 'default_value' => urlencode($scheme)), array('name' => _('Section'), 'id' => 'avr_section', 'type' => 'select', 'values' => $section_values)), 'access' => Session::menu_perms('environment-menu', 'MonitorsAvailability'), 'send_by_email' => 0);
$db->close();
if ($id == NULL) {
ksort($reports);
return $reports;
} else {
return !empty($reports[$id]) ? $reports[$id] : array();
}
}
echo _('Enable');
?>
</a></td>
<?php
}
?>
<td>
<table class="noborder">
<tr>
<td class="small nobborder" nowrap='nowrap'><i><?php
echo $event["timestamp"];
?>
</i> </td>
<td class="small nobborder">
<?php
$f_url = Menu::get_menu_url($acid_main_link . "&plugin=" . urlencode($sensor_plugin["plugin_id"]), 'analysis', 'security_events', 'security_events');
?>
<a href="<?php
echo $f_url;
?>
"><strong><?php
echo $event["sig_name"];
?>
</strong></a>
</td>
</tr>
</table>
</td>
</tr>
<img src='../pixmaps/risk_home.png' alt='<?php
echo _('Home');
?>
' title='<?php
echo _("Go to default map");
?>
'/>
</a>
</div>
<div class='rb_right btn_info'>
<?php
if (!empty($_SESSION['path_riskmaps'][$map]) && $_SESSION['path_riskmaps'][$map] != $map && preg_match('/view\\.php/', $_SERVER['HTTP_REFERER'])) {
?>
<a href='<?php
echo Menu::get_menu_url('view.php?back_map=' . $_SESSION['path_riskmaps'][$map], 'dashboard', 'riskmaps', 'overview');
?>
'>
<img src='../pixmaps/risk_back.png' alt='<?php
echo _('Previous');
?>
' title='<?php
echo _('Previous map');
?>
'/>
</a>
<?php
} else {
?>
<img src='../pixmaps/risk_back.png' class='bt_opacity' alt='<?php
echo _('Previous');
$url .= $msg != NULL ? '&' : '?';
$url .= "action=expire_session&user_id={$exp_user}&token=" . Token::generate('tk_f_users');
}
}
?>
<script type='text/javascript'>document.location.href="<?php
echo $url;
?>
"</script>
<?php
}
} else {
$db->close();
if ($greybox) {
$config_nt = array('content' => _('Invalid action - Operation cannot be completed'), 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'width: 80%; margin: 20px auto; text-align: left;');
$nt = new Notification('nt_1', $config_nt);
$nt->show();
} else {
$url = Menu::get_menu_url('users.php?msg=unknown_error', 'configuration', 'administration', 'users');
?>
<script type='text/javascript'>document.location.href="<?php
echo $url;
?>
";</script>
<?php
}
}
?>
</body>
</html>
foreach ($groups_engine as $group) {
$refresh .= "\$('#flextable_eng_{$j}').flexReload();\n";
?>
<tr>
<td valign="top" class='flex_eng'>
<table id="flextable_eng_<?php
echo $j;
?>
" style="display:none"></table>
<br>
</td>
</tr>
<?php
$j++;
}
$url = Menu::get_menu_url('/ossim/conf/index.php', 'configuration', 'administration', 'main');
$url .= "§ion=metrics#end";
?>
</table>
<div style='width:98%;padding-bottom:20px;margin:0 auto;'>
<div style='float:left;'>
<a href="<?php
echo $url;
?>
" style="color:gray">
<?php
echo _("Security Events process priority threshold");
?>
: <b><?php
echo $server_logger_if_priority;
?>
</b>
</td>
<td class="small nobborder center">
<?php
echo $event['event_date'];
?>
(<?php
echo $ago;
?>
)
</td>
<td class="small nobborder">
<a href="<?php
echo Menu::get_menu_url($acid_main_link . "&plugin=" . urlencode($plugin_id), 'analysis', 'security_events', 'security_events');
?>
"><b><?php
echo $event['sig_name'] != '' ? $event['sig_name'] : '-';
?>
</b></a>
</td>
</tr>
<?php
}
?>
</table>
<?php
$db->close();
$h_opt = $_SESSION['ri']['h_opt'];
unset($_SESSION['ri']);
$av_menu->set_menu_option($m_opt, $sm_opt);
$av_menu->set_hmenu_option($h_opt);
$_SESSION['av_menu'] = serialize($av_menu);
?>
var url = "<?php
echo $url;
?>
";
<?php
} else {
$url = $av_menu->get_current_url();
?>
var url = "<?php
echo Menu::get_menu_url($url, $av_menu->get_m_option(), $av_menu->get_sm_option(), $av_menu->get_h_option());
?>
";
<?php
}
?>
var b_url = av_menu.get_bookmark_url();
if(b_url != '')
{
url = b_url;
}
else
{
echo $v_profile_id;
?>
' <?php
echo $profile_data['selected'];
?>
><?php
echo $profile_data['name&description'];
?>
</option>
<?php
}
?>
</select>
<a href="<?php
echo Menu::get_menu_url('settings.php', 'environment', 'vulnerabilities', 'scan_jobs');
?>
">[ <?php
echo _("EDIT PROFILES");
?>
]</a>
</td>
</tr>
<tr>
<td class='job_option' style='vertical-align: top;'><div><?php
echo _('Schedule Method:');
?>
</div></td>
<td style='text-align:left'>
<select name='schedule_type' id='scheduleM'>
<label for='service'><?php
echo _('Service') . required();
?>
</label>
</th>
<td class="left">
<input type="text" class='vfield' name="service" id='service' value="<?php
echo $service;
?>
"/>
</td>
</tr>
<?php
if (Session::show_entities()) {
$e_url = Menu::get_menu_url('../acl/entities.php', 'environment', 'assets', 'structure');
?>
<tr>
<th>
<label for='ctx'><?php
echo _('Context') . required();
?>
</label><br/>
<span><a href="<?php
echo $e_url;
?>
"><?php
echo _("Insert new");
?>
?</a></span>
</th>
$geoloc->close();
break;
// Honeypot VoIP - Last Week
// Honeypot VoIP - Last Week
case "honeypot_voip":
$nodata_text .= _(" for <i>Honeypot</i>");
$sqlgraph = "select count(*) as num_events,x.userdata1 as name FROM alienvault_siem.acid_event a, alienvault_siem.extra_data x, alienvault.plugin_sid p WHERE p.plugin_id=a.plugin_id AND p.sid=a.plugin_sid AND p.category_id=19 AND a.id=x.event_id AND a.timestamp BETWEEN '" . gmdate("Y-m-d H:i:s", gmdate("U") - $range) . "' AND '" . gmdate("Y-m-d H:i:s") . "' {$sensor_where} group by x.userdata1 order by num_events desc limit 10";
//echo $sqlgraph;
if (!($rg = $conn->Execute($sqlgraph))) {
print $conn->ErrorMsg();
} else {
while (!$rg->EOF) {
if ($rg->fields['name'] == '') {
$rg->fields['name'] = _("Unknown plugin");
}
$url = Menu::get_menu_url($f_url . "&category%5B0%5D=19&userdata%5B0%5D=userdata1&userdata%5B1%5D=%3D&userdata%5B2%5D=" . $rg->fields['name'], 'analysis', 'security_events', 'security_events');
$data .= "['<a class=\"no_text_decoration\" href=\"{$url}\">" . str_replace('_', ' ', $rg->fields['name']) . "</a>'," . $rg->fields['num_events'] . "],";
$urls .= "'{$url}',";
$rg->MoveNext();
}
}
$colors = '"#FFFBCF","#EEE8AA","#F0E68C","#FFD700","#FF8C00","#DAA520","#D2691E","#B8860B","#7F631F"';
break;
default:
// ['Sony',7], ['Samsumg',13.3], ['LG',14.7], ['Vizio',5.2], ['Insignia', 1.2]
$data = "['" . _('Unknown Type') . "', 100]";
}
$data = preg_replace("/,\$/", '', $data);
$urls = preg_replace("/,\$/", '', $urls);
$db->close();
?>
}
//
// pcap
//
if (!empty($binary)) {
include "base_payload_pcap.php";
}
}
ExportHTTPVar("caller", $caller);
echo "</FORM>\n\n";
if (array_key_exists("minimal_view", $_GET)) {
echo "</FORM>\n\n";
?>
</div><br/><div class="center">
<button class="button" id="view_more" data-url="<?php
echo Menu::get_menu_url(AV_MAIN_PATH . "/forensics/base_qry_alert.php?noheader=true&pag={$pag}&submit=" . rawurlencode($submit), 'analysis', 'security_events', 'security_events');
?>
"><?php
echo _('View More');
?>
</button>
</div><br/>
<?php
}
?>
<link rel="stylesheet" type="text/css" href="/ossim/style/tipTip.css"/>
<link rel="stylesheet" type="text/css" href="/ossim/style/jquery.dataTables.css"/>
<script type="text/javascript" src="/ossim/js/jquery.tipTip-ajax.js"></script>
<script type="text/javascript" src="/ossim/js/jquery.dataTables.js"></script>
$src_img = $src_output['html_icon'];
// Dst
if ($no_resolv || !$dst_host) {
$s_dst_name = $s_dst_ip;
$ctx_dst = $ctx;
} elseif ($dst_host) {
$s_dst_name = $dst_host->get_name();
$ctx_dst = $dst_host->get_ctx();
}
// Dst icon and bold
$dst_output = Asset_host::get_extended_name($conn, $geoloc, $s_dst_ip, $ctx_dst, $event_info["dst_host"], $event_info["dst_net"]);
$homelan_dst = $dst_output['is_internal'];
$dst_img = $dst_output['html_icon'];
// Clean icon hover tiptip
$s_src_link = Menu::get_menu_url("../forensics/base_stat_ipaddr.php?clear_allcriteria=1&ip={$s_src_ip}", 'analysis', 'security_events', 'security_events');
$s_dst_link = Menu::get_menu_url("../forensics/base_stat_ipaddr.php?clear_allcriteria=1&ip={$s_dst_ip}", 'analysis', 'security_events', 'security_events');
$s_src_port = $s_src_port != 0 ? ":" . Port::port2service($conn, $s_src_port) : "";
$s_dst_port = $s_dst_port != 0 ? ":" . Port::port2service($conn, $s_dst_port) : "";
// Reputation info
$rep_src_icon = Reputation::getrepimg($event_info["rep_prio_src"], $event_info["rep_rel_src"], $event_info["rep_act_src"], $s_src_ip);
//$rep_src_bgcolor = Reputation::getrepbgcolor($event_info["rep_prio_src"]);
$rep_dst_icon = Reputation::getrepimg($event_info["rep_prio_dst"], $event_info["rep_rel_dst"], $event_info["rep_act_dst"], $s_dst_ip);
//$rep_dst_bgcolor = Reputation::getrepbgcolor($event_info["rep_prio_dst"]);
$c_src_homelan = $homelan_src ? 'bold alarm_netlookup' : '';
$source_link = $src_img . " <a href='{$s_src_link}' class='{$c_src_homelan}' data-title='{$s_src_ip}-{$ctx_src}' title='{$s_src_ip}'>" . $s_src_name . $s_src_port . "</a> {$rep_src_icon}";
$source_balloon = "<div id='" . $s_src_ip . ";" . $s_src_name . ";" . $event_info["src_host"] . "' ctx='{$ctx}' id2='" . $s_src_ip . ";" . $s_dst_ip . "' class='HostReportMenu'>";
$source_balloon .= $source_link;
$source_balloon .= "</div>";
$c_dst_homelan = $homelan_dst ? 'bold alarm_netlookup' : '';
$dest_link = $dst_img . " <a href='{$s_dst_link}' class='{$c_dst_homelan}' data-title='{$s_dst_ip}-{$ctx_dst}' title='{$s_dst_ip}'>" . $s_dst_name . $s_dst_port . "</a> {$rep_dst_icon}";
$dest_balloon = "<div id='" . $s_dst_ip . ";" . $s_dst_name . ";" . $event_info["dst_host"] . "' ctx='{$ctx}' id2='" . $s_dst_ip . ";" . $s_src_ip . "' class='HostReportMenu'>";
} else {
$data = "['" . _("No tickets") . "',0]";
$colors = '"#E9967A"';
}
break;
case 'ticketTags':
$type_graph = 'pie';
$legend = empty($_GET['legend']) ? "w" : GET('legend');
$ticket_by_tags = Incident::incidents_by_tag($conn, null, $user);
$i = 0;
if (is_array($ticket_by_tags) && !empty($ticket_by_tags)) {
if ($i < 10) {
foreach ($ticket_by_tags as $type => $ocurrences) {
$type_short = strlen($type) > 28 ? substr($type, 0, 25) . " [...]" : $type;
$data[] = "['" . $type_short . "'," . $ocurrences . "]";
$links[] = Menu::get_menu_url("../incidents/index.php?tag=" . Incident::get_id_by_tag($conn, $type) . "&status=not_closed", 'analysis', 'tickets', 'tickets');
}
} else {
break;
}
$data = implode(",", $data);
$links = "'" . implode("','", $links) . "'";
} else {
$data = "['" . _("No tickets") . "',0]";
$colors = '"#E9967A"';
}
break;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en">
<?php
if (count($info_error) > 0 || $content != '') {
$config_nt = array('content' => count($info_error) > 0 ? implode("<br/>", $info_error) : $content, 'options' => array('type' => $type != '' ? $type : 'nf_error', 'cancel_button' => FALSE), 'style' => 'width: 80%; margin: 20px auto; text-align: left;');
$nt = new Notification('nt_1', $config_nt);
$nt->show();
}
?>
<script type="text/javascript">
//<![CDATA[
<?php
$url = "index.php?src=" . urlencode($src) . "&dst=" . urlencode($dst) . "&timeout=" . urlencode($timeout) . "&cap_size=" . urlencode($cap_size) . "&raw_filter=" . urlencode($raw_filter) . "&sensor_ip=" . urlencode($sensor_ip) . "&sensor_interface=" . urlencode($sensor_interface);
if (count($info_error) > 0) {
$url .= "&soptions=1";
}
$m_url = Menu::get_menu_url($url, 'environment', 'traffic_capture', 'traffic_capture');
?>
setTimeout("document.location.href='<?php
echo $m_url;
?>
'", <?php
echo $jtimeout;
?>
);
//]]>
</script>
</body>
</html>
<?php
$db->close();
function list_results($type, $value, $ctx_filter, $sortby, $sortdir)
{
global $allres, $offset, $pageSize, $dbconn;
global $user, $arruser;
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$filteredView = FALSE;
$selRadio = array("", "", "", "");
$query_onlyuser = "";
$url_filter = "";
// Deprecated filter
//if(!empty($arruser)) {$query_onlyuser = "******";}
$sortby = "t1.results_sent DESC, t1.hostIP DESC";
$sortdir = "";
$queryw = "";
$queryl = "";
$querys = "SELECT distinct t1.hostIP, HEX(t1.ctx) as ctx, t1.scantime, t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t1.sid, t3.name as profile\n FROM vuln_nessus_latest_reports AS t1 LEFT JOIN vuln_nessus_settings AS t3 ON t1.sid = t3.id, vuln_nessus_latest_results AS t5\n WHERE\n t1.hostIP = t5.hostIP\n AND t1.ctx = t5.ctx\n AND t1.deleted = '0' ";
// set up the SQL query based on the search form input (if any)
if ($type == "scantime" && $value != "") {
$selRadio[0] = "CHECKED";
$q = $value;
$queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "service" && $value != "") {
$selRadio[5] = "CHECKED";
$q = $value;
$queryw = " AND t5.service LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Service") . "</b> = '*" . html_entity_decode($q) . "*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "freetext" && $value != "") {
$selRadio[6] = "CHECKED";
$q = $value;
$queryw = " AND t5.msg LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Free Text") . "</b> = '*" . html_entity_decode($q) . "*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "hostip" && $value != "") {
$selRadio[1] = "CHECKED";
$q = strtolower($value);
$queryw = " t1.hostIP LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for Host-IP") . "</b> = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "fk_name" && $value != "") {
$selRadio[2] = "CHECKED";
$q = strtolower($value);
$queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = _("Search for Subnet/CIDR") . " = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "username" && $value != "") {
$selRadio[3] = "CHECKED";
$q = strtolower($value);
$queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'";
$url_filter = "&type={$type}&value={$value}";
} else {
if ($type == "hn" && $value != "") {
if (!empty($ctx_filter)) {
$queryw = " AND t1.ctx=UNHEX('{$ctx_filter}')";
}
$selRadio[4] = "CHECKED";
if (preg_match("/\\//", $value)) {
$ip_range = array();
$ip_range = Cidr::expand_CIDR($value, "SHORT");
$queryw .= " AND (inet_aton(t1.hostIP) >= '" . $ip_range[0] . "' AND inet_aton(t1.hostIP) <='" . $ip_range[1] . "') {$query_onlyuser} order by {$sortby} {$sortdir}";
} elseif (preg_match("/\\,/", $value)) {
$q = implode("','", explode(",", $value));
$queryw .= " AND t1.hostIP in ('{$q}') {$query_onlyuser} order by {$sortby} {$sortdir}";
$q = "Others";
} else {
$q = $value;
$queryw .= " AND t1.hostIP LIKE '{$q}' {$query_onlyuser} order by {$sortby} {$sortdir}";
}
$queryl = " limit {$offset},{$pageSize}";
if (!preg_match("/\\//", $value)) {
$stext = "<b>" . _("Search for Host") . "</b> = '" . html_entity_decode($q) . "'";
} else {
$stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '{$value}'";
}
$url_filter = "&type={$type}&value={$value}";
} else {
$selRadio[4] = "CHECKED";
$viewAll = FALSE;
$queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}";
$queryl = " limit {$offset},{$pageSize}";
$stext = "";
}
}
}
}
}
}
}
// set up the pager and search fields if viewing all hosts
$reportCount = 0;
if (!$filteredView) {
$dbconn->Execute(str_replace("SELECT distinct", "SELECT SQL_CALC_FOUND_ROWS distinct", $querys) . $queryw);
$reportCount = $dbconn->GetOne("SELECT FOUND_ROWS() as total");
$previous = $offset - $pageSize;
if ($previous < 0) {
$previous = 0;
}
$last = intval($reportCount / $pageSize) * $pageSize;
if ($last < 0) {
$last = 0;
}
$next = $offset + $pageSize;
$pageEnd = $offset + $pageSize;
$value = html_entity_decode($value);
//echo "<center><table cellspacing='0' cellpadding='0' border='0' width='100%'><tr><td class='headerpr' style='border:0;'>"._("Current Vulnerablities")."</td></tr></table>";
// output the search form
echo "<table class='w100 transparent'>";
echo "<tr><td class='sec_title'>" . _("Asset Vulnerability Details") . "</td></tr>";
echo "<tr><td style='padding:12px 0px 0px 0px;' class='transparent'>";
?>
<div id='cvleftdiv'>
<a id="new_scan_button" class="button" href="<?php
echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs');
?>
" style="text-decoration:none;">
<?php
echo _("New Scan Job");
?>
</a>
</div>
<div id='cvrightdiv'>
<?php
echo '<form name="hostSearch" id="hostSearch" action="index.php" method="GET">
<input type="text" length="25" name="value" id="assets" class="assets" style="margin:0px !important;" value="' . Util::htmlentities($value) . '">';
// cvfiltertype -> current vulnerabilities filter type
echo "\n<input type=\"radio\" name=\"type\" value=\"service\" {$selRadio['5']}>" . _("Service") . "\n<input type=\"radio\" name=\"type\" value=\"freetext\" {$selRadio['6']}>" . _("Free text") . "\n<input type=\"radio\" name=\"type\" value=\"hn\" {$selRadio['4']}>" . _("Host/Net") . "\n";
echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" id=\"current_vulns_find_button\" class=\"av_b_secondary small\" style=\"margin-left:15px;\">";
echo <<<EOT
</form>
</p>
EOT;
} else {
// get the search result count
$queryc = "SELECT count( report_id ) FROM vuln_nessus_latest_reports WHERE t1.deleted = '0' ";
$scount = $dbconn->GetOne($queryc . $queryw);
echo "<p>{$scount} report";
if ($scount != 1) {
echo "s";
} else {
}
echo " " . _("found matching search criteria") . " | ";
echo " <a href='index.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>";
}
echo "<p>";
echo $stext;
echo "</p>";
echo "</div></td></tr></table>";
$result = array();
// get the hosts to display
$result = $dbconn->GetArray($querys . $queryw . $queryl);
// main query
//echo $querys.$queryw.$queryl;
$delete_ids = array();
if (count($result) > 0) {
foreach ($result as $rpt) {
$delete_ids[] = $dreport_id = $rpt["report_id"];
}
}
$_SESSION["_dreport_ids"] = implode(",", $delete_ids);
//echo "$querys$queryw$queryl";
if ($result === false) {
$errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg();
$error++;
dispSQLError($errMsg, $error);
} else {
$data['vInfo'] = 0;
$data['vLow'] = 0;
$data['vMed'] = 0;
$data['vHigh'] = 0;
$data['vSerious'] = 0;
$perms_where = Asset_host::get_perms_where('host.', TRUE);
if (!empty($perms_where)) {
$queryt = "SELECT count(lr.result_id) AS total, lr.risk, lr.hostIP, HEX(lr.ctx) AS ctx\n FROM vuln_nessus_latest_results lr, host, host_ip hi\n WHERE host.id=hi.host_id AND inet6_ntoa(hi.ip)=lr.hostIP {$perms_where} AND falsepositive='N'\n GROUP BY risk, hostIP, ctx";
} else {
$queryt = "SELECT count(lr.result_id) AS total, risk, lr.hostIP, HEX(lr.ctx) AS ctx\n FROM vuln_nessus_latest_results lr\n WHERE falsepositive='N'\n GROUP BY risk, hostIP, ctx";
}
//echo "$queryt<br>";
$resultt = $dbconn->Execute($queryt);
while (!$resultt->EOF) {
$riskcount = $resultt->fields['total'];
$risk = $resultt->fields['risk'];
if ($risk == 7) {
$data['vInfo'] += $riskcount;
} else {
if ($risk == 6) {
$data['vLow'] += $riskcount;
} else {
if ($risk == 3) {
$data['vMed'] += $riskcount;
} else {
if ($risk == 2) {
$data['vHigh'] += $riskcount;
} else {
if ($risk == 1) {
$data['vSerious'] += $riskcount;
}
}
}
}
}
$resultt->MoveNext();
}
if ($data['vInfo'] == 0 && $data['vLow'] == 0 && $data['vMed'] == 0 && $data['vHigh'] == 0 && $data['vSerious'] == 0) {
$tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "", "plink" => "", "xlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
} else {
$tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "lr_reshtml.php?ipl=all&disp=html&output=full&scantype=M", "plink" => "lr_respdf.php?ipl=all&scantype=M", "xlink" => "lr_rescsv.php?ipl=all&scantype=M", "dlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']);
}
foreach ($result as $data) {
if (!Session::hostAllowed_by_ip_ctx($dbconn, $data["hostIP"], $data["ctx"])) {
continue;
}
$host_id = key(Asset_host::get_id_by_ips($dbconn, $data["hostIP"], $data["ctx"]));
if (valid_hex32($host_id)) {
$data['host_name'] = Asset_host::get_name_by_id($dbconn, $host_id);
}
$data['vSerious'] = 0;
$data['vHigh'] = 0;
$data['vMed'] = 0;
$data['vLow'] = 0;
$data['vInfo'] = 0;
// query for reports for each IP
$query_risk = "SELECT distinct risk, port, protocol, app, scriptid, msg, hostIP FROM vuln_nessus_latest_results WHERE hostIP = '" . $data['hostIP'];
$query_risk .= "' AND username = '******'username'] . "' AND sid =" . $data['sid'] . " AND ctx = UNHEX('" . $data['ctx'] . "') AND falsepositive='N'";
$result_risk = $dbconn->Execute($query_risk);
while (!$result_risk->EOF) {
if ($result_risk->fields["risk"] == 7) {
$data['vInfo']++;
} else {
if ($result_risk->fields["risk"] == 6) {
$data['vLow']++;
} else {
if ($result_risk->fields["risk"] == 3) {
$data['vMed']++;
} else {
if ($result_risk->fields["risk"] == 2) {
$data['vHigh']++;
} else {
if ($result_risk->fields["risk"] == 1) {
$data['vSerious']++;
}
}
}
}
}
$result_risk->MoveNext();
}
$data['plink'] = "lr_respdf.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
$data['hlink'] = "lr_reshtml.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
$data['xlink'] = "lr_rescsv.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype'];
if (Session::am_i_admin()) {
$data['dlink'] = "index.php?delete=" . $data['report_key'] . "&scantime=" . $data['scantime'];
}
$list = explode("\n", trim($data['meth_target']));
if (count($list) == 1) {
$list[0] = trim($list[0]);
$data['target'] = resolve_asset($dbconn, $list[0]);
} elseif (count($list) == 2) {
$list[0] = trim($list[0]);
$list[0] = resolve_asset($dbconn, $list[0]);
$list[1] = trim($list[1]);
$list[1] = resolve_asset($dbconn, $list[1]);
$data['target'] = $list[0] . ' ' . $list[1];
} else {
$list[0] = trim($list[0]);
$list[0] = resolve_asset($dbconn, $list[0]);
$list[count($list) - 1] = trim($list[count($list) - 1]);
$list[count($list) - 1] = resolve_asset($dbconn, $list[count($list) - 1]);
$data['target'] = $list[0] . " ... " . $list[count($list) - 1];
}
$tdata[] = $data;
}
if ($sortdir == "ASC") {
$sortdir = "DESC";
} else {
$sortdir = "ASC";
}
$url = $_SERVER['SCRIPT_NAME'] . "?offset={$offset}&sortby=%var%&sortdir={$sortdir}" . $url_filter;
$fieldMapLinks = array();
$fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png'));
if (Session::am_i_admin()) {
$fieldMapLinks["DELETE Results"] = array('url' => '%param%', 'param' => 'dlink', 'target' => 'main', 'icon' => 'images/delete.gif');
}
$fieldMap = array("Host - IP" => array('var' => 'hostip'), "Date/Time" => array('var' => 'scantime'), "Profile" => array('var' => 'profile'), "Serious" => array('var' => 'vSerious'), "High" => array('var' => 'vHigh'), "Medium" => array('var' => 'vMed'), "Low" => array('var' => 'vLow'), "Info" => array('var' => 'vInfo'), "Links" => $fieldMapLinks);
// echo "<pre>";
// var_dump($tdata);
// echo "</pre>";
if (count($tdata) > 1) {
drawTableLatest($fieldMap, $tdata, "Hosts");
} elseif (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
echo "<br><span class='gray'>" . _("No results found: ") . "</span><a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs') . "'>" . _("Click here to run a Vulnerability Scan now") . "</a><br><br>";
}
}
// draw the pager again, if viewing all hosts
if (!$filteredView && $reportCount > 10) {
?>
<div class="fright tmargin">
<?php
if ($next > $pageSize) {
?>
<a href="index.php?<?php
echo "offset={$previous}{$url_filter}";
?>
" class="pager">< <?php
echo _("PREVIOUS");
?>
</a>
<?php
} else {
?>
<a class='link_paginate_disabled' href="" onclick='return false'>< <?php
echo _("PREVIOUS");
?>
</a>
<?php
}
if ($next <= $last) {
?>
<a class='lmargin' href="index.php?<?php
echo "offset={$next}{$url_filter}";
?>
"> <?php
echo _("NEXT");
?>
></a>
<?php
} else {
?>
<a class='link_paginate_disabled lmargin' href="" onclick='return false'><?php
echo _("NEXT");
?>
></a>
<?php
}
?>
</div>
<?php
} else {
echo "<p> </p>";
}
}
function BuildIDMLink($idmvalue, $field, $source = "both")
{
require_once 'classes/menu.inc';
$url = Menu::get_menu_url('base_qry_main.php?new=2&num_result_rows=-1&submit=Query+DB¤t_view=-1' . BuildIDMVars($idmvalue, $field, $source), 'analysis', 'security_events', 'security_events');
return '<a style="color:navy;" href="' . $url . '"></a>';
}
?>
</span>
<span class="s_info">/ <?php
echo _('Totals');
?>
: </span>
<span class="s_info" style="color:#000000;font-weight:bold;"><?php
echo $totales;
?>
</span>
<span class="s_info"> ]</span>
<?php
if (is_array($db_sensor_list) && !in_array($ip, $db_sensor_list)) {
echo "<span style='margin-left: 15px;'>";
echo "<b>" . _("Warning") . "</b>:" . _("The sensor is being reported as enabled by the server but isn't configured.");
echo " " . _("Click") . " <a href='" . Menu::get_menu_url("/ossim/sensor/newsensorform.php?ip={$ip}", "configuration", "deployment", "components", "sensors") . "'>" . _("here") . "</a> " . _("to configure the sensor") . ".";
echo "</span>";
}
?>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td colspan='2' height="1"></td>
</tr>
<tr>
<td class="noborder"></td>
}
catch(err)
{
}
$('#loading_si').remove();
$('#sensor_f').show();
if (!top.is_lightbox_loaded(window.name))
{
$('#sensor_f').contents().find('.c_back_button').off();
$('#sensor_f').contents().find('.c_back_button').click(function(){
var url = '<?php
echo Menu::get_menu_url("/ossim/sensor/sensor.php", "configuration", "deployment", "components", "sensors");
?>
';
top.frames["main"].document.location.href = url;
return false;
})
$('#sensor_f').contents().find('.c_back_button').show();
}
});
/***************************************************
********************* Services *********************
*****************************************************/
</th>
<td class="left">
<select name="location" id="location" class='vfield'>
<?php
$locations = Locations::get_list($conn);
foreach ($locations as $lc) {
echo "<option value='" . $lc->get_id() . "'>" . $lc->get_name() . "</option>";
}
?>
</select>
</td>
</tr>
<?php
} else {
if (Session::show_entities()) {
$e_url = Menu::get_menu_url('../acl/entities.php', 'configuration', 'administration', 'users', 'structure');
?>
<tr>
<th>
<label for='entities'><?php
echo _('Context') . required();
?>
</label><br/>
</th>
<td class="nobborder">
<table id='t_entities' class="transparent">
<tr>
<td class="noborder left">
<div id="tree"></div>
</td>
* External URLs
*/
/* Whois query */
$external_whois_link = 'http://www.dnsstuff.com/tools/whois/?ip=';
/* Alternative query */
// $external_whois_link = 'http://www.samspade.org/t/ipwhois?a=';
/* DNS query */
$external_dns_link = 'http://www.dnsstuff.com/tools/ipall/?ip=';
/* Alternative query */
// $external_dns_link = 'http://www.samspade.org/t/dns?a=';
/* SamSpade "all" query */
$external_all_link = 'http://www.whois.sc/';
/* TCP/UDP port database */
$external_port_link = array('sans' => 'http://isc.sans.org/port_details.php?port=', 'tantalo' => 'http://ports.tantalo.net/?q=', 'sstats' => 'http://www.securitystats.com/tools/portsearch.php?type=port&select=any&Submit=Submit&input=');
/* Signature references */
$external_sig_link = array('bugtraq' => array('http://www.securityfocus.com/bid/', '', ''), 'snort' => array('http://www.snort.org/pub-bin/sigs.cgi?sid=', '', ''), 'cve' => array('http://cve.mitre.org/cgi-bin/cvename.cgi?name=', '', ''), 'mcafee' => array('http://vil.nai.com/vil/content/v_', '.htm', ''), 'icat' => array('http://nvd.nist.gov/nvd.cfm?cvename=CAN-', '', ''), 'nessus' => array('http://www.nessus.org/plugins/index.php?view=single&id=', '', ''), 'kdb' => array(Menu::get_menu_url('../repository/index.php', 'configuration', 'threat_intelligence', 'knowledgebase'), '', 'main'), 'url' => array('http://', '', ''), 'local' => array('signatures/', '.txt', ''));
// No longer valid:
// 'arachnids' => array('http://www.whitehats.com/info/ids', ''),
/* Email Alert action
*
* - action_email_from : email address to use in the FROM field of the mail message
* - action_email_subject : subject to use for the mail message
* - action_email_msg : additional text to include in the body of the mail message
* - action_email_mode : specifies how the alert information should be enclosed
* 0 : alerts should be in the body of the message
* 1 : alerts should be enclosed in an attachment
*/
$action_email_from = 'BASE Alert <base>';
$action_email_subject = 'BASE Incident Report';
$action_email_msg = '';
$action_email_mode = 0;
$s_ips[] = "'{$sensor}': '{$sip}'";
$s_devs[] = "'{$sensor}': '{$devices}'";
$i++;
}
if (empty($legend)) {
exit_radar();
}
$legend = implode(",\n", $legend);
$label = implode(",\n", $label);
$s_ips = implode(",", $s_ips);
$s_devs = implode(",", $s_devs);
} else {
exit_radar();
}
session_write_close();
$forensic_url = Menu::get_menu_url("/ossim/forensics/base_qry_main.php?&hmenu=Forensics&smenu=Forensics&clear_allcriteria=1&sort_order=time_d&plugin=PPPP&sensor=SSSS&sip=IIII", 'analysis', 'security_events');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title><?php
echo _("Radar Chart");
?>
</title>
<?php
//CSS Files
$_files = array(array('src' => 'av_common.css?only_common=1', 'def_path' => TRUE), array('src' => 'dashboard/overview/widget.css', 'def_path' => TRUE));
Util::print_include_files($_files, 'css');
//Tooltips
$(".info").tipTip({maxWidth: 'auto'});
$('#scan_mode').trigger('change');
$('#timing_template').trigger('change');
}
//Scan host locally with
function scan_host(id)
{
var url = '<?php
echo Menu::get_menu_url("../netscan/index.php", 'environment', 'assets', 'asset_discovery');
?>
';
var form = $('<form id="f_local_scan" action="' + url + '" method="POST">' +
'<input type="hidden" name="action" value="custom_scan"/>' +
'<input type="hidden" name="host_id" value="'+id+'"/>' +
'<input type="hidden" name="sensor" value="local"/>' +
'<input type="hidden" name="scan_mode" value="fast"/>' +
'<input type="hidden" name="timing_template" value="-T5"/>' +
'<input type="hidden" name="autodetected" value="1"/>' +
'<input type="hidden" name="rdns" value="1"/>' +
'</form>');
$('body').append(form);
function main_page($viewall, $sortby, $sortdir)
{
global $uroles, $username, $dbconn, $hosts;
global $arruser, $user;
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$tz = Util::get_timezone();
if ($sortby == "") {
$sortby = "id";
}
if ($sortdir == "") {
$sortdir = "DESC";
}
$sql_order = "order by {$sortby} {$sortdir}";
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
?>
<div style="width:50%; position: relative; height: 5px; float:left">
<div style="width:100%; position: absolute; top: -41px;left:0px;">
<div style="float:left; height:28px; margin:5px 5px 0px 0px;">
<a class="button" href="<?php
echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?smethod=schedule&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs');
?>
">
<?php
echo _("New Scan Job");
?>
</a>
</div>
<div style="float:left;height:28px;margin:5px 5px 0px -2px;">
<a class="greybox button av_b_secondary" href="import_nbe.php" title="<?php
echo _("Import nbe file");
?>
">
<?php
echo _("Import nbe file");
?>
</a>
</div>
</div>
</div>
<?php
}
if (intval($_GET['page']) != 0) {
$page = intval($_GET['page']);
} else {
$page = 1;
}
$pagesize = 10;
if ($username == "admin") {
$query = "SELECT count(id) as num FROM vuln_jobs";
} else {
$query = "SELECT count(id) as num FROM vuln_jobs where username='******'";
}
$result = $dbconn->Execute($query);
$jobCount = $result->fields["num"];
$num_pages = ceil($jobCount / $pagesize);
//echo "num_pages:[".$num_pages."]";
//echo "jobCount:[".$jobCount."]";
//echo "page:[".$page."]";
if (Vulnerabilities::scanner_type() == "omp") {
// We can display scan status with OMP protocol
echo Vulnerabilities::get_omp_running_scans($dbconn);
} else {
// Nessus
all_jobs(0, 10, "R");
}
?>
<?php
$schedulejobs = _("Scheduled Jobs");
echo <<<EOT
<table style='margin-top:20px;' class='w100 transparent'><tr><td class='sec_title'>{$schedulejobs}</td></tr></table>
<table summary="Job Schedules" class='w100 table_list'>
EOT;
if ($sortdir == "ASC") {
$sortdir = "DESC";
} else {
$sortdir = "ASC";
}
$arr = array("name" => "Name", "schedule_type" => "Schedule Type", "time" => "Time", "next_CHECK" => "Next Scan", "enabled" => "Status");
// modified by hsh to return all scan schedules
if (empty($arruser)) {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id ";
} else {
$query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ({$user}) ";
}
$query .= $sql_order;
$result = $dbconn->execute($query);
if ($result->EOF) {
echo "<tr><td class='empty_results' height='20' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>";
}
if (!$result->EOF) {
echo "<tr>";
foreach ($arr as $order_by => $value) {
echo "<th><a href=\"manage_jobs.php?sortby={$order_by}&sortdir={$sortdir}\">" . _($value) . "</a></th>";
}
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
echo "<th>" . _("Action") . "</th></tr>";
}
}
$colors = array("#FFFFFF", "#EEEEEE");
$color = 0;
while (!$result->EOF) {
list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields;
$name = Av_sensor::get_name_by_id($dbconn, $servers);
$servers = $name != '' ? $name : "unknown";
$targets_to_resolve = explode("\n", $targets);
$ttargets = array();
foreach ($targets_to_resolve as $id_ip) {
if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d{1,2}/i", $id_ip, $found) && Asset_net::is_in_db($dbconn, $found[1])) {
$ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_net::get_name_by_id($dbconn, $found[1]) . ")";
} else {
if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+/i", $id_ip, $found) && Asset_host::is_in_db($dbconn, $found[1])) {
$ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_host::get_name_by_id($dbconn, $found[1]) . ")";
} else {
$ttargets[] = preg_replace("/[a-f\\d]{32}/i", "", $id_ip);
}
}
}
$targets = implode("<BR/>", $ttargets);
$tz = intval($tz);
$nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($nextscan) + 3600 * $tz);
preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found);
$time = $found[1];
switch ($schedtype) {
case "N":
$stt = _("Once (Now)");
break;
case "O":
$stt = _("Once");
break;
case "D":
$stt = _("Daily");
break;
case "W":
$stt = _("Weekly");
break;
case "M":
$stt = _("Monthly");
break;
case "Q":
$stt = _("Quarterly");
break;
case "H":
$stt = _("On Hold");
break;
case "NW":
$stt = _("N<sup>th</sup> weekday of the month");
break;
default:
$stt = " ";
break;
}
switch ($schedstatus) {
case "1":
$itext = _("Disable Scheduled Job");
$isrc = "images/stop_task.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0";
break;
default:
$itext = _("Enable Scheduled Job");
$isrc = "images/play_task.png";
$ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1";
break;
}
if (!Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
$ilink = "javascript:return false;";
}
if ($schedstatus) {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>";
} else {
$txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>";
}
require_once 'classes/Security.inc';
if (valid_hex32($user)) {
$user = Session::get_entity_name($dbconn, $user);
}
echo "<tr bgcolor=\"" . $colors[$color % 2] . "\">";
if ($profile == "") {
$profile = _("Default");
}
echo "<td><span class=\"tip\" title=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . $targets . "\">{$schedname}</span></td>";
?>
<td><?php
echo $stt;
?>
</td>
<td><?php
echo $time;
?>
</td>
<td><?php
echo $nextscan;
?>
</td>
<?php
echo <<<EOT
{$txt_enabled}
<td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a>
EOT;
if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
echo "<a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?disp=edit_sched&sched_id=' . $schedid, 'environment', 'vulnerabilities', 'scan_jobs') . "'><img src='images/pencil.png' title='" . _("Edit Scheduled") . "'></a> ";
echo "<a href='manage_jobs.php?disp=delete&schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a>";
}
echo "</td>";
echo <<<EOT
</tr>
EOT;
$result->MoveNext();
$color++;
}
echo <<<EOT
</table>
EOT;
?>
<br />
<?php
$out = all_jobs(($page - 1) * $pagesize, $pagesize);
?>
<table width="100%" align="center" class="transparent" cellspacing="0" cellpadding="0">
<tr>
<td class="nobborder" valign="top" style="padding-top:5px;">
<div class="fright">
<?php
if ($out != 0 && $num_pages != 1) {
$page_url = "manage_jobs.php";
if ($page == 1 && $page == $num_pages) {
echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
} elseif ($page == 1) {
echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a> ';
} elseif ($page == $num_pages) {
echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a>';
echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
} else {
echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a><a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a>';
}
}
?>
</div>
</td>
</tr>
</table>
<?php
}
?>
] = new Array(24);
eprev[<?php
echo $i;
?>
] = 0;
efade[<?php
echo $i;
?>
] = 0;
<?php
}
?>
var forensic_url = "<?php
echo Menu::get_menu_url('/ossim/forensics/base_qry_alert.php', 'analysis', 'security_events');
?>
";
function draw_edata() {
if (pause == false)
{
fadescount = 0;
for (var i=0; i<<?php
echo $max_rows;
?>
; i++)
{
// Calculate different rows
efade[i] = ( eprev[i] == edata[i][0] ) ? 0 : 1;
$chk_ats[1] = $alarm_to_syslog == 1 ? "checked='checked' {$dis_sim}" : "{$dis_sim}";
$chk_rep[0] = $rep == 0 ? "checked='checked' {$dis_sim}" : "{$dis_sim}";
$chk_rep[1] = $rep == 1 ? "checked='checked' {$dis_sim}" : "{$dis_sim}";
$chk_sem[0] = $sem == 0 ? "checked='checked' {$dis_opens} " : "{$dis_opens} ";
$chk_sem[1] = $sem == 1 ? "checked='checked' {$dis_opens} " : "{$dis_opens} ";
$chk_multi[0] = $sem == 0 && $sim == 0 ? "checked='checked' {$dis_opens} " : "{$dis_opens} ";
$chk_multi[1] = $sem == 1 || $sim == 1 ? "checked='checked' {$dis_opens} " : "{$dis_opens} ";
$chk_sim[0] = $sim == 0 ? "checked='checked'" : "";
$chk_sim[1] = $sim == 1 ? "checked='checked'" : "";
$chk_sign[0] = $sign == 0 ? "checked='checked' {$dis_sign}" : "{$dis_sign}";
$chk_sign[1] = $sign == 1 ? "checked='checked' {$dis_sign}" : "{$dis_sign}";
$chk_resend_events[0] = $resend_events == 0 ? "checked='checked' {$dis_resend}" : "{$dis_resend}";
$chk_resend_events[1] = $resend_events == 1 ? "checked='checked' {$dis_resend}" : "{$dis_resend}";
$chk_resend_alarms[0] = $resend_alarms == 0 ? "checked='checked' {$dis_resend}" : "{$dis_resend}";
$chk_resend_alarms[1] = $resend_alarms == 1 ? "checked='checked' {$dis_resend}" : "{$dis_resend}";
$back_url = Menu::get_menu_url("/ossim/server/server.php", "configuration", "deployment", "components", "servers");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title> <?php
echo _('OSSIM Framework');
?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<meta http-equiv="Pragma" content="no-cache"/>
<link rel="stylesheet" type="text/css" href="../style/av_common.css?t=<?php
echo Util::get_css_id();
?>
"/>
<script type="text/javascript" src="../js/jquery.min.js"></script>
function PrintBASESubHeader($page_title, $page_name, $back_link, $refresh = 0, $page = "")
{
global $db, $timetz, $debug_mode, $BASE_VERSION, $BASE_path, $BASE_urlpath, $html_no_cache, $max_script_runtime, $Use_Auth_System, $stat_page_refresh_time, $refresh_stat_page, $ossim_servers, $sensors, $hosts, $database_servers, $DBlib_path, $DBtype, $db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, $entities;
if (ini_get("safe_mode") != true) {
set_time_limit($max_script_runtime);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo gettext("iso-8859-1");
?>
"/>
<?php
if ($html_no_cache == 1) {
?>
<meta http-equiv="pragma" content="no-cache"/><?php
}
?>
<?php
if ($refresh == 1 && !$_SESSION['norefresh']) {
PrintFreshPage($refresh_stat_page, $stat_page_refresh_time);
}
?>
<!-- Included Styles -->
<link rel="stylesheet" type="text/css" href="/ossim/style/av_common.css?t=<?php
echo Util::get_css_id();
?>
"/>
<link rel="stylesheet" type="text/css" href="/ossim/style/analysis/security_events/security_events.css"/>
<link rel="stylesheet" type="text/css" href="/ossim/style/jquery-ui.css"/>
<link rel="stylesheet" type="text/css" href="/ossim/style/jquery.tag-it.css"/>
<!-- <link rel="stylesheet" type="text/css" href="/ossim/style/flexigrid.css"/> -->
<link rel="stylesheet" type="text/css" href="/ossim/style/jquery.autocomplete.css"/>
<link rel="stylesheet" type="text/css" href="/ossim/style/tipTip.css"/>
<link rel="stylesheet" type="text/css" href="/ossim/style/jslider.css"/>
<link rel="stylesheet" type="text/css" href="/ossim/style/jquery.switch.css"/>
<link rel="stylesheet" type="text/css" href="/ossim/style/datepicker.css"/>
<link rel="stylesheet" type="text/css" href="/ossim/style/jquery.dropdown.css"/>
<!-- Manual Styles -->
<style type="text/css">
#adv_search_button
{
margin:5px 0px 0px 0px;
width:239px;
}
#views table, #taxonomy table, #mfilters table, #report table {
background:none repeat scroll 0 0 #FAFAFA;
border:1px solid #BBBBBB;
color:black;
text-align:center;
-moz-border-radius:8px 8px 8px 8px;
padding: 2px;
}
#views table tr td, #taxonomy table tr td, #mfilters table tr td, #report table tr td{
padding: 0;
}
#views table tr td input, #views table,
#taxonomy table tr td input, #taxonomy table,
#taxonomy table tr td input, #report table,
#mfilters table tr td input, #mfilters table
{
font-size: 0.9em;
line-height: 0.5em;
}
#views table tr td ul{
padding: 0px;
}
#views table tr td ul li{
padding: 0px 0px 0px 12px;
list-style-type: none;
text-align: left;
margin: 0px;
clear:left;
position: relative;
height: 23px;
line-height: 1em;
}
.margin0
{
margin: 0px;
}
.left_np
{
text-align: left;
}
.par{
background: #f2f2f2;
}
.impar{
background: #fff;
}
.padding_right_5
{
padding: 0px 5px 0px 0px;
}
.padding_top_5
{
padding: 5px 0px 0px 0px;
}
.float_left
{
float: left;
}
.float_right
{
float: right;
}
#views table tr th, #taxonomy table tr th, #mfilters table tr th{
white-space:nowrap;
padding:1px 10px;
border: 1px solid #CCCCCC;
font-size: 11px;
color: #222222;
font-weight: bold;
text-align: center;
background: #E5E5E5;
background: -webkit-linear-gradient(#EFEFEF, #E5E5E5);
background: -moz-linear-gradient(#EFEFEF, #E5E5E5);
background: -o-linear-gradient(#EFEFEF, #E5E5E5);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#EFEFEF', endColorstr='#E5E5E5');
}
#viewbox{
font-size: 1.5em;
margin: 0.5em;
}
#dhtmltooltip{
position: absolute;
width: 150px;
border: 2px solid black;
padding: 2px;
background-color: lightyellow;
visibility: hidden;
z-index: 100;
}
img{
vertical-align:middle;
}
small {
font:12px arial;
}
#maintable{
background-color: white;
}
#viewtable{
background-color: white;
}
.negrita { font-weight:bold; font-size:14px; }
.thickbox { color:gray; font-size:10px; }
.header{
line-height:28px; height: 28px; background: transparent url(../pixmaps/fondo_col.gif) repeat-x scroll 0% 0%; color: rgb(51, 51, 51); font-size: 12px; font-weight: bold; text-align:center;
}
.ne { color:black }
.gr { color:#999999 }
.disabled img {
filter:alpha(opacity=50);
-moz-opacity:0.5;
-khtml-opacity: 0.5;
opacity: 0.5;
}
td.head {
border:1px solid #CCCCCC;
background: #E5E5E5;
background: -webkit-linear-gradient(#EFEFEF, #e5e5e5);
background: -moz-linear-gradient(#EFEFEF, #e5e5e5);
background: -o-linear-gradient(#EFEFEF, #e5e5e5);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#efefef', endColorstr='#e5e5e5');
font-size:14px;font-weight:bold;
color:#333333;
}
.left13 {
text-align:left;
font-size:13px;
}
ul.tagit
{
margin: 0px;
border:none;
}
.separated
{
border-spacing: 0px;
border-collapse: separated;
padding: 0px;
}
.separated td
{
padding: 4px 4px 4px 0px;
}
</style>
<!-- jQuery and Javascript -->
<!--[if IE]><script language="javascript" type="text/javascript" src="../js/jqplot/excanvas.js"></script><![endif]-->
<script type="text/javascript" src="../js/jquery.min.js"></script>
<script type="text/javascript" src="/ossim/js/jquery-ui.min.js"></script>
<script type="text/javascript" src="../js/greybox.js"></script>
<script type="text/javascript" src="../js/jquery.flot.pie.js" language="javascript"></script>
<script type="text/javascript" src="../js/jquery.bgiframe.min.js" language="javascript"></script>
<script type="text/javascript" src="../js/jquery.autocomplete.pack.js" language="javascript"></script>
<script type="text/javascript" src="../js/utils.js"></script>
<script type="text/javascript" src="../js/jquery.tipTip-ajax.js"></script>
<script type="text/javascript" src="../js/notification.js"></script>
<!-- jSlider -->
<script type="text/javascript" src="../js/jslider/jshashtable-2.1_src.js"></script>
<script type="text/javascript" src="../js/jslider/jquery.numberformatter-1.2.3.js"></script>
<script type="text/javascript" src="../js/jslider/tmpl.js"></script>
<script type="text/javascript" src="../js/jslider/jquery.dependClass-0.1.js"></script>
<script type="text/javascript" src="../js/jslider/draggable-0.1.js"></script>
<script type="text/javascript" src="../js/jslider/jquery.slider.js"></script>
<script type="text/javascript" src="../js/jquery.tag-it.js"></script>
<script type="text/javascript" src="../js/jquery.placeholder.js"></script>
<script type="text/javascript" src="../js/jquery.switch.js"></script>
<?php
$ipsearch = 1;
include "../host_report_menu.php";
?>
<!-- Javascript functions -->
<script type="text/javascript">
// ***** Variables *****
// Used in tooltips
var url = new Array(50);
// For greybox
var nogb = false;
// Used in calendar
var state = false;
// Selected Tab
var current_section = "<?php
echo preg_match("/base_timeline/", $_SERVER['SCRIPT_NAME']) ? "timeline" : (preg_match("/base_stat/", $_SERVER['SCRIPT_NAME']) && $_SERVER['SCRIPT_NAME'] != '/ossim/forensics/base_stat_ipaddr.php' ? "grouped" : "events");
?>
";
// ***** Functions *****
// Tooltip used in unique events plots
function showTooltip(x, y, contents, link) {
link = link.replace(".","");
link = link.replace(",","");
$('<div id="tooltip" class="tooltipLabel" onclick="load_link(\'' + url[link] + '&submit=Query DB\')"><a href="' + url[link] + '&submit=Query DB" style="font-size:10px;">' + contents + '</a></div>').css( {
position: 'absolute',
display: 'none',
top: y - 28,
left: x - 10,
border: '1px solid #ADDF53',
padding: '1px 2px 1px 2px',
'background-color': '#CFEF95',
opacity: 0.80
}).appendTo("body").fadeIn(200);
}
Array.prototype.in_array = function(p_val) {
for(var i = 0, l = this.length; i < l; i++) {
if(this[i] == p_val) {
return true;
}
}
return false;
}
// Auxiliary function for sensor input autocomplete
function mix_sensors(val) {
var sval = val.split(',');
if ($("#sensor").val() != "") var aval = $("#sensor").val().split(',');
else var aval = [];
var mixed = [];
var ind = 0;
for(var i = 0, l = sval.length; i < l; i++) {
if (aval.length>=0 || aval.in_array(sval[i])) // Before aval.length==0
mixed[ind++] = sval[i];
}
var str = "";
if (mixed.length > 0) {
str = mixed[0];
for(var i = 1, l = mixed.length; i < l; i++) {
str = str + ',' + mixed[i];
}
//alert($("#sensor").val()+" + "+val+" = "+str);
}
// return intersection
$("#sensor").val(str);
}
// Used to delete events in background
function bgtask() {
$.ajax({
type: "GET",
url: "base_bgtask.php",
data: "",
success: function(msg)
{
var redirection = false;
if (msg.match(/No pending tasks/))
{
// check if there was a pending task
if($("#task").is(":visible"))
{
var redirection = true;
}
if ($("#task").is(":visible")) $("#task").toggle();
__timeout = setTimeout("bgtask()",5000);
if(redirection)
{
<?php
// Refresh to Grouped by
if (preg_match('/base_stat_[^\\.]+.php/', $_SERVER['SCRIPT_NAME'])) {
$_current_url = $_SESSION["siem_default_group"] != "" ? $_SESSION["siem_default_group"] : $_SERVER['SCRIPT_NAME'] . "?sort_order=occur_d";
} else {
$_current_url = 'base_qry_main.php?num_result_rows=-1&submit=Query+DB¤t_view=-1';
}
?>
load_link('./<?php
echo $_current_url;
?>
');
}
}
else
{
if ($("#task").is(":hidden")) $("#task").toggle();
$("#task").html("<img style='border: none' src='./images/sandglass.png'> Deleting in background...");
__timeout = setTimeout("bgtask()",5000);
}
}
});
}
// Used in plot response
function SetIFrameSource(cid, url) {
var myframe = document.getElementById(cid);
if(myframe !== null) {
if(myframe.src){
myframe.src = url; }
else if(myframe.contentWindow !== null && myframe.contentWindow.location !== null){
myframe.contentWindow.location = url; }
else{ myframe.setAttribute('src', url); }
}
}
function show_search_tooltip()
{
var tooltip =
{
"<?php
echo _('Signature');
?>
" : 1,
"<?php
echo _('Payload');
?>
" : 1,
"<?php
echo _('Src or Dst IP');
?>
" : 1,
"<?php
echo _('Src IP');
?>
" : 1,
"<?php
echo _('Dst IP');
?>
" : 1,
"<?php
echo _('Src or Dst Host');
?>
" : 2,
"<?php
echo _('Src Host');
?>
" : 2,
"<?php
echo _('Dst Host');
?>
" : 2
}
var selected = $(this).val();
if (selected in tooltip)
{
var ul = $('<ul></ul>');
if (tooltip[selected] == 1)
{
$('<li></li>',
{
text: "<?php
echo _('Conjunction: ');
?>
'AND'"
}).appendTo(ul)
$('<li></li>',
{
text: "<?php
echo _('Disjunction: ');
?>
'OR'"
}).appendTo(ul)
}
$('<li></li>',
{
text: "<?php
echo _('Negation: ');
?>
'!'"
}).appendTo(ul)
var content = $('<div></div>',
{
id : "search_opt_tip",
text: "<?php
echo _('For this search option you can use the following operator(s) to perform complex searches:');
?>
"
})
content.append(ul)
$('#help_tooltip').removeData("tipTip").tipTip(
{
maxWidth: "300px",
content: content
}).show();
}
else
{
$('#help_tooltip').hide().tipTip('destroy');
}
}
function show_calendar()
{
$('#date_from').trigger('focus');
}
// Button more filters button action
function more_filters_toggle()
{
if ($('#more_filters').is(":visible"))
{
$('#more_filters').hide();
$('#more_filters_button').val("+ <?php
echo _("More Filters");
?>
");
}
else
{
$('#more_filters').show();
$('#more_filters_button').val("- <?php
echo _("More Filters");
?>
");
}
}
// Auxiliary format number for plot hovers
function formatNmb(nNmb){
var sRes = "";
for (var j, i = nNmb.length - 1, j = 0; i >= 0; i--, j++)
sRes = nNmb.charAt(i) + ((j > 0) && (j % 3 == 0)? "<?php
echo thousands_locale();
?>
": "") + sRes;
return sRes;
}
// [Events, Grouped, Timeline]
function load_section(section)
{
// Some layer changes when no page reload needed
if (section == "grouped")
{
$('#plot_option').hide();
$('#grouped_option').show();
}
if (section == "events")
{
$('#grouped_option').hide();
$('#plot_option').show();
}
if (section == "timeline")
{
$('#grouped_option').hide();
}
current_section = section;
$('#criteria_tagit').tagit(
{
onlyAllowDelete: true,
beforeTagRemoved: function(event, ui)
{
var url = $(ui.tag).data('info');
if(typeof url != 'undefined' && url != '')
{
load_link(url);
}
}
});
}
function load_link(url)
{
if (typeof(parent.show_overlay_spinner)=='function') parent.show_overlay_spinner(true);
document.location.href=url;
}
// Custom Views
// Get default view
<?php
require_once "ossim_conf.inc";
$conf = $GLOBALS["CONF"];
$idm_enabled = $conf->get_conf("enable_idm", FALSE) == 1 && Session::is_pro() ? true : false;
$login = Session::get_session_user();
$config = new User_config($db);
$default_view = $config->get($login, 'custom_view_default', 'php', "siem") != "" ? $config->get($login, 'custom_view_default', 'php', "siem") : ($idm_enabled ? 'IDM' : 'default');
?>
var default_view = "<?php
echo $default_view;
?>
";
function set_default_view(name) {
$('#view_star_'+name).attr('src', '../pixmaps/loading.gif');
$.ajax({
type: "GET",
url: "custom_view_save.php",
data: "name="+name+"&set_default=1",
success: function(msg) {
if (msg != "") {
alert(msg);
} else {
$('.view_star').attr('src', '../pixmaps/star-small-empty.png');
$('#view_star_'+name).attr('src', '../pixmaps/star-small.png');
default_view = name;
}
}
});
}
function change_view(view)
{
var url = "base_qry_main.php?num_result_rows=-1&submit=Query+DB¤t_view=-1&custom_view="+view;
load_link(url);
}
function save_view(id_img)
{
var img = $('#'+id_img).attr('src').split('/');
img = img[img.length-1];
var url = '../pixmaps/';
var src1='loading3.gif';
var src2='tick.png';
$('#'+id_img).attr('src', url+src1);
$.ajax({
type: "GET",
url: "custom_view_save.php",
data: "",
success: function(msg) {
$('#'+id_img).attr('src', url+src2);
setTimeout("($('#"+id_img+"').attr('src', '"+url+img+"'))",1000);
}
});
}
function delete_view(name)
{
$.ajax({
type: "GET",
url: "custom_view_delete.php",
data: "name="+name,
success: function(msg) {
if (msg != "") {
alert(msg);
} else {
var url = "base_qry_main.php?num_result_rows=-1&submit=Query+DB";
load_link(url);
}
}
});
}
// Greybox
//function GB_hide() { document.location.reload() }
//function GB_onclose() { nogb=false; }
function GB_onclose(url)
{
if (url.match(/otx|kdb|insertsid|shellcode/))
{
nogb=false;
return false;
}
if (typeof(parent.show_overlay_spinner)=='function') parent.show_overlay_spinner(true);
document.location.reload();
}
// Triggered by custom_view_edit.php when it creates or deletes
function GB_onhide(url, params)
{
if (url.match(/newincident/))
{
document.location.href="../incidents/index.php?m_opt=analysis&sm_opt=tickets&h_opt=tickets"
return false
}
if (typeof(params) == 'object' && typeof params['change_view'] != 'undefined')
{
change_view(params['change_view']);
return false
}
if (typeof(params) == 'object' && typeof params['url_detail'] != 'undefined')
{
if (typeof(parent.show_overlay_spinner)=='function') parent.show_overlay_spinner(true);
document.location.href = params['url_detail'];
return false
}
}
// Solera
function solera_deepsee (from,to,src_ip,src_port,dst_ip,dst_port,proto)
{
$('#solera_form input[name=from]').val(from);
$('#solera_form input[name=to]').val(to);
$('#solera_form input[name=src_ip]').val(src_ip);
$('#solera_form input[name=src_port]').val(src_port);
$('#solera_form input[name=dst_ip]').val(dst_ip);
$('#solera_form input[name=dst_port]').val(dst_port);
$('#solera_form input[name=proto]').val(proto);
GB_show_post('Solera DeepSee ™','#solera_form',300,600);
}
// Events grouping button click
function dsgroup_for_selected()
{
var idlist = "";
var sidlist = "";
$("input:checkbox:checked").each(function() {
if(this.className == "trlnks") {
if (idlist != "") idlist += ",";
if (sidlist != "") sidlist += ",";
idlist += this.getAttribute('pid');
sidlist += this.getAttribute('psid');
}
});
if (idlist != "" && sidlist != "") {
GB_show("<?php
echo _("Insert into existing DS Group");
?>
","/policy/insertsid.php?plugin_id="+idlist+"&plugin_sid="+sidlist,'650','65%');
}
}
function CheckSensor()
{
if ($('#sensor option:selected').val()!='')
{
if ($('#exclude').is(':checked'))
{
if ($('#sensor option:selected').text().match(/Context/))
{
$('#exclude').prop('checked',false);
}
else
{
$('#sensor option:selected').val('!' + $('#sensor option:selected').val());
}
}
}
}
function SetSensor(btn,clk)
{
$('#ctx').val('');
if (clk) // change combo box
{
if ($('#sensor option:selected').text().match(/Context/))
{
$('#exclude').prop('checked',false).prop('disabled',true);
$("#lexc").css('color','lightgray');
}
else
{
$('#exclude').prop('disabled',false);
$("#lexc").css('color','rgb(85,85,85)');
}
btn.click();
}
else // click exclude checkbox
{
if ($('#sensor option:selected').val()!='')
{
btn.click();
}
}
DisableContexts();
}
function DisableContexts()
{
if ($('#exclude').is(':checked'))
{
$('.ents').prop('disabled',true);
}
else
{
$('.ents').prop('disabled',false);
}
if ($('#sensor option:selected').text().match(/Context/))
{
$('#exclude').prop('checked',false).prop('disabled',true);
$("#lexc").css('color','lightgray');
}
}
// Top refresh link
function re_load()
{
if (typeof(parent.show_overlay_spinner)=='function') parent.show_overlay_spinner(true);
if (typeof(pag_reload)=='function')
{
pag_reload();
}
else
{
var href = document.location.href.replace("&nocache=1","");
document.location.href = href + "&nocache=1";
document.location.reload(false);
}
}
// Select all when DeleteAllOnScreen button click
function click_all(bt)
{
$("input[name^='action_chk_lst']").each(function() { $(this).attr('checked',true); });
$('#eqbtn'+bt).click()
}
// Group By selection
function group_selected(val)
{
// Reset
$('#group_button').hide();
$('#group_ip_select').css('display', 'none');
$('#group_hostname_select').css('display', 'none');
$('#group_username_select').css('display', 'none');
$('#group_port_select').css('display', 'none');
$('#group_proto_select').css('display', 'none');
// Second level
if (val.match("^ip"))
{
$('#group_ip_select').css('display', 'inline');
}
if (val.match("^hostname"))
{
$('#group_hostname_select').css('display', 'inline');
}
if (val.match("^username"))
{
$('#group_username_select').css('display', 'inline');
}
if (val.match("^port"))
{
$('#group_port_select').css('display', 'inline');
// Third level (Ports)
if ($('#group_port_select').find(":selected").val() != "portempty")
{
if (val.match("port(src|dst)") || val.match("proto") || $('#group_proto_select').find(":selected").val() != "")
{
$('#group_proto_select').css('display', 'inline');
}
}
}
// Show Group Button (All options are ready to go)
if (val == "signature"
|| val == "sensor"
|| val == "ptypes"
|| val == "otx"
|| val == "plugins"
|| val == "country"
|| val == "categories"
|| (val.match("^ip")
&& $('#groupby_ip').find(":selected").val() != "ipempty")
|| (val.match("^hostname")
&& $('#groupby_hostname').find(":selected").val() != "hostnameempty")
|| (val.match("^username")
&& $('#groupby_username').find(":selected").val() != "usernameempty")
|| (val.match("^port")
&& $('#group_port_select').find(":selected").val() != "portempty"
&& $('#group_proto_select').find(":selected").val() != "portprotoempty"))
{
$('#group_button').show();
}
}
// Group by go
function go_stats()
{
if ($('#groupby_1').val() == "ip")
{
if ($('#groupby_ip').val() == "iplink")
{
load_link("base_stat_iplink.php?sort_order=events_d&fqdn=no");
}
else if ($('#groupby_ip').val() == "iplink_fqdn")
{
load_link("base_stat_iplink.php?sort_order=events_d&fqdn=yes");
}
else if ($('#groupby_ip').val() == "ipsrc")
{
load_link("base_stat_uaddr.php?addr_type=1&sort_order=occur_d");
}
else if ($('#groupby_ip').val() == "ipdst")
{
load_link("base_stat_uaddr.php?addr_type=2&sort_order=occur_d");
}
else if ($('#groupby_ip').val() == "ipboth")
{
load_link("base_stat_uaddress.php?sort_order=occur_d");
}
}
else if ($('#groupby_1').val() == "hostname")
{
if ($('#groupby_hostname').val() == "hostnamesrc")
{
load_link("base_stat_uidmsel.php?addr_type=src_hostname&sort_order=occur_d");
}
else if ($('#groupby_hostname').val() == "hostnamedst")
{
load_link("base_stat_uidmsel.php?addr_type=dst_hostname&sort_order=occur_d");
}
else
{
load_link("base_stat_uidm.php?addr_type=hostname&sort_order=occur_d");
}
}
else if ($('#groupby_1').val() == "username")
{
if ($('#groupby_username').val() == "usernamesrc")
{
load_link("base_stat_uidmsel.php?addr_type=src_userdomain&sort_order=occur_d");
}
else if ($('#groupby_username').val() == "usernamedst")
{
load_link("base_stat_uidmsel.php?addr_type=dst_userdomain&sort_order=occur_d");
}
else
{
load_link("base_stat_uidm.php?addr_type=userdomain&sort_order=occur_d");
}
}
else if ($('#groupby_1').val() == "signature")
{
load_link("base_stat_alerts.php?sort_order=occur_d");
}
else if ($('#groupby_1').val() == "port")
{
if ($('#groupby_port').val() == "portsrc")
{
if ($('#groupby_proto').val() == "portprototcp")
{
load_link("base_stat_ports.php?sort_order=occur_d&port_type=1&proto=6");
}
else if ($('#groupby_proto').val() == "portprotoudp")
{
load_link("base_stat_ports.php?sort_order=occur_d&port_type=1&proto=17");
}
else if ($('#groupby_proto').val() == "portprotoany")
{
load_link("base_stat_ports.php?sort_order=occur_d&port_type=1&proto=-1");
}
}
else if ($('#groupby_port').val() == "portdst")
{
if ($('#groupby_proto').val() == "portprototcp")
{
load_link("base_stat_ports.php?sort_order=occur_d&port_type=2&proto=6");
}
else if ($('#groupby_proto').val() == "portprotoudp")
{
load_link("base_stat_ports.php?sort_order=occur_d&port_type=2&proto=17");
}
else if ($('#groupby_proto').val() == "portprotoany")
{
load_link("base_stat_ports.php?sort_order=occur_d&port_type=2&proto=-1");
}
}
}
else if ($('#groupby_1').val() == "sensor")
{
load_link("base_stat_sensor.php?sort_order=occur_d");
}
else if ($('#groupby_1').val() == "otx")
{
load_link("base_stat_otx.php?sort_order=occur_d");
}
else if ($('#groupby_1').val() == "ptypes")
{
load_link("base_stat_ptypes.php?sort_order=occur_d");
}
else if ($('#groupby_1').val() == "plugins")
{
load_link("base_stat_plugins.php?sort_order=occur_d");
}
else if ($('#groupby_1').val() == "country")
{
load_link("base_stat_country.php");
}
else if ($('#groupby_1').val() == "categories")
{
load_link("base_stat_categories.php?sort_order=occur_d");
}
}
// Postload action (call from host_report_menu.php)
function postload() {
if (typeof(DisableContexts)=='function')
{
DisableContexts();
}
if (typeof(parent.hide_overlay_spinner)=='function' && parent.is_loading_box())
{
parent.hide_overlay_spinner();
}
// Show spinner on form submit
$('#bsf, a.qlink').on('click',function(){
if (typeof(parent.show_overlay_spinner)=='function') parent.show_overlay_spinner(true);
});
$('#go_button').on('click',function()
{
if (typeof(parent.show_overlay_spinner)=='function') parent.show_overlay_spinner(true);
var sstr = $("#search_str").val();
var scombo = $("#search_type_combo").val();
if (sstr.match(/\!?\d+\.\d+\.\d+\.\d+/) && scombo == 'Signature')
{
$("#search_type_combo").val('Src or Dst IP');
}
});
// CAPTURE ENTER KEY
$("#search_str").bind("keydown", function(event) {
// track enter key
var keycode = (event.keyCode ? event.keyCode : (event.which ? event.which : event.charCode));
if (keycode == 13) { // keycode for enter key
$('#submit').val('<?php
echo _("Signature");
?>
');
$('#go_button').click();
return false;
} else {
return true;
}
});
// Top Graph Trend SWITCH
$('#trend_checkbox').toggles({
"text" : {
"on" : '<?php
echo _('On');
?>
',
"off" : '<?php
echo _('Off');
?>
'
},
"on" : false,
"width" : 50,
"height" : 18,
});
$('#trend_checkbox').on('toggle', function (e, status) {
if (status == true)
{
// Display trend
$('#iplot').toggle();
$('#loadingTrend').show();
SetIFrameSource('processframe','base_plot.php')
}
else
{
// Hide trend
$('#iplot').toggle();
}
});
// TOOLTIPS
$('.scriptinfo').tipTip({
defaultPosition: "right",
content: function (e) {
var ip = $(this).attr('data-title').replace(/\-.*/,'');
var ctx = $(this).attr('data-title').replace(/.*\-/,'');
$.ajax({
url: 'base_netlookup.php?ip=' + ip + ';' + ctx,
success: function (response) {
e.content.html(response); // the var e is the callback function data (see above)
}
});
return '<?php
echo _("Searching") . "...";
?>
'; // We temporary show a Please wait text until the ajax success callback is called.
}
});
$('.task_info').tipTip({
defaultPosition: "down",
delay_load: 100,
maxWidth: "auto",
edgeOffset: 3,
keepAlive:false,
content: function (e) {
$.ajax({
type: 'GET',
url: 'base_bgtask.php',
success: function (response) {
e.content.html(response); // the var e is the callback function data (see above)
}
});
return '<?php
echo _("Waiting status") . "...";
?>
'; // We temporary show a Please wait text until the ajax success callback is called.
}
});
$('.riskinfo').tipTip({
defaultPosition: "left",
content: function (e) {
return $(this).attr('txt')
}
});
$('.idminfo').tipTip({
defaultPosition: "top",
content: function (e) {
return $(this).attr('txt')
}
});
$('.scriptinfoimg').tipTip({
defaultPosition: "right",
content: function (e) {
return $(this).attr('txt')
}
});
$(".tztooltip").tipTip({
defaultposition: 'right',
content: function (e) {
return $(this).attr('txt')
}
});
$('.scriptinf').tipTip({
defaultPosition: "bottom",
content: function (e) {
return $(this).attr('txt')
}
});
$('.selectu').on('change',function(){
$('#extradatafield').attr('placeholder',$(this).val().ucwords()+' field');
});
if (typeof $('.selectu').val() != 'undefined')
{
$('#extradatafield').attr('placeholder',$('.selectu').val().ucwords()+' field');
}
$('#views_link').on('click',function(event)
{
event.stopPropagation();
$('#actions_dd').hide();
var diff = ($.browser.webkit && !(/chrome/.test(navigator.userAgent.toLowerCase()))) ? -3 : 0;
var vl = $('#views_link').offset();
var tt = vl.top + $('#views_link').outerHeight(true) + diff;
var ll = vl.left - $('#custom_views').outerWidth(true) + $('#views_link').outerWidth(false);
$('#custom_views').css({position: 'absolute', left: Math.floor(ll), top: Math.floor(tt)}).toggle();
return false;
});
$('#views_close').on('click',function()
{
$('#views').hide();
});
$('#actions_link').on('click',function(event)
{
event.stopPropagation();
$('#custom_views').hide();
var diff = ($.browser.webkit && !(/chrome/.test(navigator.userAgent.toLowerCase()))) ? -3 : 0;
var vl = $('#actions_link').offset();
var tt = vl.top + $('#actions_link').outerHeight(true) + diff;
var ll = vl.left - $('#actions_dd').outerWidth(true) + $('#actions_link').outerWidth(true) + diff;
$('#actions_dd').css({position: 'absolute', left: Math.floor(ll), top: Math.floor(tt)}).toggle();
return false;
});
// AUTOCOMPLETES
<?php
$db_aux = new ossim_db(true);
$conn_aux = $db_aux->connect();
// Purge or Restore backup action is running
list($backup_status, $backup_mode, $backup_progress) = Backup::is_running($conn_aux);
if ($backup_status > 0) {
?>
show_backup_status();
<?php
}
$ctx = $_GET["ctx"] != "" ? $_GET["ctx"] : $_SESSION["ctx"];
$ents = '';
if (Session::is_pro()) {
$my_entities = Session::am_i_admin() ? $entities : Acl::get_entities_to_assign($conn_aux);
foreach ($my_entities as $e_id => $e_name) {
if (Session::get_entity_type($conn_aux, $e_id) != 'context') {
continue;
}
$ents .= '<option class="ents" value="' . $e_id . '"' . ($ctx == $e_id ? ' selected' : '') . '>' . _('Context') . ': ' . Util::htmlentities($e_name) . '</option>';
}
}
$db_aux->close($conn_aux);
?>
$("#otx_pulse").autocomplete('/ossim/otx/providers/otx_pulse_autocomplete.php?type=event', {
minChars: 0,
width: 197,
max: 50,
matchContains: "word",
autoFill: false,
scroll: true,
formatItem: function(row, i, max, value)
{
return (value.split('###'))[1];
},
formatResult: function(data, value)
{
return (value.split('###'))[1];
}
}).result(function(event, item)
{
if (typeof(item) != 'undefined' && item != null)
{
var _aux_item = item[0].split('###');
var pulse_id = _aux_item[0];
$('#otx_activity').prop('checked', false);
$("#otx_pulse_value").val(pulse_id);
$("#bsf").click();
}
});
<?php
// AUTOCOMPLETE DEVICES
if (Session::is_pro()) {
?>
$("#device_input").autocomplete('base_devices.php', {
minChars: 0,
width: 197,
max: 50,
matchContains: "word",
autoFill: true,
scroll: true,
formatItem: function(row, i, max, value) {
return value;
},
formatResult: function(data, value)
{
return value;
}
}).result(function(event, item) {
if (typeof(item) != 'undefined' && item != null)
{
$("#device_input").val(item[0]);
$("#bsf").click();
}
});
<?php
}
?>
var dayswithevents = [ <?php
//echo GetDatesWithEvents($db)
?>
];
/* CALENDAR PLUGIN */
$('.date_filter').datepicker(
{
buttonText: "",
showOn: "both",
dateFormat: "yy-mm-dd",
buttonImage: "/ossim/pixmaps/calendar.png",
// Color of the cells
beforeShowDay: function ( date )
{
var classname = '';
var withevents = '';
// With-Events color
//var withevents = (dayswithevents.in_array(date.getTime())) ? ' evented-date' : ''
return [true, classname + withevents];
},
onClose: function(selectedDate)
{
// End date must be greater than the start date
if ($(this).attr('id') == 'date_from')
{
$('#date_to').datepicker('option', 'minDate', selectedDate );
}
else
{
$('#date_from').datepicker('option', 'maxDate', selectedDate );
}
var from = $('#date_from').val();
var to = $('#date_to').val();
if (from != '' && to != '')
{
var url = "&time_range=range&time_cnt=2&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=AND&time%5B1%5D%5B1%5D=%3C%3D"
var f1 = from.split(/\-/);
url = url + '&time%5B0%5D%5B2%5D=' + f1[1]; // month
url = url + '&time%5B0%5D%5B3%5D=' + f1[2]; // day
url = url + '&time%5B0%5D%5B4%5D=' + f1[0]; // year
url = url + '&time%5B0%5D%5B5%5D=00&time%5B0%5D%5B6%5D=00&time%5B0%5D%5B7%5D=00';
var f2 = to.split(/\-/);
url = url + '&time%5B1%5D%5B2%5D=' + f2[1]; // month
url = url + '&time%5B1%5D%5B3%5D=' + f2[2]; // day
url = url + '&time%5B1%5D%5B4%5D=' + f2[0]; // year
url = url + '&time%5B1%5D%5B5%5D=23&time%5B1%5D%5B6%5D=59&time%5B1%5D%5B7%5D=59';
<?php
$uri = Util::htmlentities_url(Util::get_sanitize_request_uri($_SERVER['REQUEST_URI']));
$actual_url = str_replace("?clear_allcriteria=1&", "?", str_replace("&clear_allcriteria=1", "", $uri)) . (preg_match("/\\?.*/", $uri) ? "&" : "?");
?>
// Go
load_link('<?php
echo $actual_url;
?>
'+url);
}
}
});
$('.ndc').disableTextSelect();
// timeline
if (typeof load_tree == 'function') load_tree();
// timeline
if (typeof gen_timeline == 'function') gen_timeline();
// report
if (typeof parent.launch_form == 'function') parent.launch_form();
// trcellclk single and double click handle
var timeOut = 250;
var timeoutID = 0;
var ignoreSingleClicks = false;
var clink = null;
$('.trcellclk').on('click',function(){
if (!ignoreSingleClicks)
{
clink = $(this).data('link')+'&minimal_view=1&noback=1&pag=<?php
echo intval($_POST['submit']);
?>
';
clearTimeout(timeoutID);
timeoutID = setTimeout(
function(){
if (!nogb)
{
GB_show_nohide("<?php
echo _("Event details");
?>
",clink,'65%','85%');
}
}, timeOut);
}
}).on('dblclick',function(){
clearTimeout(timeoutID);
ignoreSingleClicks = true;
setTimeout(function() {
ignoreSingleClicks = false;
}, timeOut);
load_link('<?php
echo AV_MAIN_PATH;
?>
'+$(this).data('link')+'&noheader=true');
}).disableTextSelect();
// Some link handlers
$('a.trlnk,a.trlnka').each(function() {
$(this).click(function() {
nogb=true;
});
});
$('a.trlnks,input.trlnks').each(function() {
$(this).click(function() {
nogb=true;
setTimeout("nogb=false",1000);
});
});
$('.greybox').click(function(){
var t = this.title || $(this).text() || this.href;
GB_show(t,this.href, 550,'85%');
return false;
});
// Clean search box
$('#frm').submit(function() {
if ($('#search_str').attr('class') == "gr")
{
$('#search_str').val("");
}
});
// Risk slider
/*
$("#risk_slider").slider({
from: 1,
to: 5,
smooth: false,
callback: function( event, ui ) { alert('yeah'); }
});
*/
$('#more_filters_button').click(function(){
more_filters_toggle();
});
$('#adv_search_button').click(function(){
GB_show("<?php
echo _("Advanced Search");
?>
","/forensics/base_qry_form.php", 550, 900);
return false;
});
<?php
if ($_POST['gbhide'] == "1") {
?>
var params = new Array();
params['nostop'] = 1;
parent.GB_hide(params);
<?php
}
?>
// Select Section Tab
load_section(current_section);
if (current_section == 'grouped')
{
var selected_tab = 1;
}
else if (current_section == 'timeline')
{
var selected_tab = 2;
}
else
{
var selected_tab = 0;
}
/* Activating the tab plugin */
$("#tab_siem").tabs(
{
selected: selected_tab,
select: function(event, ui)
{
var action_id = $(ui.tab).data('action_id');
switch(action_id)
{
case 0:
load_section('events');
break;
case 1:
load_link('base_qry_main.php?submit=Query+DB');
break;
case 2:
load_link('<?php
echo $_SESSION["siem_default_group"] != "" ? $_SESSION["siem_default_group"] : "base_stat_alerts.php?sort_order=occur_d";
?>
');
break;
case 3:
load_section('timeline');
break;
case 4:
load_link('base_timeline.php');
break;
}
}
});
}
// Check backup status with interval while is running
function show_backup_status()
{
var form_data = 'action=status';
$.ajax({
type: 'GET',
url: '<?php
echo AV_MAIN_PATH;
?>
/backup/ajax/backup_actions.php',
dataType: 'json',
data: form_data,
success: function(data)
{
if (typeof(data) != 'undefined' && typeof(data.message) != 'undefined' && data.message != '')
{
var url = "<?php
echo Menu::get_menu_url(AV_MAIN_PATH . '/backup/index.php', 'configuration', 'administration', 'backups', 'backups_events');
?>
";
var backup_link = '<a href="' + url + '">' + data.message + '</a>';
var msg = 'A background task could be affecting to the performance<br/>' + backup_link;
show_notification(msg, 'backup_info', 'nf_warning', 'padding: 2px; width: 100%; margin: auto; text-align: left');
setTimeout('show_backup_status()', 10000);
}
else
{
$('#backup_info').html('');
}
}
});
}
function show_notification (msg, container, nf_type, style)
{
var nt_error_msg = (msg == '') ? '<?php
echo _('Sorry, operation was not completed due to an error when processing the request');
?>
' : msg;
var style = (style == '' ) ? 'width: 80%; text-align:center; padding: 5px 5px 5px 22px; margin: 20px auto;' : style;
var config_nt = { content: nt_error_msg,
options: {
type: nf_type,
},
style: style
};
var nt_id = 'nt_ns';
var nt = new Notification(nt_id, config_nt);
var notification = nt.show();
$('#'+container).html(notification);
}
function report_launcher(data,type) {
var url = '<?php
echo urlencode((preg_match("/\\?/", $_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $_SERVER["REQUEST_URI"] . "?" . $_SERVER["QUERY_STRING"]) . "&export=1");
?>
';
var dates = '<?php
echo $y1 != "" ? "&date_from=" . urlencode("{$y1}-{$m11}-{$d1}") : "&date_from=";
echo $y2 != "" ? "&date_to=" . urlencode("{$y2}-{$m21}-{$d2}") : "&date_to=";
?>
';
GB_show("<?php
echo _("Report options");
?>
",'/forensics/report_launcher.php?url='+url+'&data='+data+'&type='+type+dates,200,'40%');
return false;
}
// bgtask check
<?php
if ($_SESSION["deletetask"] != "") {
echo "if (typeof __timeout == 'undefined' || !__timeout) bgtask();\n";
} else {
echo "// Not running";
}
?>
$(document).ready(function()
{
$('#search_type_combo').on('change', show_search_tooltip);
$('#search_type_combo').trigger('change');
$('.pholder').placeholder();
});
</script>
</head>
<body>
<?php
// Include search form, current criteria box, and stats box
if (!array_key_exists("minimal_view", $_GET) && !array_key_exists("noheader", $_GET)) {
include "base_header.php";
}
}
