$colors = get_widget_colors(count($data)); break; case "events": //Filters of assets. $query_where = Security_report::make_where($conn, '', '', array(), $assets_filters, '', '', false); //Limit of alarms to show in the widget. $limit = $chart_info['top'] != '' ? $chart_info['top'] : 5; //Sql Query $sqlgraph = "SELECT sum( acid_event.cnt ) as num_events, p.name, p.plugin_id, p.sid from alienvault_siem.ac_acid_event as acid_event, alienvault.plugin_sid p WHERE p.plugin_id=acid_event.plugin_id AND p.sid=acid_event.plugin_sid {$query_where} group by p.name order by num_events desc limit {$limit}"; $rg = $conn->CacheExecute($sqlgraph); if (!$rg) { print $conn->ErrorMsg(); } else { while (!$rg->EOF) { $data[] = $rg->fields["num_events"]; $name = Util::signaturefilter($rg->fields["name"]); $label[] = $name; $link = Menu::get_menu_url("/ossim/forensics/base_qry_main.php?clear_allcriteria=1&time_range=all&submit=Query+DB&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=" . $rg->fields["plugin_id"] . "%3B" . $rg->fields["sid"] . "&sort_order=time_d&hmenu=Forensics&smenu=Forensics", 'analysis', 'security_events'); $links[] = $link; $rg->MoveNext(); } } $hide_x_axis = TRUE; $colors = get_widget_colors(count($data)); break; case 'siemhours': //Amount of hours to show in the widget. $max = $chart_info['range'] == '' ? 16 : $chart_info['range']; //Type of graph. In this case is the simple raphael. $js = "analytics"; //Retrieving the data of the widget
if (count($list) == 0) { $htmlPdfReport->set(' <table class="w100" cellpadding="0" cellspacing="0"> <tr> <td class="w100" align="center" valign="top">' . _("No data available") . '</td> </tr> </table><br/><br/>'); return; } $htmlPdfReport->set(' <table class="w100" cellpadding="0" cellspacing="0"> <tr> <td style="padding:15px 0px 0px 0px;width:100%" valign="top"> <table class="w100"> <tr>'); $htmlPdfReport->set('<th>' . _("Event") . '</th>'); $htmlPdfReport->set('<th class="center">' . gettext("Risk") . '</th></tr>'); $c = 0; foreach ($list as $l) { $event = $l[0]; $risk = $l[1]; $bc = $c++ % 2 != 0 ? "class='par'" : ""; $htmlPdfReport->set('<tr ' . $bc . '> <td style="text-align:left;width:68%">' . Util::wordwrap(Util::htmlentities(Util::signaturefilter($event)), 70, " ", true) . '</td> <td nowrap="nowrap" class="left" style="width:32%">' . echo_risk($risk, 1) . '</td></tr>'); } $htmlPdfReport->set('</table> </td> </tr> </table><br/>'); }
$font_size = 12; } else { if (count($list) <= 30) { $font_size = 10; } else { $font_size = 8; } } foreach ($list as $l) { $event = $l[0]; $occurrences = number_format($l[1], 0, ',', '.'); $link = "{$ossim_link}/alarm/alarm_console.php"; $bc = $c++ % 2 != 0 ? "class='par'" : ''; $htmlPdfReport->set(' <tr ' . $bc . '> <td style="text-align:left;width:60mm;font-size:' . $font_size . 'px">' . Util::wordwrap(Util::htmlentities(Util::signaturefilter($event)), 30, ' ', TRUE) . '</td> <td style="text-align:center;width:22mm;font-size:' . $font_size . 'px">' . $occurrences . '</td> </tr>'); } $htmlPdfReport->set(' </table> </td> <td valign="top" style="text-align:center;padding-top:15px;">'); if ($report_graph_type == 'applets') { jgraph_nbevents_graph(); } else { $htmlPdfReport->set('<img src="' . $htmlPdfReport->newImage('/report/graphs/events_received_graph.php?shared=' . urlencode($shared_file) . '&hosts=' . $num_hosts . '&type=' . $report_type . '&date_from=' . urlencode($date_from) . '&date_to=' . urlencode($date_to) . '&runorder=' . $runorder, 'png') . '" />'); } $htmlPdfReport->set(' </td> </tr>
</tr></table> <script> $(function () { $.plot($("#graph"), [ <?php $i = 0; foreach ($data_pie as $data => $label) { if ($i < 10) { $label = addslashes($label); ?> <?php echo $i++ == 0 ? "" : ","; ?> { label: "<?php echo Util::signaturefilter($label); ?> ", data: <?php echo $data; ?> } <?php } } ?> ], { pie: { show: true, pieStrokeLineWidth: 1, pieStrokeColor: '#FFF',
if ($type == "event" && is_array($SS_TopEvents) && count($SS_TopEvents) > 0) { $list = $SS_TopEvents; } elseif ($type == "alarm" && is_array($SA_TopAlarms) && count($SA_TopAlarms) > 0) { $list = $SA_TopAlarms; } else { $list = $security_report->Events($limit, $type, $date_from, $date_to); } $data_pie = array(); $legend = $data = array(); foreach ($list as $key => $l) { if ($key >= 10) { // ponemos un límite de resultados para la gráfica break; } $data_pie[$l[1]] = Security_report::Truncate($l[0], 60); $legend[] = Util::signaturefilter(Security_report::Truncate($l[0], 60)); $data[] = $l[1]; } $total = array_sum($data); $labels = array(); $tlabels = array(); $zero = $one = $two = 0; foreach ($data as $value) { if (round($value / $total, 2) * 100 == 0) { // 0% $zero++; } else { if (round($value / $total, 2) * 100 == 1) { // 1% $one++; } else {
function event_max_risk($date_from, $date_to) { global $NUM_HOSTS; global $security_report; global $report_type; require_once 'sec_util.php'; ?> <table align="center" width="100%" cellpadding="0" cellspacing="0" class="noborder"> <tr><td class="headerpr"> <?php if ($report_type == "alarm") { ?> <?php echo _("Top"); ?> <?php echo "{$NUM_HOSTS} " . _("Alarms by Risk"); ?> <?php } else { ?> <?php echo _("Top"); ?> <?php echo "{$NUM_HOSTS} " . _("Events by Risk"); ?> <?php } ?> </td></tr></table> <table align="center" width="100%"> <tr> <?php if ($report_type == "alarm") { ?> <th> <?php echo gettext("Alarm"); ?> </th> <?php } else { ?> <th> <?php echo gettext("Event"); ?> </th> <?php } ?> <th> <?php echo gettext("Risk"); ?> </th> </tr> <?php $list = $security_report->EventsByRisk($NUM_HOSTS, $report_type, $date_from, $date_to); foreach ($list as $l) { $event = $l[0]; $risk = $l[1]; ?> <tr> <td style="text-align:left;"><?php echo Util::signaturefilter($event); ?> </a></td> <td style="text-align:left;"><?php echo_risk($risk); ?> </td> </tr> <?php } ?> </table> <br/> <?php }
function top_siem_events($conn, $limit) { $data = array(); $perms_sql = "WHERE 1=1"; $domain = Session::get_ctx_where(); if ($domain != "") { $perms_sql .= " AND ac.ctx in ({$domain})"; } // Asset filter $hosts = Session::get_host_where(); $nets = Session::get_net_where(); if ($hosts != "") { $perms_sql .= " AND (ac.src_host in ({$hosts}) OR ac.dst_host in ({$hosts})"; if ($nets != "") { $perms_sql .= " OR ac.src_net in ({$nets}) OR ac.dst_net in ({$nets}))"; } else { $perms_sql .= ")"; } } elseif ($nets != "") { $perms_sql .= " AND (ac.src_net in ({$nets}) OR ac.dst_net in ({$nets}))"; } $query = "SELECT sum(ac.cnt) as num, plugin_sid.name FROM alienvault_siem.ac_acid_event AS ac LEFT JOIN alienvault.plugin_sid ON plugin_sid.plugin_id=ac.plugin_id AND plugin_sid.sid=ac.plugin_sid {$perms_sql} GROUP BY name ORDER BY num DESC LIMIT {$limit}"; $rs = $conn->Execute($query); if (!$rs) { echo "error"; die($conn->ErrorMsg()); } while (!$rs->EOF) { $data[Util::signaturefilter($rs->fields["name"])] = $rs->fields["num"]; $rs->MoveNext(); } return $data; }
function event_max_risk($date_from, $date_to) { global $NUM_HOSTS; global $security_report; global $report_type; require_once 'sec_util.php'; $list = $security_report->EventsByRisk($NUM_HOSTS, $report_type, $date_from, $date_to); if (!is_array($list) || empty($list)) { return 0; } ?> <table class='t_alarms'> <thead> <tr> <td class="headerpr"> <?php if ($report_type == "alarm") { echo _("Top") . " " . $NUM_HOSTS . " " . _("Alarms by Risk"); } else { echo _("Top") . " " . $NUM_HOSTS . " " . _("Events by Risk"); } ?> </td> </tr> </thead> <tbody> <tr> <td class='td_container'> <table class='table_data'> <thead> <tr> <?php if ($report_type == "alarm") { ?> <th> <?php echo gettext("Alarm"); ?> </th> <?php } else { ?> <th> <?php echo gettext("Event"); ?> </th> <?php } ?> <th><?php echo gettext("Risk"); ?> </th> </tr> </thead> <tbody> <?php foreach ($list as $l) { $event = $l[0]; $risk = $l[1]; ?> <tr> <td class='left td_data' valign='middle'><?php echo Util::signaturefilter($event); ?> </td> <td class='left td_data' valign='middle'><?php echo_risk($risk); ?> </td> </tr> <?php } ?> </tbody> </table> </td> </tr> </tbody> </table> <br/> <?php return 1; }
<table class="transparent"> <tr> <?php if ($tags_html[$id_tag] != "") { ?> <td class="transparent"> <?php echo preg_replace("/ <a(.*)<\\/a>/", "", $tags_html[$id_tag]); ?> </td> <?php } ?> <td class="transparent"> <?php echo Util::signaturefilter(Alarm::transform_alarm_name($conn, $group['name'])); ?> <span style='font-size:xx-small;'>(<?php echo $ocurrences; ?> <?php echo $ocurrence_text; ?> )</span> </td> </tr> </table> </td> <td><?php
function top_siem_events($conn, $limit) { $data = array(); $sensor_where = ""; $sensor_join = ""; if (Session::allowedSensors() != "") { $user_sensors = explode(",", Session::allowedSensors()); $snortsensors = get_sensor_sids($conn); $sids = array(); foreach ($user_sensors as $user_sensor) { //echo "Sids de $user_sensor ".$snortsensors[$user_sensor][0]."<br>"; if (count($snortsensors[$user_sensor]) > 0) { foreach ($snortsensors[$user_sensor] as $sid) { if ($sid != "") { $sids[] = $sid; } } } } if (count($sids) > 0) { $sensor_where = " AND acid_event.plugin_id=alarm.plugin_id AND acid_event.plugin_sid=alarm.plugin_sid AND acid_event.sid in (" . implode(",", $sids) . ")"; $sensor_where_ac = " WHERE acid_event.sid in (" . implode(",", $sids) . ")"; } else { $sensor_where = " AND acid_event.plugin_id=alarm.plugin_id AND acid_event.plugin_sid=alarm.plugin_sid AND acid_event.sid in (0)"; // Vacio $sensor_where_ac = " WHERE acid_event.sid in (0)"; // Vacio } $sensor_join = $counter == 1 ? "snort.acid_event as acid_event," : "snort.acid_event,"; } if ($sensor_where_ac != "") { $query = "SELECT count(*) as num, plugin_sid.name FROM " . str_replace(",", "", $sensor_join) . " LEFT JOIN ossim.plugin_sid ON plugin_sid.plugin_id=acid_event.plugin_id AND plugin_sid.sid=acid_event.plugin_sid {$sensor_where_ac} GROUP BY name ORDER BY num DESC LIMIT {$limit}"; } else { $query = "SELECT sum(ac.sig_cnt) as num, plugin_sid.name FROM snort.ac_alerts_signature AS ac LEFT JOIN ossim.plugin_sid ON plugin_sid.plugin_id=ac.plugin_id AND plugin_sid.sid=ac.plugin_sid GROUP BY name ORDER BY num DESC LIMIT {$limit}"; } if (!($rs =& $conn->Execute($query))) { echo "error"; die($conn->ErrorMsg()); } while (!$rs->EOF) { $data[Util::signaturefilter($rs->fields["name"])] = $rs->fields["num"]; $rs->MoveNext(); } return $data; }
echo $background; ?> '> <table class="transparent"> <tr> <?php if ($tags_html[$id_tag] != "") { ?> <td class="nobborder"><?php echo $tags_html[$id_tag]; ?> </td><?php } ?> <td class="nobborder"><?php echo Util::signaturefilter($group['name']); ?> <span style='font-size:xx-small; text-color: #AAAAAA;'>(<?php echo $ocurrences; ?> <?php echo $ocurrence_text; ?> )</span></td> </tr> </table> </th> <th width='10%' style='text-align: center; border-width: 0px; background: <?php echo $background; ?> '><?php
$chart['chart_type'] = "column"; break; } //echo "$query<br>"; // PHP/SWF Chart License - Licensed to ossim.com. For distribution with ossim only. No other redistribution / usage allowed. // For more information please check http://www.maani.us/charts/index.php?menu=License_bulk $chart['license'] = "J1XF-CMEW9L.HSK5T4Q79KLYCK07EK"; //$chart[ 'chart_data' ] = array ( array ( "", "US","UK","India", "Japan","China" ), array ( "", 50,70,55,60,30 ) ); $chart['chart_pref'] = array('rotation_x' => 60); $chart['chart_rect'] = array('x' => 50, 'y' => 130, 'width' => 130, 'height' => 200, 'positive_alpha' => 0); $chart['chart_transition'] = array('type' => "scale", 'delay' => 0.1, 'duration' => 0.3, 'order' => "category"); $chart['chart_type'] = "3d pie"; $chart['chart_value'] = array('as_percentage' => true, 'size' => 9, 'color' => "000000", 'alpha' => 85); $chart['legend_label'] = array('layout' => "vertical", 'bullet' => "circle", 'size' => 11, 'color' => "505050", 'alpha' => 85, 'bold' => false); $chart['legend_rect'] = array('x' => 220, 'y' => 220, 'width' => 20, 'height' => 40, 'fill_alpha' => 0); $chart['series_color'] = array("cc6600", "aaaa22", "8800dd", "666666", "4488aa"); $chart['series_explode'] = array(0, 50); $legend = array(); $values = array(); if (!($rs =& $conn->Execute($query))) { print $conn->ErrorMsg(); exit; } while (!$rs->EOF) { array_push($legend, Util::signaturefilter($rs->fields["name"])); array_push($values, $rs->fields["num"]); $rs->MoveNext(); } $chart['live_update'] = array('url' => "/ossim/graphs/alarms_events_data2.php?bypassexpirationupdate=1&counter=" . $counter . "&time=" . time(), 'delay' => 8); $chart['chart_data'] = array($legend, $values); SendChartData($chart);