echo 'error###' . ossim_get_error_clean(); exit; } $query_temp = array(); // // select src_ip from alarm table and not defined into nets // $ips = array(); $plugin_id = NULL; $plugin_groups = NULL; $source_type = NULL; $category = NULL; $subcategory = NULL; $limit = 20; // Taxonomy filters $plugin_list = Plugin_sid::get_all_sids($conn, $plugin_id, $source_type, $category, $subcategory, $plugin_groups); // Data Source events or Source Type events $selected = ""; // src_ips from acid_event $where = Security_report::make_where($conn, $date_from, $date_to, $plugin_list, $dDB); $ejoin = preg_match('/plist_[a-z]+/', $where) ? preg_replace('/.*(plist_[a-z]+)\\.id .*/', ',\\1', $where) : ''; $query = "SELECT DISTINCT ip_src AS ip FROM alienvault_siem.acid_event {$ejoin} WHERE 1=1 {$where}\n UNION SELECT DISTINCT ip_dst as ip FROM alienvault_siem.acid_event {$ejoin} WHERE 1=1 {$where}"; $rs = $conn->Execute($query); if (!$rs) { Av_exception::throw_error(Av_exception::DB_ERROR, $conn->ErrorMsg()); } $already = array(); while (!$rs->EOF) { $ip = inet_ntop($rs->fields['ip']); if (!isset($already[$ip])) { //Session::hostAllowed($conn,$ip) => not necessary here?