foreach ($sim_events as $sim_event) {
if ($i >= 5) {
continue;
}
$color = $i % 2 == 0 ? "#F2F2F2" : "#FFFFFF";
$current_sip32 = $sim_event['sip'];
$current_sip = baseLong2IP($current_sip32);
$current_dip32 = $sim_event['dip'];
$current_dip = baseLong2IP($current_dip32);
$current_oasset_s = $sim_event['oasset_s'];
$current_oasset_d = $sim_event['oasset_d'];
$current_oprio = $sim_event['prio'];
$current_oreli = $sim_event['rel'];
$current_oriskc = $sim_event['risk_c'];
$current_oriska = $sim_event['risk_a'];
$proto = IPProto2str($sim_event['proto']);
if ($current_sip32 != "") {
$country = strtolower(geoip_country_code_by_addr($gi, $current_sip));
$country_name = geoip_country_name_by_addr($gi, $current_sip);
if ($country) {
$country_img = " <img src=\"/ossim/pixmaps/flags/" . $country . ".png\" alt=\"{$country_name}\" title=\"{$country_name}\">";
} else {
$country_img = "";
}
$ip_aux = $sensors[$current_sip] != "" ? $sensors[$current_sip] : ($hosts[$current_sip] != "" ? $hosts[$current_sip] : $current_sip);
$ip_src = '<A HREF="base_stat_ipaddr.php?ip=' . $current_sip . '&netmask=32">' . $ip_aux . '</A><FONT SIZE="-1">' . $current_sport . '</FONT>' . $country_img;
} else {
/* if no IP address was found check if this is a spp_portscan message
* and try to extract a source IP
* - contrib: Michael Bell <*****@*****.**>
*/
qroPrintEntry($div2 . $d_country_img . BuildAddressLink($ip_dip, 32) . $ip_dip . '</A>' . $bdiv2, "", "", "nowrap");
if ($fqdn == "yes") {
qroPrintEntry('<FONT>' . $dip_fqdn . '</FONT>');
}
qroPrintEntry('<FONT>' . IPProto2str($proto) . '</FONT>');
$tmp = '<A HREF="base_stat_ports.php?port_type=2&proto=' . $proto . $tmp_ip_criteria . '">';
qroPrintEntry($tmp . $num_unique_dport . '</A>');
$tmp = '<A HREF="base_stat_alerts.php?foo=1' . $tmp_ip_criteria . '">';
qroPrintEntry($tmp . $num_unique . '</A>');
$tmp = '<A HREF="base_qry_main.php?new=1' . '&num_result_rows=-1' . '&submit=' . gettext("Query DB") . '&current_view=-1' . $tmp_ip_criteria . '">';
qroPrintEntry($tmp . $num_occurances . '</A>');
qroPrintEntryFooter();
}
$i++;
// report_data
$report_data[] = array($ip_sip, '', $ip_dip, '', IPProto2str($proto), "", "", "", "", "", "", $num_unique_dport, $num_unique, $num_occurances, $s_country_img != '' || $d_country_img != '' ? $s_country_img . "####" . $d_country_img : '');
}
$result->baseFreeRows();
$dbo->close($_conn);
$qro->PrintFooter();
$qs->PrintBrowseButtons();
$qs->PrintAlertActionButtons();
$qs->SaveReportData($report_data, $unique_iplinks_report_type);
$qs->SaveState();
echo "<input type='hidden' name='fqdn' value='" . Util::htmlentities($fqdn) . "'>\n";
echo "\n</FORM>\n";
PrintBASESubFooter();
$et->Mark("Get Query Elements");
$et->PrintTiming();
$db->baseClose();
echo "</body>\r\n</html>";
</TABLE>
<br/>
<TABLE class="table_list">
<TR>
<th>' . gettext("Source Address") . '</th>
<th>' . gettext("Source Port") . '</th>
<th>' . gettext("Destination Address") . '</th>
<th>' . gettext("Destination Port") . '</th>
<th>' . gettext("Protocol") . '</th>
</TR>
<TR>
<TD class="plfield" nowrap><div id="' . $current_sip . ';' . $sip_aux . ';' . $myrow2["src_host"] . '" ctx="' . $ctx . '" class="HostReportMenu">' . $ip_src_data . '</div></TD>
<TD class="plfield" nowrap>' . $layer4_sport . '</TD>
<TD class="plfield" nowrap><div id="' . $current_dip . ';' . $dip_aux . ';' . $myrow2["dst_host"] . '" ctx="' . $ctx . '" class="HostReportMenu">' . $ip_dst_data . '</div></TD>
<TD class="plfield" nowrap>' . $layer4_dport . '</TD>
<TD class="plfield" nowrap>' . IPProto2str($ip_proto) . '</TD>
</TR>
</TABLE>
</div>
</div>
<BR>
<div class="siem_detail_table">
<div class="siem_detail_section">SIEM</div>
<div class="siem_detail_content">
';
echo ' <TABLE class="table_list">
<TR>
<th>' . _("Unique Event ID#") . '</th>
<th>' . gettext("Asset") . ' S<img border="0" align="absmiddle" src="images/arrow-000-small.gif">D</th>
} else {
$country_img = "";
$dlnk = $dlnkrd = "";
}
$dip_aux = $sensors[$current_dip] != "" ? $sensors[$current_dip] : ($hosts[$current_dip] != "" ? $hosts[$current_dip] : $current_dip);
$div = '<div id="' . $current_dip . ';' . $ip_aux . '" class="HostReportMenu">';
$bdiv = '</div>';
$homelan = ($match_cidr = Net::is_ip_in_cache_cidr($_conn, $current_dip)) || in_array($current_dip, $hosts_ips) ? " <a href='javascript:;' class='scriptinfo' style='text-decoration:none' ip='{$current_dip}'><img src=\"" . Host::get_homelan_icon($current_dip, $icons, $match_cidr, $_conn) . "\" border=0></a>" : "";
if ($homelan != "") {
$dlnk = "<img src='images/homelan.png' align='absmiddle' border=0 style='width:3mm'>";
$dlnkrd = $current_url . "/forensics/images/homelan.png";
}
}
//
$i++;
$report_data[] = array(trim(html_entity_decode($despues)), $myrow["timestamp"], $sip_aux . $current_sport, $slnkrd, $dip_aux . $current_dport, $dlnkrd, $current_url . "/forensics/bar2.php?value=" . $current_oasset_s . "&value2=" . $current_oasset_d . "&max=5", $current_url . "/forensics/bar2.php?value=" . $current_oprio . "&max=5", $current_url . "/forensics/bar2.php?value=" . $current_oreli . "&max=9", $current_url . "/forensics/bar2.php?value=" . $current_oriskc . "&value2=" . $current_oriska . "&max=9&range=1", IPProto2str($current_proto), $rowid, $myrow["sid"], $myrow["cid"]);
}
$result->baseFreeRows();
$dbo->close($_conn);
$qs->PrintAlertActionButtons();
$qs->SaveReportData($report_data, $events_report_type);
$qs->SaveState();
?>
<form action="base_timeline.php" id="ftl">
<table cellpadding=0 cellspacing=0 width="100%">
<tr>
<td align="left" style="padding-top:3px">
<img src="../pixmaps/arrow_green.gif" border=0 align="absmiddle"> <?php
echo _("Timeline resolution");
?>
:
qroPrintEntry(BuildAddressLink(baseLong2IP($dip), 32) . $ip_dip . '</A>' . $d_country_img . $homelan_dip, "", "", "nowrap");
if ($fqdn == "yes") {
qroPrintEntry('<FONT>' . $dip_fqdn . '</FONT>');
}
qroPrintEntry('<FONT>' . IPProto2str($proto) . '</FONT>');
$tmp = '<A HREF="base_stat_ports.php?port_type=2&proto=' . $proto . $tmp_ip_criteria . '">';
qroPrintEntry($tmp . $num_unique_dport . '</A>');
$tmp = '<A HREF="base_stat_alerts.php?foo=1' . $tmp_ip_criteria . '">';
qroPrintEntry($tmp . $num_unique . '</A>');
$tmp = '<A HREF="base_qry_main.php?new=1' . '&num_result_rows=-1' . '&submit=' . gettext("Query+DB") . '&current_view=-1' . $tmp_ip_criteria . '">';
qroPrintEntry($tmp . $num_occurances . '</A>');
qroPrintEntryFooter();
}
$i++;
// report_data
$report_data[] = array($ip_sip, $slnk, $ip_dip, $dlnk, IPProto2str($proto), "", "", "", "", "", "", $num_unique_dport, $num_unique, $num_occurances);
}
$result->baseFreeRows();
$dbo->close($_conn);
$qro->PrintFooter();
$qs->PrintBrowseButtons();
$qs->PrintAlertActionButtons();
$qs->SaveReportData($report_data, $unique_iplinks_report_type);
$qs->SaveState();
echo "<input type='hidden' name='fqdn' value='{$fqdn}'>\n";
echo "\n</FORM>\n";
PrintBASESubFooter();
$et->Mark("Get Query Elements");
$et->PrintTiming();
echo "</body>\r\n</html>";
geoip_close($gi);
break;
case 1:
$context = '<a href="javascript:;" title="'._("Event prioritized, as target inventory matched the list of affected systems").'"><img src="images/marker_yellow.png" border="0"></a>';
break;
case 0:
$context = '<a href="javascript:;" title="'._("No action related to the context analysis").'"><img src="images/marker_grey.png" border="0"></a>';
break;
}
$cell_data['CONTEXT'] = $context;
$cell_align['CONTEXT'] = "center";
$cell_more['CONTEXT'] = "nowrap";*/
// 11- Protocol
//qroPrintEntry('<FONT>' . IPProto2str($current_proto) . '</FONT>');
$cell_data['IP_PROTO'] = IPProto2str($current_proto);
$cell_align['IP_PROTO'] = "center";
// X- ExtraData
$cell_data['USERNAME'] = Util::htmlentities(Util::wordwrap($myrow['username'], 25, " ", true));
$cell_data['PASSWORD'] = Util::htmlentities(Util::wordwrap($myrow['password'], 25, " ", true));
$cell_data['FILENAME'] = Util::htmlentities(Util::wordwrap($myrow['filename'], 25, " ", true));
$cell_data['PAYLOAD'] = Util::htmlentities(Util::wordwrap($myrow['data_payload'], 25, " ", true));
for ($u = 1; $u < 10; $u++) {
$cell_data['USERDATA' . $u] = $i < 9 ? Util::htmlentities(Util::wordwrap($myrow['userdata' . $u], 25, " ", true)) : Util::htmlentities($myrow['userdata' . $u]);
}
// IDM-Reputation Data
$cell_data['SRC_USERDOMAIN'] = Util::htmlentities($myrow['src_userdomain']);
$cell_align['SRC_USERDOMAIN'] = "center";
$cell_data['DST_USERDOMAIN'] = Util::htmlentities($myrow['dst_userdomain']);
$cell_align['DST_USERDOMAIN'] = "center";
$cell_data['SRC_HOSTNAME'] = Util::htmlentities($myrow['src_hostname']);
}
$src_net_id = $myrow['src_net'];
$dst_net_id = $myrow['dst_net'];
// 5- Source IP Address
if ($current_sip32 != "") {
$src_output = Asset_host::get_extended_name($_conn, $geoloc, $current_sip, $ctx, $myrow['src_host'], $myrow["src_net"]);
$sip_aux = $src_output['name'];
}
// 6- Destination IP Address
if ($current_dip32 != "") {
$dst_output = Asset_host::get_extended_name($_conn, $geoloc, $current_dip, $ctx, $myrow['dst_host'], $myrow["dst_net"]);
$dip_aux = $dst_output['name'];
}
//
$i++;
$report_data[] = array(trim(html_entity_decode($despues)), $myrow["timestamp"], $sip_aux . $current_sport, '', $dip_aux . $current_dport, '', $current_url . "/forensics/bar2.php?value=" . $current_oasset_s . "&value2=" . $current_oasset_d . "&max=5", $current_url . "/forensics/bar2.php?value=" . $current_oprio . "&max=5", $current_url . "/forensics/bar2.php?value=" . $current_oreli . "&max=9", strtoupper(bin2hex($myrow["id"])), IPProto2str($current_proto), $rowid, 0, 0, '');
}
$result->baseFreeRows();
$dbo->close($_conn);
$geoloc->close();
$qs->PrintAlertActionButtons();
$qs->SaveReportData($report_data, $events_report_type);
$qs->SaveState();
$db->baseClose();
?>
<form action="base_timeline.php" id="ftl">
<br/>
<table class="transparent" cellpadding=0 cellspacing=0 width="100%">
<tr>
<td align="left" style="padding-top:3px" class='siem_title_gray'>
<?php
