function ip_max_occurrences($target, $date_from, $date_to) { global $NUM_HOSTS; global $security_report; global $report_type; global $geoloc; /* ossim framework conf */ $conf = $GLOBALS['CONF']; $report_graph_type = $conf->get_conf('report_graph_type'); if (!strcmp($target, "ip_src")) { if ($report_type == "alarm") { $target = "src_ip"; } $title = _("Attacker hosts"); } elseif (!strcmp($target, "ip_dst")) { if ($report_type == "alarm") { $target = "dst_ip"; } $title = _("Attacked hosts"); } $list = $security_report->AttackHost($target, $NUM_HOSTS, $report_type, $date_from, $date_to); if (!is_array($list) || empty($list)) { return 0; } ?> <table class='t_alarms'> <thead> <tr><td colspan='2' class="headerpr"><?php echo _("Top"); echo " {$NUM_HOSTS} {$title}"; ?> </td></tr> </thead> <tbody> <tr> <td class='td_container'> <table class="table_data"> <thead> <tr> <th> <?php echo _("Host"); ?> </th> <th> <?php echo _("Occurrences"); ?> </th> </tr> </thead> <tbody> <?php foreach ($list as $l) { $ip = $l[0]; $occurrences = number_format($l[1], 0, ",", "."); $id = $l[2]; $ctx = $l[3]; $host_output = Asset_host::get_extended_name($security_report->ossim_conn, $geoloc, $ip, $ctx, $id); $hostname = $host_output['name']; $icon = $host_output['html_icon']; $os = valid_hex32($id) ? Asset_host_properties::get_os_by_host($security_report->ossim_conn, $id) : ""; $os_pixmap = preg_match("/unknown/", $os) ? '' : $os; $bold = $host_output['is_internal']; ?> <tr> <td class='td_data <?php if ($bold) { echo 'bold'; } ?> '> <?php echo $icon . ' ' . $hostname . ' ' . $os_pixmap; ?> </td> <td class='td_data'><?php echo $occurrences; ?> </td> </tr> <?php } ?> </tbody> </table> </td> <td class='td_container'> <?php if ($report_graph_type == "applets") { jgraph_attack_graph($target, $NUM_HOSTS); } else { ?> <img src="graphs/attack_graph.php?target=<?php echo $target; ?> &hosts=<?php echo $NUM_HOSTS; ?> &type=<?php echo $report_type; ?> &date_from=<?php echo urlencode($date_from); ?> &date_to=<?php echo urlencode($date_to); ?> " alt="attack_graph"/> <?php } ?> </td> </tr> </tbody> </table> <?php return 1; }
<table style="width:80mm; padding-top: 10px; padding-bottom: 10px;"> <tr> <th>' . gettext("Host") . '</th> <th class="center">' . gettext("Occurrences") . '</th> </tr>'); $c = 0; $shared_file = $dDB["_shared"]->dbfile(); $dDB["_shared"]->put("SS_AttackedHost" . $runorder, $list); $font_size = getFontSizeSIEM($list); foreach ($list as $l) { $ip = $l[0]; $occurrences = number_format($l[1], 0, ",", "."); $host_id = $l[2]; $ctx = $l[3] != '' ? $l[3] : Session::get_default_ctx(); $host_output = Asset_host::get_extended_name($security_report->ossim_conn, $geoloc, $ip, $ctx, $host_id); $os_pixmap = $host_id != "" ? Asset_host_properties::get_os_by_host($security_report->ossim_conn, $host_id) : ""; $hostname = $host_id != "" ? $host_output['name'] : $ip; $icon = $host_output['html_icon']; $link = "{$acid_link}/" . $acid_prefix . "_stat_alerts.php?&" . "num_result_rows=-1&" . "submit=Query+DB&" . "current_view=-1&" . "ip_addr[0][1]={$target}&" . "ip_addr[0][2]==&" . "ip_addr[0][3]={$ip}&" . "ip_addr_cnt=1&" . "sort_order=time_d"; $bc = $c++ % 2 != 0 ? "class='par'" : ""; $htmlPdfReport->set(' <tr ' . $bc . '> <td style="width:55mm;font-size:' . $font_size . 'px">' . $icon . ' ' . Util::wordwrap($hostname, 21, " ", true) . ' ' . $os_pixmap . '</td> <td style="width:22mm;text-align:center;font-size:' . $font_size . 'px">' . $occurrences . '</td> </tr>'); } $htmlPdfReport->set(' </table> </td> <td valign="top" style="padding-top:15px; width:98mm;">'); if ($report_graph_type == "applets") {
<!-- C & A levels for each IP --> <tr> <td align="center"> <a href="<?php echo $r_url; ?> " title="<?php echo $ip; ?> "><?php echo $hostname; ?> </a> <?php echo Asset_host_properties::get_os_by_host($conn, $host_id); ?> </td> <td align="center"> <a href="<?php echo $cp_url; ?> "> <img src="../pixmaps/graph.gif" border="0"/> </a> </td> <td class="left"> <?php if ($compromise <= $threshold_c) { ?> <img src="../pixmaps/solid-blue.jpg" height="12" width="<?php