OSSIM寮€婧愬畨鍏ㄤ俊鎭鐞嗙郴缁燂紙鍥涳級简介2021SC@SDUSC涓€銆乄eb閮ㄥ垎婧愪唬鐮佸垎鏋?銆佺畝杩扮敤鎴锋帴瑙SSIM骞冲彴鏈€澶氱殑鏄?Web UI锛岄€氳繃Web 浠ュ彲瑙嗗寲鏂瑰紡杞绘澗鑾峰彇鍚勭瀹夊叏鍒嗘瀽鐨勫浘琛紝浣滀负鏅€氳繍缁翠汉鍛樻垨鑰呯洃鎺т汉鍛橈紝缁濆ぇ澶氭暟鎿嶄綔閮芥槸閫氳繃Web UI 鏉ュ畬鎴愩€俉eb UI 鐣岄潰浠ュ強鍚勯儴鍒嗘墍瀵瑰簲鐨勫姛鑳斤紝宸插湪鍓嶉潰鐨勫崥鏂囦腑杩涜浜嗚缁嗙殑闃愯堪璁茶В锛屾湰绡囧崥鏂囦究涓嶅啀璧樿堪2銆乄eb UI瀵瑰簲婧愪唬鐮佺洰褰曠粨鏋刉eb UI 浠?php 涓 涓€銆乄eb閮ㄥ垎婧愪唬鐮佸垎鏋?/h1>1銆佺畝杩?/h2>2銆乄eb UI瀵瑰簲婧愪唬鐮佺洰褰曠粨鏋?/h2>
3銆乻ecurity.php婧愮爜鍒嗘瀽require_once 'av_init.php';require_once 'sensor_filter.php';require_once '../widget_common.php';require_once 'common.php'; Session::logcheck("dashboard-menu", "ControlPanelExecutive");Session::logcheck("analysis-menu", "EventsForensics");$db = new ossim_db(TRUE);$conn = $db->connect(); ossim_valid($type, OSS_TEXT, 'illegal:' . _("type"));ossim_valid($id, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Widget ID"));if (ossim_error()) {
die(ossim_error());}$winfo = array();$chart_info = array(); if (!isset($id) || empty($id)){
//瀹氫箟鎺т欢楂樺害
$winfo['height'] = GET("height");
//瀹氫箟绫诲瀷:鍥捐〃鏍囩浜戠瓑
$winfo['wtype'] = GET("wtype");
//瀹氫箟璧勪骇
$winfo['asset'] = GET("asset");
//鍥捐〃绫诲瀷,鍥句緥鍙傛暟绛?/span> $chart_info = json_decode(GET("value"),true); }else {
$winfo = get_widget_data($conn, $id);
//鍥捐〃绫诲瀷,鍥句緥鍙傛暟
$chart_info = $winfo['params']; }ossim_valid($winfo['wtype'], OSS_TEXT, 'illegal:' . _("Type"));ossim_valid($winfo['height'], OSS_DIGIT, 'illegal:' . _("Widget ID"));ossim_valid($winfo['asset'], OSS_HEX,OSS_SCORE,OSS_ALPHA,OSS_USER, 'illegal:' . _("Asset/User/Entity"));if (is_array($chart_info) && !empty($chart_info)){
$validation = get_array_validation();
foreach($chart_info as $key=>$val)
{
if ($validation[$key] == '')
{
continue;
}
eval("ossim_valid(\"\$val\", ".$validation[$key].", 'illegal:" . _($key)."');");
} }if (ossim_error()) {
die(ossim_error());}//瀹氫箟涓€涓帶浠惰嚜韬暟缁?/span>$data = array(); //鎺т欢鐨勬爣绛?#xff0c;渚嬪鍥捐〃涓殑鍥句緥銆佹爣绛句簯涓殑鏍囬绛?..$label = array(); //瀹氫箟姣忎釜鍏冪礌鐨勯摼鎺ユ暟缁?/span>$links = array(); switch($type){
case "tcp":$query_where = Security_report::make_where($conn, gmdate("Y-m-d 00:00:00",gmdate("U")-7200), gmdate("Y-m-d 23:59:59"), array(), $assets_filters);//鍦ㄦ帶浠朵腑鏄剧ず鐨勬渶澶ф敾鍑绘鏁般€?$limit = ($chart_info['top'] != '')? $chart_info['top'] : 30;
//SQL鏌ヨ
//鍦ㄦ煡璇腑浣跨敤鍙傛暟
$sql = "select layer4_dport as port, count(id) as num from alienvault_siem.acid_event where layer4_dport != 0 and ip_proto=6 $query_where group by port order by num desc limit $limit";
//鍥炴樉 $sql;
$rs = $conn->CacheExecute($sql);
if (!$rs)
{
print $conn->ErrorMsg();
}
else
{
$array_aux = array();
while (!$rs->EOF)
{
$array_aux[$rs->fields["port"]] = $rs->fields["num"];
$link = Menu::get_menu_url('/ossim/forensics/base_qry_main.php?tcp_port[0][0]=&tcp_port[0][1]=layer4_dport&tcp_port[0][2]==&tcp_port[0][3]='.$rs->fields["port"].'&tcp_port[0][4]=&tcp_port[0][5]=&tcp_flags[0]=&layer4=TCP&num_result_rows=-1¤t_view=-1&new=1&submit=QUERYDBP&sort_order=sig_a&clear_allcriteria=1&clear_criteria=time&time_range=all', 'analysis', 'security_events');
$links[$rs->fields["port"]] = $link;
$rs->MoveNext();
}
//鎸夌収绔彛鐨勫悕绉版帓搴忓缁撴灉杩涜鎺掑簭,鑰屼笉鏄敾鍑荤殑鏁伴噺銆?/span> ksort($array_aux);
$data = array_values($array_aux);
$label = array_keys($array_aux);
//serie鍚嶇О
$serie = 'Amount of Attacks';
//棰滆壊璁剧疆
$colors = "#333333";
}
break;case "promiscuous":
//鏃ユ湡鑼冨洿
$range = ($chart_info['range'] > 0)? ($chart_info['range'] * 86400) : 432000;
//璧勪骇杩囨护
$query_where = Security_report::make_where($conn, gmdate("Y-m-d 00:00:00",gmdate("U")-$range), gmdate("Y-m-d 23:59:59"), array(), $assets_filters);
//璁剧疆涓绘満鍦ㄦ帶浠朵腑鏄剧ず鐨勯檺鍒躲€?/span> $limit = ($chart_info['top'] != '')? $chart_info['top'] : 10;
//杩炴帴鍒癝IEM鎺у埗鍙伴〉闈?/span> $forensic_link = Menu::get_menu_url("/ossim/forensics/base_qry_main.php?clear_allcriteria=1&time_range=range&time_cnt=2&time[0][0]=+&time[0][1]=%3E%3D&time[0][8]=+&time[0][9]=AND&time[1][1]=%3C%3D&time[0][2]=".gmdate("m",$timetz-$range)."&time[0][3]=".gmdate("d",$timetz-$range)."&time[0][4]=".gmdate("Y",$timetz-$range)."&time[0][5]=00&time[0][6]=00&time[0][7]=00&time[1][2]=".gmdate("m",$timetz)."&time[1][3]=".gmdate("d",$timetz)."&time[1][4]=".gmdate("Y",$timetz)."&time[1][5]=23&time[1][6]=59&time[1][7]=59&submit=Query+DB&num_result_rows=-1&time_cnt=1&sort_order=time_d&hmenu=Forensics&smenu=Forensics", 'analysis', 'security_events');
//SQL鏌ヨ
//鍦ㄦ煡璇腑浣跨敤鍙傛暟,鐢ㄦ埛鍙傛暟鏌ヨ
$sqlgraph = "select count(distinct(ip_dst)) as num_events,ip_src as name from alienvault_siem.po_acid_event AS acid_event WHERE 1=1 $query_where group by ip_src having ip_src>0x00000000000000000000000000000000 order by num_events desc limit $limit";
$rg = $conn->CacheExecute($sqlgraph);
if (!$rg)
{
print $conn->ErrorMsg();
}
else
{
while (!$rg->EOF)
{
$data[] = $rg->fields["num_events"];
$label[] = inet_ntop($rg->fields["name"]);
$links[] = $forensic_link . '&ip_addr[0][0]=+&ip_addr[0][1]=ip_src&ip_addr[0][2]=%3D&ip_addr[0][3]=' . inet_ntop($rg->fields["name"]) . '&ip_addr[0][8]=+&ip_addr[0][9]=+&ip_addr_cnt=1';
$rg->MoveNext();
}
}
$colors = get_widget_colors(count($data));
break;case 'siemhours':
//鍦ㄦ帶浠朵腑鏄剧ず鐨勫皬鏃舵暟銆?/span> $max = ($chart_info['range'] == '')? 16 : $chart_info['range'];
//妫€绱㈠皬閮ㄤ欢鐨勬暟鎹?/span> $js = "analytics";
$fdate = gmdate("Y-m-d H",$timetz-(3600*($max-1)));
$values = SIEM_trends($max, $assets_filters, $fdate);
//灏嗕俊鎭牸寮忓寲涓哄澶勭悊绋嬪簭鏈夋晥鐨勬牸寮忋€?/span> for ($i=$max-1; $i>=0; $i--)
{
$tref = $timetz-(3600*$i);
$h = gmdate("j G",$tref)."h";
$label[] = preg_replace("/\d+ /","",$h);
$data[] = ($values[$h]!="") ? $values[$h] : 0;
$link = Menu::get_menu_url("/ossim/forensics/base_qry_main.php?clear_allcriteria=1&time_range=range&time[0][0]=+&time[0][1]=>%3D&time[0][2]=".gmdate("m",$tref)."&time[0][3]=".gmdate("d",$tref)."&time[0][4]=".gmdate("Y",$tref)."&time[0][5]=".gmdate("H",$tref)."&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=".gmdate("m",$tref)."&time[1][3]=".gmdate("d",$tref)."&time[1][4]=".gmdate("Y",$tref)."&time[1][5]=".gmdate("H",$tref)."&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d&hmenu=Forensics&smenu=Forensics", 'analysis', 'security_events');
$key = preg_replace('/^0/', '', gmdate("H",$tref) . 'h');
$links[$key] = $link;
}
$siem_url = $links;
$colors = "'#444444'";
//閮ㄤ欢涓虹┖鏃剁殑娑堟伅銆?/span> $nodata_text = "No data available yet";
break;require 'handler.php'; 4銆丱verview婧愮爜鍒嗘瀽require_once 'av_init.php'; Session::logcheck("dashboard-menu", "ControlPanelExecutive");$login = Session::get_session_user();$pro = Session::is_pro(); /*濡傛灉鐢ㄦ埛session閲岄潰瀛樺偍浜嗛粯璁ら€夐」鍗?#xff0c;鐩存帴璧嬪€肩粰default_tab*/if (!empty($_SESSION['default_tab'])){
$default_tab = $_SESSION['default_tab'];}/*濡傛灉娌℃湁璁剧疆榛樿閫夐」鍗?#xff0c;鏂板缓鐢ㄦ埛閰嶇疆,瀛樺偍榛樿閰嶇疆*/else{
$config_aux = new User_config($conn);
$default_tab = $config_aux->get($login, 'panel_default', 'simple', "main");
$default_tab = ($default_tab > 0) ? $default_tab : 1;
//鎶婇€夐」鍗′繚瀛樺湪session涓?/span> $_SESSION['default_tab'] = $default_tab;}$panel_id = $default_tab;//鍒ゆ柇鏄惁涓虹┖if (GET('panel_id') != ""){
$panel_id = GET('panel_id');}elseif ($_SESSION['_db_panel_selected'] != ""){
$panel_id = $_SESSION['_db_panel_selected'];}$tab_list = Dashboard_tab::get_tabs_by_user($login, $edit); if (empty($tab_list)){
//tab_list涓虹┖
$config_nt = array(
'content' => _('No tabs have been found').".",
'options' => array (
'type' => 'nf_warning',
'cancel_button' => ''
),
//鍓嶇css浠g爜
'style' => ' margin:25px auto 0 auto;text-align:center;padding:3px 30px;'
);
$nt = new Notification('nt_panel', $config_nt);
$nt->show();
die(); }+ 转载:感谢您对网站平台的认可,以及对我们原创作品以及文章的青睐,非常欢迎各位朋友分享到个人站长或者朋友圈,但转载请说明文章出处“来源搜码吧-程序员大本营,技术文章内容聚合第一站”。https://www./xitong/457962.html 很赞哦! (0) |
|
|
