1#!/usr/bin/perl 2 3# create_inc_form.pl, distributed as part of Snortsnarf v021111.1 4# Author: James Hoagland, Silicon Defense (hoagland@SiliconDefense.com) 5# copyright (c) 2000 by Silicon Defense (http://www.silicondefense.com/) 6# Released under GNU General Public License, see the COPYING file included 7# with the distribution or http://www.silicondefense.com/software/snortsnarf/ 8# for details. 9 10# create_inc_form.pl is a Pipeline module to display an HTML page that 11# displays incident fields and allows the user to edit them before they 12# are stored in an incident database 13# pipeline args: incident field info, set name to be part of incident, set 14# file to be part of incident 15# side effect: displayes HTML on browser 16 17# Please send complaints, kudos, and especially improvements and bugfixes to 18# hoagland@SiliconDefense.com. As described in GNU General Public License, no 19# warranty is expressed for this program. 20 21sub process { 22 require "sisr_utils.pl"; 23 require "alertset_xml.pl"; 24 my ($input)= shift; 25 @_ == 3 || (&reporterr("create_inc_form.pl takes 3 arguments (inc field info,set name,set file), but got:".join(' ',@_),0) && return 0); 26 27 my ($incfldinfo,$setname,$setfile)= &arg_to_val($input,@_); 28 my ($flddescr,$fldorder)= &decode_fldinfo($incfldinfo); 29 $setfile= "file://$setfile"; 30 31 # print out headers 32 print $input->header(-header => 'text/html',-expires => '+0d'); 33 34 # probably really want to get these from the config file 35 my($path)= $input->param('_path'); 36 37 my $configfile= $input->param('configfile'); 38 39 print "<HTML><HEAD><TITLE>Establish fields for new incident</TITLE></HEAD>\n"; 40 41 print <<">>"; 42<BODY bgcolor="#E7DEBD"> 43<H1>Establish fields for new incident</H1> 44Fill out this form to create a new incident for the labeled alert set "$setname". Some fields have been filled in based on the alerts. Please review all fields before creating the incident.<P> 45>> 46 47&pipeline_form_start("notempty.pl \$creator \$name|config_inc_flds_db.pl $configfile \$ifieldinfo \$incfile | add_incident_to_db.pl \$ifieldinfo \$incfile | incident_view.pl \$name \$incfile",$path); 48 49print <<">>"; 50<TABLE BORDER=3> 51 <TR> 52 <TH>Field</TH> 53 <TH>Value</TH> 54 </TR> 55 <TR> 56 <TD ALIGN=right>Incident name</TD> 57 <TD ALIGN=left><INPUT NAME="name" VALUE="$setname" SIZE=25></TD> 58 </TR> 59 <TR> 60 <TD ALIGN=right>Your name</TD> 61 <TD ALIGN=left><INPUT NAME="creator" SIZE=25></TD> 62 </TR> 63 <TR> 64 <TD ALIGN=right>Alert set name</TD> 65 <TD ALIGN=left>$setname<INPUT TYPE=hidden NAME="setname" VALUE="$setname"></TD> 66 </TR> 67 <TR> 68 <TD ALIGN=right>Alert set file location</TD> 69 <TD ALIGN=left>$setfile<INPUT TYPE=hidden NAME="setfile" VALUE="$setfile"></TD> 70 </TR> 71>> 72 73 my($curval,$size); 74 foreach $fld (@{$fldorder}) { 75 $curval= $input->param($fld); 76 $size= (length $curval) + 5; 77 $size= 45 unless $size > 45; 78 print <<">>" 79 <TR> 80 <TD ALIGN=right>$flddescr->{$fld}</TD> 81 <TD ALIGN=left><INPUT NAME="$fld" VALUE="$curval" SIZE=$size></TD> 82 </TR> 83>> 84 } 85 86 print <<">>"; 87 88</TABLE> 89<INPUT TYPE="submit" VALUE="Create incident"> 90 91<INPUT TYPE=hidden NAME="configfile" VALUE="$configfile"> 92</FORM> 93</BODY> 94</HTML> 95>> 96} 97 98\&process; 99 100# $Id: create_inc_form.pl,v 1.11 2001/10/18 18:23:25 jim Exp $ 101