1#!/usr/bin/perl
2
3# create_inc_form.pl, distributed as part of Snortsnarf v021111.1
4# Author: James Hoagland, Silicon Defense (hoagland@SiliconDefense.com)
5# copyright (c) 2000 by Silicon Defense (http://www.silicondefense.com/)
6# Released under GNU General Public License, see the COPYING file included
7# with the distribution or http://www.silicondefense.com/software/snortsnarf/
8# for details.
9
10# create_inc_form.pl is a Pipeline module to display an HTML page that
11#   displays incident fields and allows the user to edit them before they
12#   are stored in an incident database
13# pipeline args: incident field info, set name to be part of incident, set
14#   file to be part of incident
15# side effect: displayes HTML on browser
16
17# Please send complaints, kudos, and especially improvements and bugfixes to
18# hoagland@SiliconDefense.com.  As described in GNU General Public License, no
19# warranty is expressed for this program.
20
21sub process {
22    require "sisr_utils.pl";
23    require "alertset_xml.pl";
24    my ($input)= shift;
25    @_ == 3 || (&reporterr("create_inc_form.pl takes 3 arguments (inc field info,set name,set file), but got:".join(' ',@_),0) && return 0);
26
27    my ($incfldinfo,$setname,$setfile)= &arg_to_val($input,@_);
28    my ($flddescr,$fldorder)= &decode_fldinfo($incfldinfo);
29    $setfile= "file://$setfile";
30
31    # print out headers
32    print $input->header(-header => 'text/html',-expires => '+0d');
33
34    # probably really want to get these from the config file
35    my($path)= $input->param('_path');
36
37    my $configfile= $input->param('configfile');
38
39    print "<HTML><HEAD><TITLE>Establish fields for new incident</TITLE></HEAD>\n";
40
41    print <<">>";
42<BODY bgcolor="#E7DEBD">
43<H1>Establish fields for new incident</H1>
44Fill out this form to create a new incident for the labeled alert set "$setname".  Some fields have been filled in based on the alerts.  Please review all fields before creating the incident.<P>
45>>
46
47&pipeline_form_start("notempty.pl \$creator \$name|config_inc_flds_db.pl $configfile \$ifieldinfo \$incfile | add_incident_to_db.pl \$ifieldinfo \$incfile | incident_view.pl \$name \$incfile",$path);
48
49print <<">>";
50<TABLE BORDER=3>
51    <TR>
52        <TH>Field</TH>
53        <TH>Value</TH>
54    </TR>
55    <TR>
56        <TD ALIGN=right>Incident name</TD>
57        <TD ALIGN=left><INPUT NAME="name" VALUE="$setname" SIZE=25></TD>
58    </TR>
59    <TR>
60        <TD ALIGN=right>Your name</TD>
61        <TD ALIGN=left><INPUT NAME="creator" SIZE=25></TD>
62    </TR>
63    <TR>
64        <TD ALIGN=right>Alert set name</TD>
65        <TD ALIGN=left>$setname<INPUT TYPE=hidden NAME="setname" VALUE="$setname"></TD>
66    </TR>
67    <TR>
68        <TD ALIGN=right>Alert set file location</TD>
69        <TD ALIGN=left>$setfile<INPUT TYPE=hidden NAME="setfile" VALUE="$setfile"></TD>
70    </TR>
71>>
72
73    my($curval,$size);
74    foreach $fld (@{$fldorder}) {
75        $curval= $input->param($fld);
76        $size= (length $curval) + 5;
77        $size= 45 unless $size > 45;
78        print <<">>"
79    <TR>
80        <TD ALIGN=right>$flddescr->{$fld}</TD>
81        <TD ALIGN=left><INPUT NAME="$fld" VALUE="$curval" SIZE=$size></TD>
82    </TR>
83>>
84    }
85
86    print <<">>";
87
88</TABLE>
89<INPUT TYPE="submit" VALUE="Create incident">
90
91<INPUT TYPE=hidden NAME="configfile" VALUE="$configfile">
92</FORM>
93</BODY>
94</HTML>
95>>
96}
97
98\&process;
99
100# $Id: create_inc_form.pl,v 1.11 2001/10/18 18:23:25 jim Exp $
101