getType(), ['Computer', 'NetworkEquipment', 'Peripheral', 'Phone', 'Printer'])) { $nb = 0; if ($_SESSION['glpishow_count_on_tabs']) { $nb = self::countForItem($item); } return self::createTabEntry(__('Wazuh Alerts', 'siem-wazuh'), $nb); } } return ''; } /** * Display tab content */ static function displayTabContentForItem(CommonGLPI $item, $tabnum = 1, $withtemplate = 0) { if (in_array($item->getType(), ['Computer', 'NetworkEquipment', 'Peripheral', 'Phone', 'Printer'])) { self::showForItem($item); } return true; } /** * Count alerts for item */ static function countForItem(CommonGLPI $item) { global $DB; $itemtype = $item->getType(); $items_id = $item->getID(); $field_map = [ 'Computer' => 'computer_id', 'NetworkEquipment' => 'networkequipment_id', 'Peripheral' => 'peripheral_id', 'Phone' => 'phone_id', 'Printer' => 'printer_id' ]; if (!isset($field_map[$itemtype])) { return 0; } return countElementsInTable('glpi_plugin_siem_wazuh_alerts', [ $field_map[$itemtype] => $items_id ]); } /** * Show alerts for item */ static function showForItem(CommonGLPI $item) { global $DB, $CFG_GLPI; $itemtype = $item->getType(); $items_id = $item->getID(); $field_map = [ 'Computer' => 'computer_id', 'NetworkEquipment' => 'networkequipment_id', 'Peripheral' => 'peripheral_id', 'Phone' => 'phone_id', 'Printer' => 'printer_id' ]; if (!isset($field_map[$itemtype])) { return; } $field = $field_map[$itemtype]; $canupdate = Session::haveRight(static::$rightname, UPDATE); // Récupération des alertes $iterator = $DB->request([ 'SELECT' => [ 'glpi_plugin_siem_wazuh_alerts.*', 'glpi_plugin_siem_wazuh_servers.name AS server_name' ], 'FROM' => 'glpi_plugin_siem_wazuh_alerts', 'LEFT JOIN' => [ 'glpi_plugin_siem_wazuh_servers' => [ 'ON' => [ 'glpi_plugin_siem_wazuh_alerts' => 'wazuh_server_id', 'glpi_plugin_siem_wazuh_servers' => 'id' ] ] ], 'WHERE' => [$field => $items_id], 'ORDER' => ['timestamp DESC', 'rule_level DESC'], 'LIMIT' => 100 ]); $alerts = iterator_to_array($iterator); echo "
"; // Résumé des alertes self::showAlertsSummary($alerts); if (count($alerts) > 0) { // Filtres self::showAlertsFilters($item, $field); // Tableau des alertes self::showAlertsTable($alerts, $canupdate); // Actions de masse if ($canupdate && count($alerts) > 0) { self::showMassActions($item, $field); } } else { echo "
"; echo "

" . __('No Wazuh alerts found for this item', 'siem-wazuh') . "

"; echo "
"; } echo "
"; } /** * Show alerts summary */ static function showAlertsSummary($alerts) { $stats = [ 'total' => count($alerts), 'new' => 0, 'processed' => 0, 'ticket_created' => 0, 'ignored' => 0, 'critical' => 0, 'high' => 0, 'medium' => 0, 'low' => 0 ]; foreach ($alerts as $alert) { $stats[$alert['status']]++; $stats[$alert['severity']]++; } echo "
"; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo "
" . __('Alerts Summary', 'siem-wazuh') . "
" . $stats['total'] . "
" . __('Total', 'siem-wazuh') . "		" . $stats['new'] . "
" . __('New', 'siem-wazuh') . "		" . $stats['processed'] . "
" . __('Processed', 'siem-wazuh') . "		" . $stats['ticket_created'] . "
" . __('Ticket Created', 'siem-wazuh') . "		" . $stats['critical'] . "
" . __('Critical', 'siem-wazuh') . "		" . $stats['high'] . "
" . __('High', 'siem-wazuh') . "		" . $stats['medium'] . "
" . __('Medium', 'siem-wazuh') . "		" . $stats['low'] . "
" . __('Low', 'siem-wazuh') . "
"; echo "
"; echo "
"; } /** * Show alerts filters */ static function showAlertsFilters($item, $field) { echo "
"; echo "
"; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo "
" . __('Filters', 'siem-wazuh') . "
" . __('Status') . ""; $statuses = ['all' => __('All')] + PluginSiemWazuhAlert::getStatusArray(); Dropdown::showFromArray('filter_status', $statuses, [ 'value' => $_GET['filter_status'] ?? 'all' ]); echo "" . __('Severity', 'siem-wazuh') . ""; $severities = ['all' => __('All')] + PluginSiemWazuhAlert::getSeverityArray(); Dropdown::showFromArray('filter_severity', $severities, [ 'value' => $_GET['filter_severity'] ?? 'all' ]); echo "
" . __('Date from', 'siem-wazuh') . ""; Html::showDateField('filter_date_from', [ 'value' => $_GET['filter_date_from'] ?? '' ]); echo "" . __('Date to', 'siem-wazuh') . ""; Html::showDateField('filter_date_to', [ 'value' => $_GET['filter_date_to'] ?? '' ]); echo "
"; echo ""; echo " "; echo ""; echo "
"; echo "
"; echo "
"; echo "
"; } /** * Show alerts table */ static function showAlertsTable($alerts, $canupdate) { echo "
"; echo "
"; echo ""; $header = ""; if ($canupdate) { $header .= ""; } $header .= ""; $header .= ""; $header .= ""; $header .= ""; $header .= ""; $header .= ""; $header .= ""; $header .= ""; $header .= ""; $header .= ""; echo $header; if (count($alerts) == 0) { echo ""; echo ""; echo ""; } $statuses = PluginSiemWazuhAlert::getStatusArray(); $severities = PluginSiemWazuhAlert::getSeverityArray(); foreach ($alerts as $alert) { echo ""; if ($canupdate) { echo ""; } echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; } echo "
"; $header .= ""; $header .= "" . __('Alert ID', 'siem-wazuh') . "" . __('Server', 'siem-wazuh') . "" . __('Rule', 'siem-wazuh') . "" . __('Level', 'siem-wazuh') . "" . __('Agent', 'siem-wazuh') . "" . __('Timestamp', 'siem-wazuh') . "" . __('Status') . "" . __('Severity', 'siem-wazuh') . "" . __('Ticket') . "
"; echo __('No alerts found', 'siem-wazuh'); echo "
"; echo ""; echo ""; echo ""; echo $alert['alert_id']; echo ""; echo "" . $alert['server_name'] . ""; echo "" . $alert['rule_id'] . "
"; echo "" . Html::clean($alert['rule_description']) . ""; echo "		"; echo ""; echo $alert['rule_level']; echo ""; echo ""; echo $alert['agent_name'] . "
"; echo "" . $alert['agent_ip'] . ""; echo "		" . Html::convDateTime($alert['timestamp']) . ""; echo ""; echo $statuses[$alert['status']]; echo ""; echo ""; echo ""; echo $severities[$alert['severity']]; echo ""; echo ""; if ($alert['ticket_id']) { $ticket = new Ticket(); if ($ticket->getFromDB($alert['ticket_id'])) { echo $ticket->getLink(); } } else { echo "-"; } echo "
"; if ($canupdate && count($alerts) > 0) { echo "
"; echo ""; echo " "; echo ""; echo " "; echo ""; echo "
"; } echo Html::closeForm(); echo "
"; } /** * Show mass actions */ static function showMassActions($item, $field) { echo "
"; echo "
"; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo "
" . __('Mass Actions', 'siem-wazuh') . "
" . __('Sync new alerts', 'siem-wazuh') . ""; echo ""; echo "
" . __('Export alerts', 'siem-wazuh') . ""; echo ""; echo __('Export CSV', 'siem-wazuh'); echo ""; echo "
"; echo "
"; } /** * Get search options for item */ static function getSearchOptionsForItem($itemtype) { $tab = []; $tab[5150]['table'] = 'glpi_plugin_siem_wazuh_alerts'; $tab[5150]['field'] = 'id'; $tab[5150]['name'] = __('Wazuh Alerts', 'siem-wazuh'); $tab[5150]['forcegroupby'] = true; $tab[5150]['usehaving'] = true; $tab[5150]['datatype'] = 'count'; $tab[5150]['massiveaction'] = false; $field_map = [ 'Computer' => 'computer_id', 'NetworkEquipment' => 'networkequipment_id', 'Peripheral' => 'peripheral_id', 'Phone' => 'phone_id', 'Printer' => 'printer_id' ]; if (isset($field_map[$itemtype])) { $tab[5150]['linkfield'] = $field_map[$itemtype]; } return $tab; } } // JavaScript pour les fonctionnalités interactives echo "";