Home / Browse / Sguil / Mail / Archive
Sguil

Email Archive: sguil-cvs (read-only)

[Sguil-cvs] sguil/client sguil.tk,1.158,1.159
From: Steve Halligan <shalligan@us...> - 2005-01-21 19:11
Update of /cvsroot/sguil/sguil/client
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv27972

Modified Files:
	sguil.tk 
Log Message:
added 'quick' queries off the RC menus.  These bypass the Query Builder and run the query.  Re-org'd some of the menus to fit these in.  -srh


Index: sguil.tk
===================================================================
RCS file: /cvsroot/sguil/sguil/client/sguil.tk,v
retrieving revision 1.158
retrieving revision 1.159
diff -C2 -d -r1.158 -r1.159
*** sguil.tk	20 Jan 2005 20:02:07 -0000	1.158
--- sguil.tk	21 Jan 2005 19:11:04 -0000	1.159
***************
*** 2365,2378 ****
  set ipQueryMenu [ menu .ipQueryMenu -background blue -foreground white -activeforeground blue\
   -activebackground white -tearoff 0 ]
! .ipQueryMenu add cascade -label "Query Event Table" -menu $ipQueryMenu.eventMenu
! .ipQueryMenu add cascade -label "Query Sessions Table" -menu $ipQueryMenu.sessionsMenu
! .ipQueryMenu add cascade -label "Query Sancp Table" -menu $ipQueryMenu.sancpMenu
  .ipQueryMenu add cascade -label "Dshield IP Lookup" -menu $ipQueryMenu.dshieldIPMenu
  .ipQueryMenu add cascade -label "Nessus Report Lookup" -menu $ipQueryMenu.nessusMenu
! menu $ipQueryMenu.eventMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
!  -activebackground white
! menu $ipQueryMenu.sessionsMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
   -activebackground white
! menu $ipQueryMenu.sancpMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
   -activebackground white
  menu $ipQueryMenu.dshieldIPMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
--- 2365,2376 ----
  set ipQueryMenu [ menu .ipQueryMenu -background blue -foreground white -activeforeground blue\
   -activebackground white -tearoff 0 ]
! .ipQueryMenu add cascade -label "Quick Query" -menu $ipQueryMenu.quickMenu
! .ipQueryMenu add cascade -label "Advanced Query" -menu $ipQueryMenu.advancedMenu
  .ipQueryMenu add cascade -label "Dshield IP Lookup" -menu $ipQueryMenu.dshieldIPMenu
  .ipQueryMenu add cascade -label "Nessus Report Lookup" -menu $ipQueryMenu.nessusMenu
! 
! menu $ipQueryMenu.quickMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
   -activebackground white
! menu $ipQueryMenu.advancedMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
   -activebackground white
  menu $ipQueryMenu.dshieldIPMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
***************
*** 2380,2401 ****
  menu $ipQueryMenu.nessusMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
   -activebackground white
! $ipQueryMenu.eventMenu add command -label "Query SrcIP" -command "QueryRequest event srcip 1"
! $ipQueryMenu.eventMenu add command -label "Query DstIP" -command "QueryRequest event dstip 1"
! $ipQueryMenu.eventMenu add command -label "Query Src To Dst" -command "QueryRequest event src2dst 1"
! $ipQueryMenu.eventMenu add command -label "Query RT SrcIP" -command "QueryRequest event srcip 0"
! $ipQueryMenu.eventMenu add command -label "Query RT DstIP" -command "QueryRequest event dstip 0"
! $ipQueryMenu.eventMenu add command -label "Query RT Src To Dst" -command "QueryRequest event src2dst 0"
! $ipQueryMenu.sessionsMenu add command -label "Query SrcIP" -command "QueryRequest sessions srcip 0"
! $ipQueryMenu.sessionsMenu add command -label "Query SrcIP/1 hour" -command "QueryRequest sessions srcip 1"
! $ipQueryMenu.sessionsMenu add command -label "Query DstIP" -command "QueryRequest sessions dstip 0"
! $ipQueryMenu.sessionsMenu add command -label "Query DstIP/1 hour" -command "QueryRequest sessions dstip 1"
! $ipQueryMenu.sessionsMenu add command -label "Query Src To Dst" -command "QueryRequest sessions src2dst 0"
! $ipQueryMenu.sessionsMenu add command -label "Query Src To Dst/1 hour" -command "QueryRequest sessions src2dst 1"
! $ipQueryMenu.sancpMenu add command -label "Query SrcIP" -command "QueryRequest sancp srcip 0"
! $ipQueryMenu.sancpMenu add command -label "Query SrcIP/1 Hour" -command "QueryRequest sancp srcip 1"
! $ipQueryMenu.sancpMenu add command -label "Query DstIP" -command "QueryRequest sancp dstip 0"
! $ipQueryMenu.sancpMenu add command -label "Query DstIP/1 Hour" -command "QueryRequest sancp dstip 1"
! $ipQueryMenu.sancpMenu add command -label "Query Src To Dst" -command "QueryRequest sancp src2dst 0"
! $ipQueryMenu.sancpMenu add command -label "Query Src To Dst/1 Hour" -command "QueryRequest sancp src2dst 1"
  $ipQueryMenu.dshieldIPMenu add command -label "SrcIP" -command "GetDshieldIP srcip"
  $ipQueryMenu.dshieldIPMenu add command -label "DstIP" -command "GetDshieldIP dstip"
--- 2378,2414 ----
  menu $ipQueryMenu.nessusMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
   -activebackground white
! 
! foreach { currentMenu subcommand } { .ipQueryMenu.quickMenu "quick" .ipQueryMenu.advancedMenu "build" } {
!     $currentMenu add cascade -label "Query Event Table" -menu $currentMenu.eventMenu
!     $currentMenu add cascade -label "Query Sessions Table" -menu $currentMenu.sessionsMenu
!     $currentMenu add cascade -label "Query Sancp Table" -menu $currentMenu.sancpMenu
!     
!     menu $currentMenu.eventMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
! 	-activebackground white
!     menu $currentMenu.sessionsMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
! 	-activebackground white
!     menu $currentMenu.sancpMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
! 	-activebackground white
!     
!     $currentMenu.eventMenu add command -label "Query SrcIP" -command "QueryRequest event srcip normal $subcommand"
!     $currentMenu.eventMenu add command -label "Query DstIP" -command "QueryRequest event dstip normal $subcommand"
!     $currentMenu.eventMenu add command -label "Query Src To Dst" -command "QueryRequest event src2dst normal $subcommand"
!     $currentMenu.eventMenu add command -label "Query RT SrcIP" -command "QueryRequest event srcip RT $subcommand"
!     $currentMenu.eventMenu add command -label "Query RT DstIP" -command "QueryRequest event dstip RT $subcommand"
!     $currentMenu.eventMenu add command -label "Query RT Src To Dst" -command "QueryRequest event src2dst RT $subcommand"
!     $currentMenu.sessionsMenu add command -label "Query SrcIP" -command "QueryRequest sessions srcip normal $subcommand"
!     $currentMenu.sessionsMenu add command -label "Query SrcIP/1 hour" -command "QueryRequest sessions srcip hour $subcommand"
!     $currentMenu.sessionsMenu add command -label "Query DstIP" -command "QueryRequest sessions dstip normal $subcommand"
!     $currentMenu.sessionsMenu add command -label "Query DstIP/1 hour" -command "QueryRequest sessions dstip hour $subcommand"
!     $currentMenu.sessionsMenu add command -label "Query Src To Dst" -command "QueryRequest sessions src2dst normal $subcommand"
!     $currentMenu.sessionsMenu add command -label "Query Src To Dst/1 hour" -command "QueryRequest sessions src2dst hour $subcommand"
!     $currentMenu.sancpMenu add command -label "Query SrcIP" -command "QueryRequest sancp srcip normal $subcommand"
!     $currentMenu.sancpMenu add command -label "Query SrcIP/1 Hour" -command "QueryRequest sancp srcip hour $subcommand"
!     $currentMenu.sancpMenu add command -label "Query DstIP" -command "QueryRequest sancp dstip normal $subcommand"
!     $currentMenu.sancpMenu add command -label "Query DstIP/1 Hour" -command "QueryRequest sancp dstip hour $subcommand"
!     $currentMenu.sancpMenu add command -label "Query Src To Dst" -command "QueryRequest sancp src2dst normal $subcommand"
!     $currentMenu.sancpMenu add command -label "Query Src To Dst/1 Hour" -command "QueryRequest sancp src2dst hour $subcommand"
! }
! 
  $ipQueryMenu.dshieldIPMenu add command -label "SrcIP" -command "GetDshieldIP srcip"
  $ipQueryMenu.dshieldIPMenu add command -label "DstIP" -command "GetDshieldIP dstip"
***************
*** 2405,2429 ****
  # Port Query Menu
  set portQueryMenu [ menu .portQueryMenu -background blue -foreground white -activeforeground blue\
! -activebackground white -tearoff 0 ]
  .portQueryMenu add cascade -label "Dshield Port Lookup" -menu $portQueryMenu.dshieldPortMenu
! .portQueryMenu add cascade -label "Query Event Table" -menu $portQueryMenu.eventPortMenu
  
  menu $portQueryMenu.dshieldPortMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
!   -activebackground white
! menu $portQueryMenu.eventPortMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
!  -activebackground white
  
  $portQueryMenu.dshieldPortMenu add command -label "SrcPort" -command "GetDshieldPort srcport"
  $portQueryMenu.dshieldPortMenu add command -label "DstPort" -command "GetDshieldPort dstport"
! $portQueryMenu.eventPortMenu add command -label "SrcPort" -command "QueryRequest event srcport 1"
! $portQueryMenu.eventPortMenu add command -label "RT SrcPort" -command "QueryRequest event srcport 0"
! $portQueryMenu.eventPortMenu add command -label "DstPort" -command "QueryRequest event dstport 1"
! $portQueryMenu.eventPortMenu add command -label "RT DstPort" -command "QueryRequest event dstport 0"
  
  # Sig Query Menu
  set sigQueryMenu [ menu .sigQueryMenu -background blue -foreground white -activeforeground blue\
   -activebackground white -tearoff 0 ]
! $sigQueryMenu add command -label "Query Event" -command "QueryRequest event signature 1"
! $sigQueryMenu add command -label "Query RT Events" -command "QueryRequest event signature 0"
  # Correlate Events Menu
  set correlateMenu [ menu .correlateMenu -background blue -foreground white\
--- 2418,2454 ----
  # Port Query Menu
  set portQueryMenu [ menu .portQueryMenu -background blue -foreground white -activeforeground blue\
!     -activebackground white -tearoff 0 ]
  .portQueryMenu add cascade -label "Dshield Port Lookup" -menu $portQueryMenu.dshieldPortMenu
! .portQueryMenu add cascade -label "Quick Query" -menu $portQueryMenu.quickPortMenu
! .portQueryMenu add cascade -label "Advanced Query" -menu $portQueryMenu.advancedPortMenu
  
  menu $portQueryMenu.dshieldPortMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
!     -activebackground white
  
  $portQueryMenu.dshieldPortMenu add command -label "SrcPort" -command "GetDshieldPort srcport"
  $portQueryMenu.dshieldPortMenu add command -label "DstPort" -command "GetDshieldPort dstport"
! 
! foreach { currentMenu subcommand } { .portQueryMenu.quickPortMenu quick .portQueryMenu.advancedPortMenu build } {
!     menu $currentMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
!     -activebackground white
! 
!     $currentMenu add cascade -label "Event Query" -menu $currentMenu.eventPortMenu
!     menu $currentMenu.eventPortMenu -tearoff 0 -background blue -foreground white -activeforeground blue\
! 	-activebackground white
! 
!     $currentMenu.eventPortMenu add command -label "SrcPort" -command "QueryRequest event srcport normal $subcommand"
!     $currentMenu.eventPortMenu add command -label "RT SrcPort" -command "QueryRequest event srcport RT $subcommand"
!     $currentMenu.eventPortMenu add command -label "DstPort" -command "QueryRequest event dstport normal $subcommand"
!     $currentMenu.eventPortMenu add command -label "RT DstPort" -command "QueryRequest event dstport RT $subcommand"
! }
  
  # Sig Query Menu
  set sigQueryMenu [ menu .sigQueryMenu -background blue -foreground white -activeforeground blue\
   -activebackground white -tearoff 0 ]
! $sigQueryMenu add command -label "Quick Query Event" -command "QueryRequest event signature normal quick"
! $sigQueryMenu add command -label "Advanced Query Event" -command "QueryRequest event signature normal build"
! $sigQueryMenu add command -label "Quick Query RT Events" -command "QueryRequest event signature RT quick"
! $sigQueryMenu add command -label "Advanced Query RT Events" -command "QueryRequest event signature RT advanced"
! 
  # Correlate Events Menu
  set correlateMenu [ menu .correlateMenu -background blue -foreground white\
***************
*** 2436,2456 ****
   -activeforeground blue -activebackground white -tearoff 0 ]
  $statusMenu add command -label "Expire Event (F8)" -command "ValidateEvent 1"
! $statusMenu add cascade -label "Query" -menu $statusMenu.incidentMenu
! set incidentMenu [menu $statusMenu.incidentMenu -background blue -foreground white\
!  -activeforeground blue -activebackground white -tearoff 0 ]
! $incidentMenu add command -label "Cat I: Unauthorized Root Access"\
!   -command "QueryRequest event category 11"
! $incidentMenu add command -label "Cat II: Unauthorized User Access"\
!   -command "QueryRequest event category 12"
! $incidentMenu add command -label "Cat III: Attempted Unauthorized Access"\
!   -command "QueryRequest event category 13"
! $incidentMenu add command -label "Cat IV: Successful Denial of Service Attack"\
!   -command "QueryRequest event category 14"
! $incidentMenu add command -label "Cat V: Poor Security Practice or Policy Violation"\
!   -command "QueryRequest event category 15"
! $incidentMenu add command -label "Cat VI: Reconnaissance/Probes/Scans"\
!   -command "QueryRequest event category 16"
! $incidentMenu add command -label "Cat VII: Virus Infection"\
!   -command "QueryRequest event category 17"
  $statusMenu add cascade -label "Update Event Status" -menu $statusMenu.validateMenu
  set validateMenu [menu $statusMenu.validateMenu -background blue -foreground white\
--- 2461,2486 ----
   -activeforeground blue -activebackground white -tearoff 0 ]
  $statusMenu add command -label "Expire Event (F8)" -command "ValidateEvent 1"
! $statusMenu add cascade -label "Quick Query" -menu $statusMenu.quickQueryMenu
! $statusMenu add cascade -label "Advanced Query" -menu $statusMenu.advancedQueryMenu
! 
! foreach { currentMenu subcommand } { .statusMenu.quickQueryMenu quick .statusMenu.advancedQueryMenu build } {
!     menu $currentMenu -background blue -foreground white\
! 	-activeforeground blue -activebackground white -tearoff 0 
!     $currentMenu add command -label "Cat I: Unauthorized Root Access"\
! 	-command "QueryRequest event category 11 $subcommand"
!     $currentMenu add command -label "Cat II: Unauthorized User Access"\
! 	-command "QueryRequest event category 12 $subcommand"
!     $currentMenu add command -label "Cat III: Attempted Unauthorized Access"\
! 	-command "QueryRequest event category 13 $subcommand"
!     $currentMenu add command -label "Cat IV: Successful Denial of Service Attack"\
! 	-command "QueryRequest event category 14 $subcommand"
!     $currentMenu add command -label "Cat V: Poor Security Practice or Policy Violation"\
! 	-command "QueryRequest event category 15 $subcommand"
!     $currentMenu add command -label "Cat VI: Reconnaissance/Probes/Scans"\
! 	-command "QueryRequest event category 16 $subcommand"
!     $currentMenu add command -label "Cat VII: Virus Infection"\
! 	-command "QueryRequest event category 17 $subcommand"
! }
! 
  $statusMenu add cascade -label "Update Event Status" -menu $statusMenu.validateMenu
  set validateMenu [menu $statusMenu.validateMenu -background blue -foreground white\
Thread View

Thread	Author	Date
[Sguil-cvs] sguil/client sguil.tk,1.158,1.159	Steve Halligan <shalligan@us...>