Send notification when user selects/unselects events for analysis.

bammv · Mar 17, 2014 · 94a408c · 94a408c
1 parent 55ed7e9
commit 94a408c
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 3 deletions.
diff --git a/client/lib/sellib.tcl b/client/lib/sellib.tcl
@@ -92,3 +92,49 @@ proc SelectDown {} {
     }
 
 }
+
+proc UserSelectedEvent { eventID uid } {
+
+   global rtPaneArray
+
+    # Loop through each pane until we find the matching eventID (sid.alert)
+    foreach rtPane [array names rtPaneArray] {
+
+       # A list of eventIDs in this pane
+       set eidList [$rtPaneArray($rtPane) getcolumns alertID]
+       set ematch [lsearch -exact $eidList $eventID]
+
+        # Act on a match
+        if { $ematch >= 0 } {
+
+            # Update the status txt to be the user's uid
+            $rtPaneArray($rtPane) cellconfigure $ematch,status -window "EventStatusLabel [list white $uid]"
+
+        }
+
+    }
+
+}
+
+proc UserUnSelectedEvent { eventID uid } {
+
+    global rtPaneArray eventArray
+
+    foreach rtPane [array names rtPaneArray] {
+
+        set eidList [$rtPaneArray($rtPane) getcolumns alertID]
+        set ematch [lsearch -exact $eidList $eventID]
+
+        # Found the match
+        if { $ematch >= 0 } {
+
+            set priority [lindex $eventArray($eventID) 1]
+            set statusColor [GetColorByPriority $priority]
+            $rtPaneArray($rtPane) cellconfigure $ematch,status -window "EventStatusLabel [list $statusColor RT]"
+
+        }
+
+    }
+
+
+}
diff --git a/client/sguil.tk b/client/sguil.tk
@@ -209,6 +209,8 @@ proc ServerCommandRcvd { socketID } {
       PcapAvailable { $serverCmd $socketID [lindex $data 1] [lindex $data 2] }
       PassChange { $serverCmd [lindex $data 1] [lindex $data 2] }
       InsertAutoCat { $serverCmd [lindex $data 1] }
+      UserSelectedEvent { $serverCmd [lindex $data 1] [lindex $data 2] }
+      UserUnSelectedEvent { $serverCmd [lindex $data 1] [lindex $data 2] }
       default { puts "Unrecognized command from $socketID: $data" }
     }
   } 
@@ -266,7 +268,7 @@ proc UpdateUserName { userName userID } {
   $userIDText configure -text $userID
 }
 proc ReconnectToSguild {} {
-  global CONNECTED USERNAME PASSWD socketID monitorList
+  global CONNECTED USERNAME PASSWD USERID socketID monitorList
   if [catch {ConnectToSguild} socketID] {
     InsertSystemInfoMsg sguil.tk "${socketID}. Will try again in 60 secs."
     set CONNECTED 0
@@ -1587,9 +1589,9 @@ proc SelectPadsPane { win type format } {
 
 proc SelectEventPane { win type format } {
 
-    global CUR_SEL_PANE CUR_SEL_EVENT ACTIVE_EVENT BUSY MULTI_SELECT DISPLAYEDDETAIL
+    global CUR_SEL_PANE CUR_SEL_EVENT ACTIVE_EVENT BUSY MULTI_SELECT DISPLAYEDDETAIL USERID
     global portscanDataFrame packetDataFrame sancpFrame padsFrame genericFrame
-    global generatorListMap sigIDListMap BUSY
+    global generatorListMap sigIDListMap BUSY rtPaneArray
 
     #if { $BUSY } { bell; return }
 
@@ -1619,6 +1621,13 @@ proc SelectEventPane { win type format } {
 
         set CUR_SEL_EVENT $eventID
 
+        # If win is a rt pane, send selected eventID to other clients via sguild
+        foreach rtPane [array names rtPaneArray] { 
+
+            if { $rtPaneArray($rtPane) == $win } { SendToSguild [list UserSelectedEvent $eventID $USERID] }
+
+        }
+
         set genID $generatorListMap($eventID)
         set sigID [lindex $sigIDListMap($eventID) 0]
         set sigRev [lindex $sigIDListMap($eventID) 1]