You are here:
Home » forums » Magic Parser
 » Parsing to get a Unique IP Count


Parsing to get a Unique IP Count

Submitted by crusnac on Sat, 2012-09-29 07:51 in

I am having a bit of trouble getting the following to show up.

1) Display a set of Unique Ip address is the XML file, also display the total count.
2) Display all the risk field higher than 5 and the IPAddress associated with them.

{code saved}

‹ Sort by and search within Problem parsing specific xml ›
login or register to post comments
Hi, Have a go with something
Submitted by support on Sat, 2012-09-29 09:55

Hi,

Have a go with something like this - based on your XML source saved as "risk.xml";

<?php
  header("Content-Type: text/plain");
  require("MagicParser.php");
  $hosts = array();
  function myHostRecordHandler($record)
  {
    global $hosts;
    if (!isset($hosts[$record["HOST-IPADDRESS"]])) $hosts[$record["HOST-IPADDRESS"]] = 0;
    $hosts[$record["HOST-IPADDRESS"]]++;
  }
  $xml file_get_contents("risk.xml");
  MagicParser_parse("string://".$xml,"myHostRecordHandler","xml|ROOT/Vulnerability/Vuln/Host/");
  print "Hosts and Vulnerability Count: ";print_r($hosts);
  print "Total Unique Hosts: ".count($hosts)."\n";
  print "Vulnerabilities (Risk >= 5) And Associated Hosts:\n";
  function myVulnRecordHandler($record)
  {
    if ($record["RISK"] < 5) return;
    print $record["VULN-VULNNAME"]." (".$record["HOST-IPADDRESS"].")\n";
  }
  MagicParser_parse("string://".$xml,"myVulnRecordHandler","xml|ROOT/Vulnerability/Vuln/");
?>

Hope this helps!
Cheers,
David
--
MagicParser.com

login or register to post comments
Wow - Thanks for you help!
Submitted by crusnac on Mon, 2012-10-01 17:31

Wow - Thanks for you help! Great Support!

1 more request - How would I get the total number of risks returned?

//Claud

login or register to post comments
Hi Claud, To add the total
Submitted by support on Wed, 2012-10-03 09:30

Hi Claud,

To add the total number of vulnerabilities to the output, try something like this:

<?php
  header("Content-Type: text/plain");
  require("MagicParser.php");
  $hosts = array();
  function myHostRecordHandler($record)
  {
    global $hosts;
    if (!isset($hosts[$record["HOST-IPADDRESS"]])) $hosts[$record["HOST-IPADDRESS"]] = 0;
    $hosts[$record["HOST-IPADDRESS"]]++;
  }
  $xml file_get_contents("risk.xml");
  MagicParser_parse("string://".$xml,"myHostRecordHandler","xml|ROOT/Vulnerability/Vuln/Host/");
  print "Hosts and Vulnerability Count: ";print_r($hosts);
  print "Total Unique Hosts: ".count($hosts)."\n";
  print "Vulnerabilities (Risk >= 5) And Associated Hosts:\n";
  $totalVulnerabilities 0;
  function myVulnRecordHandler($record)
  {
    global $totalVulnerabilities;
    $totalVulnerabilities++;
    if ($record["RISK"] < 5) return;
    print $record["VULN-VULNNAME"]." (".$record["HOST-IPADDRESS"].")\n";
  }
  MagicParser_parse("string://".$xml,"myVulnRecordHandler","xml|ROOT/Vulnerability/Vuln/");
  print "Total Vulnerabilities: ".$totalVulnerabilities."\n";
?>

Hope this helps!

Cheers,
David.

login or register to post comments
Yes - this does help! I have
Submitted by crusnac on Wed, 2012-10-03 19:50

Yes - this does help!

I have a quick question that is causing me a little problem. In the area where I am displaying the risks > 5, how do I only show only unique IP records?

I want to be able to filter the display first if a risk is < 5 then only count it only once per IP address. Also display the total IP Addresses that have at least 1 vulnerability with a risk score < 5.

Thanks again for you help - Your product with worth every $.01.

//Claud

login or register to post comments
Hi Claud, Have a go with
Submitted by support on Thu, 2012-10-04 08:26

Hi Claud,

Have a go with something like this - see how the $uniqueHighRisk and $uniqueLowRisk arrays can be used to filter output to unique IP addresses.

<?php
  header("Content-Type: text/plain");
  require("MagicParser.php");
  $hosts = array();
  function myHostRecordHandler($record)
  {
    global $hosts;
    if (!isset($hosts[$record["HOST-IPADDRESS"]])) $hosts[$record["HOST-IPADDRESS"]] = 0;
    $hosts[$record["HOST-IPADDRESS"]]++;
  }
  $xml file_get_contents("risk.xml");
  MagicParser_parse("string://".$xml,"myHostRecordHandler","xml|ROOT/Vulnerability/Vuln/Host/");
  print "Hosts and Vulnerability Count: ";print_r($hosts);
  print "Total Unique Hosts: ".count($hosts)."\n";
  print "Vulnerabilities (Risk >= 5) And Associated Hosts:\n";
  $totalVulnerabilities 0;
  $uniqueHighRisk = array();
  $uniqueLowRisk = array();
  function myVulnRecordHandler($record)
  {
    global $totalVulnerabilities;
    global $uniqueHighRisk;
    global $uniqueLowRisk;
    $totalVulnerabilities++;
    if ($record["RISK"] < 5)
    {
      if (in_array($record["HOST-IPADDRESS"],$uniqueLowRisk)) return;
      $uniqueLowRisk[] = $record["HOST-IPADDRESS"];
      return;
    }
    if (in_array($record["HOST-IPADDRESS"],$uniqueHighRisk)) return;
    print $record["VULN-VULNNAME"]." (".$record["HOST-IPADDRESS"].")\n";
    $uniqueHighRisk[] = $record["HOST-IPADDRESS"];
  }
  MagicParser_parse("string://".$xml,"myVulnRecordHandler","xml|ROOT/Vulnerability/Vuln/");
  print "Unique Hosts With Low Risks: ".count($uniqueLowRisk)."\n";
  print "Total Vulnerabilities: ".$totalVulnerabilities."\n";
?>

Cheers,
David.

login or register to post comments