Download Alerts Improvements in CSV format (#5442)

* Change host alert function name to json

* Refactored *_alert_store function with format_json, added csv format tohost alert

* Added .vscode directory to gitignore

* Refactor alert_store:to_csv function to single loop format

* Removed no_data value for no records in alert csv download

* Implemented csv export for alerts

* Merge with dev

* Removed row_id alert field to be exported in csv

* Refactored alert/*/list.lua with simple decision value format construct

* Refactored alerts csv export

* Fix removed output test files

* Added alert csv export for subdocuments

* Modified gitignore

* Change MSG values to export in alerts

scripts/lua/modules/alert_store/alert_store.lua

@@ -715,6 +715,9 @@ end
 -- add a new record name here if you want to add a new base element
 -- name: the actual record name 
 -- export: use only in csv export, true the record is included in the csv, false otherwise
+-- in case an element is a table by default the 'value' key is exported, if you want to export multiple fields
+-- add an 'element' array specifing the field names to export, for example:
+-- MSG = { name = "msg", export = true, elements = {"name", "value"}}
 local BASE_RNAME = {
    FAMILY = { name = "family", export = true},
    ROW_ID = { name = "row_id", export = false},
@@ -838,10 +841,10 @@ function alert_store:build_csv_row_header(rnames)
 
    for _, value in pairsByKeys(rnames) do
       if value["elements"] == nil then
-         row = row .. CSV_SEPARATOR .. self:escape_csv(value.name)
+         row = row .. CSV_SEPARATOR .. value.name
       else
          for _, element in ipairs(value.elements) do
-            row = row .. CSV_SEPARATOR .. self:escape_csv(value.name .. "_" .. element)
+            row = row .. CSV_SEPARATOR .. value.name .. "_" .. element
          end
       end
    end

scripts/lua/modules/alert_store/flow_alert_store.lua

@@ -387,7 +387,7 @@ local RNAME = {
    ADDITIONAL_ALERTS = { name = "additional_alerts", export = true},
    ALERT_NAME = { name = "alert_name", export = true},
    DESCRIPTION = { name = "description", export = true},
-   MSG = { name = "msg", export = true, elements = {"name", "value", "description"}},
+   MSG = { name = "msg", export = true, elements = {"name", "value"}},
    VLAN_ID = { name = "vlan_id", export = true},
    PROTO = { name = "proto", export = true},
    L7_PROTO = { name = "l7_proto", export = true}

scripts/lua/modules/alert_store/host_alert_store.lua

@@ -205,7 +205,7 @@ local RNAME = {
    IS_ATTACKER = { name = "is_attacker", export = true},
    VLAN_ID = { name = "vlan_id", export = true},
    ALERT_NAME = { name = "alert_name", export = true},
-   MSG = { name = "msg", export = true, elements = {"name", "value", "description"}}
+   MSG = { name = "msg", export = true, elements = {"name", "value"}}
 }
 
 function host_alert_store:get_rnames()

scripts/lua/modules/alert_store/interface_alert_store.lua

@@ -66,7 +66,7 @@ end
 
 local RNAME = {
    ALERT_NAME = { name = "alert_name", export = true},
-   MSG = { name = "msg", export = true, elements = {"name", "value", "description"}}
+   MSG = { name = "msg", export = true, elements = {"name", "value"}}
 }
 
 function interface_alert_store:get_rnames()

scripts/lua/modules/alert_store/mac_alert_store.lua

@@ -93,7 +93,7 @@ local RNAME = {
    ADDRESS = { name = "address", export = true},
    DEVICE_TYPE = { name = "device_type", export = true},
    NAME = { name = "name", export = true},
-   MSG = { name = "msg", export = true, elements = {"name", "value", "description"}}
+   MSG = { name = "msg", export = true, elements = {"name", "value"}}
 }
 
 function mac_alert_store:get_rnames()

scripts/lua/modules/alert_store/network_alert_store.lua

@@ -94,7 +94,7 @@ local RNAME = {
    LOCAL_NETWORK_ID = { name = "local_network_id", export = true},
    NETWORK = { name = "network", export = true},
    ALERT_NAME = { name = "alert_name", export = true},
-   MSG = { name = "msg", export = true, elements = {"name", "value", "description"}}
+   MSG = { name = "msg", export = true, elements = {"name", "value"}}
 }
 
 function network_alert_store:get_rnames()