Add the blackhole contacts alerts and update the scan detection alert. (#8290)

scripts/lua/modules/alert_definitions/host/host_alert_black_hole_contacts.lua

@@ -0,0 +1,54 @@
+--
+-- (C) 2019-24 - ntop.org
+--
+
+-- ##############################################
+
+local host_alert_keys = require "host_alert_keys"
+
+local json = require("dkjson")
+local alert_creators = require "alert_creators"
+-- Import the classes library.
+local classes = require "classes"
+-- Make sure to import the Superclass!
+local alert = require "alert"
+
+-- ##############################################
+
+local host_alert_black_hole_contacts = classes.class(alert)
+
+-- ##############################################
+
+host_alert_black_hole_contacts.meta = {
+  alert_key = host_alert_keys.host_alert_black_hole_contacts, -- host_alert_keys.lua
+  i18n_title = "alerts_dashboard.scan_detected",
+  icon = "fas fa-fw fa-life-ring",
+  has_attacker = true,
+}
+
+-- ##############################################
+
+function host_alert_black_hole_contacts:init()
+   -- Call the parent constructor
+   self.super:init()
+
+end
+
+-- #######################################################
+
+function host_alert_black_hole_contacts.format(ifid, alert, alert_type_params)
+  local alert_consts = require("alert_consts")
+  local entity = alert_consts.formatHostAlert(ifid, alert["ip"], alert["vlan_id"])
+  
+  return i18n("alert_messages.blackhole_contacts",{
+    entity = entity,
+    as_client = alert_type_params.as_client,
+    as_server = alert_type_params.as_server,
+    num_server_ports = alert_type_params.num_server_ports,
+  })
+  
+end
+
+-- #######################################################
+
+return host_alert_black_hole_contacts

scripts/lua/modules/alert_definitions/host/host_alert_scan_detected.lua

@@ -31,8 +31,11 @@ host_alert_scan_detected.meta = {
 function host_alert_scan_detected:init(metric, value, operator, threshold)
    -- Call the parent constructor
    self.super:init()
-
-   self.alert_type_params = alert_creators.createThresholdCross(metric, value, operator, threshold)
+   
+   self.alert_type_params.value = value
+   self.alert_type_params.operator = operator
+   self.alert_type_params.threshold = threshold
+   self.alert_type_params.metric = metric
 end
 
 -- #######################################################
@@ -40,13 +43,28 @@ end
 function host_alert_scan_detected.format(ifid, alert, alert_type_params)
   local alert_consts = require("alert_consts")
   local entity = alert_consts.formatHostAlert(ifid, alert["ip"], alert["vlan_id"])
-  local i18n_key
+  
+  if (alert_type_params.is_rx_only) then
+    return i18n("alert_messages.rx_scan_detected",{
+      entity = entity,
+      as_client = alert_type_params.as_client,
+      as_server = alert_type_params.as_server,
+      num_server_ports = alert_type_params.num_server_ports,
+    })
+  else
+    local i18n_key
+    local formatted_alert_type_params = alert_creators.createThresholdCross(
+                                      alert_type_params.metric, 
+                                      alert_type_params.value, 
+                                      alert_type_params.operator, 
+                                      alert_type_params.threshold)
 
-  return i18n("alert_messages.scan_detected", {
-    entity = entity,
-    value = string.format("%u", math.ceil(alert_type_params.value or 0)),
-    threshold = alert_type_params.threshold or 0,
-  })
+    return i18n("alert_messages.scan_detected", {
+      entity = entity,
+      value = string.format("%u", math.ceil(formatted_alert_type_params.value or 0)),
+      threshold = formatted_alert_type_params.threshold or 0,
+    })
+  end
 end
 
 -- #######################################################