Migrates alerts to an object-oriented implementation

Migrates alert_malicious_signature alert_elephant_local_to_remote alert_elephant_remote_to_local Migrates long_lived Migrates alert_flow_blocked Migrates alert_tls_old_version Migrates alert_tls_certificate_mismatch Migrates alert_tls_certificate_expired Migrates alert_tls_unsafe_ciphers Migrates alert_tls_certificate_selfsigned Migrates alert_potentially_dangerous_protocol Migrates alert_snmp_device_reset Migrates alert_port_mac_changed Migrates alert_port_duplexstatus_change Mirgates alert_port_errors Migrates alert_port_status_change Migrates alert_port_load_threshold_exceeded Migrates alert_data_exfiltration Migrates alert_dns_data_exfiltration Migrates alert_suspicious_tcp_probing alert_suspicious_tcp_syn_probing alert_tcp_connection_refused Migrates alert_dns_invalid_query Migrates alert_attack_mitigation_via_snmp Migrates alert_lateral_movement Migrates alert_periodicity_update Migrates alert_dns_positive_error_ratio Migrates alert_iec104_error
2026-04-29 23:49:33 +00:00 · 2020-12-22 09:54:55 +01:00 · 2020-12-22 09:54:55 +01:00 · 3baa932a01
commit 3baa932a01
parent 35a66a0c8a
50 changed files with 1495 additions and 812 deletions
--- a/scripts/lua/modules/alert_keys.lua
+++ b/scripts/lua/modules/alert_keys.lua
@ -89,6 +89,20 @@ local alert_keys = {
      alert_shell_script_executed          = {NO_PEN, 74}, -- scripts/plugins/endpoints/shell_alert_endpoint
      alert_periodicity_update             = {NO_PEN, 75}, -- pro/scripts/enterprise_l_plugins/alerts/network/periodicity_update
      alert_dns_positive_error_ratio       = {NO_PEN, 76}, -- pro/scripts/enterprise_l_plugins/alerts/network/dns_positive_error_ratio
+      alert_elephant_local_to_remote       = {NO_PEN, 77},
+      alert_elephant_remote_to_local       = {NO_PEN, 78},
+      alert_longlived                      = {NO_PEN, 79},
+      alert_tls_old_protocol_version       = {NO_PEN, 80},
+      alert_tls_certificate_mismatch       = {NO_PEN, 81},
+      alert_tls_certificate_expired        = {NO_PEN, 82},
+      alert_tls_unsafe_ciphers             = {NO_PEN, 83},
+      alert_tls_certificate_selfsigned     = {NO_PEN, 84},
+      alert_data_exfiltration              = {NO_PEN, 85},
+      alert_dns_data_exfiltration          = {NO_PEN, 86},
+      alert_tcp_connection_refused         = {NO_PEN, 87},
+      alert_suspicious_tcp_syn_probing     = {NO_PEN, 88},
+      alert_suspicious_tcp_probing         = {NO_PEN, 89},
+      alert_dns_invalid_query              = {NO_PEN, 90},
      -- Add here additional keys for alerts generated
      -- by ntopng plugins
      -- WARNING: make sure integers do NOT OVERLAP with