Removed plugin from ntopng and migrated all of them

scripts/lua/modules/check_definitions/network/broadcast_domain_too_large.lua

@@ -0,0 +1,49 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+local alert_entities = require("alert_entities")
+local alert_utils = require("alert_utils")
+local checks = require("checks")
+
+local script = {
+  -- Script category
+  category = checks.check_categories.network,
+
+  default_enabled = true,
+
+  -- The default configuration of this script
+  default_value = {
+    items = {},
+  },
+
+  -- See below
+  hooks = {},
+
+  gui = {
+    i18n_title        = "broadcast_domain_too_large_title",
+    i18n_description  = "broadcast_domain_too_large_description",
+  }
+}
+
+-- #################################################################
+
+function script.onEnable(hook, hook_config)
+  ntop.setPref("ntopng.prefs.is_broadcast_domain_too_large_enabled", 1)
+end
+
+-- #################################################################
+
+function script.onDisable(hook, hook_config)
+  ntop.setPref("ntopng.prefs.is_broadcast_domain_too_large_enabled", 0)
+end
+
+-- #################################################################
+
+script.hooks["min"] = function(params)
+  return
+end
+
+-- #################################################################
+
+return script

scripts/lua/modules/check_definitions/network/egress.lua

@@ -0,0 +1,43 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+local alerts_api = require("alerts_api")
+local alert_consts = require("alert_consts")
+local checks = require("checks")
+
+local script = {
+  -- Script category
+  category = checks.check_categories.network,
+
+  default_enabled = false,
+
+
+  default_value = {
+    operator = "gt",
+    threshold = 1073741824, -- 1GB
+  },
+
+  -- See below
+  hooks = {},
+
+  gui = {
+    i18n_title = "alerts_thresholds_config.egress_traffic",
+    i18n_description = "alerts_thresholds_config.alert_network_egress_description",
+    i18n_field_unit = checks.field_units.bytes,
+    input_builder = "threshold_cross",
+  }
+}
+
+-- #################################################################
+
+function script.hooks.min(params)
+  local value = alerts_api.network_delta_val(script.key, params.granularity, params.entity_info["egress"])
+
+  -- Check if the configured threshold is crossed by the value and possibly trigger an alert
+  alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_threshold_cross, value)
+end
+
+-- #################################################################
+
+return script

scripts/lua/modules/check_definitions/network/flow_flood_victim.lua

@@ -0,0 +1,51 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+local alerts_api = require("alerts_api")
+local alert_consts = require("alert_consts")
+local checks = require("checks")
+
+local script = {
+  -- Script category
+  category = checks.check_categories.security,
+
+  default_enabled = false,
+
+
+  default_value = {
+     operator = "gt",
+     threshold = 32768,
+  },
+
+  -- See below
+  hooks = {},
+
+  gui = {
+    i18n_title = "entity_thresholds.flow_victim_title",
+    i18n_description = "entity_thresholds.flow_victim_description",
+    i18n_field_unit = checks.field_units.flow_sec,
+    input_builder = "threshold_cross",
+    field_max = 65535,
+    field_min = 1,
+    field_operator = "gt";
+  }
+}
+
+-- #################################################################
+
+function script.hooks.min(params)
+  local value = params.entity_info["hits.flow_flood_victim"] or 0
+  local victim = nil
+
+  if value ~= 0 then
+    victim = params.alert_entity.entity_val
+  end
+
+  -- Check if the configured threshold is crossed by the value and possibly trigger an alert
+  alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_flow_flood_victim, value, nil, victim)
+end
+
+-- #################################################################
+
+return script

scripts/lua/modules/check_definitions/network/ingress.lua

@@ -0,0 +1,42 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+local alerts_api = require("alerts_api")
+local alert_consts = require("alert_consts")
+local checks = require("checks")
+
+local script = {
+  -- Script category
+  category = checks.check_categories.network,
+
+  default_enabled = false,
+
+  default_value = {
+    operator = "gt",
+    threshold = 1073741824, -- 1GB
+  },
+
+  -- See below
+  hooks = {},
+
+  gui = {
+    i18n_title = "alerts_thresholds_config.ingress_traffic",
+    i18n_description = "alerts_thresholds_config.alert_network_ingress_description",
+    i18n_field_unit = checks.field_units.bytes,
+    input_builder = "threshold_cross",
+  }
+}
+
+-- #################################################################
+
+function script.hooks.min(params)
+  local value = alerts_api.network_delta_val(script.key, params.granularity, params.entity_info["ingress"])
+
+  -- Check if the configured threshold is crossed by the value and possibly trigger an alert
+  alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_threshold_cross, value)
+end
+
+-- #################################################################
+
+return script

scripts/lua/modules/check_definitions/network/inner.lua

@@ -0,0 +1,43 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+local alerts_api = require("alerts_api")
+local alert_consts = require("alert_consts")
+local checks = require("checks")
+
+local script = {
+  -- Script category
+  category = checks.check_categories.network,
+
+  default_enabled = false,
+
+
+  default_value = {
+    operator = "gt",
+    threshold = 1073741824, -- 1GB
+  },
+
+  -- See below
+  hooks = {},
+
+  gui = {
+    i18n_title = "alerts_thresholds_config.inner_traffic",
+    i18n_description = "alerts_thresholds_config.alert_network_inner_description",
+    i18n_field_unit = checks.field_units.bytes,
+    input_builder = "threshold_cross",
+  }
+}
+
+-- #################################################################
+
+function script.hooks.min(params)
+  local value = alerts_api.network_delta_val(script.key, params.granularity, params.entity_info["inner"])
+
+  -- Check if the configured threshold is crossed by the value and possibly trigger an alert
+  alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_threshold_cross, value)
+end
+
+-- #################################################################
+
+return script

scripts/lua/modules/check_definitions/network/network_discovery.lua

@@ -0,0 +1,49 @@
+--
+-- (C) 2022 - ntop.org
+--
+
+local alerts_api = require("alerts_api")
+local alert_consts = require "alert_consts"
+local checks = require("checks")
+
+local script
+
+-- #################################################################
+
+local function check_network_discovery(params)
+   -- Get total number of packets, flows and interface id
+   local network_discovery_check = alert_consts.alert_types.alert_network_discovery_executed.new()
+
+   network_discovery_check:set_score_notice()
+   network_discovery_check:set_subtype(getInterfaceName(interface.getId()))
+   network_discovery_check:set_granularity(params.granularity)
+   
+   local discovery_executed = ntop.getCache("ntopng.cache.network_discovery_executed.ifid_" .. interface.getId()) == "1"
+
+   if discovery_executed == true then
+      ntop.delCache("ntopng.cache.network_discovery_executed.ifid_" .. interface.getId())
+      network_discovery_check:store(params.alert_entity)
+   end
+end
+
+-- #################################################################
+
+script = {
+   -- Script category
+   category = checks.check_categories.network,
+
+   default_enabled = true,
+   hooks = {
+      -- Time past between one call and an other
+      min = check_network_discovery,
+   },
+
+   gui = {
+      i18n_title        = "checks.network_discovery_title",
+      i18n_description  = "checks.network_discovery_description",
+   }
+}
+
+-- #################################################################
+
+return script

scripts/lua/modules/check_definitions/network/syn_flood_victim.lua

@@ -0,0 +1,53 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+local alerts_api = require("alerts_api")
+local alert_consts = require("alert_consts")
+local checks = require("checks")
+
+local script = {
+  packet_interface_only = true,
+  
+  -- Script category
+  category = checks.check_categories.security,
+
+  default_enabled = false,
+
+  default_value = {
+     operator = "gt",
+     threshold = 32768,
+  },
+
+  -- See below
+  hooks = {},
+
+
+  gui = {
+    i18n_title = "entity_thresholds.syn_victim_title",
+    i18n_description = "entity_thresholds.syn_victim_description",
+    i18n_field_unit = checks.field_units.syn_sec,
+    input_builder = "threshold_cross",
+    field_max = 65535,
+    field_min = 1,
+    field_operator = "gt";
+  }
+}
+
+-- #################################################################
+
+function script.hooks.min(params)
+  local value = params.entity_info["hits.syn_flood_victim"] or 0
+  local victim = nil
+
+  if value ~= 0 then
+    victim = params.alert_entity.entity_val
+  end
+
+  -- Check if the configured threshold is crossed by the value and possibly trigger an alert
+  alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_tcp_syn_flood_victim, value, nil, victim)
+end
+
+-- #################################################################
+
+return script

scripts/lua/modules/check_definitions/network/syn_scan_victim.lua

@@ -0,0 +1,64 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+local alerts_api = require("alerts_api")
+local alert_consts = require("alert_consts")
+local checks = require("checks")
+
+local script = {
+  packet_interface_only = true,
+
+  -- Script category
+  category = checks.check_categories.security,
+
+  -- This module is disabled by default
+  default_enabled = false,
+
+
+  default_value = {
+     operator = "gt",
+     threshold = 32768,
+  },
+
+  -- See below
+  hooks = {},
+
+  -- Allow user script configuration from the GUI
+  gui = {
+    -- Localization strings, from the "locales" directory of the plugin
+    i18n_title = "entity_thresholds.syn_scan_victim_title",
+    i18n_description = "entity_thresholds.syn_scan_victim_description",
+
+    -- The input builder to use to draw the gui
+    input_builder = "threshold_cross",
+
+    -- Specific parameters of this input builder
+    i18n_field_unit = checks.field_units.syn_min,
+    -- max allowed threshold value
+    field_max = 65535,
+    -- min allowed threshold value
+    field_min = 1,
+    -- threshold check operator. "gt" for ">", "lt" or "<"
+    field_operator = "gt";
+  }
+}
+
+-- #################################################################
+
+-- Defines an hook which is executed every minute
+function script.hooks.min(params)
+  local value = params.entity_info["hits.syn_scan_victim"] or 0
+  local victim = nil
+
+  if value ~= 0 then
+    victim = params.alert_entity.entity_val
+  end
+  
+  -- Check if the configured threshold is crossed by the value and possibly trigger an alert
+  alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_tcp_syn_scan_victim, value, nil, victim)
+end
+
+-- #################################################################
+
+return script