Improve VS alert description (#7969)

2026-04-29 07:29:32 +00:00 · 2023-11-02 15:05:41 +01:00 · 2023-11-02 15:05:41 +01:00 · 5de25b0dfb
commit 5de25b0dfb
parent 4f2664e9a8
3 changed files with 28 additions and 27 deletions
--- a/scripts/lua/modules/alert_definitions/other/alert_vulnerability_scan.lua
+++ b/scripts/lua/modules/alert_definitions/other/alert_vulnerability_scan.lua
@ -60,29 +60,22 @@ end
 -- @return A human-readable string
 function alert_vulnerability_scan.format(ifid, alert, alert_type_params)
   local msg = ""
-   --[[if alert_type_params.num_ports and alert_type_params.num_ports.new_num_ports and alert_type_params.num_ports.old_num_ports then
-      if alert_type_params.num_ports.new_num_ports ~= alert_type_params.num_ports.old_num_ports then
-         msg = msg .. i18n('vulnerability_scan_alert_ports_changed', { new_num_ports = alert_type_params.num_ports.new_num_ports, old_num_ports = alert_type_params.num_ports.old_num_ports }) .. " "
-      end
-   end
-   --]]
+
   if (alert_type_params.scan_type == "tcp_portscan" or alert_type_params.scan_type == "tcp_openports") then
-     
      if (not isEmptyString(alert_type_params.tcp_ports_case)) then
-         msg = msg .. i18n('vulnerability_scan_alert_ports_changed_cases.'..alert_type_params.tcp_ports_case, {
+         msg = msg .. i18n('vulnerability_scan.ports_changed_cases.'..alert_type_params.tcp_ports_case, {
            open_ports_num = normalize_values(alert_type_params.tcp_open_ports,"num"),
            open_ports = normalize_values(alert_type_params.tcp_open_ports,"ports"),
            closed_ports_num = normalize_values(alert_type_params.tcp_closed_ports,"num"),
            closed_ports = normalize_values(alert_type_params.tcp_closed_ports,"ports"),
            protocol = i18n("tcp")
         })
-
         msg = msg:gsub("%,", ", ")
      end
+
   elseif (alert_type_params.scan_type == "udp_portscan") then
      if (not isEmptyString(alert_type_params.udp_ports_case)) then
-
-      msg = msg .. i18n('vulnerability_scan_alert_ports_changed_cases.'..alert_type_params.udp_ports_case, {
+      msg = msg .. i18n('vulnerability_scan.ports_changed_cases.'..alert_type_params.udp_ports_case, {
         open_ports_num = normalize_values(alert_type_params.udp_open_ports,"num"),
         open_ports = normalize_values(alert_type_params.udp_open_ports,"ports"),
         closed_ports_num = normalize_values(alert_type_params.udp_closed_ports,"num"),
@ -90,25 +83,24 @@ function alert_vulnerability_scan.format(ifid, alert, alert_type_params)
         protocol = i18n("udp")
      })
      msg = msg:gsub("%,", ", ")
-
-   end
+      end

   end

   if alert_type_params.num_new_cve_issues then
      local new_cve = table.concat(alert_type_params.new_cve or {}, ", ")
      if alert_type_params.num_new_cve_issues > 5 then
-         new_cve = new_cve .. " and other " .. alert_type_params.num_new_cve_issues - 5
+         new_cve = new_cve .. " " .. i18n('vulnerability_scan.and_other_n', { n = alert_type_params.num_new_cve_issues - 5 })
      end 
-      msg = msg .. i18n('vulnerability_scan_alert_new_issues', { num_issues = alert_type_params.num_new_cve_issues, new_cve = new_cve }) .. " "
+      msg = msg .. i18n('vulnerability_scan.new_issues', { num_issues = alert_type_params.num_new_cve_issues, new_cve = new_cve })
   end

   if alert_type_params.num_cve_solved then
      local cve_solved = table.concat(alert_type_params.cve_solved or {}, ", ")
      if alert_type_params.num_cve_solved > 5 then
-         cve_solved = cve_solved .. " and other " ..  alert_type_params.num_cve_solved - 5
+         cve_solved = cve_solved .. " " .. i18n('vulnerability_scan.and_other_n', { n = alert_type_params.num_cve_solved - 5 })
      end 
-      msg = msg .. i18n('vulnerability_scan_alert_solved_issues', { num_issues = alert_type_params.num_cve_solved, cve_solved = cve_solved }) .. " "
+      msg = msg .. i18n('vulnerability_scan.solved_issues', { num_issues = alert_type_params.num_cve_solved, cve_solved = cve_solved }) .. " "
   end

   local host = alert_type_params.host_name
@ -116,9 +108,12 @@ function alert_vulnerability_scan.format(ifid, alert, alert_type_params)
      host = alert_type_params.host
   end

-   local report_url = ntop.getHttpPrefix().."/lua/vulnerability_scan.lua?page=report&report_template=vs_result"
+   local report_url = getHttpHost() .. ntop.getHttpPrefix() .. 
+      "/lua/vulnerability_scan.lua?page=report&report_template=vs_result"

-   return i18n('vulnerability_scan_alert', { host = host, msg = msg, url = report_url })
+   local alert_descr = i18n('vulnerability_scan.host_alert', { host = host, msg = msg, url = report_url })
+
+   return alert_descr
 end

 -- #######################################################