Merge pull request #7688 from NicoMaio/add-alert-retention-policy

Add alert notification retention policy by default 1h. (#6240)

scripts/lua/modules/alert_definitions/flow/alert_ndpi_tls_old_protocol_version.lua

@@ -58,6 +58,10 @@ function alert_ndpi_tls_old_protocol_version.format(ifid, alert, alert_type_para
    return(msg)
 end
 
+function alert_ndpi_tls_old_protocol_version.alert_retention_policy_key(alert_info)
+   return {"srv_ip","srv_port"}
+end
+
 -- #######################################################
 
 return alert_ndpi_tls_old_protocol_version

scripts/lua/modules/alert_definitions/flow/alert_tls_certificate_expired.lua

@@ -56,6 +56,10 @@ function alert_tls_certificate_expired.format(ifid, alert, alert_type_params)
    end
 end
 
+function alert_tls_certificate_expired.alert_retention_policy_key(alert_info)
+   return {"srv_ip","srv_port"}
+end
+
 -- #######################################################
 
 return alert_tls_certificate_expired

scripts/lua/modules/alert_entities.lua

@@ -26,6 +26,7 @@ local alert_entities = {
       entity_id = 4,
       i18n_label = "alert_entities.flow",
       alert_store_name = "flow",
+      alert_key_fields = {"cli_ip","srv_ip","srv_port","proto"}
    }, mac = {
       entity_id = 5,
       i18n_label = "alert_entities.mac",

scripts/lua/modules/alert_utils.lua

@@ -915,6 +915,56 @@ end
 
 -- ##############################################
 
+function alert_utils.filter_notification(notification, recipient_id)
+    local alert_info = json.decode(notification.alert)
+    local alert_key = alert_info.alert_id
+    local entity_id = alert_info.entity_id
+    local entity_val = alert_info.entity_val
+
+
+    local alert_id = alert_consts.getAlertType(alert_key, entity_id)
+
+    return alert_utils.check_alert_policy(entity_id, entity_val, alert_id, alert_info, recipient_id)
+end
+
+-- ##############################################
+
+function alert_utils.check_alert_policy(entity_id, entity_val, alert_id, alert_info, recipient_id) 
+    local alert_key = ""
+    local alert_key_fields = {}
+    if alert_consts.alert_types[alert_id].alert_retention_policy_key  then
+        alert_key_fields = alert_consts.alert_types[alert_id].alert_retention_policy_key(alert_info)
+        for _, field in ipairs(alert_key_fields) do
+            alert_key = alert_key .. "."..alert_info[field]
+        end
+    else
+        alert_key_fields = alert_entities[entity_val].alert_key_fields
+        if alert_key_fields then
+            for _, field in ipairs(alert_key_fields) do
+                alert_key = alert_key .. "."..alert_info[field]
+            end
+        else
+            return true
+        end
+    end
+
+    if isEmptyString(alert_key) then
+        return true
+    end
+
+    local redis_key = string.format("ntopng.cache.alert.retention.%s.%s.%s%s",recipient_id, entity_id, alert_id, alert_key)
+    local redis_res = isEmptyString(ntop.getCache(redis_key))
+
+    if redis_res then
+        -- TODO: 3600 must be update with a user preference
+        ntop.setCache(redis_key,"1", 3600)
+    end
+    return redis_res
+
+end
+
+-- ##############################################
+
 if (trace_script_duration ~= nil) then
     io.write(debug.getinfo(1, 'S').source .. " executed in " .. (os.clock() - clock_start) * 1000 .. " ms\n")
 end

scripts/lua/modules/notifications/endpoints/discord.lua

@@ -138,7 +138,10 @@ function discord.dequeueRecipientAlerts(recipient, budget)
     for i=1, max_alerts_per_request do
        local notification = ntop.recipient_dequeue(recipient.recipient_id)
        if notification then 
+         if alert_utils.filter_notification(notification, recipient.recipient_id) then
+
 	  notifications[#notifications + 1] = notification.alert
+         end
        else
 	  break
        end

scripts/lua/modules/notifications/endpoints/email.lua

@@ -144,7 +144,9 @@ function email.dequeueRecipientAlerts(recipient, budget)
     for i = 1, MAX_ALERTS_PER_EMAIL do
        local notification = ntop.recipient_dequeue(recipient.recipient_id)
        if notification then 
+        if alert_utils.filter_notification(notification, recipient.recipient_id) then
 	  notifications[#notifications + 1] = notification.alert
+        end
        else
 	  break
        end

scripts/lua/modules/notifications/endpoints/mattermost.lua

@@ -124,7 +124,10 @@ function mattermost.dequeueRecipientAlerts(recipient, budget)
     for i=1, max_alerts_per_request do
       local notification = ntop.recipient_dequeue(recipient.recipient_id)
       if notification then 
+        if alert_utils.filter_notification(notification, recipient.recipient_id) then
+
         notifications[#notifications + 1] = notification.alert
+        end
       else
         break
       end

scripts/lua/modules/notifications/endpoints/shell.lua

@@ -8,6 +8,7 @@ local json = require "dkjson"
 local alerts_api = require "alerts_api"
 local alert_consts = require "alert_consts"
 local other_alert_keys = require "other_alert_keys"
+local alert_utils = require "alert_utils"
 
 local endpoint_key = "shell"
 
@@ -142,7 +143,10 @@ function shell.dequeueRecipientAlerts(recipient, budget)
     for i = 1, MAX_ALERTS_PER_REQUEST do
        local notification = ntop.recipient_dequeue(recipient.recipient_id)
        if notification then
+        if alert_utils.filter_notification(notification, recipient.recipient_id) then
+
 	  notifications[#notifications + 1] = notification.alert
+        end
        else
 	  break
        end

scripts/lua/modules/notifications/endpoints/slack.lua

@@ -87,7 +87,10 @@ function slack.dequeueRecipientAlerts(recipient, budget)
    for i = 1, budget do
       local notification = ntop.recipient_dequeue(recipient.recipient_id)
       if notification then 
+        if alert_utils.filter_notification(notification, recipient.recipient_id) then
+
 	 notifications[#notifications + 1] = notification.alert
+        end
       else
 	 break
       end

scripts/lua/modules/notifications/endpoints/syslog.lua

@@ -180,7 +180,10 @@ function syslog.dequeueRecipientAlerts(recipient, budget)
    for i = 1, budget do
       local notification = ntop.recipient_dequeue(recipient.recipient_id)
       if notification then
+         if alert_utils.filter_notification(notification, recipient.recipient_id) then
+
          notifications[#notifications + 1] = notification
+         end
       else
          break
       end

scripts/lua/modules/notifications/endpoints/telegram.lua

@@ -137,7 +137,12 @@ function telegram.dequeueRecipientAlerts(recipient, budget)
     for i=1, max_alerts_per_request do
        local notification = ntop.recipient_dequeue(recipient.recipient_id)
        if notification then 
+
+         if alert_utils.filter_notification(notification, recipient.recipient_id) then
 	  notifications[#notifications + 1] = notification.alert
+         else
+         break
+         end
        else
 	  break
        end

scripts/lua/modules/notifications/endpoints/webhook.lua

@@ -4,6 +4,8 @@
 
 require "lua_utils"
 local json = require "dkjson"
+local alert_utils = require "alert_utils"
+
 
 local webhook = {
    name = "Webhook",
@@ -105,7 +107,10 @@ function webhook.dequeueRecipientAlerts(recipient, budget)
     for i = 1, MAX_ALERTS_PER_REQUEST do
        local notification = ntop.recipient_dequeue(recipient.recipient_id)
        if notification then 
+        if alert_utils.filter_notification(notification, recipient.recipient_id) then
+
 	  notifications[#notifications + 1] = notification.alert
+        end
        else
 	  break
        end