vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 07:29:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

[VS] Disable alert triggers for port changes when conducting a CVE scan

Browse source
This commit is contained in:
Nicolo Maio 2023-11-13 16:14:08 +01:00
parent d6d3e0a829
commit 672539ac9f
3 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
scripts/lua/modules/alert_definitions/other/alert_vulnerability_scan.lua
View file

@ -61,8 +61,10 @@ end
-- @return A human-readable string
function alert_vulnerability_scan.format(ifid, alert, alert_type_params, local_explorer)
local msg = ""
if (alert_type_params.scan_type == "tcp_portscan" or alert_type_params.scan_type == "tcp_openports") then
if (alert_type_params.scan_type == "tcp_portscan" or alert_type_params.scan_type == "tcp_openports")
-- case standard with scan_type == "TCP_PORTSCAN"
or (alert_type_params.scan_type == "cve" and (alert_type_params.num_ports.new_num_ports ~= 0 or alert_type_params.num_ports.old_num_ports ~= 0)) then
-- old case when TCP ports where detected also with cve scans
if (not isEmptyString(alert_type_params.tcp_ports_case)) then
msg = msg .. i18n('vulnerability_scan.ports_changed_cases.'..alert_type_params.tcp_ports_case, {
open_ports_num = normalize_values(alert_type_params.tcp_open_ports,"num"),
@ -72,6 +74,8 @@ function alert_vulnerability_scan.format(ifid, alert, alert_type_params, local_e
protocol = i18n("tcp")
})
msg = msg:gsub("%,", ", ")
else
msg = msg .. i18n('vulnerability_scan.ports_changed_cases.cve_scan_case')
end
elseif (alert_type_params.scan_type == "udp_portscan") then