Implements alert anchor in flow details

Implements #5606
2026-05-06 03:45:26 +00:00 · 2021-07-01 16:14:08 +02:00 · 2021-07-01 16:14:08 +02:00 · 68db177da4
commit 68db177da4
parent 6d6584b48d
3 changed files with 29 additions and 4 deletions
--- a/scripts/lua/alert_stats.lua
+++ b/scripts/lua/alert_stats.lua
@ -453,6 +453,8 @@ local context = {
            ip = host_ip,
            cli_ip = cli_ip,
            srv_ip = srv_ip,
+	    cli_port = cli_port,
+            srv_port = srv_port,
            l7_proto = l7_proto,
            network_name = network_name,
            role = role,
--- a/scripts/lua/flow_details.lua
+++ b/scripts/lua/flow_details.lua
@ -15,6 +15,7 @@ local alert_consts = require "alert_consts"
 local alert_utils = require "alert_utils"
 local alert_entities = require "alert_entities"
 local dscp_consts = require "dscp_consts"
+local tag_utils = require "tag_utils"
 require "flow_utils"

 if ntop.isPro() then
@ -1329,7 +1330,32 @@ else
 	    print(string.format('<td>%s %s</td>', score_alert.message, score_alert.is_predominant and status_icon or ''))

 	    if score_alert.alert_id then
-	       print(string.format('<td><a href="#alerts_filter_dialog" alert_id=%u alert_label="%s" class="btn btn-sm btn-warning" role="button"><i class="fas fa-bell-slash"></i></a></td>', score_alert.alert_id, score_alert.alert_label))
+	       print('<td>')
+
+	       if score_alert.is_predominant then
+		  -- Prepare bounds for the historical alert search.
+		  local epoch_begin = flow["seen.first"]
+		  -- In case the interface is a pcap dump, we cannot use the flow last seen as alerts have timestamps
+		  -- that depends on when ntopng is executed. For this reason, os.time() is used
+		  local epoch_end = ifstats.type == "pcap dump" and os.time() or flow["seen.last"]
+		  local l7_proto = flow["proto.ndpi_id"] .. tag_utils.SEPARATOR .. "eq"
+		  local cli_ip = flow["cli.ip"]  .. tag_utils.SEPARATOR .. "eq"
+		  local srv_ip = flow["srv.ip"]  .. tag_utils.SEPARATOR .. "eq"
+		  local cli_port = flow["cli.port"]  .. tag_utils.SEPARATOR .. "eq"
+		  local srv_port = flow["srv.port"]  .. tag_utils.SEPARATOR .. "eq"
+
+		  print(string.format('<a href="%s/lua/alert_stats.lua?status=historical&page=flow&epoch_begin=%u&epoch_end=%u&l7_proto=%s&cli_ip=%s&cli_port=%s&srv_ip=%s&srv_port=%s" class="btn btn-sm btn-info" role="button"><i class="fas fa-exclamation-triangle"></i></a>&nbsp;',
+				      ntop.getHttpPrefix(),
+				      epoch_begin,
+				      epoch_end,
+				      l7_proto,
+				      cli_ip, cli_port,
+				      srv_ip, srv_port))
+	       end
+
+	       print(string.format('<a href="#alerts_filter_dialog" alert_id=%u alert_label="%s" class="btn btn-sm btn-warning" role="button"><i class="fas fa-bell-slash"></i></a>', score_alert.alert_id, score_alert.alert_label))
+
+	       print('</td>')
 	    else -- These are unhandled alerts, e.g., flow risks for which a check doesn't exist
 	       print(string.format('<td></td>'))
 	    end