vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 07:29:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Add details on email and report about new hosts detected on network (#8086).

Browse source
This commit is contained in:
Nicolo Maio 2023-12-11 12:23:44 +01:00
parent ffd2c05eab
commit 8db0945eba
15 changed files with 184 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

106
scripts/lua/modules/vulnerability_scan/vs_utils.lua
View file

@ -73,7 +73,7 @@ local vs_rest_utils = require("vs_rest_utils")
-- Enable debug with:
-- redis-cli set "ntopng.prefs.vs.debug_enabled" "1"
-- systemctl restart ntopng
local debug_me = true--ntop.getCache("ntopng.prefs.vs.debug_enabled") == "1"
local debug_me = ntop.getCache("ntopng.prefs.vs.debug_enabled") == "1"
local verbose = false
local vs_utils = {}
@ -836,6 +836,17 @@ local function update_scan_info_for_report(type_of_scan_execution, new_item, hos
end
end
if (new_item.discovered_hosts ~= nil and new_item.scan_type == 'ipv4_netscan') then
if (info_json) then
if (info_json.net_scanned == nil) then
info_json.net_scanned = {}
end
info_json.net_scanned[new_item.host] = new_item.discovered_hosts
end
end
-- **********************************************************
if (new_item.num_vulnerabilities_found ~= nil) then
@ -1083,7 +1094,7 @@ end
-- Function to update host scan values
function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time, last_duration,
is_ok_last_scan, ports, scan_frequency, num_open_ports,
num_vulnerabilities_found, cve, id, is_edit, udp_ports, tcp_ports)
num_vulnerabilities_found, cve, id, is_edit, udp_ports, tcp_ports, discovered_hosts)
local checks = require "checks"
local trigger_alert = checks.isCheckEnabled("active_monitoring", "vulnerability_scan")
or checks.isCheckEnabled("system", "vulnerability_scan")
@ -1135,9 +1146,20 @@ function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time
new_item.is_down = is_down
local was_down = (old_data and old_data.is_down and (not new_item.is_down)) or false
-- on a specific entry the bool was_down is enabled when
-- old_data is_down true -> (previous scan the host was down)
-- new_data is_down false -> (actual scan the host is reachable)
-- otherwise was_down is not configured selecting nil value
local was_down = ((old_data and toboolean(old_data.is_down) == true and (not new_item.is_down))) or nil
new_item.was_down = was_down
local discovered_hosts_comma_list_string = ""
if (discovered_hosts ~= nil) then
discovered_hosts_comma_list_string = table.concat(discovered_hosts,",")
end
new_item.discovered_hosts = discovered_hosts_comma_list_string
if tcp_ports ~= nil then
new_item.tcp_ports = tcp_ports.num_ports
new_item.tcp_ports_list = tcp_ports.ports
@ -1242,8 +1264,8 @@ function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time
end
local host_info_differences
-- TODO FIX HARD CODING HERE of ipv4_netscan exclusion
if trigger_alert and old_data and (not is_edit) and scan_type ~= 'ipv4_netscan' and
if trigger_alert and old_data and (not is_edit) and
-- old scan and new scan must be successfully to perform discrepancies check
-- check only on host up
(old_data.is_down == false and new_item.is_down == false)
@ -1416,7 +1438,7 @@ local function retrieve_email_info(exec_type)
end
if(debug_me) then
tprint("EMAIL INFO:")
tprint("----- INFO JSON -------")
tprint(info_json)
end
@ -1433,7 +1455,8 @@ local function retrieve_email_info(exec_type)
-- has_discrepancy must be true only if there are new open ports or cves fixed
has_discrepancy = ((info_json.new_open_ports or 0) > 0) or ((info_json.num_cve_solved or 0) > 0),
hosts_down_list = info_json.hosts_down_list,
hosts_was_down_list = info_json.hosts_was_down_list
hosts_was_down_list = info_json.hosts_was_down_list,
scanned_networks = info_json.net_scanned or {}
}
if (email_info.has_discrepancy) then
@ -1451,7 +1474,7 @@ local function retrieve_email_info(exec_type)
begin_epoch = 0,
scanned_hosts = 0,
not_scanned_hosts = 0,
no_longer_down_now = 0
no_longer_down_now = 0,
}))
return email_info
end
@ -1630,18 +1653,25 @@ function vs_utils.notify_scan_results(exec_type, periodicity)
local possible_discrepancies_info = ""
local add_br = ""
local add_new_configured_hosts_br = true
if (email_info.has_discrepancy) then
-- ports or cves discrepancies
possible_discrepancies_info = i18n("hosts_stats.page_scan_hosts.email.discrepancy", {
new_ports_open = ternary(email_info.new_open_ports ~= 0, format_high_num_value_for_tables({num = email_info.new_open_ports}, "num"),"0"),
cves_fixed = ternary(email_info.fixed_cves ~= 0, format_high_num_value_for_tables({num = email_info.fixed_cves }, "num"),"0"),
hosts_discrepancy_details = email_info.discrepancies_details
})
add_new_configured_hosts_br = false
end
local no_longer_down_now = ""
local no_longer_down_list = ""
if (email_info.no_longer_down_now > 0) then
if (email_info.no_longer_down_now and email_info.no_longer_down_now > 0) then
-- hosts no longer down
add_new_configured_hosts_br = false
if (email_info.hosts_was_down_list ~= nil) then
local ret = ""
@ -1660,13 +1690,50 @@ function vs_utils.notify_scan_results(exec_type, periodicity)
})
end
if ((not email_info.has_discrepancy) and email_info.no_longer_down_now == 0) then
local discovered_hosts_list = ""
local discovered_hosts = false
if email_info.scanned_networks ~= nil and next(email_info.scanned_networks) then
-- hosts not configured but discovered by the netscan
discovered_hosts = true
for net in pairs(email_info.scanned_networks) do
local hosts_string = email_info.scanned_networks[net]
local net_scan = net.."/24"
local new_hosts_discovered = {}
if (not isEmptyString(hosts_string)) then
if (hosts_string:find(",")) then
new_hosts_discovered = string.split(hosts_string, ",")
else
new_hosts_discovered[#new_hosts_discovered+1] = hosts_string
end
end
local num_hosts = table.len(new_hosts_discovered) or 0
local hosts_list_formatted_string = ""
for _,host in ipairs(new_hosts_discovered) do
hosts_list_formatted_string = hosts_list_formatted_string .. i18n("hosts_stats.page_scan_hosts.email.host_down_item", {host_id = host})
end
local discovered_formatted_hosts_list = i18n("hosts_stats.page_scan_hosts.email.host_down_list", {host_down_items = hosts_list_formatted_string})
discovered_hosts_list = discovered_hosts_list .. i18n("hosts_stats.page_scan_hosts.email.netscan_new_hosts", {
net_scan = net_scan,
num_hosts = num_hosts,
host_list = discovered_formatted_hosts_list,
add_br = ternary(add_new_configured_hosts_br ,"<br>","")
})
end
end
if ((not email_info.has_discrepancy) and email_info.no_longer_down_now == 0 and not discovered_hosts) then
add_br = "<br>"
possible_discrepancies_info = i18n("hosts_stats.page_scan_hosts.email.no_discrepancy")
end
notification_message = notification_message .. possible_discrepancies_info .. no_longer_down_now
notification_message = notification_message .. possible_discrepancies_info .. no_longer_down_now .. discovered_hosts_list
local report_link_line = i18n("hosts_stats.page_scan_hosts.email.report_link_line",
{url = string.format(getHttpHost() .. ntop.getHttpPrefix() .. "/lua/enterprise/vulnerability_scan_report.lua?epoch_end=%u&epoch_begin=%u",
report_date,report_date), add_br = add_br})
@ -2132,7 +2199,7 @@ function vs_utils.scan_host(scan_type, host, ports, scan_id, use_coroutines)
-- Scan host
local scan_module = vs_utils.load_module(scan_type)
local now,result,duration,scan_result,num_open_ports,num_vulnerabilities_found, cve, udp_ports, tcp_ports = scan_module:scan_host(host, ports, use_coroutines)
local now,result,duration,scan_result,num_open_ports,num_vulnerabilities_found, cve, udp_ports, tcp_ports, discovered_hosts = scan_module:scan_host(host, ports, use_coroutines)
if(ntop.isShuttingDown()) then
return false
@ -2163,7 +2230,7 @@ function vs_utils.scan_host(scan_type, host, ports, scan_id, use_coroutines)
if (isAlreadyPresent({host= host, scan_type= scan_type})) then
vs_utils.save_host_to_scan(scan_type, host, result, now, duration, scan_result,
ports_scan_param, nil, num_open_ports, num_vulnerabilities_found, cve, scan_id, false, udp_ports, tcp_ports)
ports_scan_param, nil, num_open_ports, num_vulnerabilities_found, cve, scan_id, false, udp_ports, tcp_ports, discovered_hosts)
end
return true
@ -2679,8 +2746,17 @@ function vs_utils.get_network_pref_value(network_ip, scan_type)
local hash_key = vs_utils.get_host_hash_key(network_ip, scan_type)
local network_pref_value = json.decode(ntop.getHashCache(prefs_host_values_key,hash_key) or {})
--[[ Retrieving values to includes net sub scans in reports and email data ]]
local network_others_value = json.decode(ntop.getHashCache(host_to_scan_key, hash_key) or {})
local net_scan_all, net_periodic_scan, net_single_scan
if (network_others_value) then
net_scan_all, net_periodic_scan, net_single_scan = network_others_value.is_all, network_others_value.is_periodicity, network_others_value.is_single_scan
net_scan_all = toboolean(net_scan_all)
net_periodic_scan = toboolean(net_periodic_scan)
net_single_scan = toboolean(net_single_scan)
end
if(network_pref_value and not isEmptyString(network_pref_value)) then
return network_pref_value.discovered_host_scan_type, network_pref_value.scan_frequency
return network_pref_value.discovered_host_scan_type, network_pref_value.scan_frequency, net_scan_all, net_periodic_scan, net_single_scan
end
return nil
end