Implements flow callbacks and alerts in C++

Scaffolding code of the host scripts

Scaffolding code for host alerts

Adds host_callbacks/ for .cpp files

Implements all classes for host callbacks

Removes pro/enterprise host callbacks

Adds typedefs with callback deltas

Compilation fix

Creates instances of host callbacks in loader

Link fix

Removes redundant/non-necessary host alerts

Merges Scan and Flood callbacks together

Removes outdated API files

Refactors alert keys into entity|id

Refactors all flow alert_{...} into flow_alert_{...}

Refactors C++ flow alert_{...} into flow_alert_{...}

Reworks alert ids to include an entity type

Cleanup and merge alertTypeRaw with getAlertType

Minor fix

Refactors alert definitions and keys into sub directories

Implement host alert callback execution and trigger/release logic

Update callbacks API

Adds base CallbacksLoader for {Host,Flow}CallbacksLoader

Implements load of host user scripts with periodicities

Implements runtime reload of host callbacks

Add logic for periodic callbacks

Add 'expired' flag to host alerts

Implements execution of host callbacks and SYN flood checks

Adds triggerAlertAsync calls to SYNFlood

Implements JSON host alert generation info

Handle callback getPeriod. Optimize callback lookup.

Implements host recipients in C++

Add callback status

Define destructor

Iterator fixes

Cleanup host Lua calls (now performed in C++)

Changes to show new host alerts in SQLite

Adds release/engage action on alert JSON

Move AlertableEntity to OtherAlertableEntity, inheriting from a new AlertableEntity. Add HostAlertableEntity.

Implements SYN Flood Attacker with params

Uses parametrized thresholds to trigger syn flood alerts

Implements build alert of both attacker and victim

Implement HostAlertableEntity

Implements SYN scan attacker/victim alerts

Implements flow flood attacker/victim alerts

Removes a debug flag

Add virtual allocStatus

Add HostAlert disableAutoRelease()

Add Ãexplicit releaseAlert()

Implements SYNFloodHostCallbackStatus

Implements SYNScanHostCallbackStatus

Implements FlowFloodHostCallbackStatus

Change trigger API to handle cli/src score

Implements {DNS,SMTP,NTP}ServerContactsAlert

Reworks ServerContacts host alerts

Implement exclusion bitmaps for host alerts

Implements {SMTP,DNS,NTP}ServerContactsAlert

Adds host_info to the generated alert JSON

Minor cleanup

Optimize access to callback status

Move RepliesRequestsRatio to pro

Rework triggerAlert on host to avoid multiple call and unneeded status data

Compilation fix

Reworked host alerts API (wip)

Cleanup unused host callbacks

Compilation fixes

Finishes backend implementation of host alerts exclusions

Rework host callbacks executor

Implements disable of host alerts

Port SYNFlood to the new api

Cleanup

Reduce duplicated code

Comments

Port ServerContacts to the new api

Clenaup

Adds parsing of configuration for host callbacks

Port SYNScanAlert to the new API

Port FlowFlood to the new API

Cleanup unused HostAlert getName

Reworks DNSRequestsErrorsRatioAlert

Adds JSON for DNSTrafficAlert

Adds FlowsAlert

Adds P2PTrafficAlert

Add RepliesRequestsRatioAlert

Adds ScoreAlert

Adds ThroughputAlert

Adds TrafficAlert

Fixes for scan/flood alerts

DNS ratio alert support

Add HTTP stats getters

Implements deltas for many host callbacks

Host score inc

Adds missing Alert params to host alerts

Release all host alerts on idle

Refactors score classes

Implements class Score to contain scores for hosts, flows, etc

Adds scores to VLANs, Networks, ASes and Countries

Host callbacks can trigger a single alert now

FlowFlood, SYNFloo, SYNScan now inherit from FlowHits

Move severity and score to constructor

Add else branch to hits callbacks

Alert definition update for flows_flood, syn_flood, syn_scan

Update field name

Engaged alert init

Adds score incs/decs for AS, VLAN, country, os and network

Restore network scripts

Restored other alert definitions for floods

Handle decreasing alert score

Removes include

Rename flows_flood to flow_flood for consistency

Restored alert_tcp_syn_flood_victim alert_tcp_syn_scan_victim definitions

Fixes for non-host engaged/release alerts

Cleanup LuaEngineFlow and LuaEngineHost classes

Fixes old calls to host lua during shutdown

Removes AlertCheckLuaEngine instance

Fixes purging of flows

Fixes alerts release upon shutdown causing wrong uses

Removes a debug flag

Fix getNumEngagedAlerts

Cleanup unnecessary host callbacks

Removes array of callback statuses inside host

Bitmap fixes

Refactors Bitmap into Bitmap128

Implements 16-bits bitmaps for host alerts

Adds class HostCallbacksStatus

Moves callback status p2p and DNS inside HostCallbacksStatus

Removes unused callbacks in typedefs

Minor cleanup

Adds trigger/release for DNS/p2p alerts

Reworks UI of hosts user scripts

Rename HostCallbackType to HostCallbackID, getType to getID, others

scripts/lua/modules/alert_consts.lua

@@ -4,11 +4,12 @@
 -- This file contains the alert constats
 
 local dirs = ntop.getDirs()
+package.path = dirs.installdir .. "/scripts/lua/modules/alert_keys/?.lua;" .. package.path
 package.path = dirs.installdir .. "/scripts/lua/modules/pools/?.lua;" .. package.path
 
 local alert_severities = require "alert_severities"
+local alert_entities = require "alert_entities"
 local alert_consts = {}
-local alert_keys = require "alert_keys"
 local alert = require "alert" -- The alert base class
 local format_utils  = require "format_utils"
 local os_utils = require("os_utils")
@@ -54,66 +55,9 @@ alert_consts.severity_groups = {
 
 -- ##############################################
 
--- Keep in sync with ntop_typedefs.h:AlertEntity
-alert_consts.alert_entities = {
-   interface = {
-    entity_id = 0,
-    label = "Interface",
-    pools = "interface_pools", -- modules/pools/interface_pools.lua
-   }, host = {
-    entity_id = 1,
-    label = "Host",
-    pools = "host_pools", -- modules/pools/host_pools.lua
-   }, network = {
-    entity_id = 2,
-    label = "Network",
-    pools = "local_network_pools", -- modules/pools/local_network_pools.lua
-   }, snmp_device = {
-    entity_id = 3,
-    label = "SNMP device",
-    pools = "snmp_device_pools", -- modules/pools/snmp_device_pools.lua
-   }, flow = {
-    entity_id = 4,
-    label = "Flow",
-    pools = "flow_pools", -- modules/pools/flow_pools.lua
-   }, mac = {
-    entity_id = 5,
-    label = "Device",
-    pools = "mac_pools", -- modules/pools/mac_pools.lua
-   }, host_pool = {
-    entity_id = 6,
-    label = "Host Pool",
-    pools = "host_pool_pools", -- modules/pools/host_pool_pools.lua
-   }, process = {
-    entity_id = 7,
-    label = "Process",
-    pools = "system_pools", -- modules/pools/system_pools.lua
-   }, user = {
-    entity_id = 8,
-    label = "User",
-    pools = "system_pools", -- modules/pools/system_pools.lua
-   }, influx_db = {
-    entity_id = 9,
-    label = "Influx DB",
-    pools = "system_pools", -- modules/pools/system_pools.lua
-   }, test = {
-    entity_id = 10,
-    label = "Test",
-    pools = "system_pools", -- modules/pools/system_pools.lua
-   }, category_lists = {
-    entity_id = 11,
-    label = "Category Lists",
-    pools = "system_pools", -- modules/pools/system_pools.lua
-   }, am_host = {
-    entity_id = 12,
-    label = "Active Monitoring Host",
-    pools = "active_monitoring_pools", -- modules/pools/active_monitoring_pools.lua
-   }, periodic_activity = {
-    entity_id = 13,
-    label = "Periodic Activity",
-    pools = "system_pools", -- modules/pools/system_pools.lua
-  }
-}
+alert_consts.alert_entities = alert_entities
+
+-- ##############################################
 
 -- Keep in sync with C
 alert_consts.alerts_granularities = {
@@ -297,7 +241,9 @@ function alert_consts.getDefinititionDirs()
 
    return({
 	 -- Path for ntopng-defined builtin alerts
-	 os_utils.fixPath(dirs.installdir .. "/scripts/lua/modules/alert_definitions"),
+	 os_utils.fixPath(dirs.installdir .. "/scripts/lua/modules/alert_definitions/flow"),
+	 os_utils.fixPath(dirs.installdir .. "/scripts/lua/modules/alert_definitions/host"),
+	 os_utils.fixPath(dirs.installdir .. "/scripts/lua/modules/alert_definitions/other"),
 	 -- Path for user-defined alerts written in plugins
 	 os_utils.fixPath(plugins_utils.getRuntimePath() .. "/alert_definitions"),
 	  }
@@ -356,7 +302,7 @@ local function loadAlertsDefs()
 	       goto next_script
             end
 
-            if not alert_consts.loadDefinition(def_script, mod_fname, defs_dir) then
+            if not loadDefinition(def_script, mod_fname, defs_dir) then
 	       -- Retry reload
 	       package.loaded[mod_fname] = nil
 	    end
@@ -393,7 +339,7 @@ end
 
 -- ##############################################
 
-function alert_consts.loadDefinition(def_script, mod_fname, script_path)
+function loadDefinition(def_script, mod_fname, script_path)
    local required_fields = {"alert_key", "i18n_title", "icon"}
 
    -- Check the required metadata fields
@@ -404,21 +350,39 @@ function alert_consts.loadDefinition(def_script, mod_fname, script_path)
       end
    end
 
-   -- Sanity check: make sure this is a valid alert key
-   local parsed_alert_key, status = alert_keys.parse_alert_key(def_script.meta.alert_key)
-   if not parsed_alert_key then
+   local alert_entity
+   if script_path:ends("/flow") then
+      alert_entity = alert_entities.flow
+   elseif script_path:ends("/host") then
+      alert_entity = alert_entities.host
+   else
+      -- TODO: migrate all. currently assumes other for non-flow non-host
+      alert_entity = alert_entities.other
+   end
+
+   local alert_key = def_script.meta.alert_key
+
+   if not alert_entity or not alert_key then
       traceError(TRACE_ERROR, TRACE_CONSOLE, string.format("Invalid alert key specified %s in %s from %s", status, mod_fname, script_path))
       return(false)
    end
+
+   -- Sanity check: make sure the alert key is not redefined
+   local alert_entity_id = alert_entity.entity_id
    
-   if(alerts_by_id[parsed_alert_key] ~= nil) then
-      traceError(TRACE_ERROR, TRACE_CONSOLE, string.format("Alert key %d redefined, skipping in %s from %s", parsed_alert_key, mod_fname, script_path))
+   if alerts_by_id[alert_entity_id] and alerts_by_id[alert_entity_id][alert_key] then
+      traceError(TRACE_ERROR, TRACE_CONSOLE, string.format("Alert key %d redefined, skipping in %s from %s", alert_key, mod_fname, script_path))
       return(false)
    end
 
-   def_script.meta.alert_key = parsed_alert_key
+   -- Add alert metadata to the script
+   def_script.meta.alert_entity = alert_entity
    alert_consts.alert_types[mod_fname] = def_script
-   alerts_by_id[parsed_alert_key] = mod_fname
+
+   if not alerts_by_id[alert_entity_id] then
+      alerts_by_id[alert_entity_id] = {}
+   end
+   alerts_by_id[alert_entity_id][alert_key] = mod_fname
 
    -- Success
    return(true)
@@ -426,8 +390,8 @@ end
  
 -- ##############################################
 
-function alert_consts.alertTypeLabel(v, nohtml)
-   local alert_key = alert_consts.alertTypeRaw(v)
+function alert_consts.alertTypeLabel(v, nohtml, alert_entity_id)
+   local alert_key = alert_consts.getAlertType(v, alert_entity_id)
 
    if(alert_key) then
       local type_info = alert_consts.alert_types[alert_key]
@@ -480,8 +444,26 @@ function alert_consts.alertType(v)
 
 -- ##############################################
 
-function alert_consts.getAlertType(alert_key)
-    return(alerts_by_id[tonumber(alert_key)])
+function alert_consts.getAlertType(alert_key, alert_entity_id)
+   -- Make sure we are working with numbers
+   alert_key = tonumber(alert_key)
+   alert_entity_id = tonumber(alert_entity_id)
+
+   if alert_entity_id and alerts_by_id[alert_entity_id] then
+      return alerts_by_id[alert_entity_id][alert_key]
+   end
+
+   -- TODO: remove fallbacks when all alerts in alert_keys.lua will be migrated and will have their own entity specified
+
+   -- Fallback 01: if no alert_entity_id is passed, alert_entity is assumed to be flow.
+   if alerts_by_id[alert_entities.flow.entity_id][alert_key] then
+      return alerts_by_id[alert_entities.flow.entity_id][alert_key]
+   end
+
+   -- Fallback 02: if no alert_entity_id is passed, alert_entity is assumed to be other.
+   if alerts_by_id[alert_entities.other.entity_id][alert_key] then
+      return alerts_by_id[alert_entities.other.entity_id][alert_key]
+   end
 end
 
 -- ##############################################
@@ -536,13 +518,6 @@ function alert_consts.alertSeverityById(severity_id)
    return(alert_severities[key])
 end
 
--- ################################################################################
- 
-function alert_consts.alertTypeRaw(type_id)
-   type_id = tonumber(type_id)
-   return alerts_by_id[type_id]
-end
-
  -- ################################################################################
 
 -- Rename engine -> granulariy

scripts/lua/modules/alert_definitions/flow/alert_blacklisted_country.lua

@@ -6,7 +6,7 @@
 
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 local alert_severities = require "alert_severities"
 
 -- Import the classes library.
@@ -21,7 +21,7 @@ local alert_blacklisted_country = classes.class(alert)
 -- ##############################################
 
 alert_blacklisted_country.meta = {
-   alert_key = alert_keys.ntopng.alert_blacklisted_country,
+   alert_key = flow_alert_keys.flow_alert_blacklisted_country,
    i18n_title = "alerts_dashboard.blacklisted_country",
    icon = "fas fa-exclamation",
    has_victim = true,

scripts/lua/modules/alert_definitions/flow/alert_connection_issues.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
 local format_utils = require "format_utils"
@@ -20,7 +20,7 @@ local alert_connection_issues = classes.class(alert)
 -- ##############################################
 
 alert_connection_issues.meta = {
-   alert_key = alert_keys.ntopng.alert_tcp_connection_issues,
+   alert_key = flow_alert_keys.flow_alert_tcp_connection_issues,
    i18n_title = "alerts_dashboard.connection_issues",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_data_exfiltration.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_data_exfiltration = classes.class(alert)
 -- ##############################################
 
 alert_data_exfiltration.meta = {
-   alert_key = alert_keys.ntopng.alert_data_exfiltration,
+   alert_key = flow_alert_keys.flow_alert_data_exfiltration,
    i18n_title = "flow_details.data_exfiltration",
    icon = "fas fa-exclamation",
    status_keep_increasing_scores = true, -- Keep increasing the score so the longer the flow, the higher the score

scripts/lua/modules/alert_definitions/flow/alert_device_protocol_not_allowed.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
 -- Import the classes library.
@@ -19,7 +19,7 @@ local alert_device_protocol_not_allowed = classes.class(alert)
 -- ##############################################
 
 alert_device_protocol_not_allowed.meta = {
-   alert_key = alert_keys.ntopng.alert_device_protocol_not_allowed,
+   alert_key = flow_alert_keys.flow_alert_device_protocol_not_allowed,
    i18n_title = "alerts_dashboard.suspicious_device_protocol",
    icon = "fas fa-exclamation",
    has_victim = true,

scripts/lua/modules/alert_definitions/flow/alert_dns_data_exfiltration.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_dns_data_exfiltration = classes.class(alert)
 -- ##############################################
 
 alert_dns_data_exfiltration.meta = {
-   alert_key = alert_keys.ntopng.alert_dns_data_exfiltration,
+   alert_key = flow_alert_keys.flow_alert_dns_data_exfiltration,
    i18n_title = "flow_details.dns_data_exfiltration",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_dns_invalid_query.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_dns_invalid_query = classes.class(alert)
 -- ##############################################
 
 alert_dns_invalid_query.meta = {
-   alert_key = alert_keys.ntopng.alert_dns_invalid_query,
+   alert_key = flow_alert_keys.flow_alert_dns_invalid_query,
    i18n_title = "flow_details.dns_invalid_query",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_elephant_flow.lua

@@ -7,7 +7,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -20,7 +20,7 @@ local alert_elephant_flow = classes.class(alert)
 -- ##############################################
 
 alert_elephant_flow.meta = {
-   alert_key = alert_keys.ntopng.alert_elephant_flow,
+   alert_key = flow_alert_keys.flow_alert_elephant_flow,
    i18n_title = "flow_details.elephant_flow",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_external.lua

@@ -2,7 +2,7 @@
 -- (C) 2019-20 - ntop.org
 --
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -15,7 +15,7 @@ local external_alert = classes.class(alert)
 -- ##############################################
 
 external_alert.meta = {
-   alert_key = alert_keys.ntopng.alert_external,
+   alert_key = flow_alert_keys.flow_alert_external,
    i18n_title = "alerts_dashboard.external_alert",
    icon = "fas fa-eye",
    status_keep_increasing_scores = true, -- Every time an external alert is set, scores are increased accordingly

scripts/lua/modules/alert_definitions/flow/alert_flow_blacklisted.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
 -- Import the classes library.
@@ -19,7 +19,7 @@ local alert_flow_blacklisted = classes.class(alert)
 -- ##############################################
 
 alert_flow_blacklisted.meta = {
-   alert_key = alert_keys.ntopng.alert_blacklisted,
+   alert_key = flow_alert_keys.flow_alert_blacklisted,
    i18n_title = "alerts_dashboard.blacklisted_flow",
    icon = "fas fa-exclamation",
    has_victim = true,

scripts/lua/modules/alert_definitions/flow/alert_flow_blocked.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_flow_blocked = classes.class(alert)
 -- ##############################################
 
 alert_flow_blocked.meta = {
-   alert_key = alert_keys.ntopng.alert_flow_blocked,
+   alert_key = flow_alert_keys.flow_alert_flow_blocked,
    i18n_title = "flow_details.flow_blocked_by_bridge",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_flow_low_goodput.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
 local format_utils = require("format_utils")
@@ -20,7 +20,7 @@ local alert_flow_low_goodput = classes.class(alert)
 -- ##############################################
 
 alert_flow_low_goodput.meta = {
-   alert_key = alert_keys.ntopng.alert_low_goodput,
+   alert_key = flow_alert_keys.flow_alert_low_goodput,
    i18n_title = "alerts_dashboard.flow_low_goodput",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_flow_risk.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
 local flow_risk_utils = require "flow_risk_utils"
@@ -20,7 +20,7 @@ local alert_flow_risk = classes.class(alert)
 -- ##############################################
 
 alert_flow_risk.meta = {
-   alert_key = alert_keys.ntopng.alert_flow_risk,
+   alert_key = flow_alert_keys.flow_alert_flow_risk,
    i18n_title = "alerts_dashboard.flow_risk",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_iec_invalid_transition.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 local json = require "dkjson"
 local format_utils = require "format_utils"
 -- Import the classes library.
@@ -20,7 +20,7 @@ local alert_iec_invalid_transition = classes.class(alert)
 -- ##############################################
 
 alert_iec_invalid_transition.meta = {
-   alert_key = alert_keys.ntopng.alert_iec_invalid_transition,
+   alert_key = flow_alert_keys.flow_alert_iec_invalid_transition,
    i18n_title = "alerts_dashboard.iec_invalid_transition",
    icon = "fas fa-subway",
 }

scripts/lua/modules/alert_definitions/flow/alert_iec_unexpected_type_id.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 local json = require "dkjson"
 local format_utils = require "format_utils"
 -- Import the classes library.
@@ -20,7 +20,7 @@ local alert_iec_unexpected_type_id = classes.class(alert)
 -- ##############################################
 
 alert_iec_unexpected_type_id.meta = {
-   alert_key = alert_keys.ntopng.alert_iec_unexpected_type_id,
+   alert_key = flow_alert_keys.flow_alert_iec_unexpected_type_id,
    i18n_title = "alerts_dashboard.iec_unexpected_type_id",
    icon = "fas fa-subway",
 }

scripts/lua/modules/alert_definitions/flow/alert_internals.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_internals = classes.class(alert)
 -- ##############################################
 
 alert_internals.meta = {
-  alert_key = alert_keys.ntopng.alert_internals,
+  alert_key = flow_alert_keys.flow_alert_internals,
   i18n_title = "flow_details.not_purged",
   icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_known_proto_on_non_std_port.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
 -- Import the classes library.
@@ -19,7 +19,7 @@ local alert_known_proto_on_non_std_port = classes.class(alert)
 -- ##############################################
 
 alert_known_proto_on_non_std_port.meta = {   
-   alert_key = alert_keys.ntopng.alert_known_proto_on_non_std_port,
+   alert_key = flow_alert_keys.flow_alert_known_proto_on_non_std_port,
    i18n_title = "alerts_dashboard.known_proto_on_non_std_port",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_longlived.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_longlived = classes.class(alert)
 -- ##############################################
 
 alert_longlived.meta = {
-   alert_key = alert_keys.ntopng.alert_longlived,
+   alert_key = flow_alert_keys.flow_alert_longlived,
    i18n_title = "flow_details.longlived_flow",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_malicious_signature.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_malicious_signature = classes.class(alert)
 -- ##############################################
 
 alert_malicious_signature.meta = {
-   alert_key = alert_keys.ntopng.alert_malicious_signature,
+   alert_key = flow_alert_keys.flow_alert_malicious_signature,
    i18n_title = "alerts_dashboard.malicious_signature_detected",
    icon = "fas fa-ban",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_dns_suspicious_traffic.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_dns_suspicious_traffic = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_dns_suspicious_traffic.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_dns_suspicious_traffic,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_dns_suspicious_traffic,
    i18n_title = "alerts_dashboard.ndpi_dns_suspicious_traffic_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_http_numeric_ip_host.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_http_numeric_ip_host = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_http_numeric_ip_host.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_http_numeric_ip_host,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_http_numeric_ip_host,
    i18n_title = "alerts_dashboard.ndpi_http_numeric_ip_host_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_http_suspicious_header.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_http_suspicious_header = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_http_suspicious_header.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_http_suspicious_header,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_http_suspicious_header,
    i18n_title = "alerts_dashboard.ndpi_http_suspicious_header_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_http_suspicious_url.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_http_suspicious_url = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_http_suspicious_url.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_http_suspicious_url,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_http_suspicious_url,
    i18n_title = "alerts_dashboard.ndpi_http_suspicious_url_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_http_suspicious_user_agent.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_http_suspicious_user_agent = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_http_suspicious_user_agent.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_http_suspicious_user_agent,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_http_suspicious_user_agent,
    i18n_title = "alerts_dashboard.ndpi_http_suspicious_user_agent_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_malformed_packet.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_malformed_packet = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_malformed_packet.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_malformed_packet,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_malformed_packet,
    i18n_title = "alerts_dashboard.ndpi_malformed_packet_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_smb_insecure_version.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_smb_insecure_version = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_smb_insecure_version.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_smb_insecure_version,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_smb_insecure_version,
    i18n_title = "alerts_dashboard.ndpi_smb_insecure_version_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_ssh_obsolete.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_ssh_obsolete = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_ssh_obsolete.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_ssh_obsolete,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_ssh_obsolete,
    i18n_title = "alerts_dashboard.ndpi_ssh_obsolete_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_suspicious_dga_domain.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_suspicious_dga_domain = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_suspicious_dga_domain.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_suspicious_dga_domain,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_suspicious_dga_domain,
    i18n_title = "alerts_dashboard.ndpi_suspicious_dga_domain_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_tls_missing_sni.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_tls_missing_sni = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_tls_missing_sni.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_tls_missing_sni,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_tls_missing_sni,
    i18n_title = "alerts_dashboard.ndpi_tls_missing_sni_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_tls_not_carrying_https.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_tls_not_carrying_https = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_tls_not_carrying_https.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_tls_not_carrying_https,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_tls_not_carrying_https,
    i18n_title = "alerts_dashboard.ndpi_tls_not_carrying_https_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_tls_suspicious_esni_usage.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_tls_suspicious_esni_usage = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_tls_suspicious_esni_usage.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_tls_suspicious_esni_usage,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_tls_suspicious_esni_usage,
    i18n_title = "alerts_dashboard.ndpi_tls_suspicious_esni_usage_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_unsafe_protocol.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_unsafe_protocol = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_unsafe_protocol.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_unsafe_protocol,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_unsafe_protocol,
    i18n_title = "alerts_dashboard.ndpi_unsafe_protocol_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_url_possible_rce_injection.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_url_possible_rce_injection = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_url_possible_rce_injection.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_url_possible_rce_injection,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_url_possible_rce_injection,
    i18n_title = "alerts_dashboard.ndpi_url_possible_rce_injection_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_url_possible_sql_injection.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_url_possible_sql_injection = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_url_possible_sql_injection.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_url_possible_sql_injection,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_url_possible_sql_injection,
    i18n_title = "alerts_dashboard.ndpi_url_possible_sql_injection_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_ndpi_url_possible_xss.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ndpi_url_possible_xss = classes.class(alert)
 -- ##############################################
 
 alert_ndpi_url_possible_xss.meta = {
-   alert_key  = alert_keys.ntopng.alert_ndpi_url_possible_xss,
+   alert_key  = flow_alert_keys.flow_alert_ndpi_url_possible_xss,
    i18n_title = "alerts_dashboard.ndpi_url_possible_xss_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_potentially_dangerous_protocol.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_potentially_dangerous_protocol = classes.class(alert)
 -- ##############################################
 
 alert_potentially_dangerous_protocol.meta = {
-   alert_key = alert_keys.ntopng.alert_potentially_dangerous,
+   alert_key = flow_alert_keys.flow_alert_potentially_dangerous,
    i18n_title = "flow_details.potentially_dangerous_protocol",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_remote_to_local_insecure_proto.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
 local format_utils = require "format_utils"
@@ -21,7 +21,7 @@ local alert_remote_to_local_insecure_proto = classes.class(alert)
 -- ##############################################
 
 alert_remote_to_local_insecure_proto.meta = {
-   alert_key = alert_keys.ntopng.alert_remote_to_local_insecure_proto,
+   alert_key = flow_alert_keys.flow_alert_remote_to_local_insecure_proto,
    i18n_title = "alerts_dashboard.remote_to_local_insecure_proto",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_remote_to_remote.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
 local format_utils = require "format_utils"
@@ -21,7 +21,7 @@ local alert_remote_to_remote = classes.class(alert)
 -- ##############################################
 
 alert_remote_to_remote.meta = {
-   alert_key = alert_keys.ntopng.alert_remote_to_remote,
+   alert_key = flow_alert_keys.flow_alert_remote_to_remote,
    i18n_title = "alerts_dashboard.remote_to_remote",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_suspicious_file_transfer.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
 -- Import the classes library.
@@ -19,7 +19,7 @@ local alert_suspicious_file_transfer = classes.class(alert)
 -- ##############################################
 
 alert_suspicious_file_transfer.meta = {
-   alert_key = alert_keys.ntopng.alert_suspicious_file_transfer,
+   alert_key = flow_alert_keys.flow_alert_suspicious_file_transfer,
    i18n_title = "alerts_dashboard.suspicious_file_transfer",
    icon = "fas fa-file-download",
 }

scripts/lua/modules/alert_definitions/flow/alert_suspicious_tcp_probing.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_suspicious_tcp_probing = classes.class(alert)
 -- ##############################################
 
 alert_suspicious_tcp_probing.meta = {
-   alert_key = alert_keys.ntopng.alert_suspicious_tcp_probing,
+   alert_key = flow_alert_keys.flow_alert_suspicious_tcp_probing,
    i18n_title = "flow_details.suspicious_tcp_probing",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_suspicious_tcp_syn_probing.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_suspicious_tcp_syn_probing = classes.class(alert)
 -- ##############################################
 
 alert_suspicious_tcp_syn_probing.meta = {
-   alert_key = alert_keys.ntopng.alert_suspicious_tcp_syn_probing,
+   alert_key = flow_alert_keys.flow_alert_suspicious_tcp_syn_probing,
    i18n_title = "flow_details.suspicious_tcp_syn_probing",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_tcp_connection_refused.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_tcp_connection_refused = classes.class(alert)
 -- ##############################################
 
 alert_tcp_connection_refused.meta = {
-   alert_key = alert_keys.ntopng.alert_tcp_connection_refused,
+   alert_key = flow_alert_keys.flow_alert_tcp_connection_refused,
    i18n_title = "flow_callbacks_config.tcp_connection_refused",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_tls_certificate_expired.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_tls_certificate_expired = classes.class(alert)
 -- ##############################################
 
 alert_tls_certificate_expired.meta = {
-   alert_key = alert_keys.ntopng.alert_tls_certificate_expired,
+   alert_key = flow_alert_keys.flow_alert_tls_certificate_expired,
    i18n_title = "flow_details.tls_certificate_expired",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_tls_certificate_mismatch.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_tls_certificate_mismatch = classes.class(alert)
 -- ##############################################
 
 alert_tls_certificate_mismatch.meta = {
-   alert_key = alert_keys.ntopng.alert_tls_certificate_mismatch,
+   alert_key = flow_alert_keys.flow_alert_tls_certificate_mismatch,
    i18n_title = "flow_details.tls_certificate_mismatch",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_tls_certificate_selfsigned.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_tls_certificate_selfsigned = classes.class(alert)
 -- ##############################################
 
 alert_tls_certificate_selfsigned.meta = {
-   alert_key = alert_keys.ntopng.alert_tls_certificate_selfsigned,
+   alert_key = flow_alert_keys.flow_alert_tls_certificate_selfsigned,
    i18n_title = "flow_details.tls_certificate_selfsigned",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_tls_old_protocol_version.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_tls_old_protocol_version = classes.class(alert)
 -- ##############################################
 
 alert_tls_old_protocol_version.meta = {
-   alert_key = alert_keys.ntopng.alert_tls_old_protocol_version,
+   alert_key = flow_alert_keys.flow_alert_tls_old_protocol_version,
    i18n_title = "flow_details.tls_old_protocol_version",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_tls_unsafe_ciphers.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_tls_unsafe_ciphers = classes.class(alert)
 -- ##############################################
 
 alert_tls_unsafe_ciphers.meta = {
-   alert_key = alert_keys.ntopng.alert_tls_unsafe_ciphers,
+   alert_key = flow_alert_keys.flow_alert_tls_unsafe_ciphers,
    i18n_title = "flow_details.tls_unsafe_ciphers",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/flow/alert_udp_unidirectional.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
 -- Import the classes library.
@@ -19,7 +19,7 @@ local alert_udp_unidirectional = classes.class(alert)
 -- ##############################################
 
 alert_udp_unidirectional.meta = {
-  alert_key = alert_keys.ntopng.alert_udp_unidirectional,
+  alert_key = flow_alert_keys.flow_alert_udp_unidirectional,
   i18n_title = "flow_details.udp_unidirectional",
   icon = "fas fa-info-circle",
 }

scripts/lua/modules/alert_definitions/flow/alert_unexpected_dhcp_server.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_unexpected_dhcp_server = classes.class(alert)
 -- ##############################################
 
 alert_unexpected_dhcp_server.meta = {
-   alert_key = alert_keys.ntopng.alert_unexpected_dhcp_server,
+   alert_key = flow_alert_keys.flow_alert_unexpected_dhcp_server,
    i18n_title = "unexpected_dhcp.alert_unexpected_dhcp_title",
    icon = "fas fa-exclamation",
    has_victim = true,

scripts/lua/modules/alert_definitions/flow/alert_unexpected_dns_server.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_unexpected_dns_server = classes.class(alert)
 -- ##############################################
 
 alert_unexpected_dns_server.meta = {
-   alert_key = alert_keys.ntopng.alert_unexpected_dns_server,
+   alert_key = flow_alert_keys.flow_alert_unexpected_dns_server,
    i18n_title = "unexpected_dns.alert_unexpected_dns_title",
    icon = "fas fa-exclamation",
    has_victim = true,

scripts/lua/modules/alert_definitions/flow/alert_unexpected_ntp_server.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_unexpected_ntp_server = classes.class(alert)
 -- ##############################################
 
 alert_unexpected_ntp_server.meta = {
-   alert_key = alert_keys.ntopng.alert_unexpected_ntp_server,
+   alert_key = flow_alert_keys.flow_alert_unexpected_ntp_server,
    i18n_title = "unexpected_ntp.alert_unexpected_ntp_title",
    icon = "fas fa-exclamation",
    has_victim = true,

scripts/lua/modules/alert_definitions/flow/alert_unexpected_smtp_server.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_unexpected_smtp_server = classes.class(alert)
 -- ##############################################
 
 alert_unexpected_smtp_server.meta = {
-   alert_key = alert_keys.ntopng.alert_unexpected_smtp_server,
+   alert_key = flow_alert_keys.flow_alert_unexpected_smtp_server,
    i18n_title = "unexpected_smtp.alert_unexpected_smtp_title",
    icon = "fas fa-exclamation",
    has_victim = true,

scripts/lua/modules/alert_definitions/flow/alert_web_mining.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_web_mining = classes.class(alert)
 -- ##############################################
 
 alert_web_mining.meta = {
-   alert_key = alert_keys.ntopng.alert_web_mining,
+   alert_key = flow_alert_keys.flow_alert_web_mining,
    i18n_title = "alerts_dashboard.web_mining",
    icon = "fab fa-bitcoin",
 }

scripts/lua/modules/alert_definitions/flow/alert_zero_tcp_window.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local flow_alert_keys = require "flow_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_zero_tcp_window = classes.class(alert)
 -- ##############################################
 
 alert_zero_tcp_window.meta = {
-   alert_key = alert_keys.ntopng.alert_zero_tcp_window,
+   alert_key = flow_alert_keys.flow_alert_zero_tcp_window,
    i18n_title = "zero_tcp_window.zero_tcp_window_title",
    icon = "fas fa-arrow-circle-up",
 }

scripts/lua/modules/alert_definitions/host/host_alert_dns_requests_errors_ratio.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local host_alert_keys = require "host_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -12,12 +12,12 @@ local alert = require "alert"
 
 -- ##############################################
 
-local alert_dns_positive_error_ratio = classes.class(alert)
+local host_alert_dns_requests_errors_ratio = classes.class(alert)
 
 -- ##############################################
 
-alert_dns_positive_error_ratio.meta = {
-   alert_key = alert_keys.ntopng.alert_dns_positive_error_ratio,
+host_alert_dns_requests_errors_ratio.meta = {
+   alert_key = host_alert_keys.host_alert_dns_requests_errors_ratio,
    i18n_title = "dns_positive_error_ratio.title",
    icon = "fas fa-exclamation",
 }
@@ -28,7 +28,7 @@ alert_dns_positive_error_ratio.meta = {
 -- @param requests The number of requests
 -- @param replies The number of replies
 -- @return A table with the alert built
-function alert_dns_positive_error_ratio:init(type, positives, errors)
+function host_alert_dns_requests_errors_ratio:init(type, positives, errors)
    -- Call the parent constructor
    self.super:init()
 
@@ -46,7 +46,7 @@ end
 -- @param alert The alert description table, including alert data such as the generating entity, timestamp, granularity, type
 -- @param alert_type_params Table `alert_type_params` as built in the `:init` method
 -- @return A human-readable string
-function alert_dns_positive_error_ratio.format(ifid, alert, alert_type_params)
+function host_alert_dns_requests_errors_ratio.format(ifid, alert, alert_type_params)
    local type = ""
 
    if alert_type_params.type == "dns_rcvd" then
@@ -64,4 +64,4 @@ end
 
 -- #######################################################
 
-return alert_dns_positive_error_ratio
+return host_alert_dns_requests_errors_ratio

scripts/lua/modules/alert_definitions/host/host_alert_dns_server_contacts.lua

@@ -0,0 +1,68 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+-- ##############################################
+
+local host_alert_keys = require "host_alert_keys"
+package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
+
+local alert_creators = require "alert_creators"
+local format_utils = require "format_utils"
+local json = require("dkjson")
+-- Import the classes library.
+local classes = require "classes"
+-- Make sure to import the Superclass!
+local alert = require "alert"
+
+-- ##############################################
+
+local host_alert_dns_server_contacts = classes.class(alert)
+
+-- ##############################################
+
+host_alert_dns_server_contacts.meta = {
+  alert_key = host_alert_keys.host_alert_dns_server_contacts,
+  i18n_title = "alerts_dashboard.host_alert_dns_server_contacts",
+  icon = "fas fa-life-ring",
+  has_victim = true,
+}
+
+-- ##############################################
+
+-- @brief Prepare an alert table used to generate the alert
+-- @param one_param The first alert param
+-- @param another_param The second alert param
+-- @return A table with the alert built
+function host_alert_dns_server_contacts:init(metric, value, operator, threshold)
+   -- Call the parent constructor
+   self.super:init()
+
+   self.alert_type_params = alert_creators.createThresholdCross(metric, value, operator, threshold)
+end
+
+-- #######################################################
+
+-- @brief Format an alert into a human-readable string
+-- @param ifid The integer interface id of the generated alert
+-- @param alert The alert description table, including alert data such as the generating entity, timestamp, granularity, type
+-- @param alert_type_params Table `alert_type_params` as built in the `:init` method
+-- @return A human-readable string
+function host_alert_dns_server_contacts.format(ifid, alert, alert_type_params)
+  local alert_consts = require("alert_consts")
+  local entity = alert_consts.formatAlertEntity(ifid, alert_consts.alertEntityRaw(alert["alert_entity"]), alert["alert_entity_val"])
+  local value = alert_type_params.value
+
+  if(value == nil) then value = 0 end
+  
+  return i18n("alert_messages.host_alert_dns_server_contacts", {
+    entity = firstToUpper(entity),
+    host_category = format_utils.formatAddressCategory((json.decode(alert.alert_json)).alert_generation.host_info),
+    value = string.format("%u", math.ceil(value or 0)),
+    threshold = alert_type_params.threshold or 0,
+  })
+end
+
+-- #######################################################
+
+return host_alert_dns_server_contacts

scripts/lua/modules/alert_definitions/host/host_alert_dns_traffic.lua

@@ -0,0 +1,68 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+-- ##############################################
+
+local host_alert_keys = require "host_alert_keys"
+package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
+
+local json = require("dkjson")
+local alert_creators = require "alert_creators"
+local format_utils = require "format_utils"
+-- Import the classes library.
+local classes = require "classes"
+-- Make sure to import the Superclass!
+local alert = require "alert"
+
+-- ##############################################
+
+local host_alert_dns_traffic = classes.class(alert)
+
+-- ##############################################
+
+host_alert_dns_traffic.meta = {
+  alert_key = host_alert_keys.host_alert_dns_traffic,
+  i18n_title = "alerts_dashboard.threashold_cross",
+  icon = "fas fa-arrow-circle-up",
+}
+
+-- ##############################################
+
+-- @brief Prepare an alert table used to generate the alert
+-- @param metric Same as `alert_subtype`
+-- @param value A number indicating the measure which crossed the threshold
+-- @param operator A string indicating the operator used when evaluating the threshold, one of "gt", ">", "<"
+-- @param threshold A number indicating the threshold compared with `value`  using operator
+-- @return A table with the alert built
+function host_alert_dns_traffic:init(metric, value, operator, threshold)
+   -- Call the parent constructor
+   self.super:init()
+
+   self.alert_type_params = alert_creators.createThresholdCross(metric, value, operator, threshold)
+end
+
+-- #######################################################
+
+-- @brief Format an alert into a human-readable string
+-- @param ifid The integer interface id of the generated alert
+-- @param alert The alert description table, including alert data such as the generating entity, timestamp, granularity, type
+-- @param alert_type_params Table `alert_type_params` as built in the `:init` method
+-- @return A human-readable string
+function host_alert_dns_traffic.format(ifid, alert, alert_type_params)
+  local alert_consts = require("alert_consts")
+  local entity = alert_consts.formatAlertEntity(ifid, alert_consts.alertEntityRaw(alert["alert_entity"]), alert["alert_entity_val"])
+  local engine_label = alert_consts.alertEngineLabel(alert_consts.alertEngine(alert_consts.sec2granularity(alert["alert_granularity"])))
+
+  return i18n("alert_messages.host_alert_dns_traffic", {
+    entity = entity,
+    host_category = format_utils.formatAddressCategory((json.decode(alert.alert_json)).alert_generation.host_info),
+    value = string.format("%u", math.ceil(alert_type_params.value)),
+    op = "&".. (alert_type_params.operator or "gt") ..";",
+    threshold = alert_type_params.threshold,
+  })
+end
+
+-- #######################################################
+
+return host_alert_dns_traffic

scripts/lua/modules/alert_definitions/host/host_alert_flow_flood.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local host_alert_keys = require "host_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
 local alert_creators = require "alert_creators"
@@ -17,13 +17,13 @@ local alert = require "alert"
 
 -- ##############################################
 
-local alert_flows_flood_attacker = classes.class(alert)
+local host_alert_flow_flood = classes.class(alert)
 
 -- ##############################################
 
-alert_flows_flood_attacker.meta = {
-  alert_key = alert_keys.ntopng.alert_flows_flood_attacker,
-  i18n_title = "alerts_dashboard.flows_flood_attacker",
+host_alert_flow_flood.meta = {
+  alert_key = host_alert_keys.host_alert_flow_flood,
+  i18n_title = "alerts_dashboard.flow_flood",
   icon = "fas fa-life-ring",
   has_attacker = true,
 }
@@ -34,7 +34,7 @@ alert_flows_flood_attacker.meta = {
 -- @param one_param The first alert param
 -- @param another_param The second alert param
 -- @return A table with the alert built
-function alert_flows_flood_attacker:init(metric, value, operator, threshold)
+function host_alert_flow_flood:init(metric, value, operator, threshold)
    -- Call the parent constructor
    self.super:init()
 
@@ -48,12 +48,19 @@ end
 -- @param alert The alert description table, including alert data such as the generating entity, timestamp, granularity, type
 -- @param alert_type_params Table `alert_type_params` as built in the `:init` method
 -- @return A human-readable string
-function alert_flows_flood_attacker.format(ifid, alert, alert_type_params)
+function host_alert_flow_flood.format(ifid, alert, alert_type_params)
   local alert_consts = require("alert_consts")
   local entity = alert_consts.formatAlertEntity(ifid, alert_consts.alertEntityRaw(alert["alert_entity"]), alert["alert_entity_val"])
   local value = alert_type_params.value
+  local i18n_key
 
-  return i18n("alert_messages.flow_flood_attacker", {
+  if alert_type_params.is_attacker then
+    i18n_key = "alert_messages.flow_flood_attacker"
+  else
+    i18n_key = "alert_messages.flow_flood_victim"
+  end
+
+  return i18n(i18n_key, {
     entity = firstToUpper(entity),
     host_category = format_utils.formatAddressCategory((json.decode(alert.alert_json)).alert_generation.host_info),
     value = string.format("%u", math.ceil(value)),
@@ -63,4 +70,4 @@ end
 
 -- #######################################################
 
-return alert_flows_flood_attacker
+return host_alert_flow_flood

scripts/lua/modules/alert_definitions/host/host_alert_ntp_server_contacts.lua

@@ -0,0 +1,68 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+-- ##############################################
+
+local host_alert_keys = require "host_alert_keys"
+package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
+
+local alert_creators = require "alert_creators"
+local format_utils = require "format_utils"
+local json = require("dkjson")
+-- Import the classes library.
+local classes = require "classes"
+-- Make sure to import the Superclass!
+local alert = require "alert"
+
+-- ##############################################
+
+local host_alert_ntp_server_contacts = classes.class(alert)
+
+-- ##############################################
+
+host_alert_ntp_server_contacts.meta = {
+  alert_key = host_alert_keys.host_alert_ntp_server_contacts,
+  i18n_title = "alerts_dashboard.host_alert_ntp_server_contacts",
+  icon = "fas fa-life-ring",
+  has_victim = true,
+}
+
+-- ##############################################
+
+-- @brief Prepare an alert table used to generate the alert
+-- @param one_param The first alert param
+-- @param another_param The second alert param
+-- @return A table with the alert built
+function host_alert_ntp_server_contacts:init(metric, value, operator, threshold)
+   -- Call the parent constructor
+   self.super:init()
+
+   self.alert_type_params = alert_creators.createThresholdCross(metric, value, operator, threshold)
+end
+
+-- #######################################################
+
+-- @brief Format an alert into a human-readable string
+-- @param ifid The integer interface id of the generated alert
+-- @param alert The alert description table, including alert data such as the generating entity, timestamp, granularity, type
+-- @param alert_type_params Table `alert_type_params` as built in the `:init` method
+-- @return A human-readable string
+function host_alert_ntp_server_contacts.format(ifid, alert, alert_type_params)
+  local alert_consts = require("alert_consts")
+  local entity = alert_consts.formatAlertEntity(ifid, alert_consts.alertEntityRaw(alert["alert_entity"]), alert["alert_entity_val"])
+  local value = alert_type_params.value
+
+  if(value == nil) then value = 0 end
+  
+  return i18n("alert_messages.host_alert_ntp_server_contacts", {
+    entity = firstToUpper(entity),
+    host_category = format_utils.formatAddressCategory((json.decode(alert.alert_json)).alert_generation.host_info),
+    value = string.format("%u", math.ceil(value or 0)),
+    threshold = alert_type_params.threshold or 0,
+  })
+end
+
+-- #######################################################
+
+return host_alert_ntp_server_contacts

scripts/lua/modules/alert_definitions/host/host_alert_p2p_traffic.lua

@@ -0,0 +1,68 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+-- ##############################################
+
+local host_alert_keys = require "host_alert_keys"
+package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
+
+local json = require("dkjson")
+local alert_creators = require "alert_creators"
+local format_utils = require "format_utils"
+-- Import the classes library.
+local classes = require "classes"
+-- Make sure to import the Superclass!
+local alert = require "alert"
+
+-- ##############################################
+
+local host_alert_p2p_traffic = classes.class(alert)
+
+-- ##############################################
+
+host_alert_p2p_traffic.meta = {
+  alert_key = host_alert_keys.host_alert_p2p_traffic,
+  i18n_title = "alerts_dashboard.threashold_cross",
+  icon = "fas fa-arrow-circle-up",
+}
+
+-- ##############################################
+
+-- @brief Prepare an alert table used to generate the alert
+-- @param metric Same as `alert_subtype`
+-- @param value A number indicating the measure which crossed the threshold
+-- @param operator A string indicating the operator used when evaluating the threshold, one of "gt", ">", "<"
+-- @param threshold A number indicating the threshold compared with `value`  using operator
+-- @return A table with the alert built
+function host_alert_p2p_traffic:init(metric, value, operator, threshold)
+   -- Call the parent constructor
+   self.super:init()
+
+   self.alert_type_params = alert_creators.createThresholdCross(metric, value, operator, threshold)
+end
+
+-- #######################################################
+
+-- @brief Format an alert into a human-readable string
+-- @param ifid The integer interface id of the generated alert
+-- @param alert The alert description table, including alert data such as the generating entity, timestamp, granularity, type
+-- @param alert_type_params Table `alert_type_params` as built in the `:init` method
+-- @return A human-readable string
+function host_alert_p2p_traffic.format(ifid, alert, alert_type_params)
+  local alert_consts = require("alert_consts")
+  local entity = alert_consts.formatAlertEntity(ifid, alert_consts.alertEntityRaw(alert["alert_entity"]), alert["alert_entity_val"])
+  local engine_label = alert_consts.alertEngineLabel(alert_consts.alertEngine(alert_consts.sec2granularity(alert["alert_granularity"])))
+
+  return i18n("alert_messages.host_alert_p2p_traffic", {
+    entity = entity,
+    host_category = format_utils.formatAddressCategory((json.decode(alert.alert_json)).alert_generation.host_info),
+    value = string.format("%u", math.ceil(alert_type_params.value)),
+    op = "&".. (alert_type_params.operator or "gt") ..";",
+    threshold = alert_type_params.threshold,
+  })
+end
+
+-- #######################################################
+
+return host_alert_p2p_traffic

scripts/lua/modules/alert_definitions/host/host_alert_replies_requests_ratio.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local host_alert_keys = require "host_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
 local format_utils = require "format_utils"
@@ -16,12 +16,12 @@ local alert = require "alert"
 
 -- ##############################################
 
-local alert_request_reply_ratio = classes.class(alert)
+local host_alert_replies_requests_ratio = classes.class(alert)
 
 -- ##############################################
 
-alert_request_reply_ratio.meta = {
-  alert_key = alert_keys.ntopng.alert_request_reply_ratio,
+host_alert_replies_requests_ratio.meta = {
+  alert_key = host_alert_keys.host_alert_replies_requests_ratio,
   i18n_title = "entity_thresholds.request_reply_ratio_title",
   icon = "fas fa-exclamation",
 }
@@ -32,7 +32,7 @@ alert_request_reply_ratio.meta = {
 -- @param requests The number of requests
 -- @param replies The number of replies
 -- @return A table with the alert built
-function alert_request_reply_ratio:init(requests, replies)
+function host_alert_replies_requests_ratio:init(requests, replies)
    -- Call the parent constructor
    self.super:init()
 
@@ -49,7 +49,7 @@ end
 -- @param alert The alert description table, including alert data such as the generating entity, timestamp, granularity, type
 -- @param alert_type_params Table `alert_type_params` as built in the `:init` method
 -- @return A human-readable string
-function alert_request_reply_ratio.format(ifid, alert, alert_type_params)
+function host_alert_replies_requests_ratio.format(ifid, alert, alert_type_params)
   local alert_consts = require("alert_consts")
 
   local entity = firstToUpper(alert_consts.formatAlertEntity(ifid, alert_consts.alertEntityRaw(alert["alert_entity"]), alert["alert_entity_val"]))
@@ -90,4 +90,4 @@ end
 
 -- #######################################################
 
-return alert_request_reply_ratio
+return host_alert_replies_requests_ratio

scripts/lua/modules/alert_definitions/host/host_alert_score.lua

@@ -0,0 +1,70 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+-- ##############################################
+
+local host_alert_keys = require "host_alert_keys"
+package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
+
+local json = require("dkjson")
+local alert_creators = require "alert_creators"
+local format_utils = require "format_utils"
+-- Import the classes library.
+local classes = require "classes"
+-- Make sure to import the Superclass!
+local alert = require "alert"
+
+-- ##############################################
+
+local host_alert_score = classes.class(alert)
+
+-- ##############################################
+
+host_alert_score.meta = {
+  alert_key = host_alert_keys.host_alert_score,
+  i18n_title = "alerts_dashboard.threashold_cross",
+  icon = "fas fa-arrow-circle-up",
+}
+
+-- ##############################################
+
+-- @brief Prepare an alert table used to generate the alert
+-- @param metric Same as `alert_subtype`
+-- @param value A number indicating the measure which crossed the threshold
+-- @param operator A string indicating the operator used when evaluating the threshold, one of "gt", ">", "<"
+-- @param threshold A number indicating the threshold compared with `value`  using operator
+-- @return A table with the alert built
+function host_alert_score:init(metric, value, operator, threshold)
+   -- Call the parent constructor
+   self.super:init()
+
+   self.alert_type_params = alert_creators.createThresholdCross(metric, value, operator, threshold)
+end
+
+-- #######################################################
+
+-- @brief Format an alert into a human-readable string
+-- @param ifid The integer interface id of the generated alert
+-- @param alert The alert description table, including alert data such as the generating entity, timestamp, granularity, type
+-- @param alert_type_params Table `alert_type_params` as built in the `:init` method
+-- @return A human-readable string
+function host_alert_score.format(ifid, alert, alert_type_params)
+  local alert_consts = require("alert_consts")
+  local entity = alert_consts.formatAlertEntity(ifid, alert_consts.alertEntityRaw(alert["alert_entity"]), alert["alert_entity_val"])
+  local engine_label = alert_consts.alertEngineLabel(alert_consts.alertEngine(alert_consts.sec2granularity(alert["alert_granularity"])))
+
+  return i18n("alert_messages.threshold_crossed", {
+    granularity = engine_label,
+    metric = alert_type_params.metric,
+    entity = entity,
+    host_category = format_utils.formatAddressCategory((json.decode(alert.alert_json)).alert_generation.host_info),
+    value = string.format("%u", math.ceil(alert_type_params.value)),
+    op = "&".. (alert_type_params.operator or "gt") ..";",
+    threshold = alert_type_params.threshold,
+  })
+end
+
+-- #######################################################
+
+return host_alert_score

scripts/lua/modules/alert_definitions/host/host_alert_smtp_server_contacts.lua

@@ -0,0 +1,68 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+-- ##############################################
+
+local host_alert_keys = require "host_alert_keys"
+package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
+
+local alert_creators = require "alert_creators"
+local format_utils = require "format_utils"
+local json = require("dkjson")
+-- Import the classes library.
+local classes = require "classes"
+-- Make sure to import the Superclass!
+local alert = require "alert"
+
+-- ##############################################
+
+local host_alert_smtp_server_contacts = classes.class(alert)
+
+-- ##############################################
+
+host_alert_smtp_server_contacts.meta = {
+  alert_key = host_alert_keys.host_alert_smtp_server_contacts,
+  i18n_title = "alerts_dashboard.host_alert_smtp_server_contacts",
+  icon = "fas fa-life-ring",
+  has_victim = true,
+}
+
+-- ##############################################
+
+-- @brief Prepare an alert table used to generate the alert
+-- @param one_param The first alert param
+-- @param another_param The second alert param
+-- @return A table with the alert built
+function host_alert_smtp_server_contacts:init(metric, value, operator, threshold)
+   -- Call the parent constructor
+   self.super:init()
+
+   self.alert_type_params = alert_creators.createThresholdCross(metric, value, operator, threshold)
+end
+
+-- #######################################################
+
+-- @brief Format an alert into a human-readable string
+-- @param ifid The integer interface id of the generated alert
+-- @param alert The alert description table, including alert data such as the generating entity, timestamp, granularity, type
+-- @param alert_type_params Table `alert_type_params` as built in the `:init` method
+-- @return A human-readable string
+function host_alert_smtp_server_contacts.format(ifid, alert, alert_type_params)
+  local alert_consts = require("alert_consts")
+  local entity = alert_consts.formatAlertEntity(ifid, alert_consts.alertEntityRaw(alert["alert_entity"]), alert["alert_entity_val"])
+  local value = alert_type_params.value
+
+  if(value == nil) then value = 0 end
+  
+  return i18n("alert_messages.host_alert_smtp_server_contacts", {
+    entity = firstToUpper(entity),
+    host_category = format_utils.formatAddressCategory((json.decode(alert.alert_json)).alert_generation.host_info),
+    value = string.format("%u", math.ceil(value or 0)),
+    threshold = alert_type_params.threshold or 0,
+  })
+end
+
+-- #######################################################
+
+return host_alert_smtp_server_contacts

scripts/lua/modules/alert_definitions/host/host_alert_tcp_syn_flood.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local host_alert_keys = require "host_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
 local json = require("dkjson")
@@ -18,13 +18,13 @@ local alert = require "alert"
 
 -- ##############################################
 
-local alert_tcp_syn_flood_attacker = classes.class(alert)
+local alert_tcp_syn_flood = classes.class(alert)
 
 -- ##############################################
 
-alert_tcp_syn_flood_attacker.meta = {
-  alert_key = alert_keys.ntopng.alert_tcp_syn_flood_attacker,
-  i18n_title = "alerts_dashboard.tcp_syn_flood_attacker",
+alert_tcp_syn_flood.meta = {
+  alert_key = host_alert_keys.host_alert_syn_flood,
+  i18n_title = "alerts_dashboard.tcp_syn_flood",
   icon = "fas fa-life-ring",
   has_attacker = true,
 }
@@ -35,7 +35,7 @@ alert_tcp_syn_flood_attacker.meta = {
 -- @param one_param The first alert param
 -- @param another_param The second alert param
 -- @return A table with the alert built
-function alert_tcp_syn_flood_attacker:init(metric, value, operator, threshold)
+function alert_tcp_syn_flood:init(metric, value, operator, threshold)
    -- Call the parent constructor
    self.super:init()
 
@@ -49,18 +49,25 @@ end
 -- @param alert The alert description table, including alert data such as the generating entity, timestamp, granularity, type
 -- @param alert_type_params Table `alert_type_params` as built in the `:init` method
 -- @return A human-readable string
-function alert_tcp_syn_flood_attacker.format(ifid, alert, alert_type_params)
+function alert_tcp_syn_flood.format(ifid, alert, alert_type_params)
   local alert_consts = require "alert_consts"
   local entity = alert_consts.formatAlertEntity(ifid, alert_consts.alertEntityRaw(alert["alert_entity"]), alert["alert_entity_val"])
-  
-  return i18n("alert_messages.syn_flood_attacker", {
+  local i18n_key
+
+  if alert_type_params.is_attacker then
+    i18n_key = "alert_messages.syn_flood_attacker"
+  else
+    i18n_key = "alert_messages.syn_flood_victim"
+  end
+
+  return i18n(i18n_key, {
     entity = firstToUpper(entity),
     host_category = format_utils.formatAddressCategory((json.decode(alert.alert_json)).alert_generation.host_info),
-    value = string.format("%u", math.ceil(alert_type_params.value)),
-    threshold = alert_type_params.threshold,
+    value = string.format("%u", math.ceil(alert_type_params.value or 0)),
+    threshold = alert_type_params.threshold or 0,
   })
 end
 
 -- #######################################################
 
-return alert_tcp_syn_flood_attacker
+return alert_tcp_syn_flood

scripts/lua/modules/alert_definitions/host/host_alert_tcp_syn_scan.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local host_alert_keys = require "host_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
 local json = require("dkjson")
@@ -17,20 +17,20 @@ local alert = require "alert"
 
 -- ##############################################
 
-local alert_tcp_syn_scan_attacker = classes.class(alert)
+local host_alert_tcp_syn_scan = classes.class(alert)
 
 -- ##############################################
 
-alert_tcp_syn_scan_attacker.meta = {
-  alert_key = alert_keys.ntopng.alert_tcp_syn_scan_attacker,
-  i18n_title = "alerts_dashboard.tcp_syn_scan_attacker",
+host_alert_tcp_syn_scan.meta = {
+  alert_key = host_alert_keys.host_alert_syn_scan,
+  i18n_title = "alerts_dashboard.tcp_syn_scan",
   icon = "fas fa-life-ring",
   has_attacker = true,
 }
 
 -- ##############################################
 
-function alert_tcp_syn_scan_attacker:init(metric, value, operator, threshold)
+function host_alert_tcp_syn_scan:init(metric, value, operator, threshold)
    -- Call the parent constructor
    self.super:init()
 
@@ -39,18 +39,25 @@ end
 
 -- #######################################################
 
-function alert_tcp_syn_scan_attacker.format(ifid, alert, alert_type_params)
+function host_alert_tcp_syn_scan.format(ifid, alert, alert_type_params)
   local alert_consts = require("alert_consts")
   local entity = alert_consts.formatAlertEntity(ifid, alert_consts.alertEntityRaw(alert["alert_entity"]), alert["alert_entity_val"])
+  local i18n_key
 
-  return i18n("alert_messages.syn_scan_attacker", {
+  if alert_type_params.is_attacker then
+    i18n_key = "alert_messages.syn_scan_attacker"
+  else
+    i18n_key = "alert_messages.syn_scan_victim"
+  end
+
+  return i18n(i18n_key, {
     entity = firstToUpper(entity),
     host_category = format_utils.formatAddressCategory((json.decode(alert.alert_json)).alert_generation.host_info),
-    value = string.format("%u", math.ceil(alert_type_params.value)),
-    threshold = alert_type_params.threshold,
+    value = string.format("%u", math.ceil(alert_type_params.value or 0)),
+    threshold = alert_type_params.threshold or 0,
   })
 end
 
 -- #######################################################
 
-return alert_tcp_syn_scan_attacker
+return host_alert_tcp_syn_scan

scripts/lua/modules/alert_definitions/other/alert_active_flows_anomaly_client.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 local classes = require "classes"
 local alert = require "alert"
 
@@ -15,7 +15,7 @@ local alert_active_flows_anomaly_client = classes.class(alert)
 -- ##############################################
 
 alert_active_flows_anomaly_client.meta = {
-   alert_key = alert_keys.ntopng.alert_active_flows_anomaly_client,
+   alert_key = other_alert_keys.alert_active_flows_anomaly_client,
    i18n_title = "alerts_dashboard.unexpected_host_behaviour_act_flows_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/other/alert_active_flows_anomaly_server.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 local classes = require "classes"
 local alert = require "alert"
 
@@ -15,7 +15,7 @@ local alert_active_flows_anomaly_server = classes.class(alert)
 -- ##############################################
 
 alert_active_flows_anomaly_server.meta = {
-   alert_key = alert_keys.ntopng.alert_active_flows_anomaly_server,
+   alert_key = other_alert_keys.alert_active_flows_anomaly_server,
    i18n_title = "alerts_dashboard.unexpected_host_behaviour_act_flows_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/other/alert_am_threshold_cross.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 local format_utils = require("format_utils")
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_am_threshold_cross = classes.class(alert)
 -- ##############################################
 
 alert_am_threshold_cross.meta = {
-   alert_key = alert_keys.ntopng.alert_am_threshold_cross,
+   alert_key = other_alert_keys.alert_am_threshold_cross,
    i18n_title = "graphs.active_monitoring",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/other/alert_attack_mitigation_via_snmp.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_attack_mitigation_via_snmp = classes.class(alert)
 -- ##############################################
 
 alert_attack_mitigation_via_snmp.meta = {
-   alert_key = alert_keys.ntopng.alert_attack_mitigation_via_snmp,
+   alert_key = other_alert_keys.alert_attack_mitigation_via_snmp,
    i18n_title = "alerts_dashboard.attack_mitigation_snmp_title",
    icon = "fa fa-stop-circle",
 }

scripts/lua/modules/alert_definitions/other/alert_broadcast_domain_too_large.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_broadcast_domain_too_large = classes.class(alert)
 -- ##############################################
 
 alert_broadcast_domain_too_large.meta = {
-   alert_key = alert_keys.ntopng.alert_broadcast_domain_too_large,
+   alert_key = other_alert_keys.alert_broadcast_domain_too_large,
    i18n_title = "alerts_dashboard.broadcast_domain_too_large",
    icon = "fas fa-sitemap",
 }

scripts/lua/modules/alert_definitions/other/alert_contacts_anomaly.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 local classes = require "classes"
 local alert = require "alert"
 
@@ -15,7 +15,7 @@ local alert_contacts_anomaly = classes.class(alert)
 -- ##############################################
 
 alert_contacts_anomaly.meta = {
-   alert_key = alert_keys.ntopng.alert_contacts_anomaly,
+   alert_key = other_alert_keys.alert_contacts_anomaly,
    i18n_title = "alerts_dashboard.unexpected_host_behaviour_contacts_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/other/alert_device_connection.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 local alert_creators = require "alert_creators"
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_device_connection = classes.class(alert)
 -- ##############################################
 
 alert_device_connection.meta = {
-  alert_key = alert_keys.ntopng.alert_device_connection,
+  alert_key = other_alert_keys.alert_device_connection,
   i18n_title = "alerts_dashboard.device_connection",
   icon = "fas fa-sign-in",
 }

scripts/lua/modules/alert_definitions/other/alert_device_disconnection.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 local alert_creators = require "alert_creators"
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_device_disconnection = classes.class(alert)
 -- ##############################################
 
 alert_device_disconnection.meta = {
-  alert_key = alert_keys.ntopng.alert_device_disconnection,
+  alert_key = other_alert_keys.alert_device_disconnection,
   i18n_title = "alerts_dashboard.device_disconnection",
   icon = "fas fa-sign-out",
 }

scripts/lua/modules/alert_definitions/other/alert_dropped_alerts.lua

@@ -5,7 +5,7 @@
 -- ##############################################
 
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 
 -- Import the classes library.
 local classes = require "classes"
@@ -17,7 +17,7 @@ local alert = require "alert"
 local alert_dropped_alerts = classes.class(alert)
 
 alert_dropped_alerts.meta = {
-  alert_key = alert_keys.ntopng.alert_dropped_alerts,
+  alert_key = other_alert_keys.alert_dropped_alerts,
   i18n_title = i18n("show_alerts.dropped_alerts"),
   icon = "fas fa-exclamation-triangle",
 }

scripts/lua/modules/alert_definitions/other/alert_fail2ban_executed.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_fail2ban_executed = classes.class(alert)
 -- ##############################################
 
 alert_fail2ban_executed.meta = {
-  alert_key = alert_keys.ntopng.alert_fail2ban_executed,
+  alert_key = other_alert_keys.alert_fail2ban_executed,
   i18n_title = "alerts_dashboard.fail2ban",
   icon = "fas fa-info-circle",
 }

scripts/lua/modules/alert_definitions/other/alert_flow_flood_victim.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 
 local alert_creators = require "alert_creators"
@@ -17,13 +17,13 @@ local alert = require "alert"
 
 -- ##############################################
 
-local alert_flows_flood_victim = classes.class(alert)
+local alert_flow_flood_victim = classes.class(alert)
 
 -- ##############################################
 
-alert_flows_flood_victim.meta = {
-  alert_key = alert_keys.ntopng.alert_flows_flood_victim,
-  i18n_title = "alerts_dashboard.flows_flood_victim",
+alert_flow_flood_victim.meta = {
+  alert_key = other_alert_keys.alert_flow_flood_victim,
+  i18n_title = "alerts_dashboard.flow_flood_victim",
   icon = "fas fa-life-ring",
   has_victim = true,
 }
@@ -34,7 +34,7 @@ alert_flows_flood_victim.meta = {
 -- @param one_param The first alert param
 -- @param another_param The second alert param
 -- @return A table with the alert built
-function alert_flows_flood_victim:init(metric, value, operator, threshold)
+function alert_flow_flood_victim:init(metric, value, operator, threshold)
    -- Call the parent constructor
    self.super:init()
 
@@ -48,7 +48,7 @@ end
 -- @param alert The alert description table, including alert data such as the generating entity, timestamp, granularity, type
 -- @param alert_type_params Table `alert_type_params` as built in the `:init` method
 -- @return A human-readable string
-function alert_flows_flood_victim.format(ifid, alert, alert_type_params)
+function alert_flow_flood_victim.format(ifid, alert, alert_type_params)
   local alert_consts = require("alert_consts")
   local entity = alert_consts.formatAlertEntity(ifid, alert_consts.alertEntityRaw(alert["alert_entity"]), alert["alert_entity_val"])
   local value = alert_type_params.value
@@ -65,4 +65,4 @@ end
 
 -- #######################################################
 
-return alert_flows_flood_victim
+return alert_flow_flood_victim

scripts/lua/modules/alert_definitions/other/alert_ghost_network.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_ghost_network = classes.class(alert)
 -- ##############################################
 
 alert_ghost_network.meta = {
-  alert_key = alert_keys.ntopng.alert_ghost_network,
+  alert_key = other_alert_keys.alert_ghost_network,
   i18n_title = "alerts_dashboard.ghost_network_detected",
   icon = "fas fa-ghost",
 }

scripts/lua/modules/alert_definitions/other/alert_host_log.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 local alert_creators = require "alert_creators"
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_host_log = classes.class(alert)
 -- ##############################################
 
 alert_host_log.meta = {
-  alert_key = alert_keys.ntopng.alert_host_log,
+  alert_key = other_alert_keys.alert_host_log,
   i18n_title = "alerts_dashboard.host_log",
   icon = "fa fa-file-text-o",
 }

scripts/lua/modules/alert_definitions/other/alert_host_pool_connection.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 local alert_creators = require "alert_creators"
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_host_pool_connection = classes.class(alert)
 -- ##############################################
 
 alert_host_pool_connection.meta = {
-  alert_key = alert_keys.ntopng.alert_host_pool_connection,
+  alert_key = other_alert_keys.alert_host_pool_connection,
   i18n_title = "alerts_dashboard.host_pool_connection",
   icon = "fas fa-sign-in",
 }

scripts/lua/modules/alert_definitions/other/alert_host_pool_disconnection.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 local alert_creators = require "alert_creators"
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_host_pool_disconnection = classes.class(alert)
 -- ##############################################
 
 alert_host_pool_disconnection.meta = {
-  alert_key = alert_keys.ntopng.alert_host_pool_disconnection,
+  alert_key = other_alert_keys.alert_host_pool_disconnection,
   i18n_title = "alerts_dashboard.host_pool_disconnection",
   icon = "fas fa-sign-out",
 }

scripts/lua/modules/alert_definitions/other/alert_influxdb_error.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_influxdb_error = classes.class(alert)
 -- ##############################################
 
 alert_influxdb_error.meta = {
-  alert_key = alert_keys.ntopng.alert_influxdb_error,
+  alert_key = other_alert_keys.alert_influxdb_error,
   i18n_title = "alerts_dashboard.influxdb_error",
   icon = "fas fa-database",
 }

scripts/lua/modules/alert_definitions/other/alert_influxdb_export_failure.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_influxdb_export_failure = classes.class(alert)
 -- ##############################################
 
 alert_influxdb_export_failure.meta = {
-   alert_key = alert_keys.ntopng.alert_influxdb_export_failure,
+   alert_key = other_alert_keys.alert_influxdb_export_failure,
    i18n_title = "alerts_dashboard.influxdb_export_failure",
    icon = "fas fa-database",
 }

scripts/lua/modules/alert_definitions/other/alert_ip_outsite_dhcp_range.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_ip_outsite_dhcp_range = classes.class(alert)
 -- ##############################################
 
 alert_ip_outsite_dhcp_range.meta = {
-  alert_key = alert_keys.ntopng.alert_ip_outsite_dhcp_range,
+  alert_key = other_alert_keys.alert_ip_outsite_dhcp_range,
   i18n_title = "alerts_dashboard.misconfigured_dhcp_range",
   icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/other/alert_lateral_movement.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_lateral_movement = classes.class(alert)
 -- ##############################################
 
 alert_lateral_movement.meta = {
-   alert_key = alert_keys.ntopng.alert_lateral_movement,
+   alert_key = other_alert_keys.alert_lateral_movement,
    i18n_title = "alerts_dashboard.lateral_movement",
    icon = "fas fa-arrows-alt-h",
 }

scripts/lua/modules/alert_definitions/other/alert_list_download_failed.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_list_download_failed = classes.class(alert)
 -- ##############################################
 
 alert_list_download_failed.meta = {
-   alert_key = alert_keys.ntopng.alert_list_download_failed,
+   alert_key = other_alert_keys.alert_list_download_failed,
    i18n_title = "alerts_dashboard.list_download_failed",
    icon = "fas fa-sticky-note",
 }

scripts/lua/modules/alert_definitions/other/alert_list_download_succeeded.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_list_download_succeeded = classes.class(alert)
 -- ##############################################
 
 alert_list_download_succeeded.meta = {
-   alert_key = alert_keys.ntopng.alert_list_download_succeeded,
+   alert_key = other_alert_keys.alert_list_download_succeeded,
    i18n_title = "alerts_dashboard.list_download_succeeded",
    icon = "fas fa-sticky-note",
 }

scripts/lua/modules/alert_definitions/other/alert_login_failed.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_login_failed = classes.class(alert)
 -- ##############################################
 
 alert_login_failed.meta = {
-  alert_key = alert_keys.ntopng.alert_login_failed,
+  alert_key = other_alert_keys.alert_login_failed,
   i18n_title = "alerts_dashboard.login_failed",
   icon = "fas fa-sign-in",
 }

scripts/lua/modules/alert_definitions/other/alert_mac_ip_association_change.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_mac_ip_association_change = classes.class(alert)
 -- ##############################################
 
 alert_mac_ip_association_change.meta = {
-  alert_key = alert_keys.ntopng.alert_mac_ip_association_change,
+  alert_key = other_alert_keys.alert_mac_ip_association_change,
   i18n_title = "alerts_dashboard.mac_ip_association_change",
   icon = "fas fa-exchange-alt",
 }

scripts/lua/modules/alert_definitions/other/alert_misconfigured_app.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 
 -- Import the classes library.
 local classes = require "classes"
@@ -18,7 +18,7 @@ local alert_misconfigured_app = classes.class(alert)
 -- ##############################################
 
 alert_misconfigured_app.meta = {
-  alert_key = alert_keys.ntopng.alert_misconfigured_app,
+  alert_key = other_alert_keys.alert_misconfigured_app,
   i18n_title = "alerts_dashboard.misconfigured_app",
   icon = "fas fa-cog",
 }

scripts/lua/modules/alert_definitions/other/alert_nfq_flushed.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_nfq_flushed = classes.class(alert)
 -- ##############################################
 
 alert_nfq_flushed.meta = {
-  alert_key = alert_keys.ntopng.alert_nfq_flushed,
+  alert_key = other_alert_keys.alert_nfq_flushed,
   i18n_title = "alerts_dashboard.nfq_flushed",
   icon = "fas fa-angle-double-down",
 }

scripts/lua/modules/alert_definitions/other/alert_no_if_activity.lua

@@ -0,0 +1,51 @@
+--
+-- (C) 2019-21 - ntop.org
+--
+
+-- ##############################################
+
+local other_alert_keys = require "other_alert_keys"
+-- Import the classes library.
+local classes = require "classes"
+-- Make sure to import the Superclass!
+local alert = require "alert"
+
+-- ##############################################
+
+local alert_no_if_activity = classes.class(alert)
+
+-- ##############################################
+
+alert_no_if_activity.meta = {  
+alert_key = other_alert_keys.alert_no_if_activity,
+i18n_title = "no_if_activity.alert_no_activity_title",
+icon = "fas fa-arrow-circle-up",
+}
+
+-- ##############################################
+
+-- @brief Prepare an alert table used to generate the alert
+-- @param one_param The first alert param
+-- @param another_param The second alert param
+-- @return A table with the alert built
+function alert_no_if_activity:init()
+   -- Call the parent constructor
+   self.super:init()
+
+   self.alert_type_params = {}
+end
+
+-- #######################################################
+
+-- @brief Format an alert into a human-readable string
+-- @param ifid The integer interface id of the generated alert
+-- @param alert The alert description table, including alert data such as the generating entity, timestamp, granularity, type
+-- @param alert_type_params Table `alert_type_params` as built in the `:init` method
+-- @return A human-readable string
+function alert_no_if_activity.format(ifid, alert, alert_type_params)
+  return(i18n("no_if_activity.status_no_activity_description"))
+end
+
+-- #######################################################
+
+return alert_no_if_activity

scripts/lua/modules/alert_definitions/other/alert_periodic_activity_not_executed.lua

@@ -5,7 +5,7 @@
 local dirs = ntop.getDirs()
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 -- Import the classes library.
 local classes = require "classes"
@@ -20,7 +20,7 @@ local alert_periodic_activity_not_executed = classes.class(alert)
 -- ##############################################
 
 alert_periodic_activity_not_executed.meta = {
-  alert_key = alert_keys.ntopng.alert_periodic_activity_not_executed,
+  alert_key = other_alert_keys.alert_periodic_activity_not_executed,
   i18n_title = "alerts_dashboard.periodic_activity_not_executed",
   icon = "fas fa-undo",
 }

scripts/lua/modules/alert_definitions/other/alert_periodicity_update.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -19,7 +19,7 @@ local alert_periodicity_update = classes.class(alert)
 -- ##############################################
 
 alert_periodicity_update.meta = {
-   alert_key = alert_keys.ntopng.alert_periodicity_update,
+   alert_key = other_alert_keys.alert_periodicity_update,
    i18n_title = "alerts_dashboard.alert_periodicity_update",
    icon = "fas fa-arrows-alt-h",
 }

scripts/lua/modules/alert_definitions/other/alert_port_duplexstatus_change.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_port_duplexstatus_change = classes.class(alert)
 -- ##############################################
 
 alert_port_duplexstatus_change.meta = {
-   alert_key = alert_keys.ntopng.alert_port_duplexstatus_change,
+   alert_key = other_alert_keys.alert_port_duplexstatus_change,
    i18n_title = "alerts_dashboard.snmp_port_duplexstatus_change",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/other/alert_port_errors.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_port_errors = classes.class(alert)
 -- ##############################################
 
 alert_port_errors.meta = {
-   alert_key = alert_keys.ntopng.alert_port_errors,
+   alert_key = other_alert_keys.alert_port_errors,
    i18n_title = "alerts_dashboard.snmp_port_errors",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/other/alert_port_load_threshold_exceeded.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_port_load_threshold_exceeded = classes.class(alert)
 -- ##############################################
 
 alert_port_load_threshold_exceeded.meta = {
-   alert_key = alert_keys.ntopng.alert_port_load_threshold_exceeded,
+   alert_key = other_alert_keys.alert_port_load_threshold_exceeded,
    i18n_title = "alerts_dashboard.snmp_port_load_threshold_exceeded",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/other/alert_port_mac_changed.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_port_mac_changed = classes.class(alert)
 -- ##############################################
 
 alert_port_mac_changed.meta = {
-   alert_key = alert_keys.ntopng.alert_port_mac_changed,
+   alert_key = other_alert_keys.alert_port_mac_changed,
    i18n_title = "alerts_dashboard.alert_snmp_interface_mac_changed_title",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/other/alert_port_status_change.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_port_status_change = classes.class(alert)
 -- ##############################################
 
 alert_port_status_change.meta = {
-   alert_key = alert_keys.ntopng.alert_port_status_change,
+   alert_key = other_alert_keys.alert_port_status_change,
    i18n_title = "alerts_dashboard.snmp_port_status_change",
    icon = "fas fa-exclamation",
 }

scripts/lua/modules/alert_definitions/other/alert_process_notification.lua

@@ -4,7 +4,7 @@
 
 -- ##############################################
 
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -17,7 +17,7 @@ local alert_process_notification = classes.class(alert)
 -- ##############################################
 
 alert_process_notification.meta = {
-  alert_key = alert_keys.ntopng.alert_process_notification,
+  alert_key = other_alert_keys.alert_process_notification,
   i18n_title = "alerts_dashboard.process",
   icon = "fas fa-truck",
 }
@@ -42,13 +42,13 @@ end
 
 function alert_process_notification.format(ifid, alert, alert_type_params)
   if alert_type_params.event_type == "start" then
-    return string.format("%s %s", i18n("alert_messages.ntopng_start"), alert_type_params.msg_details)
+    return string.format("%s %s", i18n("alert_messages.start"), alert_type_params.msg_details)
   elseif alert_type_params.event_type == "stop" then
-    return string.format("%s %s", i18n("alert_messages.ntopng_stop"), alert_type_params.msg_details)
+    return string.format("%s %s", i18n("alert_messages.stop"), alert_type_params.msg_details)
   elseif alert_type_params.event_type == "update" then
-    return string.format("%s %s", i18n("alert_messages.ntopng_update"), alert_type_params.msg_details)
+    return string.format("%s %s", i18n("alert_messages.update"), alert_type_params.msg_details)
   elseif alert_type_params.event_type == "anomalous_termination" then
-    return string.format("%s %s", i18n("alert_messages.ntopng_anomalous_termination", {url="https://www.ntop.org/support/need-help-2/need-help/"}), alert_type_params.msg_details)
+    return string.format("%s %s", i18n("alert_messages.anomalous_termination", {url="https://www.ntop.org/support/need-help-2/need-help/"}), alert_type_params.msg_details)
   end
 
   return "Unknown Process Event: " .. (alert_type_params.event_type or "")

scripts/lua/modules/alert_definitions/other/alert_quota_exceeded.lua

@@ -6,7 +6,7 @@
 
 local dirs = ntop.getDirs()
 package.path = dirs.installdir .. "/scripts/lua/modules/pools/?.lua;" .. package.path
-local alert_keys = require "alert_keys"
+local other_alert_keys = require "other_alert_keys"
 -- Import the classes library.
 local classes = require "classes"
 -- Make sure to import the Superclass!
@@ -19,7 +19,7 @@ local alert_quota_exceeded = classes.class(alert)
 -- ##############################################
 
 alert_quota_exceeded.meta = {
-  alert_key = alert_keys.ntopng.alert_quota_exceeded,
+  alert_key = other_alert_keys.alert_quota_exceeded,
   i18n_title = "alerts_dashboard.quota_exceeded",
   icon = "fas fa-thermometer-full",
 }