mirror of
https://github.com/ntop/ntopng.git
synced 2026-05-01 00:19:33 +00:00
Refactors alert_severities into an independend Lua module
This commit is contained in:
Simone Mainardi
parent
e683509dec
commit
b3dc39c641
109 changed files with 317 additions and 264 deletions
|
|
@ -8,7 +8,7 @@ local format_utils = require("format_utils")
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param value A number indicating the measure which crossed the threshold
|
||||
-- @param threshold A number indicating the threshold compared with `value` using operator
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
local function formatAttackMitigationViaSNMPAlert(ifid, alert, threshold_info)
|
||||
local alert_severities = require "alert_severities"
|
||||
local alert_consts = require("alert_consts")
|
||||
local snmp_consts = require "snmp_consts"
|
||||
local entity = alert_consts.formatAlertEntity(ifid, alert_consts.alertEntityRaw(alert["alert_entity"]), alert["alert_entity_val"])
|
||||
|
|
@ -35,7 +36,7 @@ end
|
|||
-- ##############################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_subtype A string indicating the subtype for this threshold cross (e.g,. 'score', 'active', 'packets', ...)
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param metric Same as `alert_subtype`
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param cli_country ISO 3166-1 alpha-2 client country code
|
||||
-- @param srv_country ISO 3166-1 alpha-2 server country code
|
||||
-- @param cli_blacklisted Boolean indicating whether the client belongs to a blacklisted country
|
||||
|
|
@ -19,9 +19,9 @@ local function createBlacklistedCountry(cli_country, srv_country, cli_blackliste
|
|||
cli_country = cli_country,
|
||||
srv_country = srv_country,
|
||||
cli_blacklisted = cli_blacklisted,
|
||||
srv_blacklisted = srv_blacklisted,
|
||||
attacker = attacker,
|
||||
victim = victim,
|
||||
srv_blacklisted = srv_blacklisted,
|
||||
attacker = attacker,
|
||||
victim = victim,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param src_mac A string with the source MAC
|
||||
-- @param dst_mac A string with the destination MAC
|
||||
-- @param vlan The VLAN id or zero
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param tcp_stats A lua table with TCP stats obtained with flow.getTCPStats
|
||||
-- @param cli2srv_pkts Number of packets sent from the client to the server
|
||||
-- @param srv2cli_pkts Number of packets sent from the server to the client
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ local alert_creators = require "alert_creators"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param device The a string with the name or ip address of the device that connected the network
|
||||
-- @return A table with the alert built
|
||||
local function createDeviceConnection(alert_severity, device)
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param cli_devtype A string with the device type of the client
|
||||
-- @param srv_devtype A string with the device type of the server
|
||||
-- @param devproto_forbidden_peer A string with the forbidden peer, one of 'cli' or 'srv'
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param ifid The integer id of the interface which is dropping alerts
|
||||
-- @param num_dropped The number of alerts dropped
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param info A flow info table fetched with `flow.getBlacklistedInfo()`
|
||||
-- @return A table with the alert built
|
||||
local function createBlacklisted(info)
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @return A table with the alert built
|
||||
local function createFlowBlocked(alert_severity)
|
||||
local built = {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param risk_id Integer nDPI flow risk identifier
|
||||
-- @return A table with the alert built
|
||||
local function createFlowRisk(risk_id)
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param network The string CIDR of the ghost network
|
||||
-- @return A table with the alert built
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ end
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param host The string with the name or ip address of the host
|
||||
-- @return A table with the alert built
|
||||
local function createHostLogAlert(subtype, severity, host, level, facility, message)
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ local json = require("dkjson")
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param last_error A string with the lastest influxdb error
|
||||
-- @return A table with the alert built
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param last_error A string with the lastest influxdb error
|
||||
-- @return A table with the alert built
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param influxdb The url used to export the points
|
||||
-- @return A table with the alert built
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @return A table with the alert built
|
||||
local function createInternals(alert_severity)
|
||||
local built = {
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- ##############################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param router_info The host info of the router
|
||||
-- @param mac The mac address of the device outside the range
|
||||
-- @param client_mac The client mac as seen in the DHCP packet as string
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param info A lua table containing flow information obtained with `flow.getInfo()`
|
||||
-- @return A table with the alert built
|
||||
local function createKPoNSPAlert(info)
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ local json = require("dkjson")
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param last_error A table containing the last lateral movement error, e.g.,
|
||||
-- {"event":"create","shost":"192.168.2.153","dhost":"224.0.0.68","dport":1968,"vlan_id":0,"l4":17,"l7":0,"first_seen":1602488355,"last_seen":1602488355,"num_uses":1}
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #################################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param list_name The name of the failed list as string
|
||||
-- @param last_error The string of the error which caused the failure
|
||||
-- @return A table with the alert built
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #################################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param list_name The name of the succeeded list as string
|
||||
-- @return A table with the alert built
|
||||
local function createListDownloadSucceededType(alert_severity, list_name)
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @return A table with the alert built
|
||||
local function createLoginFailedType(alert_severity)
|
||||
local built = {
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param device The name of the device that changed MAC
|
||||
-- @param ip The ip address of the device that changed MAC
|
||||
-- @param old_mac The old MAC
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param alert_subtype A string with the subtype of the alert
|
||||
-- @return A table with the alert built
|
||||
|
|
@ -26,7 +26,8 @@ end
|
|||
-- #######################################################
|
||||
|
||||
local function formatMisconfiguredApp(ifid, alert, threshold_info)
|
||||
local alert_consts = require("alert_consts")
|
||||
local alert_severities = require "alert_severities"
|
||||
local alert_consts = require("alert_consts")
|
||||
local entity = alert_consts.formatAlertEntity(ifid, alert_consts.alertEntityRaw(alert["alert_entity"]), alert["alert_entity_val"])
|
||||
|
||||
if alert.alert_subtype == "too_many_flows" then
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param ifname The name of the interface
|
||||
-- @param ptc The percentage of NFQ fill level
|
||||
-- @param tot Thee total number of packets in the NFQ
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ local format_utils = require "format_utils"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param ps_name A string with the name of the periodic activity
|
||||
-- @param last_queued_time The time when the periodic activity was executed for the last time, as a unix epoch
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ local json = require("dkjson")
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param last_error A table containing the last lateral movement error, e.g.,
|
||||
-- {"event":"create","shost":"192.168.2.153","dhost":"224.0.0.68","dport":1968,"vlan_id":0,"l4":17,"l7":0,"first_seen":1602488355,"last_seen":1602488355,"num_uses":1}
|
||||
|
|
@ -77,4 +77,4 @@ return {
|
|||
i18n_description = formatPeriodicityUpdateErrorMessage,
|
||||
icon = "fas fa-arrows-alt-h",
|
||||
creator = createPeriodicityUpdateError,
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param device_ip A string with the ip address of the snmp device
|
||||
-- @param if_index The index of the port that changed
|
||||
-- @param interface_name The string with the name of the port that changed
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param device_ip A string with the ip address of the snmp device
|
||||
-- @param if_index The index of the port that changed
|
||||
-- @param interface_name The string with the name of the port that changed
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param device_ip A string with the ip address of the snmp device
|
||||
-- @param if_index The index of the port that changed
|
||||
-- @param interface_name The string with the name of the port that changed
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param device_ip A string with the ip address of the snmp device
|
||||
-- @param if_index The index of the port that changed
|
||||
-- @param interface_name The string with the name of the port that changed
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param device_ip A string with the ip address of the snmp device
|
||||
-- @param if_index The index of the port that changed
|
||||
-- @param interface_name The string with the name of the port that changed
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param event_type The string with the type of event
|
||||
-- @param msg_details The details of the event
|
||||
-- @return A table with the alert built
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_subtype A string with the subtype of the alert
|
||||
-- @param pool The host pool structure
|
||||
-- @param proto The Layer-7 application which exceeded the quota
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ local json = require("dkjson")
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param alert_subtype A string with the subtype of the alert
|
||||
-- @param requests The number of requests
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ local format_utils = require "format_utils"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param ps_name A string with the name of the periodic activity
|
||||
-- @param max_duration_ms The maximum duration taken by this periodic activity to run, in milliseconds
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ local format_utils = require "format_utils"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param idle Number of entries in state idle
|
||||
-- @param idle_perc Fraction of entries in state idle, with reference to the total number of entries (idle + active)
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param device_ip A string with the ip address of the snmp device
|
||||
-- @return A table with the alert built
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_subtype A string indicating the subtype for this alert, one of 'arc_added', 'arc_removed'
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param node1 A string with the name of the first of the two peers involved in the change
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param http_info A lua table containing flow HTTP information obtained with `flow.getHTTPInfo()`
|
||||
-- @return A table with the alert built
|
||||
local function createBATAlert(http_info)
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param drops The number of dropped packets
|
||||
-- @param drop_perc The percentage of dropped packets with reference to the total number of packets (recevied + dropped)
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
local alert_keys = require "alert_keys"
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @return A table with the alert built
|
||||
local function createUDPUnidirectional()
|
||||
local built = {
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ local pools_lua_utils = require "pools_lua_utils"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param scope A string indicating the scope, one of 'function' or 'login'
|
||||
-- @param name The name of the function when the scope is 'function' or nil
|
||||
-- @param params Function parameters when the scope is 'function' or nil
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param alert_granularity A granularity as defined in `alert_consts.alerts_granularities`
|
||||
-- @param subdir The subdirectory of the script (e.g., 'flow', 'host', ...)
|
||||
-- @param drops The number of dropped calls
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @return A table with the alert built
|
||||
local function createWebMining()
|
||||
local built = {
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ local alert_keys = require "alert_keys"
|
|||
-- #######################################################
|
||||
|
||||
-- @brief Prepare an alert table used to generate the alert
|
||||
-- @param alert_severity A severity as defined in `alert_consts.alert_severities`
|
||||
-- @param alert_severity A severity as defined in `alert_severities`
|
||||
-- @param info A generic table decoded from a JSON originated at the external alert source
|
||||
-- @return A table with the alert built
|
||||
local function createExternal(alert_severity, info)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue