vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-30 07:59:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Massive cleanup of flow user scripts into callback_definitions

Browse source
This commit is contained in:
Simone Mainardi 2021-04-30 15:33:41 +02:00
parent a37a74865f
commit bb26afe902
83 changed files with 346 additions and 452 deletions
Download patch file Download diff file Expand all files Collapse all files

33
scripts/lua/modules/callback_definitions/flow/blacklisted.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local flow_consts = require("flow_consts")
local alert_severities = require "alert_severities"
local alerts_api = require "alerts_api"
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_blacklisted,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_callbacks_config.blacklisted",
i18n_description = "flow_callbacks_config.blacklisted_description",
}
}
-- #################################################################
return script

39
scripts/lua/modules/callback_definitions/flow/country_check.lua Normal file
View file

@ -0,0 +1,39 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alerts_api = require "alerts_api"
local alert_severities = require "alert_severities"
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This module is disabled by default
default_enabled = false,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_blacklisted_country,
-- The default configuration of this script
default_value = {
severity = alert_severities.error,
items = {},
},
-- Allow user script configuration from the GUI
gui = {
-- Localization strings, from the "locales" directory of the plugin
i18n_title = "alerts_dashboard.blacklisted_country",
i18n_description = "alerts_dashboard.blacklisted_country_descr",
input_builder = "items_list",
item_list_type = "country",
}
}
-- #################################################################
return script

34
scripts/lua/modules/callback_definitions/flow/device_protocol_not_allowed.lua Normal file
View file

@ -0,0 +1,34 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alerts_api = require "alerts_api"
local alert_severities = require "alert_severities"
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_device_protocol_not_allowed,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_callbacks_config.dev_proto_not_allowed",
i18n_description = i18n(
ternary(ntop.isnEdge(), "flow_callbacks_config.dev_proto_not_allowed_nedge_description", "flow_callbacks_config.dev_proto_not_allowed_description"),
{url = getDeviceProtocolPoliciesUrl()}),
}
}
-- #################################################################
return script

24
scripts/lua/modules/callback_definitions/flow/external_alert_check.lua Normal file
View file

@ -0,0 +1,24 @@
--
-- (C) 2019-21 - ntop.org
--
local json = require ("dkjson")
local user_scripts = require ("user_scripts")
local alert_consts = require("alert_consts")
local alerts_api = require "alerts_api"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
alert_id = flow_alert_keys.flow_alert_external,
gui = {
i18n_title = "flow_callbacks_config.ext_alert",
i18n_description = "flow_callbacks_config.ext_alert_description",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/iec_invalid_transition.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alerts_api = require("alerts_api")
local alert_severities = require "alert_severities"
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
default_enabled = true,
alert_id = flow_alert_keys.flow_alert_iec_invalid_transition,
-- Specify the default value whe clicking on the "Reset Default" button
default_value = {
severity = alert_severities.warning,
},
gui = {
i18n_title = "flow_callbacks.iec104_title",
i18n_description = "flow_callbacks.iec104_description",
}
}
-- #################################################################
return script

38
scripts/lua/modules/callback_definitions/flow/iec_unexpected_type_id.lua Normal file
View file

@ -0,0 +1,38 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alerts_api = require("alerts_api")
local alert_severities = require "alert_severities"
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
alert_id = flow_alert_keys.flow_alert_iec_unexpected_type_id,
-- Specify the default value when clicking on the "Reset Default" button
default_value = {
severity = alert_severities.warning,
items = {
9,13,36,45,46,48,30,103,100,37
},
},
gui = {
i18n_title = "flow_callbacks.iec104_unexpected_type_id_title",
i18n_description = "flow_callbacks.iec104_unexpected_type_id_description",
input_builder = "items_list", -- TODO: fix the input list
input_title = "flow_callbacks.iec104_unexpected_type_id_allowed_type_ids_title",
input_description = "flow_callbacks.iec104_unexpected_type_id_allowed_type_ids_description",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/known_proto_on_non_std_port.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_known_proto_on_non_std_port,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_known_protocol_on_non_standard_port",
i18n_description = "flow_risk.ndpi_known_protocol_on_non_standard_port",
}
}
-- #################################################################
return script

56
scripts/lua/modules/callback_definitions/flow/low_goodput.lua Normal file
View file

@ -0,0 +1,56 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alerts_api = require "alerts_api"
local alert_severities = require "alert_severities"
local alert_consts = require "alert_consts"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
packet_interface_only = true,
-- Script category
category = user_scripts.script_categories.network,
packet_interface_only = true,
nedge_exclude = true,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_low_goodput,
default_value = {
severity = alert_severities.notice,
},
-- For a full list check "available_subdir.flow.available_fields" in user_scripts.lua
filter = {
default_filters = {
{ l7_proto = 8 }, -- MDNS
{ l7_proto = 26 }, -- ntop
{ l7_proto = 39 }, -- Signal
{ l7_proto = 48 }, -- QQ
{ l7_proto = 65 }, -- IRC
{ l7_proto = 77 }, -- Telnet
{ l7_proto = 92 }, -- SSH
{ l7_proto = 142 }, -- WhatsApp
{ l7_proto = 185 }, -- Telegram
{ l7_proto = 193 }, -- KakaoTalk
{ l7_proto = 197 }, -- WeChat
},
default_fields = { "srv_addr", "srv_port", "l7_proto", }
},
gui = {
i18n_title = "flow_callbacks.low_goodput_title",
i18n_description = "flow_callbacks.low_goodput_description",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/ndpi_dns_suspicious_traffic.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_dns_suspicious_traffic,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_dns_suspicious_traffic",
i18n_description = "flow_risk.ndpi_dns_suspicious_traffic",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/ndpi_http_numeric_ip_host.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_http_numeric_ip_host,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_http_numeric_ip_host",
i18n_description = "flow_risk.ndpi_http_numeric_ip_host",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/ndpi_http_suspicious_header.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_http_suspicious_header,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_http_suspicious_header",
i18n_description = "flow_risk.ndpi_http_suspicious_header",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/ndpi_http_suspicious_url.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_http_suspicious_url,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_http_suspicious_url",
i18n_description = "flow_risk.ndpi_http_suspicious_url",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/ndpi_http_suspicious_user_agent.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_http_suspicious_header,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_http_suspicious_user_agent",
i18n_description = "flow_risk.ndpi_http_suspicious_user_agent",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/ndpi_malformed_packet.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_malformed_packet,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_malformed_packet",
i18n_description = "flow_risk.ndpi_malformed_packet",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/ndpi_smb_insecure_version.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_smb_insecure_version,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_smb_insecure_version",
i18n_description = "flow_risk.ndpi_smb_insecure_version",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/ndpi_ssh_obsolete.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_ssh_obsolete,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_ssh_obsolete_server_version_or_cipher",
i18n_description = "flow_risk.ndpi_ssh_obsolete_server_version_or_cipher",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/ndpi_suspicious_dga_domain.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_suspicious_dga_domain,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_suspicious_dga_domain",
i18n_description = "flow_risk.ndpi_suspicious_dga_domain",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/ndpi_tls_missing_sni.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_tls_missing_sni,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_tls_missing_sni",
i18n_description = "flow_risk.ndpi_tls_missing_sni",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/ndpi_tls_not_carrying_https.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_tls_not_carrying_https,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_tls_not_carrying_https",
i18n_description = "flow_risk.ndpi_tls_not_carrying_https",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/ndpi_tls_suspicious_esni_usage.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_tls_suspicious_esni_usage,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_tls_suspicious_esni_usage",
i18n_description = "flow_risk.ndpi_tls_suspicious_esni_usage",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/ndpi_unsafe_protocol.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_unsafe_protocol,
default_enabled = true,
default_value = {
severity = alert_severities.warning,
},
gui = {
i18n_title = "flow_risk.ndpi_unsafe_protocol",
i18n_description = "flow_risk.ndpi_unsafe_protocol",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/ndpi_url_possible_rce_injection.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_url_possible_rce_injection,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_url_possible_rce_injection",
i18n_description = "flow_risk.ndpi_url_possible_rce_injection",
}
}
-- #################################################################
return script

32
scripts/lua/modules/callback_definitions/flow/ndpi_url_possible_sql_injection.lua Normal file
View file

@ -0,0 +1,32 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_url_possible_sql_injection,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_url_possible_sql_injection",
i18n_description = "flow_risk.ndpi_url_possible_sql_injection",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/ndpi_url_possible_xss.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_ndpi_url_possible_xss,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_url_possible_xss",
i18n_description = "flow_risk.ndpi_url_possible_xss",
}
}
-- #################################################################
return script

32
scripts/lua/modules/callback_definitions/flow/not_purged.lua Normal file
View file

@ -0,0 +1,32 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alerts_api = require "alerts_api"
local alert_severities = require "alert_severities"
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.internals,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_internals,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_callbacks_config.not_purged",
i18n_description = "flow_callbacks_config.not_purged_description",
}
}
-- #################################################################
return script

32
scripts/lua/modules/callback_definitions/flow/remote_access.lua Normal file
View file

@ -0,0 +1,32 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alerts_api = require "alerts_api"
local alert_severities = require "alert_severities"
local alert_consts = require "alert_consts"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.network,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_remote_access,
default_value = {
severity = alert_severities.notice,
},
gui = {
i18n_title = "alerts_dashboard.remote_access_title",
i18n_description = "alerts_dashboard.remote_access_description",
}
}
-- #################################################################
return script

34
scripts/lua/modules/callback_definitions/flow/remote_to_local_insecure_proto.lua Normal file
View file

@ -0,0 +1,34 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local flow_consts = require("flow_consts")
local alert_severities = require "alert_severities"
local alerts_api = require "alerts_api"
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
default_enabled = true,
alert_id = flow_alert_keys.flow_alert_remote_to_local_insecure_proto,
default_value = {
severity = alert_severities.warning
},
gui = {
i18n_title = "flow_callbacks_config.remote_to_local_insecure_proto_title",
i18n_description = "flow_callbacks_config.remote_to_local_insecure_proto_description",
}
}
-- #################################################################
return script

31
scripts/lua/modules/callback_definitions/flow/remote_to_remote.lua Normal file
View file

@ -0,0 +1,31 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alerts_api = require "alerts_api"
local alert_severities = require "alert_severities"
local alert_consts = require "alert_consts"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.network,
alert_id = flow_alert_keys.flow_alert_remote_to_remote,
default_value = {
severity = alert_severities.notice,
},
gui = {
i18n_title = "flow_callbacks_config.remote_to_remote",
i18n_description = "flow_callbacks_config.remote_to_remote_description",
}
}
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/suspicious_file_transfer.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alert_severities = require "alert_severities"
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_suspicious_file_transfer,
default_enabled = true,
default_value = {
severity = alert_severities.error,
},
gui = {
i18n_title = "flow_risk.ndpi_binary_application_transfer",
i18n_description = "flow_risk.ndpi_binary_application_transfer",
}
}
-- #################################################################
return script

37
scripts/lua/modules/callback_definitions/flow/tcp_issues_generic.lua Normal file
View file

@ -0,0 +1,37 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require ("user_scripts")
local alerts_api = require "alerts_api"
local alert_severities = require "alert_severities"
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
-- NOTE: this module is always enabled
local script = {
packet_interface_only = true,
-- Script category
category = user_scripts.script_categories.network,
nedge_exclude = true,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_tcp_connection_issues,
default_value = {
severity = alert_severities.warning,
},
gui = {
i18n_title = "flow_callbacks_config.tcp_issues_generic",
i18n_description = "flow_callbacks_config.tcp_issues_generic_description",
}
}
-- #################################################################
return script

36
scripts/lua/modules/callback_definitions/flow/tcp_no_data_exchanged.lua Normal file
View file

@ -0,0 +1,36 @@
--
-- (C) 2020 - ntop.org
--
local alerts_api = require("alerts_api")
local alert_severities = require "alert_severities"
local user_scripts = require("user_scripts")
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.network,
-- NB atm working only for packet interfaces
packet_interface_only = true,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_tcp_no_data_exchanged,
default_value = {
severity = alert_severities.warning,
},
gui = {
i18n_title = "flow_callbacks.tcp_no_data_exchanged_title",
i18n_description = "flow_callbacks.tcp_no_data_exchanged_description",
}
}
-- #################################################################
return script

36
scripts/lua/modules/callback_definitions/flow/udp_unidirectional.lua Normal file
View file

@ -0,0 +1,36 @@
--
-- (C) 2019-21 - ntop.org
--
-- Companion scripts (in addition to i18n)
-- scripts/callbacks/status_defs/status_udp_unidirectional.lua
-- scripts/callbacks/interface/flow/udp.lua
local user_scripts = require("user_scripts")
local alerts_api = require "alerts_api"
local alert_severities = require "alert_severities"
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.network,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_udp_unidirectional,
default_value = {
severity = alert_severities.notice,
},
gui = {
i18n_title = "flow_callbacks_config.udp_unidirectional",
i18n_description = "flow_callbacks_config.udp_unidirectional_description",
}
}
-- #################################################################
return script

54
scripts/lua/modules/callback_definitions/flow/unexpected_dhcp.lua Normal file
View file

@ -0,0 +1,54 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alerts_api = require "alerts_api"
local alert_severities = require "alert_severities"
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
local UNEXPECTED_PLUGINS_ENABLED_CACHE_KEY = "ntopng.cache.user_scripts.unexpected_plugins_enabled"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This module is disabled by default
default_enabled = false,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_unexpected_dhcp_server,
-- Specify the default value whe clicking on the "Reset Default" button
default_value = {
severity = alert_severities.error,
items = {},
},
gui = {
i18n_title = "flow_callbacks.unexpected_dhcp_title",
i18n_description = "flow_callbacks.unexpected_dhcp_description",
input_builder = "items_list",
item_list_type = "ip_address",
input_title = "flow_callbacks.allowed_servers_title",
input_description = "flow_callbacks.allowed_servers_description",
}
}
-- #################################################################
function script.onEnable(hook, hook_config)
-- Set a flag to indicate to the notifications system that an unexpected plugin
-- has been enabled
if isEmptyString(ntop.getCache(UNEXPECTED_PLUGINS_ENABLED_CACHE_KEY)) then
ntop.setCache(UNEXPECTED_PLUGINS_ENABLED_CACHE_KEY, "1")
end
end
-- #################################################################
return script

53
scripts/lua/modules/callback_definitions/flow/unexpected_dns.lua Normal file
View file

@ -0,0 +1,53 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alerts_api = require "alerts_api"
local alert_severities = require "alert_severities"
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
local UNEXPECTED_PLUGINS_ENABLED_CACHE_KEY = "ntopng.cache.user_scripts.unexpected_plugins_enabled"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- Alerts generated by this script have the following id
alert_id = flow_alert_keys.flow_alert_unexpected_dns_server,
default_enabled = false,
-- Specify the default value whe clicking on the "Reset Default" button
default_value = {
severity = alert_severities.error,
items = {},
},
gui = {
i18n_title = "flow_callbacks.unexpected_dns_title",
i18n_description = "flow_callbacks.unexpected_dns_description",
input_builder = "items_list",
item_list_type = "ip_address",
input_title = "flow_callbacks.allowed_servers_title",
input_description = "flow_callbacks.allowed_servers_description",
}
}
-- #################################################################
function script.onEnable(hook, hook_config)
-- Set a flag to indicate to the notifications system that an unexpected plugin
-- has been enabled
if isEmptyString(ntop.getCache(UNEXPECTED_PLUGINS_ENABLED_CACHE_KEY)) then
ntop.setCache(UNEXPECTED_PLUGINS_ENABLED_CACHE_KEY, "1")
end
end
-- #################################################################
return script

54
scripts/lua/modules/callback_definitions/flow/unexpected_ntp.lua Normal file
View file

@ -0,0 +1,54 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alerts_api = require "alerts_api"
local alert_severities = require "alert_severities"
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
local UNEXPECTED_PLUGINS_ENABLED_CACHE_KEY = "ntopng.cache.user_scripts.unexpected_plugins_enabled"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This module is disabled by default
default_enabled = false,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_unexpected_ntp_server,
-- Specify the default value whe clicking on the "Reset Default" button
default_value = {
severity = alert_severities.error,
items = {},
},
gui = {
i18n_title = "flow_callbacks.unexpected_ntp_title",
i18n_description = "flow_callbacks.unexpected_ntp_description",
input_builder = "items_list",
item_list_type = "ip_address",
input_title = "flow_callbacks.allowed_servers_title",
input_description = "flow_callbacks.allowed_servers_description",
}
}
-- #################################################################
function script.onEnable(hook, hook_config)
-- Set a flag to indicate to the notifications system that an unexpected plugin
-- has been enabled
if isEmptyString(ntop.getCache(UNEXPECTED_PLUGINS_ENABLED_CACHE_KEY)) then
ntop.setCache(UNEXPECTED_PLUGINS_ENABLED_CACHE_KEY, "1")
end
end
-- #################################################################
return script

56
scripts/lua/modules/callback_definitions/flow/unexpected_smtp.lua Normal file
View file

@ -0,0 +1,56 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alerts_api = require "alerts_api"
local alert_severities = require "alert_severities"
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
local UNEXPECTED_PLUGINS_ENABLED_CACHE_KEY = "ntopng.cache.user_scripts.unexpected_plugins_enabled"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This module is disabled by default
alert_id = flow_alert_keys.flow_alert_unexpected_smtp_server,
-- This script is only for alerts generation
is_alert = true,
default_enabled = false,
-- Specify the default value whe clicking on the "Reset Default" button
default_value = {
severity = alert_severities.error,
items = {},
},
gui = {
i18n_title = "flow_callbacks.unexpected_smtp_title",
i18n_description = "flow_callbacks.unexpected_smtp_description",
input_builder = "items_list",
item_list_type = "ip_address",
input_title = "flow_callbacks.allowed_servers_title",
input_description = "flow_callbacks.allowed_servers_description",
}
}
-- #################################################################
function script.onEnable(hook, hook_config)
-- Set a flag to indicate to the notifications system that an unexpected plugin
-- has been enabled
if isEmptyString(ntop.getCache(UNEXPECTED_PLUGINS_ENABLED_CACHE_KEY)) then
ntop.setCache(UNEXPECTED_PLUGINS_ENABLED_CACHE_KEY, "1")
end
end
-- #################################################################
return script

33
scripts/lua/modules/callback_definitions/flow/web_mining.lua Normal file
View file

@ -0,0 +1,33 @@
--
-- (C) 2019-21 - ntop.org
--
local user_scripts = require("user_scripts")
local alerts_api = require "alerts_api"
local alert_severities = require "alert_severities"
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_web_mining,
default_value = {
severity = alert_severities.error,
items = {},
},
gui = {
i18n_title = "flow_callbacks_config.web_mining",
i18n_description = "flow_callbacks_config.web_mining_description",
}
}
-- #################################################################
return script

35
scripts/lua/modules/callback_definitions/flow/zero_tcp_window.lua Normal file
View file

@ -0,0 +1,35 @@
--
-- (C) 2020 - ntop.org
--
local alerts_api = require("alerts_api")
local alert_severities = require "alert_severities"
local user_scripts = require("user_scripts")
local alert_consts = require("alert_consts")
local flow_alert_keys = require "flow_alert_keys"
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.network,
-- NB atm working only for packet interfaces
packet_interface_only = true,
-- This script is only for alerts generation
alert_id = flow_alert_keys.flow_alert_zero_tcp_window,
default_value = {
severity = alert_severities.warning,
},
gui = {
i18n_title = "flow_callbacks.zero_tcp_window_title",
i18n_description = "flow_callbacks.zero_tcp_window_description",
}
}
-- #################################################################
return script