Add alert_ngi_trust_event alerts

2026-05-02 00:40:10 +00:00 · 2021-04-07 13:07:38 +02:00 · 2021-04-07 13:07:38 +02:00 · c5ca72c6ba
commit c5ca72c6ba
parent d20b1e4739
6 changed files with 91 additions and 6 deletions
--- a/scripts/lua/modules/alert_definitions/other/alert_ngi_trust_event.lua
+++ b/scripts/lua/modules/alert_definitions/other/alert_ngi_trust_event.lua
@ -0,0 +1,52 @@
+--
+-- (C) 2020-21 - ntop.org
+--
+
+-- ##############################################
+
+local other_alert_keys = require "other_alert_keys"
+-- Import the classes library.
+local classes = require "classes"
+-- Make sure to import the Superclass!
+local alert = require "alert"
+
+-- ##############################################
+
+local alert_ngi_trust_event = classes.class(alert)
+
+-- ##############################################
+
+alert_ngi_trust_event.meta = {
+  alert_key = other_alert_keys.alert_ngi_trust_event,
+  i18n_title = "alerts_dashboard.ngi_trust_event",
+  icon = "fas fa-exchange-alt",
+}
+
+-- ##############################################
+
+-- @brief Prepare an alert table used to generate the alert
+-- @param device The name of the device
+-- @param mac The device MAC
+-- @return A table with the alert built
+function alert_ngi_trust_event:init(device, mac)
+   -- Call the parent constructor
+   self.super:init()
+
+   self.alert_type_params = {
+      device = device,
+      mac = mac,
+   }
+end
+
+-- #######################################################
+
+function alert_ngi_trust_event.format(ifid, alert, alert_type_params)
+  return(i18n("alert_messages.ngi_trust_event", {
+    mac = alert_type_params.mac, 
+    mac_url = getMacUrl(alert_type_params.mac),
+  }))
+end
+
+-- #######################################################
+
+return alert_ngi_trust_event
--- a/scripts/lua/modules/alert_keys/other_alert_keys.lua
+++ b/scripts/lua/modules/alert_keys/other_alert_keys.lua
@ -79,6 +79,7 @@ local other_alert_keys = {
   alert_active_flows_anomaly_client    =  OTHER_BASE_KEY + 66, -- scripts/plugins/alerts/security/unexpected_host_behaviour/modules/active_flows_behaviour
   alert_active_flows_anomaly_server    =  OTHER_BASE_KEY + 67, -- scripts/plugins/alerts/security/unexpected_host_behaviour/modules/active_flows_behaviour
   alert_broadcast_domain_too_large     =  OTHER_BASE_KEY + 68,
+   alert_ngi_trust_event                =  OTHER_BASE_KEY + 69,
 }

 -- ##############################################
--- a/scripts/lua/modules/alerts_api.lua
+++ b/scripts/lua/modules/alerts_api.lua
@ -229,6 +229,8 @@ function alerts_api.store(entity_info, type_info, when)
    alert_json = alert_json,
  }

+tprint(alert_to_store)
+
  addAlertPoolInfo(entity_info, alert_to_store)

  if matchExcludeFilter(entity_info, type_info) then
--- a/scripts/lua/modules/lua_utils.lua
+++ b/scripts/lua/modules/lua_utils.lua
@ -2623,8 +2623,16 @@ end
 function split(s, delimiter)
   result = {};
   if(s ~= nil) then
-      for match in (s..delimiter):gmatch("(.-)"..delimiter) do
-	 table.insert(result, match);
+      if delimiter == nil then
+         -- No delimiter, split all characters
+         for match in s:gmatch"." do
+   	    table.insert(result, match);
+         end
+      else
+         -- Split by delimiter
+         for match in (s..delimiter):gmatch("(.-)"..delimiter) do
+   	    table.insert(result, match);
+         end
      end
   end
   return result;