Implemented Scan Realtime Alert (#9106)

* Implemented Scan Realtime Alert * Removed old scan alerts
2026-05-01 00:19:33 +00:00 · 2025-04-04 12:42:46 +02:00 · 2025-04-04 12:42:46 +02:00 · e1328ae36b
commit e1328ae36b
parent 7a27942b9f
29 changed files with 211 additions and 1176 deletions
--- a/scripts/lua/modules/check_definitions/host/fin_scan.lua
+++ b/scripts/lua/modules/check_definitions/host/fin_scan.lua
@ -1,45 +0,0 @@
--
-- (C) 2019-24 - ntop.org
--
-
-local checks = require("checks")
-local alert_consts = require("alert_consts")
-local host_alert_keys = require "host_alert_keys"
-
-local fin_scan = {
-   -- Script category
-   category = checks.check_categories.network,
-
-   default_enabled = false,
-   alert_id = host_alert_keys.host_alert_fin_scan,
-   severity = alert_consts.get_printable_severities().error,
-
-   -- The default threshold value. The format is specific of the
-   -- "threshold_cross" input builder
-   default_value = {
-      operator = "gt",
-      threshold = 256,
-   },
-
-   -- Allow user script configuration from the GUI
-   gui = {
-      i18n_title = "alerts_dashboard.tcp_fin_scan",
-      i18n_description = "entity_thresholds.fin_scan_description",
-
-      -- The input builder to use to draw the gui
-      input_builder = "threshold_cross",
-
-      -- Specific parameters of this input builder
-      i18n_field_unit = checks.field_units.fin_min,
-      -- max allowed threshold value
-      field_max = 65535,
-      -- min allowed threshold value
-      field_min = 1,
-      -- threshold check operator. "gt" for ">", "lt" or "<"
-      field_operator = "gt";
-   }
-}
-
-- #################################################################
-
-return fin_scan
--- a/scripts/lua/modules/check_definitions/host/rst_scan.lua
+++ b/scripts/lua/modules/check_definitions/host/rst_scan.lua
@ -1,45 +0,0 @@
--
-- (C) 2019-24 - ntop.org
--
-
-local checks = require("checks")
-local alert_consts = require("alert_consts")
-local host_alert_keys = require "host_alert_keys"
-
-local rst_scan = {
-   -- Script category
-   category = checks.check_categories.network,
-
-   default_enabled = false,
-   alert_id = host_alert_keys.host_alert_rst_scan,
-   severity = alert_consts.get_printable_severities().error,
-
-   -- The default threshold value. The format is specific of the
-   -- "threshold_cross" input builder
-   default_value = {
-      operator = "gt",
-      threshold = 256,
-   },
-
-   -- Allow user script configuration from the GUI
-   gui = {
-      i18n_title = "entity_thresholds.rst_scan_title",
-      i18n_description = "entity_thresholds.rst_scan_description",
-
-      -- The input builder to use to draw the gui
-      input_builder = "threshold_cross",
-
-      -- Specific parameters of this input builder
-      i18n_field_unit = checks.field_units.rst_min,
-      -- max allowed threshold value
-      field_max = 65535,
-      -- min allowed threshold value
-      field_min = 1,
-      -- threshold check operator. "gt" for ">", "lt" or "<"
-      field_operator = "gt";
-   }
-}
-
-- #################################################################
-
-return rst_scan
--- a/scripts/lua/modules/check_definitions/host/scan_detection.lua
+++ b/scripts/lua/modules/check_definitions/host/scan_detection.lua
@ -1,48 +0,0 @@
--
-- (C) 2019-24 - ntop.org
--
-
-local checks = require("checks")
-local host_alert_keys = require "host_alert_keys"
-local alert_consts = require("alert_consts")
-
-local script = {
-  -- Script category
-  category = checks.check_categories.security,
-  
-  -- This module is disabled by default
-  default_enabled = false,
-
-  alert_id = host_alert_keys.host_alert_scan_detected,
-  severity = alert_consts.get_printable_severities().error,
-  
-  default_value = {
-     operator = "gt",
-     threshold = 32,
-  },
-
-  -- See below
-  hooks = {},
-
-  -- Allow user script configuration from the GUI
-  gui = {
-    i18n_title = "entity_thresholds.scan_detection_title",
-    i18n_description = "entity_thresholds.scan_detection_description",
-
-    -- The input builder to use to draw the gui
-    input_builder = "threshold_cross",
-
-    -- Specific parameters of this input builder
-    i18n_field_unit = checks.field_units.flows,
-    -- max allowed threshold value
-    field_max = 65535,
-    -- min allowed threshold value
-    field_min = 1,
-    -- threshold check operator. "gt" for ">", "lt" or "<"
-    field_operator = "gt";
-  }
-}
-
-- #################################################################
-
-return script
--- a/scripts/lua/modules/check_definitions/host/syn_scan.lua
+++ b/scripts/lua/modules/check_definitions/host/syn_scan.lua
@ -1,45 +0,0 @@
--
-- (C) 2019-24 - ntop.org
--
-
-local checks = require("checks")
-local host_alert_keys = require "host_alert_keys"
-local alert_consts = require("alert_consts")
-
-local syn_scan = {
-   -- Script category
-   category = checks.check_categories.network,
-   severity = alert_consts.get_printable_severities().error,
-
-   default_enabled = false,
-   alert_id = host_alert_keys.host_alert_syn_scan,
-
-   -- The default threshold value. The format is specific of the
-   -- "threshold_cross" input builder
-   default_value = {
-      operator = "gt",
-      threshold = 256,
-   },
-
-   -- Allow user script configuration from the GUI
-   gui = {
-      i18n_title = "entity_thresholds.syn_scan_title",
-      i18n_description = "entity_thresholds.syn_scan_description",
-
-      -- The input builder to use to draw the gui
-      input_builder = "threshold_cross",
-
-      -- Specific parameters of this input builder
-      i18n_field_unit = checks.field_units.syn_min,
-      -- max allowed threshold value
-      field_max = 65535,
-      -- min allowed threshold value
-      field_min = 1,
-      -- threshold check operator. "gt" for ">", "lt" or "<"
-      field_operator = "gt";
-   }
-}
-
-- #################################################################
-
-return syn_scan