vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-03 09:20:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed #4737 integration with fail2ban

Browse source
This commit is contained in:
Matteo Biscosi 2020-12-30 11:44:36 +01:00
parent 8eb29b3716
commit e94f2cb0b4
18 changed files with 151 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

7
scripts/plugins/alerts/security/syn_scan_alert/user_scripts/host/syn_scan_attacker.lua
View file

@ -52,9 +52,14 @@ local script = {
function script.hooks.min(params)
local sf = host.getSynScan()
local value = sf["hits.syn_scan_attacker"] or 0
local attacker = nil
if value ~= 0 then
attacker = params.alert_entity.alert_entity_val
end
-- Check if the configured threshold is crossed by the value and possibly trigger an alert
alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_tcp_syn_scan, value)
alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_tcp_syn_scan, value, attacker)
end
-- #################################################################

7
scripts/plugins/alerts/security/syn_scan_alert/user_scripts/host/syn_scan_victim.lua
View file

@ -53,9 +53,14 @@ local script = {
function script.hooks.min(params)
local sf = host.getSynScan()
local value = sf["hits.syn_scan_victim"] or 0
local victim = nil
if value ~= 0 then
victim = params.alert_entity.alert_entity_val
end
-- Check if the configured threshold is crossed by the value and possibly trigger an alert
alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_tcp_syn_scan, value)
alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_tcp_syn_scan, value, nil, victim)
end
-- #################################################################

7
scripts/plugins/alerts/security/syn_scan_alert/user_scripts/network/syn_scan_victim.lua
View file

@ -49,9 +49,14 @@ local script = {
-- Defines an hook which is executed every minute
function script.hooks.min(params)
local value = params.entity_info["hits.syn_scan_victim"] or 0
local victim = nil
if value ~= 0 then
victim = params.alert_entity.alert_entity_val
end
-- Check if the configured threshold is crossed by the value and possibly trigger an alert
alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_tcp_syn_scan, value)
alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_tcp_syn_scan, value, nil, victim)
end
-- #################################################################