diff --git a/scripts/locales/en.lua b/scripts/locales/en.lua index d44b587a32..f2d8e2ee4e 100644 --- a/scripts/locales/en.lua +++ b/scripts/locales/en.lua @@ -838,7 +838,7 @@ local lang = { ["total_alerts"] = "Total Alerts", ["trailing_msg"] = "Time Window", ["trailing_msg_compact"] = "Window", - ["unexpected_behavior_anomaly_description"] = "%{entity} %{href} [%{type_of_behaviour}: %{value} | Expected Range: %{lower_bound} ... %{upper_bound}]", + ["unexpected_behavior_anomaly_description"] = "%{entity} [%{type_of_behaviour}: %{value} | Expected Range: %{lower_bound} ... %{upper_bound}]", ["unexpected_host_behavior_description"] = "%{host} [%{type_of_behaviour}][Value: %{value}][Expected Range: %{lower_bound} ... %{upper_bound}]", ["unexpected_host_behaviour_act_flows_title"] = "Unexpected Host Active Flows Behaviour", ["unexpected_host_behaviour_contacts_title"] = "Unexpected Host Contacts Behaviour", diff --git a/scripts/lua/modules/alert_definitions/flow/alert_behavior_anomaly.lua b/scripts/lua/modules/alert_definitions/flow/alert_behavior_anomaly.lua index c7273d372e..7080686269 100644 --- a/scripts/lua/modules/alert_definitions/flow/alert_behavior_anomaly.lua +++ b/scripts/lua/modules/alert_definitions/flow/alert_behavior_anomaly.lua @@ -29,7 +29,7 @@ alert_behavior_anomaly.meta = { -- @param lower_bound The lower bound of the measurement -- @param upper_bound The upper bound of the measurement -- @return A table with the alert built -function alert_behavior_anomaly:init(entity, type_of_behaviour, value, upper_bound, lower_bound) +function alert_behavior_anomaly:init(entity, type_of_behaviour, value, upper_bound, lower_bound, href) -- Call the parent constructor self.super:init() @@ -39,6 +39,7 @@ function alert_behavior_anomaly:init(entity, type_of_behaviour, value, upper_bou value = value, upper_bound = upper_bound, lower_bound = lower_bound, + href = href, } end @@ -52,11 +53,12 @@ end function alert_behavior_anomaly.format(ifid, alert, alert_type_params) return(i18n("alerts_dashboard.unexpected_behavior_anomaly_description", { - entity = alert_type_params.entity, - type_of_behaviour = alert_type_params.type_of_behaviour, - value = alert_type_params.value, + entity = alert_type_params.entity or "", + type_of_behaviour = alert_type_params.type_of_behaviour or "", + value = alert_type_params.value or 0, lower_bound = alert_type_params.lower_bound or 0, upper_bound = alert_type_params.upper_bound or 0, + href = alert_type_params.href or "", })) end diff --git a/scripts/lua/modules/alert_utils.lua b/scripts/lua/modules/alert_utils.lua index 03a73626fb..6f4ae94a8e 100644 --- a/scripts/lua/modules/alert_utils.lua +++ b/scripts/lua/modules/alert_utils.lua @@ -777,15 +777,26 @@ function alert_utils.notify_ntopng_stop() return(notify_ntopng_status(false)) end -function alert_utils.formatBehaviorAlert(params, anomalies, stats, id, subtype) +function alert_utils.formatBehaviorAlert(params, anomalies, stats, id, subtype, name) -- Cycle throught the behavior stats - for anomaly_type, anomaly in pairs(anomalies) do + for anomaly_type, anomaly_table in pairs(anomalies) do + local lower_bound = stats[anomaly_type]["lower_bound"] + local upper_bound = stats[anomaly_type]["upper_bound"] + local value = stats[anomaly_type]["value"] + + if anomaly_table["formatter"] then + value = anomaly_table["formatter"](value) + lower_bound = anomaly_table["formatter"](lower_bound) + upper_bound = anomaly_table["formatter"](upper_bound) + end + local alert = alert_consts.alert_types.alert_behavior_anomaly.new( - i18n(subtype .. "_id", {id = id}), + i18n(subtype .. "_id", {id = name or id}), i18n("alert_behaviors." .. anomaly_type), - stats[anomaly_type]["value"], - stats[anomaly_type]["lower_bound"], - stats[anomaly_type]["upper_bound"] + value, + lower_bound, + upper_bound, + anomaly_table["href"] ) alert:set_score_warning() @@ -793,7 +804,7 @@ function alert_utils.formatBehaviorAlert(params, anomalies, stats, id, subtype) alert:set_subtype(subtype .. "_" .. id) -- Trigger an alert if an anomaly is found - if anomaly == true then + if anomaly_table["anomaly"] == true then alert:trigger(params.alert_entity, nil, params.cur_alerts) else alert:release(params.alert_entity, nil, params.cur_alerts)