diff --git a/scripts/lua/modules/alert_store/alert_store.lua b/scripts/lua/modules/alert_store/alert_store.lua index 139ca3a32e..2e1b23f2a9 100644 --- a/scripts/lua/modules/alert_store/alert_store.lua +++ b/scripts/lua/modules/alert_store/alert_store.lua @@ -24,12 +24,14 @@ local alert_store = classes.class() -- Default number of time slots to be returned when aggregating by time local NUM_TIME_SLOTS = 31 +local TOP_LIMIT = 10 -- ############################################## function alert_store:init(args) self._where = { "1 = 1" } self._group_by = nil + self._top_limit = TOP_LIMIT end -- ############################################## diff --git a/scripts/lua/modules/alert_store/flow_alert_store.lua b/scripts/lua/modules/alert_store/flow_alert_store.lua index db98cc8a69..8c7a025dc6 100644 --- a/scripts/lua/modules/alert_store/flow_alert_store.lua +++ b/scripts/lua/modules/alert_store/flow_alert_store.lua @@ -87,10 +87,9 @@ end function flow_alert_store:top_cli_ip_historical() -- Preserve all the filters currently set local where_clause = table.concat(self._where, " AND ") - local limit = 10 local q = string.format("SELECT cli_ip, count(*) count FROM %s WHERE %s GROUP BY cli_ip ORDER BY count DESC LIMIT %u", - self._table_name, where_clause, limit) + self._table_name, where_clause, self._top_limit) local q_res = interface.alert_store_query(q) or {} @@ -103,10 +102,9 @@ end function flow_alert_store:top_srv_ip_historical() -- Preserve all the filters currently set local where_clause = table.concat(self._where, " AND ") - local limit = 10 local q = string.format("SELECT srv_ip, count(*) count FROM %s WHERE %s GROUP BY srv_ip ORDER BY count DESC LIMIT %u", - self._table_name, where_clause, limit) + self._table_name, where_clause, self._top_limit) local q_res = interface.alert_store_query(q) or {} @@ -119,7 +117,6 @@ end local function top_ip_merge(top_cli_ip, top_srv_ip) local all_ip = {} local top_ip = {} - local limit = 10 for _, p in ipairs(top_cli_ip) do all_ip[p.cli_ip] = tonumber(p.count) @@ -132,7 +129,7 @@ local function top_ip_merge(top_cli_ip, top_srv_ip) ip = ip, count = count, } - if #top_ip >= limit then break end + if #top_ip >= self._top_limit then break end end return top_ip diff --git a/scripts/lua/modules/alert_store/host_alert_store.lua b/scripts/lua/modules/alert_store/host_alert_store.lua index 16099e91fe..b122073b35 100644 --- a/scripts/lua/modules/alert_store/host_alert_store.lua +++ b/scripts/lua/modules/alert_store/host_alert_store.lua @@ -73,10 +73,9 @@ end function host_alert_store:top_ip_historical() -- Preserve all the filters currently set local where_clause = table.concat(self._where, " AND ") - local limit = 10 local q = string.format("SELECT ip, count(*) count FROM %s WHERE %s GROUP BY ip ORDER BY count DESC LIMIT %u", - self._table_name, where_clause, limit) + self._table_name, where_clause, self._top_limit) local q_res = interface.alert_store_query(q) or {} diff --git a/scripts/lua/modules/alert_store/mac_alert_store.lua b/scripts/lua/modules/alert_store/mac_alert_store.lua index f0bdde9aff..eb5e54412d 100644 --- a/scripts/lua/modules/alert_store/mac_alert_store.lua +++ b/scripts/lua/modules/alert_store/mac_alert_store.lua @@ -57,6 +57,31 @@ end -- ############################################## +--@brief Performs a query for the top device address by alert count +function mac_alert_store:top_address_historical() + -- Preserve all the filters currently set + local where_clause = table.concat(self._where, " AND ") + + local q = string.format("SELECT address, count(*) count FROM %s WHERE %s GROUP BY address ORDER BY count DESC LIMIT %u", + self._table_name, where_clause, self._top_limit) + + local q_res = interface.alert_store_query(q) or {} + + return q_res +end + +-- ############################################## + +--@brief Stats used by the dashboard +function mac_alert_store:_get_additional_stats() + local stats = {} + stats.top = {} + stats.top.address = self:top_address_historical() + return stats +end + +-- ############################################## + --@brief Add filters according to what is specified inside the REST API function mac_alert_store:_add_additional_request_filters() -- Add filters specific to the mac family diff --git a/scripts/lua/modules/alert_store/network_alert_store.lua b/scripts/lua/modules/alert_store/network_alert_store.lua index e56c1256d0..8723d2bd95 100644 --- a/scripts/lua/modules/alert_store/network_alert_store.lua +++ b/scripts/lua/modules/alert_store/network_alert_store.lua @@ -64,6 +64,31 @@ end -- ############################################## +--@brief Performs a query for the top networks by alert count +function network_alert_store:top_local_network_id_historical() + -- Preserve all the filters currently set + local where_clause = table.concat(self._where, " AND ") + + local q = string.format("SELECT local_network_id, count(*) count, name FROM %s WHERE %s GROUP BY local_network_id ORDER BY count DESC LIMIT %u", + self._table_name, where_clause, self._top_limit) + + local q_res = interface.alert_store_query(q) or {} + + return q_res +end + +-- ############################################## + +--@brief Stats used by the dashboard +function network_alert_store:_get_additional_stats() + local stats = {} + stats.top = {} + stats.top.local_network_id = self:top_local_network_id_historical() + return stats +end + +-- ############################################## + --@brief Convert an alert coming from the DB (value) to a record returned by the REST API function network_alert_store:format_record(value, no_html) local record = self:format_record_common(value, alert_entities.network.entity_id, no_html)