vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-06 20:46:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
12792 commits 26 branches 19 tags 449 MiB
Commit graph

102 commits

Author SHA1 Message Date
Alfredo Cardigliano
fa311e3ade Rework user script working sets (a single configset is supported now) 2021-03-01 15:37:45 +01:00
Simone Mainardi
a9aef2c70a Update for test alert_dns_data_exfiltration_02 2021-02-19 18:50:25 +01:00
Simone Mainardi
9049cb327f Update for test alert_dns_data_exfiltration_02 2021-02-19 18:41:36 +01:00
Simone Mainardi
e3dab26574 Fixes flow status not set under certain conditions 2021-02-18 11:12:26 +01:00
Simone Mainardi
9314f36cc5 Fixes remote to remote alerts setting nil scores 2021-02-18 10:59:36 +01:00
Simone Mainardi
0d39732d1c Implements telemetry for alter filters 2021-02-17 12:08:40 +01:00
Simone Mainardi
84ac0f4dfc Implements filtering of flow user scripts 2021-02-12 12:56:06 +01:00
Alfredo Cardigliano
7bee78fe75 Sort modules by prio and then by name to provide deterministic results 2021-02-11 16:28:41 +01:00
Simone Mainardi
38d31a474a Makes multiple score increments status-dependent 
Implements #4993
 2021-01-30 12:45:04 +01:00
Luca Deri
a1178a0791 Updated (C) 2021-01-02 12:08:23 +01:00
Simone Mainardi
a3383c5e2c Honors status_always_notify also for the internal SQLite recipient 2020-12-30 19:31:23 +01:00
Simone Mainardi
e3eda6e082 Implements ability to trigger flow alerts even if already triggered 2020-12-30 13:08:55 +01:00
Simone Mainardi
56a4c999a3 Initial flow status rework to remove globals 2020-12-30 12:06:33 +01:00
Simone Mainardi
dc007ba88b Disables user script benchmarks calculated but not used by default 
Partially addresses #4673
 2020-12-28 14:51:42 +01:00
Simone Mainardi
8d6dafc897 Unifies new alerts and flow alerts API 2020-12-04 17:03:23 +01:00
Simone Mainardi
5c0c23feb6 Fixes execution of periodicUpdate flow callback 
Fixes #4687
 2020-11-06 18:17:54 +01:00
Simone Mainardi
d7f1ce0d8c Reworks and optimizes flow alerted status 2020-10-19 16:50:22 +02:00
Alfredo Cardigliano
a5a8030e35 Cleanup trigger flow external alert 2020-10-19 13:12:31 +02:00
Simone Mainardi
d3dda0bb82 Unifies misbehaving with alerted flows 
Implements #4596
 2020-10-16 18:58:20 +02:00
Simone Mainardi
b7bdd1edaf Massive cleanup of alerts (disabled/suppressed) 
Fixes #4504
 2020-10-01 18:40:11 +02:00
Simone Mainardi
0db456c0cf Reworks flow user scripts execution in C++ 2020-09-30 18:41:36 +02:00
Simone Mainardi
814ee67cf9 Reworks nDPI Risks flow plugins to handle all risks and scores 
Fixes #4432
 2020-09-23 17:58:51 +02:00
Simone Mainardi
6c1280a8e5 Reworks recipients.lua as static rather than (useless) instance 2020-09-23 15:03:07 +02:00
Alfredo Cardigliano
7bda229e8f Use score to filter flow alerts when supported (Enterprise) 2020-09-22 04:22:58 +02:00
Simone Mainardi
db0d7730a8 Implements per-category host score 
Implements #4413
 2020-09-18 18:34:28 +02:00
Simone Mainardi
b7341506f7 Implements checks for script type and alert severity in dispatch_notification 2020-09-16 13:08:07 +02:00
Simone Mainardi
9e99fa1403 Uses new in-memory queues for alert recipients (avoid Redis) 2020-09-08 18:36:18 +02:00
Simone Mainardi
85f555a908 Removes intermediate alert queues - only leaves recipient queues 
Implements #4366
 2020-09-04 17:41:55 +02:00
Alfredo Cardigliano
f038baf804 Alerts are no longer enqueued if disabled 2020-07-23 00:49:28 +02:00
Simone Mainardi
09c69edb22 Major rework of user_scripts.lua to use new pools 2020-07-10 13:01:29 +02:00
Simone Mainardi
b6447bbfb0 Implements ordering for flow Lua callbacks 2020-05-17 14:12:08 +02:00
Simone Mainardi
f3a5d7b10e Fixes external suricata alerts 2020-04-28 20:37:50 +02:00
Alfredo Cardigliano
c22f3b00e1 Fix alert ids source match 2020-04-28 16:12:03 +02:00
Alfredo Cardigliano
963cff670f Cleanup severity for external alerts 2020-04-27 18:04:41 +02:00
Simone Mainardi
83c4d36e34 Simplifies flow.triggerStatus using internal flow status reference 2020-04-27 17:48:56 +02:00
Simone Mainardi
efe4f9a8be Unifies alerts generation format with flow statuses 2020-04-27 14:37:04 +02:00
Simone Mainardi
ab1690ad9e Implements builders for each flow status definition 
[FlowsK] alert_blacklisted_country.lua

[FlowsK] alert_flow_blacklisted.lua

[FlowsK] alert_device_protocol_not_allowed.lua

[FlowsK] external_alert.lua

[FlowsK] alert_potentially_dangerous_protocol.lua

[FlowsK] tls_certificate_mismatch.lua

[FlowsK] tls_certificate_expired.lua

[FlowsK] tls_malicious_signature.lua

[FlowsK] elephant_flows.lua

[FlowsK] not_purged.lua

[FlowsK] web_mining.lua

[FlowsK] potentially_dangerous.lua

[FlowsK] alert_flow_blocked.lua
 2020-04-27 12:43:37 +02:00
Simone Mainardi
0a9a7015e0 Unifies status_id and status_key 2020-04-15 14:29:03 +02:00
Simone Mainardi
1eb02b2c2b Unifies alert_id and alert_key 2020-04-15 14:29:03 +02:00
Simone Mainardi
e487427aab Refactors alert_utils and enterprise_alert_utils 
Addresses #3720

Alerts Refactor: alert_utils as module

Alerts Refactor: notify_ntopng_start and notify_ntopng_stop

Alerts Refactor: processAlertNotifications

Alerts Refactor: checkStoreAlertsFromC

Alerts Refactor: formatAlertNotification

Alerts Refactor: notification_timestamp_rev

Alerts Refactor: formatAlertMessage

Alerts Refactor: getConfigsetAlertLink

Alerts Refactor: alertNotificationActionToLabel

Alerts Refactor: flushAlertsData

Alerts Refactor: disableAlertsGeneration

Alerts Refactor: newAlertsWorkingStatus and other

Alerts Refactor: drawAlerts

Alerts Refactor: drawAlertTables

Alerts Refactor: printAlertTables

Alerts Refactor: checkDeleteStoredAlerts

Alerts Refactor: getUnpagedAlertOptions

Alerts Refactor: getTabParameters

Alerts Refactor: getAlerts

Alerts Refactor: getNumAlerts

Alerts Refactor: performAlertsQuery

Alerts Refactor: sec2granularity

Alerts Refactor: granularity2id

Alerts Refactor: granularity2sec

Alerts Refactor: alertEngineLabel

Alerts Refactor: alertEngine

Alerts Refactor: alertEngineRaw

Alerts Refactor: alertTypeDescription

Alerts Refactor: alertType

Alerts Refactor: alertTypeLabel

Alerts Refactor: alertTypeRaw

Alerts Refactor: alertSeverity

Alerts Refactor: alertSeverityLabel

Alerts Refactor: alertSeverityRaw

Alerts Refactor: get_make_room_keys

Alerts Refactor: enterprise_alert_utils
 2020-04-10 14:03:20 +02:00
Alfredo Cardigliano
2425134f05 Replace isEnterprise with isEnterpriseM 2020-04-02 12:36:34 +00:00
Alfredo Cardigliano
b3ceaf9db4 Moved external alert score computation (fix #3447) 2020-02-24 15:01:21 +01:00
Alfredo Cardigliano
dbe07bbfcd Score computation fix (external alerts) 2020-02-24 12:27:48 +01:00
Simone Mainardi
5b70db90ad Handles deadlines for flow user scripts 2020-02-19 10:46:44 +01:00
emanuele-f
58b3d42d22 Set max score on hosts contacting blacklisted hosts 2020-02-17 15:16:01 +01:00
emanuele-f
e3d3d3992f Replace an existing flow alert if a more critical problem is found 
Also add the flow score into the database
 2020-02-07 19:20:57 +01:00
emanuele-f
0a0a3c4537 Rework flow status accounting 2020-02-07 19:17:07 +01:00
emanuele-f
13ec0d2f44 Use the flow score to determine the status priority 2020-02-07 19:17:07 +01:00
emanuele-f
96925a7e03 Fix invalid flow.triggerStatus calls 2020-02-06 10:31:22 +01:00
emanuele-f
c791fc1246 Add check to avoid nil config 2020-01-24 11:35:59 +01:00