Scaffolding code of the host scripts
Scaffolding code for host alerts
Adds host_callbacks/ for .cpp files
Implements all classes for host callbacks
Removes pro/enterprise host callbacks
Adds typedefs with callback deltas
Compilation fix
Creates instances of host callbacks in loader
Link fix
Removes redundant/non-necessary host alerts
Merges Scan and Flood callbacks together
Removes outdated API files
Refactors alert keys into entity|id
Refactors all flow alert_{...} into flow_alert_{...}
Refactors C++ flow alert_{...} into flow_alert_{...}
Reworks alert ids to include an entity type
Cleanup and merge alertTypeRaw with getAlertType
Minor fix
Refactors alert definitions and keys into sub directories
Implement host alert callback execution and trigger/release logic
Update callbacks API
Adds base CallbacksLoader for {Host,Flow}CallbacksLoader
Implements load of host user scripts with periodicities
Implements runtime reload of host callbacks
Add logic for periodic callbacks
Add 'expired' flag to host alerts
Implements execution of host callbacks and SYN flood checks
Adds triggerAlertAsync calls to SYNFlood
Implements JSON host alert generation info
Handle callback getPeriod. Optimize callback lookup.
Implements host recipients in C++
Add callback status
Define destructor
Iterator fixes
Cleanup host Lua calls (now performed in C++)
Changes to show new host alerts in SQLite
Adds release/engage action on alert JSON
Move AlertableEntity to OtherAlertableEntity, inheriting from a new AlertableEntity. Add HostAlertableEntity.
Implements SYN Flood Attacker with params
Uses parametrized thresholds to trigger syn flood alerts
Implements build alert of both attacker and victim
Implement HostAlertableEntity
Implements SYN scan attacker/victim alerts
Implements flow flood attacker/victim alerts
Removes a debug flag
Add virtual allocStatus
Add HostAlert disableAutoRelease()
Add Ãexplicit releaseAlert()
Implements SYNFloodHostCallbackStatus
Implements SYNScanHostCallbackStatus
Implements FlowFloodHostCallbackStatus
Change trigger API to handle cli/src score
Implements {DNS,SMTP,NTP}ServerContactsAlert
Reworks ServerContacts host alerts
Implement exclusion bitmaps for host alerts
Implements {SMTP,DNS,NTP}ServerContactsAlert
Adds host_info to the generated alert JSON
Minor cleanup
Optimize access to callback status
Move RepliesRequestsRatio to pro
Rework triggerAlert on host to avoid multiple call and unneeded status data
Compilation fix
Reworked host alerts API (wip)
Cleanup unused host callbacks
Compilation fixes
Finishes backend implementation of host alerts exclusions
Rework host callbacks executor
Implements disable of host alerts
Port SYNFlood to the new api
Cleanup
Reduce duplicated code
Comments
Port ServerContacts to the new api
Clenaup
Adds parsing of configuration for host callbacks
Port SYNScanAlert to the new API
Port FlowFlood to the new API
Cleanup unused HostAlert getName
Reworks DNSRequestsErrorsRatioAlert
Adds JSON for DNSTrafficAlert
Adds FlowsAlert
Adds P2PTrafficAlert
Add RepliesRequestsRatioAlert
Adds ScoreAlert
Adds ThroughputAlert
Adds TrafficAlert
Fixes for scan/flood alerts
DNS ratio alert support
Add HTTP stats getters
Implements deltas for many host callbacks
Host score inc
Adds missing Alert params to host alerts
Release all host alerts on idle
Refactors score classes
Implements class Score to contain scores for hosts, flows, etc
Adds scores to VLANs, Networks, ASes and Countries
Host callbacks can trigger a single alert now
FlowFlood, SYNFloo, SYNScan now inherit from FlowHits
Move severity and score to constructor
Add else branch to hits callbacks
Alert definition update for flows_flood, syn_flood, syn_scan
Update field name
Engaged alert init
Adds score incs/decs for AS, VLAN, country, os and network
Restore network scripts
Restored other alert definitions for floods
Handle decreasing alert score
Removes include
Rename flows_flood to flow_flood for consistency
Restored alert_tcp_syn_flood_victim alert_tcp_syn_scan_victim definitions
Fixes for non-host engaged/release alerts
Cleanup LuaEngineFlow and LuaEngineHost classes
Fixes old calls to host lua during shutdown
Removes AlertCheckLuaEngine instance
Fixes purging of flows
Fixes alerts release upon shutdown causing wrong uses
Removes a debug flag
Fix getNumEngagedAlerts
Cleanup unnecessary host callbacks
Removes array of callback statuses inside host
Bitmap fixes
Refactors Bitmap into Bitmap128
Implements 16-bits bitmaps for host alerts
Adds class HostCallbacksStatus
Moves callback status p2p and DNS inside HostCallbacksStatus
Removes unused callbacks in typedefs
Minor cleanup
Adds trigger/release for DNS/p2p alerts
Reworks UI of hosts user scripts
Rename HostCallbackType to HostCallbackID, getType to getID, others
Implements #4942
Partially implemented alerts exclusion list
Added User Script exclusion list to settings
Implements add the ability to suppress specific alerts
Implements #4942
NOTE: database schema changed. Existing alerts will be lost.
- Unified engaged and closed tables
- Simplified hosts engaged alert counters handling: periodically set by lua
- Removed alert engine and replaced with alert periodicity
- Now engage is implicitly derived from the alert end timestamp and periodicity
- New alerts_api.lua to easily emit alerts
- Removed past alerts counter aggregation by hash
- Alert notifications for non-flow alerts are now removed from C and triggered by lua
