vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-01 00:19:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
10971 commits 26 branches 19 tags 446 MiB
Commit graph

77 commits

Author SHA1 Message Date
Simone Mainardi
b7341506f7 Implements checks for script type and alert severity in dispatch_notification 2020-09-16 13:08:07 +02:00
Simone Mainardi
9e99fa1403 Uses new in-memory queues for alert recipients (avoid Redis) 2020-09-08 18:36:18 +02:00
Simone Mainardi
85f555a908 Removes intermediate alert queues - only leaves recipient queues 
Implements #4366
 2020-09-04 17:41:55 +02:00
Alfredo Cardigliano
f038baf804 Alerts are no longer enqueued if disabled 2020-07-23 00:49:28 +02:00
Simone Mainardi
09c69edb22 Major rework of user_scripts.lua to use new pools 2020-07-10 13:01:29 +02:00
Simone Mainardi
b6447bbfb0 Implements ordering for flow Lua callbacks 2020-05-17 14:12:08 +02:00
Simone Mainardi
f3a5d7b10e Fixes external suricata alerts 2020-04-28 20:37:50 +02:00
Alfredo Cardigliano
c22f3b00e1 Fix alert ids source match 2020-04-28 16:12:03 +02:00
Alfredo Cardigliano
963cff670f Cleanup severity for external alerts 2020-04-27 18:04:41 +02:00
Simone Mainardi
83c4d36e34 Simplifies flow.triggerStatus using internal flow status reference 2020-04-27 17:48:56 +02:00
Simone Mainardi
efe4f9a8be Unifies alerts generation format with flow statuses 2020-04-27 14:37:04 +02:00
Simone Mainardi
ab1690ad9e Implements builders for each flow status definition 
[FlowsK] alert_blacklisted_country.lua

[FlowsK] alert_flow_blacklisted.lua

[FlowsK] alert_device_protocol_not_allowed.lua

[FlowsK] external_alert.lua

[FlowsK] alert_potentially_dangerous_protocol.lua

[FlowsK] tls_certificate_mismatch.lua

[FlowsK] tls_certificate_expired.lua

[FlowsK] tls_malicious_signature.lua

[FlowsK] elephant_flows.lua

[FlowsK] not_purged.lua

[FlowsK] web_mining.lua

[FlowsK] potentially_dangerous.lua

[FlowsK] alert_flow_blocked.lua
 2020-04-27 12:43:37 +02:00
Simone Mainardi
0a9a7015e0 Unifies status_id and status_key 2020-04-15 14:29:03 +02:00
Simone Mainardi
1eb02b2c2b Unifies alert_id and alert_key 2020-04-15 14:29:03 +02:00
Simone Mainardi
e487427aab Refactors alert_utils and enterprise_alert_utils 
Addresses #3720

Alerts Refactor: alert_utils as module

Alerts Refactor: notify_ntopng_start and notify_ntopng_stop

Alerts Refactor: processAlertNotifications

Alerts Refactor: checkStoreAlertsFromC

Alerts Refactor: formatAlertNotification

Alerts Refactor: notification_timestamp_rev

Alerts Refactor: formatAlertMessage

Alerts Refactor: getConfigsetAlertLink

Alerts Refactor: alertNotificationActionToLabel

Alerts Refactor: flushAlertsData

Alerts Refactor: disableAlertsGeneration

Alerts Refactor: newAlertsWorkingStatus and other

Alerts Refactor: drawAlerts

Alerts Refactor: drawAlertTables

Alerts Refactor: printAlertTables

Alerts Refactor: checkDeleteStoredAlerts

Alerts Refactor: getUnpagedAlertOptions

Alerts Refactor: getTabParameters

Alerts Refactor: getAlerts

Alerts Refactor: getNumAlerts

Alerts Refactor: performAlertsQuery

Alerts Refactor: sec2granularity

Alerts Refactor: granularity2id

Alerts Refactor: granularity2sec

Alerts Refactor: alertEngineLabel

Alerts Refactor: alertEngine

Alerts Refactor: alertEngineRaw

Alerts Refactor: alertTypeDescription

Alerts Refactor: alertType

Alerts Refactor: alertTypeLabel

Alerts Refactor: alertTypeRaw

Alerts Refactor: alertSeverity

Alerts Refactor: alertSeverityLabel

Alerts Refactor: alertSeverityRaw

Alerts Refactor: get_make_room_keys

Alerts Refactor: enterprise_alert_utils
 2020-04-10 14:03:20 +02:00
Alfredo Cardigliano
2425134f05 Replace isEnterprise with isEnterpriseM 2020-04-02 12:36:34 +00:00
Alfredo Cardigliano
b3ceaf9db4 Moved external alert score computation (fix #3447) 2020-02-24 15:01:21 +01:00
Alfredo Cardigliano
dbe07bbfcd Score computation fix (external alerts) 2020-02-24 12:27:48 +01:00
Simone Mainardi
5b70db90ad Handles deadlines for flow user scripts 2020-02-19 10:46:44 +01:00
emanuele-f
58b3d42d22 Set max score on hosts contacting blacklisted hosts 2020-02-17 15:16:01 +01:00
emanuele-f
e3d3d3992f Replace an existing flow alert if a more critical problem is found 
Also add the flow score into the database
 2020-02-07 19:20:57 +01:00
emanuele-f
0a0a3c4537 Rework flow status accounting 2020-02-07 19:17:07 +01:00
emanuele-f
13ec0d2f44 Use the flow score to determine the status priority 2020-02-07 19:17:07 +01:00
emanuele-f
96925a7e03 Fix invalid flow.triggerStatus calls 2020-02-06 10:31:22 +01:00
emanuele-f
c791fc1246 Add check to avoid nil config 2020-01-24 11:35:59 +01:00
Simone Mainardi
1cbdbbd339 Hides status_id from flow.{trigger,set,clear}Status 
Fixes #3266
 2020-01-21 12:27:33 +01:00
emanuele-f
dd8643ad79 Add missing community check 2020-01-20 13:21:38 +01:00
emanuele-f
aca088ea13 Add hyperlink to jump to the alert configuration 
Closes #2936
 2020-01-17 19:11:15 +01:00
emanuele-f
508d040a49 Fix updateScore not called in flow.setStatus 2020-01-17 11:11:02 +01:00
emanuele-f
a97dbd013b Remove score global preference 2020-01-16 18:21:35 +01:00
emanuele-f
566b9ece0b Score changes 
- Move score from status definition to user scripts
- Separate flow score counter from the peers score
- Create a new HostScore class to hold the score data
 2020-01-16 18:11:14 +01:00
Simone Mainardi
03a4b14dda User scripts now read view configsets for viewed interfaces 
Implements #3225
 2020-01-15 15:40:44 +01:00
emanuele-f
6edecb12cb Score visualization improvements 2020-01-15 15:27:45 +01:00
emanuele-f
d7528e1628 Score improvements 
The score is now calculated differently on the client and on the server of the flow.
The hosts flow is updated every minute and charted.
It's now possible to trigger an alert when the score threshold is exceeded
 2020-01-15 12:34:16 +01:00
Luca Deri
170bc60f19 Updated (C) 2020-01-08 23:52:51 +01:00
Simone Mainardi
724f1da5ea Fixes use of interface names in flow alerts 2020-01-08 19:03:08 +01:00
Simone Mainardi
76391ff6a5 Resores flow alerts for view interfaces 2020-01-08 18:18:00 +01:00
emanuele-f
d037f9a9a4 Use new user scripts config and gui 
The user scripts configuration can now be configured from the "User Scripts" entry under the cog
icon. It allows the creation of multiple configuration presets to be applied to hosts, networks and
interfaces.
 2020-01-03 13:03:34 +01:00
emanuele-f
4621a8f409 Reload the periodic scripts when the configuration changes 2019-12-31 19:31:03 +01:00
Simone Mainardi
2abb8cfde5 Reworks flow scripts deadlines 2019-12-27 20:50:53 +01:00
emanuele-f
c665bc78d7 Make configsets global 2019-12-23 13:25:35 +01:00
emanuele-f
f62aa15117 Load new configsets while loading user scripts 
Hosts/SNMP devices will be handled separately
 2019-12-20 12:19:49 +01:00
emanuele-f
a3432e00e8 Implement ntopng plugins 
Plugins are a convenient way to group together related lua scripts.
Their primary use case is to group user scripts and their alert/status
definition.
The builtin ntopng user scripts and definitions are now
packed into plugins directories. In future, we will support loading of
user created plugins.
Plugins are loaded at startup into some runtime directories and then
used. Other changes provided by this commit include:

- Add sample flow logger plugin
- Initial support for system user scripts
- Rename edge to threshold
- Migrate system probes to user scripts/plugins
- Migrate scripts to more explicit alerts_api.checkThresholdAlert api
 2019-12-10 09:25:57 +01:00
emanuele-f
0d48bff069 Implement more flexible user_scripts api 
NOTE: The existing alerts configuration of the users will be discarded.

Some code has been added to make the current gui on/off toggle work.
It is marked with the following comment:

-- TODO remove after implementing the new gui
 2019-11-28 11:06:14 +01:00
emanuele-f
3dd7d2215d Remove matchesL7 call 2019-11-15 16:58:59 +01:00
emanuele-f
7d0888d302 Flow user scripts optimizations 2019-11-15 15:52:36 +01:00
emanuele-f
60fc7e0cfb Improve flow.lua and add statistics 2019-11-15 10:51:19 +01:00
emanuele-f
bde0a51f9c Add periodic_update_seconds parameter 2019-11-14 16:10:45 +01:00
emanuele-f
df0556cb87 Optimize flow alerts generation 
This provides a ~10x speedup by performing the JSON serialization work in C
(and thus avoiding Lua->C overhead). This also implements two in-memory alerts
queues (one for sqlite and one for the notifications) in order to reduce Redis load.
Alerts queue are now global instead of per-interface as there is only 1 dequeing thread.
 2019-11-14 11:54:13 +01:00
Simone Mainardi
05e6dc1677 Implements bi- and mono-directional flow callbacks filter 
Implements #3055
 2019-11-13 18:14:49 +01:00