mirror of
https://github.com/ntop/ntopng.git
synced 2026-04-30 16:09:32 +00:00
182 lines
5.1 KiB
Lua
182 lines
5.1 KiB
Lua
--
|
|
-- (C) 2013-23 - ntop.org
|
|
--
|
|
|
|
local dirs = ntop.getDirs()
|
|
package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
|
|
|
|
-- Import the classes library.
|
|
local classes = require "classes"
|
|
local alert_severities = require "alert_severities"
|
|
|
|
-- ##############################################
|
|
|
|
local Alert = classes.class()
|
|
|
|
-- ##############################################
|
|
|
|
function Alert:init()
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
function Alert:format()
|
|
--tprint("base format")
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
-- @brief Function called to set standard information:
|
|
-- - score
|
|
-- - subtype
|
|
-- - granularity
|
|
-- Those information could be set using standard functions
|
|
-- like set_score() or set_granularity
|
|
function Alert:set_info(params)
|
|
local script = params.check
|
|
if(not self.score or self.score == 0) then
|
|
self.score = ntop.mapSeverityToScore(script.severity.severity_id or 0 --[[ no score ]])
|
|
end
|
|
|
|
if params.entity_info then
|
|
self.subtype = params.entity_info.name or ""
|
|
end
|
|
|
|
self.granularity = params.granularity or ""
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
function Alert:_build_type_info()
|
|
local type_info = {
|
|
-- Keys necessary for the engine
|
|
alert_type = self.meta,
|
|
subtype = self.subtype,
|
|
granularity = self.granularity,
|
|
score = self.score,
|
|
device_type = self.device_type,
|
|
device_name = self.device_name,
|
|
-- Stuff added in subclasses :init
|
|
alert_type_params = self.alert_type_params or {}
|
|
}
|
|
|
|
-- Add the attacker to the alert params (if present)
|
|
if self.attacker then
|
|
type_info.alert_type_params.attacker = self.attacker
|
|
end
|
|
|
|
-- Add the victim to the alert params (if present)
|
|
if self.victim then
|
|
type_info.alert_type_params.victim = self.victim
|
|
end
|
|
|
|
return type_info
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
function Alert:_check_alert_data()
|
|
if self == nil then
|
|
return true
|
|
end
|
|
|
|
if self.meta.has_victim and not self.victim then
|
|
traceError(TRACE_ERROR, TRACE_CONSOLE, "alert.alert_error.configuration.no_victim")
|
|
return false
|
|
end
|
|
|
|
if self.meta.has_attacker and not self.attacker then
|
|
traceError(TRACE_ERROR, TRACE_CONSOLE, "alert.alert_error.configuration.no_attacker")
|
|
return false
|
|
end
|
|
|
|
return true
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
function Alert:trigger(entity_info, when, cur_alerts)
|
|
local alerts_api = require "alerts_api"
|
|
|
|
if not self._check_alert_data() then
|
|
return
|
|
end
|
|
|
|
return alerts_api.trigger(entity_info, self:_build_type_info(), nil, cur_alerts)
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
function Alert:release(entity_info, when, cur_alerts)
|
|
local alerts_api = require "alerts_api"
|
|
|
|
if not self._check_alert_data() then
|
|
return
|
|
end
|
|
|
|
return alerts_api.release(entity_info, self:_build_type_info(), nil, cur_alerts)
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
function Alert:store(entity_info)
|
|
local alerts_api = require "alerts_api"
|
|
|
|
if not self._check_alert_data() then
|
|
return
|
|
end
|
|
|
|
return alerts_api.store(entity_info, self:_build_type_info())
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
function Alert:set_score(score)
|
|
self.score = tonumber(score)
|
|
end
|
|
|
|
--@brief Methods to set score defaults, keep them in sync with
|
|
-- ntop_defines.h
|
|
function Alert:set_score_notice() self.score = ntop.mapSeverityToScore(alert_severities.notice.severity_id) end
|
|
function Alert:set_score_warning() self.score = ntop.mapSeverityToScore(alert_severities.warning.severity_id) end
|
|
function Alert:set_score_error() self.score = ntop.mapSeverityToScore(alert_severities.error.severity_id) end
|
|
function Alert:set_score_critical() self.score = ntop.mapSeverityToScore(alert_severities.critical.severity_id) end
|
|
function Alert:set_score_emergency() self.score = ntop.mapSeverityToScore(alert_severities.emergency.severity_id) end
|
|
|
|
-- ##############################################
|
|
|
|
function Alert:set_subtype(subtype)
|
|
self.subtype = subtype
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
function Alert:set_granularity(granularity)
|
|
local alert_consts = require "alert_consts"
|
|
|
|
self.granularity = alert_consts.alerts_granularities[granularity]
|
|
if(self.granularity == nil) then
|
|
print("[ERROR] Unknown granularity\n")
|
|
tprint(granularity)
|
|
print(debug.traceback())
|
|
end
|
|
end
|
|
|
|
-- ##############################################
|
|
|
|
--@brief Functions to set L2-related data, e.g., device type and name
|
|
function Alert:set_device_type(devtype) self.device_type = tonumber(devtype) end
|
|
function Alert:set_device_name(devname) self.device_name = tostring(devname) end
|
|
|
|
-- ##############################################
|
|
|
|
function Alert:set_attacker(attacker) self.attacker = attacker end
|
|
function Alert:set_victim(victim) self.victim = victim end
|
|
function Alert:set_origin(origin) self.origin = origin end
|
|
function Alert:set_target(target) self.target = target end
|
|
|
|
-- ##############################################
|
|
|
|
return Alert
|
|
|
|
-- ##############################################
|