vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-05 19:04:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
ntopng/scripts/plugins/flow_risks/user_scripts/flow/flow_risks.lua
Luca Deri f4b25f30b3 Flow risk report improvemements
2020-05-12 12:57:36 +02:00

71 lines
2 KiB
Lua
Raw Blame History

--
-- (C) 2019-20 - ntop.org
--
local user_scripts = require("user_scripts")
local flow_consts = require("flow_consts")
-- #################################################################
local script = {
-- Script category
category = user_scripts.script_categories.security,
-- NOTE: hooks defined below
hooks = {},
gui = {
i18n_title = "flow_callbacks_config.flow_risk",
i18n_description = "flow_callbacks_config.flow_risk_description",
}
}
-- #################################################################
function script.hooks.protocolDetected(now)
local flow_risk = flow.getRiskInfo()
-- For value information see nDPI/src/include/ndpi_typedefs.h
for label,value in pairs(flow_risk) do
if(value == 4) then
local httpInfo = flow.getHTTPInfo()
local url = httpInfo["protos.http.last_url"] or ""
-- NDPI_BINARY_APPLICATION_TRANSFER
-- scripts/lua/modules/alert_definitions/alert_binary_application_transfer.lua
flow.triggerStatus(
flow_consts.status_types.status_binary_application_transfer.create(
flow_consts.status_types.status_binary_application_transfer.alert_severity,
url
),
200, -- flow_score
200, -- cli_score
200 -- srv_score
)
elseif(value == 5) then
-- NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT
-- scripts/lua/modules/alert_definitions/alert_known_proto_on_non_std_port.lua
local info = flow.getInfo()
local ndpi_proto = info["proto.ndpi_app"] or "?"
flow.triggerStatus(
flow_consts.status_types.status_known_proto_on_non_std_port.create(
flow_consts.status_types.status_known_proto_on_non_std_port.alert_severity,
ndpi_proto
),
100, -- flow_score
100, -- cli_score
100 -- srv_score
)
end
-- TODO: handle additional nDPI risks identified
-- io.write("[flow_risks.lua] Risk "..value.."/"..label.." found\n")
end
end
-- #################################################################
return script
Reference in a new issue View git blame Copy permalink