File: alert.lua

package info (click to toggle)
ntopng 5.2.1%2Bdfsg1-2
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 121,832 kB
  • sloc: javascript: 143,431; cpp: 71,175; ansic: 11,108; sh: 4,687; makefile: 911; python: 587; sql: 512; pascal: 234; perl: 118; ruby: 52; exp: 4
file content (158 lines) | stat: -rw-r--r-- 4,355 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
--
-- (C) 2013-22 - ntop.org
--

local dirs = ntop.getDirs()
package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path

-- Import the classes library.
local classes = require "classes"
local alert_severities = require "alert_severities"

-- ##############################################

local Alert = classes.class()

-- ##############################################

function Alert:init()
end

-- ##############################################

function Alert:format()
   --tprint("base format")
end

-- ##############################################

function Alert:_build_type_info()
   local type_info =  {
      -- Keys necessary for the engine
      alert_type = self.meta,
      subtype = self.subtype,
      granularity = self.granularity,
      score = self.score,
      device_type = self.device_type,
      device_name = self.device_name,
      -- Stuff added in subclasses :init
      alert_type_params = self.alert_type_params or {}
   }

   -- Add the attacker to the alert params (if present)
   if self.attacker then
      type_info.alert_type_params.attacker = self.attacker
   end

   -- Add the victim to the alert params (if present)
   if self.victim then
      type_info.alert_type_params.victim = self.victim
   end

   return type_info
end

-- ##############################################

function Alert:_check_alert_data()
   if self == nil then
      return true
   end

   if self.meta.has_victim and not self.victim then
      traceError(TRACE_ERROR, TRACE_CONSOLE, "alert.alert_error.configuration.no_victim")
      return false
   end

   if self.meta.has_attacker and not self.attacker then
      traceError(TRACE_ERROR, TRACE_CONSOLE, "alert.alert_error.configuration.no_attacker")
      return false
   end

   return true
end

-- ##############################################

function Alert:trigger(entity_info, when, cur_alerts)
   local alerts_api = require "alerts_api"

   if not self._check_alert_data() then
      return
   end

   return alerts_api.trigger(entity_info, self:_build_type_info(), nil, cur_alerts)
end

-- ##############################################

function Alert:release(entity_info, when, cur_alerts)
   local alerts_api = require "alerts_api"

   if not self._check_alert_data() then
      return
   end

   return alerts_api.release(entity_info, self:_build_type_info(), nil, cur_alerts)
end

-- ##############################################

function Alert:store(entity_info)
   local alerts_api = require "alerts_api"

   if not self._check_alert_data() then
      return
   end

   return alerts_api.store(entity_info, self:_build_type_info())
end

-- ##############################################

function Alert:set_score(score)
   self.score = tonumber(score)
end

--@brief Methods to set score defaults, keep them in sync with
-- ntop_defines.h
function Alert:set_score_notice()  self.score = ntop.mapSeverityToScore(alert_severities.notice.severity_id) end
function Alert:set_score_warning() self.score = ntop.mapSeverityToScore(alert_severities.warning.severity_id) end
function Alert:set_score_error()   self.score = ntop.mapSeverityToScore(alert_severities.error.severity_id) end

-- ##############################################

function Alert:set_subtype(subtype)
   self.subtype = subtype
end

-- ##############################################

function Alert:set_granularity(granularity)
   local alert_consts = require "alert_consts"

   self.granularity = alert_consts.alerts_granularities[granularity]
   if(self.granularity == nil) then
      print("[ERROR] Unknown granularity "..granularity.."\n")
      print(debug.traceback())
   end
end

-- ##############################################

--@brief Functions to set L2-related data, e.g., device type and name
function Alert:set_device_type(devtype) self.device_type = tonumber(devtype) end
function Alert:set_device_name(devname) self.device_name = tostring(devname) end

-- ##############################################

function Alert:set_attacker(attacker) self.attacker = attacker end
function Alert:set_victim(victim) self.victim = victim end
function Alert:set_origin(origin) self.origin = origin end
function Alert:set_target(target) self.target = target end

-- ##############################################

return Alert

-- ##############################################