EVOLUTION-MANAGER

Edit File: alert.lua

-- -- (C) 2013-24 - ntop.org -- local dirs = ntop.getDirs() package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path -- Import the classes library. local classes = require "classes" local alert_severities = require "alert_severities" local alert_granularities = require "alert_granularities" -- ############################################## local Alert = classes.class() -- ############################################## function Alert:init() end -- ############################################## function Alert:format() -- tprint("base format") end -- ############################################## -- @brief Function called to set standard information: -- - score -- - subtype -- - granularity -- Those information could be set using standard functions -- like set_score() or set_granularity function Alert:set_info(params) local script = params.check if (not self.score or self.score == 0) and (script) then self.score = ntop.mapSeverityToScore(script.severity.severity_id or 0 --[[ no score ]] ) elseif (script == nil) then self.score = ntop.mapSeverityToScore(0 --[[ no score ]]) -- traceError(TRACE_ERROR, TRACE_CONSOLE, string.format("No script detected for entity %s, granularity: %s", params.entity_info.name, params.granularity)) -- tprint(debug.traceback()) end if params.entity_info then self.subtype = params.entity_info.name or "" end self.granularity = alert_granularities[params.granularity] end -- ############################################## function Alert:_build_type_info() local type_info = { -- Keys necessary for the engine alert_type = self.meta, alert_category = self.category, subtype = self.subtype, granularity = self.granularity, score = self.score, device_type = self.device_type, device_name = self.device_name, -- Stuff added in subclasses :init alert_type_params = self.alert_type_params or {} } -- Add the attacker to the alert params (if present) if self.attacker then type_info.alert_type_params.attacker = self.attacker end -- Add the victim to the alert params (if present) if self.victim then type_info.alert_type_params.victim = self.victim end return type_info end -- ############################################## function Alert:_check_alert_data() if self == nil then return true end if self.meta.has_victim and not self.victim then traceError(TRACE_ERROR, TRACE_CONSOLE, "alert.alert_error.configuration.no_victim") return false end if self.meta.has_attacker and not self.attacker then traceError(TRACE_ERROR, TRACE_CONSOLE, "alert.alert_error.configuration.no_attacker") return false end return true end -- ############################################## function Alert:trigger(entity_info, when, cur_alerts) local alerts_api = require "alerts_api" if not self._check_alert_data() then return end return alerts_api.trigger(entity_info, self:_build_type_info(), nil, cur_alerts) end -- ############################################## function Alert:release(entity_info, when, cur_alerts) local alerts_api = require "alerts_api" if not self._check_alert_data() then return end return alerts_api.release(entity_info, self:_build_type_info(), nil, cur_alerts) end -- ############################################## function Alert:store(entity_info) local alerts_api = require "alerts_api" if not self._check_alert_data() then return false end return alerts_api.store(entity_info, self:_build_type_info()) end -- ############################################## function Alert:set_category(category) self.category = category end -- ############################################## function Alert:set_score(score) self.score = tonumber(score) end -- @brief Methods to set score defaults, keep them in sync with -- ntop_defines.h function Alert:set_score_notice() self.score = ntop.mapSeverityToScore(alert_severities.notice.severity_id) end function Alert:set_score_warning() self.score = ntop.mapSeverityToScore(alert_severities.warning.severity_id) end function Alert:set_score_error() self.score = ntop.mapSeverityToScore(alert_severities.error.severity_id) end function Alert:set_score_critical() self.score = ntop.mapSeverityToScore(alert_severities.critical.severity_id) end function Alert:set_score_emergency() self.score = ntop.mapSeverityToScore(alert_severities.emergency.severity_id) end -- ############################################## function Alert:set_subtype(subtype) self.subtype = subtype end -- ############################################## function Alert:set_granularity(granularity) self.granularity = alert_granularities[granularity] if (self.granularity == nil) then print("[ERROR] Unknown granularity\n") tprint(granularity) print(debug.traceback()) end end -- ############################################## -- @brief Functions to set L2-related data, e.g., device type and name function Alert:set_device_type(devtype) self.device_type = tonumber(devtype) end function Alert:set_device_name(devname) self.device_name = tostring(devname) end -- ############################################## function Alert:set_attacker(attacker) self.attacker = attacker end function Alert:set_victim(victim) self.victim = victim end function Alert:set_origin(origin) self.origin = origin end function Alert:set_target(target) self.target = target end -- ############################################## return Alert -- ##############################################