'))
if score_alert.alert_id then
alert_key = alert_consts.getAlertType(tonumber(score_alert.alert_id), alert_entities.flow.entity_id)
@@ -1465,7 +1471,7 @@ else
local msg = string.format('| %s | %s | %s %s %s | ',
score_alert.message .. alert_source,
'' .. score_alert.score .. '',
- riskLabel, (score_alert.alert_risk > 0 and flow_risk_utils.get_documentation_link(score_alert.alert_risk)) or '',
+ riskLabel, (score_alert.alert_risk > 0 and flow_risk_utils.get_documentation_link(score_alert.alert_risk, alert_src)) or '',
status_icon or '')
print(msg)
@@ -1495,7 +1501,7 @@ else
end
print(''..
- flow_risk_utils.get_remediation_documentation_link(score_alert.alert_id)
+ flow_risk_utils.get_remediation_documentation_link(score_alert.alert_risk, alert_src)
.. ' | ')
print('')
diff --git a/scripts/lua/modules/alert_utils.lua b/scripts/lua/modules/alert_utils.lua
index 7dd56f4cd3fe..1348d2dcd30a 100644
--- a/scripts/lua/modules/alert_utils.lua
+++ b/scripts/lua/modules/alert_utils.lua
@@ -383,61 +383,66 @@ end
-- #################################
function alert_utils.formatFlowAlertMessage(ifid, alert, alert_json, add_score, local_explorer)
- local msg
- local alert_risk
-
- if tonumber(alert.alert_id) then
- alert_risk = ntop.getFlowAlertRisk(tonumber(alert.alert_id))
- end
-
- if not alert_json then
- alert_json = alert_utils.getAlertInfo(alert)
- end
-
- local description = alertTypeDescription(alert.alert_id, alert_entities.flow.entity_id)
-
- if (type(description) == "string") then
- -- localization string
- msg = i18n(description, alert_json)
- elseif (type(description) == "function") then
- msg = description(ifid, alert, alert_json, local_explorer)
- end
-
- if isEmptyString(msg) then
- if alert_json and alert_json.alert_generation and alert_risk and alert_risk > 0 then
- -- Flow risks most of the times already have a default description, use this in case of emtpy descr
- msg = alert_utils.get_flow_risk_info(alert_risk, alert_json)
- else
- -- Normal alerts
- msg = alert_consts.alertTypeLabel(tonumber(alert.alert_id), true --[[ no_html --]] , alert.entity_id)
- end
- end
-
- if not isEmptyString(alert["user_label"]) then
- msg = string.format('%s %s', msg, alert["user_label"])
- end
-
- if add_score then
- if tonumber(alert.alert_id) then
- local alert_score = ntop.getFlowAlertScore(tonumber(alert.alert_id))
- msg = alert_utils.format_score(msg, alert_score)
- end
- end
-
- -- Add the link to the documentation
- if alert_risk and alert_risk > 0 then
- msg = string.format("%s %s %s",
- msg, flow_risk_utils.get_documentation_link(alert_risk),
- flow_risk_utils.get_remediation_documentation_link(alert.alert_id))
- local info_msg = alert_utils.get_flow_risk_info(alert_risk, alert_json)
-
- -- Add check info_msg ~= alert.info to avoid duplicated in description msg
- --[[if (not isEmptyString(info_msg) and info_msg ~= alert.info) then
+ local msg
+ local alert_risk
+
+ if tonumber(alert.alert_id) then
+ alert_risk = ntop.getFlowAlertRisk(tonumber(alert.alert_id))
+
+ if (tonumber(alert_risk) == 0) then
+ alert_src = "ntopng"
+ else
+ alert_src = "nDPI"
+ end
+ end
+
+ if not alert_json then
+ alert_json = alert_utils.getAlertInfo(alert)
+ end
+
+ local description = alertTypeDescription(alert.alert_id, alert_entities.flow.entity_id)
+
+ if (type(description) == "string") then
+ -- localization string
+ msg = i18n(description, alert_json)
+ elseif (type(description) == "function") then
+ msg = description(ifid, alert, alert_json, local_explorer)
+ end
+
+ if isEmptyString(msg) then
+ if alert_json and alert_json.alert_generation and alert_risk and alert_risk > 0 then
+ -- Flow risks most of the times already have a default description, use this in case of emtpy descr
+ msg = alert_utils.get_flow_risk_info(alert_risk, alert_json)
+ else
+ -- Normal alerts
+ msg = alert_consts.alertTypeLabel(tonumber(alert.alert_id), true --[[ no_html --]] , alert.entity_id)
+ end
+ end
+
+ if not isEmptyString(alert["user_label"]) then
+ msg = string.format('%s %s', msg, alert["user_label"])
+ end
+
+ if add_score then
+ if tonumber(alert.alert_id) then
+ local alert_score = ntop.getFlowAlertScore(tonumber(alert.alert_id))
+ msg = alert_utils.format_score(msg, alert_score)
+ end
+ end
+
+ -- Add the link to the documentation
+ if alert_risk and alert_risk > 0 then
+ msg = string.format("%s %s %s", msg, flow_risk_utils.get_documentation_link(alert_risk, alert_src),
+ flow_risk_utils.get_remediation_documentation_link(alert.alert_id, alert_src))
+ local info_msg = alert_utils.get_flow_risk_info(alert_risk, alert_json)
+
+ -- Add check info_msg ~= alert.info to avoid duplicated in description msg
+ --[[if (not isEmptyString(info_msg) and info_msg ~= alert.info) then
msg = string.format("%s", msg, info_msg)
end--]]
- end
+ end
- return msg or ""
+ return msg or ""
end
-- #################################
@@ -800,18 +805,19 @@ function alert_utils.format_other_alerts(alert_bitmap, predominant_alert, alert_
if alert_id ~= tonumber(predominant_alert) then -- Do not add the predominant alert to the list of additional alerts
local message = alert_consts.alertTypeLabel(alert_id, true, alert_entities.flow.entity_id)
- message = message .. " " .. alert_consts.addExtraInfo(alert_id, alert_entities.flow.entity_id, alert_json)
+ message = message .. " " ..
+ alert_consts.addExtraInfo(alert_id, alert_entities.flow.entity_id, alert_json)
local alert_score = ntop.getFlowAlertScore(alert_id)
if add_score then
message = alert_utils.format_score(message, alert_score)
end
- local alert_risk = ntop.getFlowAlertRisk(alert_id)
- if alert_risk > 0 then
+ local alert_risk = ntop.getFlowAlertRisk(tonumber(alert_id))
+ if alert_risk > 0 then -- source is nDPI
if not no_html then
message = string.format("%s %s", message,
- flow_risk_utils.get_documentation_link(alert_risk))
+ flow_risk_utils.get_documentation_link(alert_risk, "nDPI"))
end
local info_msg = alert_utils.get_flow_risk_info(alert_risk, alert_json)
if not isEmptyString(info_msg) then
@@ -829,7 +835,7 @@ function alert_utils.format_other_alerts(alert_bitmap, predominant_alert, alert_
msg = message,
score = alert_score,
alert_id = alert_id
- }
+ }
else
additional_alerts[#additional_alerts + 1] = message
end
diff --git a/scripts/lua/modules/flow_risk_utils.lua b/scripts/lua/modules/flow_risk_utils.lua
index db2a026d923d..f0816de951cb 100644
--- a/scripts/lua/modules/flow_risk_utils.lua
+++ b/scripts/lua/modules/flow_risk_utils.lua
@@ -1,51 +1,60 @@
--
-- (C) 2017-24 - ntop.org
--
-
local flow_risk_utils = {}
local clock_start = os.clock()
-- ##############################################
-function flow_risk_utils.get_documentation_link(risk_id)
-
- local url = string.format("https://www.ntop.org/guides/nDPI/flow_risks.html#risk-%.3u", risk_id)
- local link = string.format('', url)
+function flow_risk_utils.get_documentation_link(risk_id, source)
+ local url = ""
+ if (source == "ntopng") then
+ url = string.format("https://www.ntop.org/guides/ntopng/remediations/ntopng_flow_risks.html#risk-%.3u", risk_id)
+ else
+ url = string.format("https://www.ntop.org/guides/ntopng/remediations/ndpi_flow_risks.html#risk-%.3u", risk_id)
+ end
- return link
+ return string.format('', url)
end
-function flow_risk_utils.get_remediation_documentation_link(risk_id)
- local url = string.format("https://www.ntop.org/guides/ntopng/remediations/flow_risks.html#risk-%.3u", risk_id)
- local link = string.format('', url)
+function flow_risk_utils.get_remediation_documentation_link(risk_id, source)
+ local url = ""
+ if (source == "ntopng") then
+ url = string.format("https://www.ntop.org/guides/ntopng/remediations/ntopng_flow_risks.html#risk-%.3u", risk_id)
+ else
+ url = string.format("https://www.ntop.org/guides/ntopng/remediations/ndpi_flow_risks.html#risk-%.3u", risk_id)
+ end
- return link
+ return string.format('', url)
end
-- ##############################################
---@brief Returns a table with all available risk strings, keyed by risk id.
+-- @brief Returns a table with all available risk strings, keyed by risk id.
function flow_risk_utils.get_risks_info()
- local res = {}
-
- for risk_id = 1,127 do
- local risk_str = ntop.getRiskStr(risk_id)
- if risk_id == tonumber(risk_str) then
- break
- end
-
- -- Use string keys to avoid tricking lua into thinking it is processing an array
- res[tostring(risk_id)] = {label = risk_str, id = risk_id}
- end
-
- return res
+ local res = {}
+
+ for risk_id = 1, 127 do
+ local risk_str = ntop.getRiskStr(risk_id)
+ if risk_id == tonumber(risk_str) then
+ break
+ end
+
+ -- Use string keys to avoid tricking lua into thinking it is processing an array
+ res[tostring(risk_id)] = {
+ label = risk_str,
+ id = risk_id
+ }
+ end
+
+ return res
end
-- ##############################################
-if(trace_script_duration ~= nil) then
- io.write(debug.getinfo(1,'S').source .." executed in ".. (os.clock()-clock_start)*1000 .. " ms\n")
+if (trace_script_duration ~= nil) then
+ io.write(debug.getinfo(1, 'S').source .. " executed in " .. (os.clock() - clock_start) * 1000 .. " ms\n")
end
return flow_risk_utils
diff --git a/scripts/lua/modules/historical_flow_details_formatter.lua b/scripts/lua/modules/historical_flow_details_formatter.lua
index c2e658106e14..281334a01667 100644
--- a/scripts/lua/modules/historical_flow_details_formatter.lua
+++ b/scripts/lua/modules/historical_flow_details_formatter.lua
@@ -8,6 +8,7 @@ package.path = dirs.installdir .. "/scripts/lua/modules/alert_store/?.lua;" .. p
require "lua_utils"
local json = require "dkjson"
local dscp_consts = require "dscp_consts"
+local flow_risk_utils = require "flow_risk_utils"
local historical_flow_details_formatter = {}
@@ -221,13 +222,25 @@ local function format_historical_issue_description(alert_id, score, title, msg,
if alert_scores and alert_scores[alert_id] then
score = alert_scores[alert_id]
end
-
+
+ -- If alert risk is 0 then it comes from ntonpg, else nDPI
+ local alert_risk = ntop.getFlowAlertRisk(tonumber(alert_id))
+ local alert_src
+
+ if (tonumber(alert_risk) == 0) then
+ alert_src = "ntopng"
+ else
+ alert_src = "nDPI"
+ end
+
+ local alert_source = " " .. alert_src .. ""
+
local severity_id = map_score_to_severity(score)
local severity = alert_consts.alertSeverityById(severity_id)
- -- local alert_source = " ".. ternary(score_alert.alert_risk, "nDPI", "ntopng") .. ""
-
- local html = " |