Skip to content

Commit

Permalink
Improve VS alert description (#7969)
Browse files Browse the repository at this point in the history
  • Loading branch information
cardigliano committed Nov 2, 2023
1 parent e384f3c commit d757f16
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 27 deletions.
21 changes: 13 additions & 8 deletions scripts/locales/en.lua
Original file line number Diff line number Diff line change
Expand Up @@ -677,10 +677,6 @@ local lang = {
["vlan_filter"] = "VLAN Filter",
["vlan_id"] = "VLAN",
["volume"] = "Volume",
["vulnerability_scan_alert"] = "Host <b>%{host}</b>: (<a href=\"%{url}\">Report</a>) %{msg}",
["vulnerability_scan_alert_new_issues"] = ": CVEs changed from %{num_issues} to %{new_cve} ]",
["vulnerability_scan_alert_ports_changed"] = " open ports changed from %{old_num_ports} to %{new_num_ports}",
["vulnerability_scan_alert_solved_issues"] = " %{num_issues} CVEs, solved %{cve_solved} ]",
["waiting_for_clickhouse_msg"] = "ClickHouse did not start correctly: please check the ntopng startup log and fix the reported problems.",
["warning"] = "Warning",
["week"] = "Week",
Expand Down Expand Up @@ -7721,10 +7717,19 @@ local lang = {
["vlan_id"] = "VLAN ID",
["vlans"] = "VLANs",
},
["vulnerability_scan_alert_ports_changed_cases"] = {
["new_ports"] = " %{open_ports_num} new %{protocol} open port(s) %{open_ports}.",
["ports_closed"] = " %{closed_ports_num} %{protocol} port(s) %{closed_ports} is/are now closed.",
["ports_open_and_closed"] = " new %{protocol} open port(s) %{open_ports} and %{protocol} port(s) %{closed_ports} is/are now closed.",
["vulnerability_scan"] = {
["and_other_n"] = "and other %{n}",
["host_alert"] = "%{msg} on <b>%{host}</b> (check the <a href=\"%{url}\">Report</a>)",
["new_issues"] = "CVEs changed from %{num_issues} to %{new_cve}",
["ports_changed"] = "Open ports changed from %{old_num_ports} to %{new_num_ports}",
["ports_changed_cases"] = {
-- ["new_port"] = "New %{protocol} open port (%{open_ports})",
["new_ports"] = "%{open_ports_num} new %{protocol} open ports (%{open_ports})",
-- ["port_closed"] = "%{protocol} port (%{closed_ports}) is now closed",
["ports_closed"] = "%{closed_ports_num} %{protocol} ports (%{closed_ports}) are now closed",
["ports_open_and_closed"] = "%{protocol} (%{open_ports}) and %{protocol} (%{closed_ports}) ports are now closed",
},
["solved_issues"] = " %{num_issues} CVEs, %{cve_solved} solved",
},
["widgets_page"] = {
["actions"] = "Actions",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,65 +60,60 @@ end
-- @return A human-readable string
function alert_vulnerability_scan.format(ifid, alert, alert_type_params)
local msg = ""
--[[if alert_type_params.num_ports and alert_type_params.num_ports.new_num_ports and alert_type_params.num_ports.old_num_ports then
if alert_type_params.num_ports.new_num_ports ~= alert_type_params.num_ports.old_num_ports then
msg = msg .. i18n('vulnerability_scan_alert_ports_changed', { new_num_ports = alert_type_params.num_ports.new_num_ports, old_num_ports = alert_type_params.num_ports.old_num_ports }) .. " "
end
end
--]]

if (alert_type_params.scan_type == "tcp_portscan" or alert_type_params.scan_type == "tcp_openports") then

if (not isEmptyString(alert_type_params.tcp_ports_case)) then
msg = msg .. i18n('vulnerability_scan_alert_ports_changed_cases.'..alert_type_params.tcp_ports_case, {
msg = msg .. i18n('vulnerability_scan.ports_changed_cases.'..alert_type_params.tcp_ports_case, {
open_ports_num = normalize_values(alert_type_params.tcp_open_ports,"num"),
open_ports = normalize_values(alert_type_params.tcp_open_ports,"ports"),
closed_ports_num = normalize_values(alert_type_params.tcp_closed_ports,"num"),
closed_ports = normalize_values(alert_type_params.tcp_closed_ports,"ports"),
protocol = i18n("tcp")
})

msg = msg:gsub("%,", ", ")
end

elseif (alert_type_params.scan_type == "udp_portscan") then
if (not isEmptyString(alert_type_params.udp_ports_case)) then

msg = msg .. i18n('vulnerability_scan_alert_ports_changed_cases.'..alert_type_params.udp_ports_case, {
msg = msg .. i18n('vulnerability_scan.ports_changed_cases.'..alert_type_params.udp_ports_case, {
open_ports_num = normalize_values(alert_type_params.udp_open_ports,"num"),
open_ports = normalize_values(alert_type_params.udp_open_ports,"ports"),
closed_ports_num = normalize_values(alert_type_params.udp_closed_ports,"num"),
closed_ports = normalize_values(alert_type_params.udp_closed_ports,"ports"),
protocol = i18n("udp")
})
msg = msg:gsub("%,", ", ")

end
end

end

if alert_type_params.num_new_cve_issues then
local new_cve = table.concat(alert_type_params.new_cve or {}, ", ")
if alert_type_params.num_new_cve_issues > 5 then
new_cve = new_cve .. " and other " .. alert_type_params.num_new_cve_issues - 5
new_cve = new_cve .. " " .. i18n('vulnerability_scan.and_other_n', { n = alert_type_params.num_new_cve_issues - 5 })
end
msg = msg .. i18n('vulnerability_scan_alert_new_issues', { num_issues = alert_type_params.num_new_cve_issues, new_cve = new_cve }) .. " "
msg = msg .. i18n('vulnerability_scan.new_issues', { num_issues = alert_type_params.num_new_cve_issues, new_cve = new_cve })
end

if alert_type_params.num_cve_solved then
local cve_solved = table.concat(alert_type_params.cve_solved or {}, ", ")
if alert_type_params.num_cve_solved > 5 then
cve_solved = cve_solved .. " and other " .. alert_type_params.num_cve_solved - 5
cve_solved = cve_solved .. " " .. i18n('vulnerability_scan.and_other_n', { n = alert_type_params.num_cve_solved - 5 })
end
msg = msg .. i18n('vulnerability_scan_alert_solved_issues', { num_issues = alert_type_params.num_cve_solved, cve_solved = cve_solved }) .. " "
msg = msg .. i18n('vulnerability_scan.solved_issues', { num_issues = alert_type_params.num_cve_solved, cve_solved = cve_solved }) .. " "
end

local host = alert_type_params.host_name
if isEmptyString(host) then
host = alert_type_params.host
end

local report_url = ntop.getHttpPrefix().."/lua/vulnerability_scan.lua?page=report&report_template=vs_result"
local report_url = getHttpHost() .. ntop.getHttpPrefix() ..
"/lua/vulnerability_scan.lua?page=report&report_template=vs_result"

local alert_descr = i18n('vulnerability_scan.host_alert', { host = host, msg = msg, url = report_url })

return i18n('vulnerability_scan_alert', { host = host, msg = msg, url = report_url })
return alert_descr
end

-- #######################################################
Expand Down
1 change: 1 addition & 0 deletions scripts/lua/modules/alert_utils.lua
Original file line number Diff line number Diff line change
Expand Up @@ -578,6 +578,7 @@ function alert_utils.formatAlertNotification(notif, options)

-- add the label, that is, engaged or released
msg = msg .. " " .. alertNotificationActionToLabel(notif.action, options.emoji) .. " "

local alert_message = alert_utils.formatAlertMessage(notif.ifid, notif)

if (options.add_cr) then
Expand Down

0 comments on commit d757f16

Please sign in to comment.