diff --git a/scripts/locales/en.lua b/scripts/locales/en.lua
index c774da0cc4ac..ff66b6e8cf7b 100644
--- a/scripts/locales/en.lua
+++ b/scripts/locales/en.lua
@@ -677,10 +677,6 @@ local lang = {
   ["vlan_filter"] = "VLAN Filter",
   ["vlan_id"] = "VLAN",
   ["volume"] = "Volume",
-  ["vulnerability_scan_alert"] = "Host <b>%{host}</b>: (<a href=\"%{url}\">Report</a>) %{msg}",
-  ["vulnerability_scan_alert_new_issues"] = ": CVEs changed from %{num_issues} to %{new_cve} ]",
-  ["vulnerability_scan_alert_ports_changed"] = " open ports changed from %{old_num_ports} to %{new_num_ports}",
-  ["vulnerability_scan_alert_solved_issues"] = " %{num_issues} CVEs, solved %{cve_solved} ]",
   ["waiting_for_clickhouse_msg"] = "ClickHouse did not start correctly: please check the ntopng startup log and fix the reported problems.",
   ["warning"] = "Warning",
   ["week"] = "Week",
@@ -7721,10 +7717,19 @@ local lang = {
     ["vlan_id"] = "VLAN ID",
     ["vlans"] = "VLANs",
   },
-  ["vulnerability_scan_alert_ports_changed_cases"] = {
-    ["new_ports"] = " %{open_ports_num} new %{protocol} open port(s) %{open_ports}.",
-    ["ports_closed"] = " %{closed_ports_num} %{protocol} port(s) %{closed_ports} is/are now closed.",
-    ["ports_open_and_closed"] = " new %{protocol} open port(s) %{open_ports} and %{protocol} port(s) %{closed_ports} is/are now closed.",
+  ["vulnerability_scan"] = {
+    ["and_other_n"] = "and other %{n}",
+    ["host_alert"] = "%{msg} on <b>%{host}</b> (check the <a href=\"%{url}\">Report</a>)",
+    ["new_issues"] = "CVEs changed from %{num_issues} to %{new_cve}",
+    ["ports_changed"] = "Open ports changed from %{old_num_ports} to %{new_num_ports}",
+    ["ports_changed_cases"] = {
+      -- ["new_port"] = "New %{protocol} open port (%{open_ports})",
+      ["new_ports"] = "%{open_ports_num} new %{protocol} open ports (%{open_ports})",
+      -- ["port_closed"] = "%{protocol} port (%{closed_ports}) is now closed",
+      ["ports_closed"] = "%{closed_ports_num} %{protocol} ports (%{closed_ports}) are now closed",
+      ["ports_open_and_closed"] = "%{protocol} (%{open_ports}) and %{protocol} (%{closed_ports}) ports are now closed",
+    },
+    ["solved_issues"] = " %{num_issues} CVEs, %{cve_solved} solved",
   },
   ["widgets_page"] = {
     ["actions"] = "Actions",
diff --git a/scripts/lua/modules/alert_definitions/other/alert_vulnerability_scan.lua b/scripts/lua/modules/alert_definitions/other/alert_vulnerability_scan.lua
index d0445dc85e9e..d62d6731bfaf 100644
--- a/scripts/lua/modules/alert_definitions/other/alert_vulnerability_scan.lua
+++ b/scripts/lua/modules/alert_definitions/other/alert_vulnerability_scan.lua
@@ -60,29 +60,22 @@ end
 -- @return A human-readable string
 function alert_vulnerability_scan.format(ifid, alert, alert_type_params)
    local msg = ""
-   --[[if alert_type_params.num_ports and alert_type_params.num_ports.new_num_ports and alert_type_params.num_ports.old_num_ports then
-      if alert_type_params.num_ports.new_num_ports ~= alert_type_params.num_ports.old_num_ports then
-         msg = msg .. i18n('vulnerability_scan_alert_ports_changed', { new_num_ports = alert_type_params.num_ports.new_num_ports, old_num_ports = alert_type_params.num_ports.old_num_ports }) .. " "
-      end
-   end
-   --]]
+
    if (alert_type_params.scan_type == "tcp_portscan" or alert_type_params.scan_type == "tcp_openports") then
-     
       if (not isEmptyString(alert_type_params.tcp_ports_case)) then
-         msg = msg .. i18n('vulnerability_scan_alert_ports_changed_cases.'..alert_type_params.tcp_ports_case, {
+         msg = msg .. i18n('vulnerability_scan.ports_changed_cases.'..alert_type_params.tcp_ports_case, {
             open_ports_num = normalize_values(alert_type_params.tcp_open_ports,"num"),
             open_ports = normalize_values(alert_type_params.tcp_open_ports,"ports"),
             closed_ports_num = normalize_values(alert_type_params.tcp_closed_ports,"num"),
             closed_ports = normalize_values(alert_type_params.tcp_closed_ports,"ports"),
             protocol = i18n("tcp")
          })
-
          msg = msg:gsub("%,", ", ")
       end
+
    elseif (alert_type_params.scan_type == "udp_portscan") then
       if (not isEmptyString(alert_type_params.udp_ports_case)) then
-
-      msg = msg .. i18n('vulnerability_scan_alert_ports_changed_cases.'..alert_type_params.udp_ports_case, {
+      msg = msg .. i18n('vulnerability_scan.ports_changed_cases.'..alert_type_params.udp_ports_case, {
          open_ports_num = normalize_values(alert_type_params.udp_open_ports,"num"),
          open_ports = normalize_values(alert_type_params.udp_open_ports,"ports"),
          closed_ports_num = normalize_values(alert_type_params.udp_closed_ports,"num"),
@@ -90,25 +83,24 @@ function alert_vulnerability_scan.format(ifid, alert, alert_type_params)
          protocol = i18n("udp")
       })
       msg = msg:gsub("%,", ", ")
-
-   end
+      end
 
    end
 
    if alert_type_params.num_new_cve_issues then
       local new_cve = table.concat(alert_type_params.new_cve or {}, ", ")
       if alert_type_params.num_new_cve_issues > 5 then
-         new_cve = new_cve .. " and other " .. alert_type_params.num_new_cve_issues - 5
+         new_cve = new_cve .. " " .. i18n('vulnerability_scan.and_other_n', { n = alert_type_params.num_new_cve_issues - 5 })
       end 
-      msg = msg .. i18n('vulnerability_scan_alert_new_issues', { num_issues = alert_type_params.num_new_cve_issues, new_cve = new_cve }) .. " "
+      msg = msg .. i18n('vulnerability_scan.new_issues', { num_issues = alert_type_params.num_new_cve_issues, new_cve = new_cve })
    end
 
    if alert_type_params.num_cve_solved then
       local cve_solved = table.concat(alert_type_params.cve_solved or {}, ", ")
       if alert_type_params.num_cve_solved > 5 then
-         cve_solved = cve_solved .. " and other " ..  alert_type_params.num_cve_solved - 5
+         cve_solved = cve_solved .. " " .. i18n('vulnerability_scan.and_other_n', { n = alert_type_params.num_cve_solved - 5 })
       end 
-      msg = msg .. i18n('vulnerability_scan_alert_solved_issues', { num_issues = alert_type_params.num_cve_solved, cve_solved = cve_solved }) .. " "
+      msg = msg .. i18n('vulnerability_scan.solved_issues', { num_issues = alert_type_params.num_cve_solved, cve_solved = cve_solved }) .. " "
    end
 
    local host = alert_type_params.host_name
@@ -116,9 +108,12 @@ function alert_vulnerability_scan.format(ifid, alert, alert_type_params)
       host = alert_type_params.host
    end
 
-   local report_url = ntop.getHttpPrefix().."/lua/vulnerability_scan.lua?page=report&report_template=vs_result"
+   local report_url = getHttpHost() .. ntop.getHttpPrefix() .. 
+      "/lua/vulnerability_scan.lua?page=report&report_template=vs_result"
+
+   local alert_descr = i18n('vulnerability_scan.host_alert', { host = host, msg = msg, url = report_url })
 
-   return i18n('vulnerability_scan_alert', { host = host, msg = msg, url = report_url })
+   return alert_descr
 end
 
 -- #######################################################
diff --git a/scripts/lua/modules/alert_utils.lua b/scripts/lua/modules/alert_utils.lua
index 593e4085c21e..ffa05766b873 100644
--- a/scripts/lua/modules/alert_utils.lua
+++ b/scripts/lua/modules/alert_utils.lua
@@ -578,6 +578,7 @@ function alert_utils.formatAlertNotification(notif, options)
 
     -- add the label, that is, engaged or released
     msg = msg .. " " .. alertNotificationActionToLabel(notif.action, options.emoji) .. " "
+
     local alert_message = alert_utils.formatAlertMessage(notif.ifid, notif)
 
     if (options.add_cr) then