Add ability to filter on alert status (#8795)

ntop · Nov 8, 2024 · 299057f · 299057f
1 parent 42dc80a
commit 299057f
Show file tree

Hide file tree

Showing 6 changed files with 51 additions and 0 deletions.
diff --git a/scripts/locales/en.lua b/scripts/locales/en.lua
@@ -2160,6 +2160,12 @@ local lang = {
         ["vlan_id"] = "VLAN",
         ["wlan_ssid"] = "WLAN SSID",
         ["where_note"] = "Use &lt;field&gt; &lt;operator&gt; &lt;value&gt; conditions, where &lt;operator&gt; could be &lt;, &gt;, =, !=. AND/OR operators are also allowed to combine conditions. Please use quotes for string fields (e.g. INFO='www.ntop.org')",
+        ["alert_status"] = {
+            ["acknowledged"] = "Acknowledged",
+            ["any"] = "All",
+            ["engaged"] = "Engaged",
+            ["historical"] = "Requiring Attention"
+        },
         ["all"] = {
             ["host_pool"] = "All Host Pools",
             ["input_snmp"] = "All Interfaces",
@@ -2177,6 +2183,7 @@ local lang = {
             ["alert_category"] = "Category",
             ["alert_description"] = "Description",
             ["alert_id"] = "Alert Type",
+            ["alert_status"] = "Alert Status",
             ["apn_mac"] = "APN MAC",
             ["asn"] = "ASN",
             ["bytes"] = "Bytes",

diff --git a/scripts/lua/modules/alert_consts.lua b/scripts/lua/modules/alert_consts.lua
@@ -74,23 +74,43 @@ alert_consts.alert_status = {
    ["historical"] = {
       -- Alerts written to the database that require attention
       alert_status_id = 0,
+      i18n_title = "db_search.alert_status.historical",
+      on_db = true
    },
    ["acknowledged"] = {
       -- Acknowledged (automatically or from the user) alerts written to the database
       alert_status_id = 1,
+      i18n_title = "db_search.alert_status.acknowledged",
+      on_db = true
    },
    ["engaged"] = {
       -- Engaged (not actually used in the database as engaged alerts are in memory)
       alert_status_id = 2,
+      i18n_title = "db_search.alert_status.engaged",
+      on_db = true
    },
    ["any"] = {
       -- Not actually used in the database (historical | acknowledged)
       alert_status_id = 3,
+      i18n_title = "db_search.alert_status.any",
+      on_db = false
    },
 }
 
 -- ################################################################################
 
+function alert_consts.alertStatusById(status)
+   for key, info in pairs(alert_consts.alert_status) do
+      if info.alert_status_id == status then
+         return info
+      end
+   end
+
+   return nil
+end
+
+-- ################################################################################
+
 alert_consts.ids_rule_maker = {
    GPL = "GPL",
    SURICATA = "Suricata",

diff --git a/scripts/lua/modules/alert_store/alert_store.lua b/scripts/lua/modules/alert_store/alert_store.lua
@@ -2020,6 +2020,7 @@ function alert_store:add_request_filters(is_write)
     local epoch_end = tonumber(_GET["epoch_end"])
     local alert_id = _GET["alert_id"] or _GET["alert_type"] --[[ compatibility ]] --
     local alert_category = _GET["alert_category"]
+    local alert_status = _GET["alert_status"]
     local alert_severity = _GET["severity"] or _GET["alert_severity"]
     local score = _GET["score"]
     local rowid = _GET["row_id"]
@@ -2042,6 +2043,7 @@ function alert_store:add_request_filters(is_write)
 
     self:add_filter_condition_list('alert_id', alert_id, 'number')
     self:add_filter_condition_list('alert_category', alert_category, 'number')
+    self:add_filter_condition_list('alert_status', alert_status, 'number')
     self:add_filter_condition_list('severity', alert_severity, 'number')
     self:add_filter_condition_list('score', score, 'number')
     self:add_filter_condition_list('tstamp', tstamp, 'number')

diff --git a/scripts/lua/modules/alert_store/host_alert_store.lua b/scripts/lua/modules/alert_store/host_alert_store.lua
@@ -371,6 +371,7 @@ end
 -- @brief Get info about additional available filters
 function host_alert_store:_get_additional_available_filters()
     local filters = {
+        alert_status = tag_utils.defined_tags.alert_status,
         vlan_id = tag_utils.defined_tags.vlan_id,
         ip_version = tag_utils.defined_tags.ip_version,
         ip = tag_utils.defined_tags.ip,

diff --git a/scripts/lua/modules/http_lint.lua b/scripts/lua/modules/http_lint.lua
@@ -2013,6 +2013,7 @@ local known_parameters = {
    ["alert_subtype"] = validateSingleWord,                                            -- An alert subtype string
    ["alert_severity"] = validateNumber,                                               -- An alert severity enum
    ["severity"] = validateListOfTypeInline(validateFilters(validateNumber)),          -- Same as alert_severity
+   ["alert_status"] = validateListOfTypeInline(validateFilters(validateNumber)),      -- An alert status enum
    ["alert_granularity"] = validateNumber,                                            -- An alert granularity
    ["entity"] = validateNumber,                                                       -- An alert entity type
    ["by_24h"] = validateBool,                                                         -- Used to know if the new or the old timeseries format is requested

diff --git a/scripts/lua/modules/tag_utils.lua b/scripts/lua/modules/tag_utils.lua
@@ -278,6 +278,12 @@ tag_utils.defined_tags = {
         i18n_label = i18n('db_search.dst2src_tcp_flags'),
         operators = { 'eq', 'neq', 'in', 'nin' }
     },
+    alert_status = {
+        type = tag_utils.input_types.select,
+        value_type = 'alert_status',
+        i18n_label = i18n('db_search.tags.alert_status'),
+        operators = { 'eq', 'neq' }
+    },
     severity = {
         type = tag_utils.input_types.select,
         value_type = 'severity',
@@ -893,6 +899,9 @@ tag_utils.formatters = {
     severity = function(severity)
         return (i18n(alert_consts.alertSeverityById(tonumber(severity)).i18n_title))
     end,
+    alert_status = function(status)
+        return (i18n(alert_consts.alertSeverityById(tonumber(status)).i18n_title))
+    end,
     alert_id = function(status)
         local alert_entities = require "alert_entities"
         return alert_consts.alertTypeLabel(status, true, alert_entities.flow.entity_id)
@@ -1305,6 +1314,17 @@ function tag_utils.get_tag_info(id, entity, hide_exporters_name, restrict_filter
             value = "server",
             label = i18n("server")
         }
+    elseif tag.value_type == "alert_status" then
+        filter.value_type = 'array'
+        filter.options = {}
+        for key, info in pairs(alert_consts.alert_status) do
+            if info.on_db then
+                filter.options[#filter.options + 1] = {
+                    value = info.alert_status_id,
+                    label = i18n(info.i18n_title)
+                }
+            end
+        end
     elseif tag.value_type == "severity" then
         filter.value_type = 'array'
         filter.options = {}