Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added endpoint to get alerts info from bitmap and alert id #8785

Merged
merged 1 commit into from
Oct 29, 2024
+38 −1
Merged

Added endpoint to get alerts info from bitmap and alert id #8785

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion scripts/lua/modules/alert_utils.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -800,7 +800,7 @@ function alert_utils.format_other_alerts(alert_bitmap, predominant_alert, alert_
for bit_num = 0, 7 do
-- Checks the bits set in this current nibble
local has_bit = alerts_map_nibble & (1 << bit_num) == (1 << bit_num)

if has_bit then -- The bit is set
-- The actual alert id is the bit number times the current byte multiplied by 8
local alert_id = math.floor(8 * nibble_num / 2) + bit_num
Expand Down
3 changes: 3 additions & 0 deletions scripts/lua/modules/http_lint.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2005,6 +2005,9 @@ local known_parameters = {
["mitre_tactic"] = validateListOfTypeInline(validateFilters(validateNumber)),
["mitre_technique"] = validateListOfTypeInline(validateFilters(validateNumber)),
["mitre_subtechnique"] = validateListOfTypeInline(validateFilters(validateNumber)),
["alert_map"] = validateSingleWord,
["alert_type"] = validateNumber,
["mitre_subtechnique"] = validateListOfTypeInline(validateFilters(validateNumber)),
["description"] = validateUnquoted,
["alert_l7_proto"] = validateNumber, -- An alert l7 protocol
["alert_subtype"] = validateSingleWord, -- An alert subtype string
Expand Down
34 changes: 34 additions & 0 deletions scripts/lua/rest/v2/get/alert/alert_from_map.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
--
-- (C) 2021-24 - ntop.org
--
local dirs = ntop.getDirs()
package.path = dirs.installdir .. "/scripts/lua/modules/alert_store/?.lua;" .. package.path
package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path

require "lua_utils"
local alert_utils = require "alert_utils"
local json = require "dkjson"
local rest_utils = require "rest_utils"

-- Given alerts bitmap and alert_id return all the alerts relevant for the provided values
-- Example: curl -u admin:admin -H "Content-Type: application/json" -d '{"alert_map": "10050000000100000000100000", "alert_type": "90"}' http://localhost:3000/lua/rest/v2/get/alert/alert_from_map.lua
-- Returns: {"rsp":{"additional_alerts":["TCP Connection Refused ","TCP No Data Exchanged ","Periodic Flow ","TCP Flow Reset "],"alerts_by_score":[]},"rc_str":"OK","rc":0,"rc_str_hr":"Success"}


local rc = rest_utils.consts.success.ok
local alerts_map = _GET["alert_map"]
local alert_id = _GET["alert_type"]
local res

if alerts_map and alert_id then
local other_alerts_by_score, additional_alerts = alert_utils.format_other_alerts(tostring(alerts_map), tostring(alert_id), nil, nil, true)
res = {
alerts_by_score = alerts_by_score or {},
additional_alerts = additional_alerts or {}
}
else
rc = rest_utils.consts.err.invalid_args
res = {}
end

rest_utils.answer(rc, res)
Loading