/src/ntopng/include/HostAlert.h

Source
/*
 *
 * (C) 2013-26 - ntop.org
 *
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 */

#ifndef _HOST_ALERT_H_
#define _HOST_ALERT_H_

#include "ntop_includes.h"

class HostCheck;

class HostAlert {
 private:
  Host* host;
  bool released;               /* to be released */
  bool last_released_for_host; /* there no other engaged alert at the time this
                                  has been released */
  bool expiring;               /* engaged, under re-evaluation */
  HostCheckID check_id;
  std::string check_name;
  u_int64_t rowid; /* row id used by engaged alert in the in-memory table */
  time_t engage_time;
  time_t release_time;
  time_t timeout_time; /* used by alerts with no C++ Check to automatically
                          disengage */
  risk_percentage
      cli_pctg; /* The fraction of total risk that goes to the client */
  bool is_attacker, is_victim; /* Whether the host of this alert is considered
                                  to be an attacker o a victim */
  /*
     Adds to the passed `serializer` (generated with `getAlertSerializer`)
     information specific to this alert
   */
  virtual ndpi_serializer* getAlertJSON(ndpi_serializer* serializer) {
    return serializer;
  }
  void init(HostCheckID _check_id, std::string _check_name, Host* h,
            risk_percentage _cli_pctg);

 public:
  HostAlert(HostCheckID check_id, std::string check_name, Host* h,
            risk_percentage _cli_pctg);
  HostAlert(HostCheck* c, Host* h, risk_percentage _cli_pctg);
  virtual ~HostAlert();

  inline u_int8_t getCliScore() const {
    return (cli_pctg * getAlertScore()) / 100;
  }
  inline u_int8_t getSrvScore() const {
    return (getAlertScore() - getCliScore());
  }
  /*
    An alert is assumed to be client if the client score is positive and greater
    than the server score. Similarly, it is assumed to be server when the server
    score is positive and greater than the client score.
   */
  inline bool isClient() const {
    return getCliScore() > 0 && getCliScore() > getSrvScore();
  }
  inline bool isServer() const {
    return getSrvScore() > 0 && getSrvScore() > getCliScore();
  }

  inline void setAttacker() { is_attacker = true; }
  inline void setVictim() { is_victim = true; }
  inline bool isAttacker() const { return is_attacker; }
  inline bool isVictim() const { return is_victim; }

  virtual HostAlertType getAlertType() const = 0;
  virtual u_int8_t getAlertScore() const { return SCORE_LEVEL_NOTICE; };

  /* Alert automatically released when the condition is no longer satisfied. */
  virtual bool hasAutoRelease() { return true; }

  inline Host* getHost() const { return (host); }
  inline HostCheckID getCheckType() const { return (check_id); }
  inline std::string getCheckName() const { return (check_name); }

  inline void setEngaged(u_int64_t _rowid) {
    expiring = released = false;
    rowid = _rowid;
  }

  inline void setExpiring() { expiring = true; }
  inline bool isExpired() { return expiring; }

  inline void setTimeout(time_t t) { timeout_time = t; }
  inline time_t getTimeout() { return timeout_time; }

  inline void release() {
    released = true;
    release_time = time(NULL);
  }
  inline bool isReleased() { return released; }

  inline void setLastReleased() { last_released_for_host = true; }
  inline bool isLastReleased() { return last_released_for_host; }

  inline time_t getEngageTime() { return engage_time; }
  inline time_t getReleaseTime() { return release_time; }
  inline u_int32_t getRowID() { return rowid; }

  inline bool equals(HostAlertType type) {
    return getAlertType().id == type.id;
  }

  virtual bool autoAck() const { return false; };

  /* Generates the JSON alert serializer with base information and per-check
   * information gathered with `getAlertJSON`. NOTE: memory must be freed by the
   * caller. */
  ndpi_serializer* getSerializedAlert();
};

#endif /* _HOST_ALERT_H_ */

Coverage Report

Created: 2026-05-24 07:04

Line	Count	Source
1		/*
2		*
3		* (C) 2013-26 - ntop.org
4		*
5		*
6		* This program is free software; you can redistribute it and/or modify
7		* it under the terms of the GNU General Public License as published by
8		* the Free Software Foundation; either version 3 of the License, or
9		* (at your option) any later version.
10		*
11		* This program is distributed in the hope that it will be useful,
12		* but WITHOUT ANY WARRANTY; without even the implied warranty of
13		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14		* GNU General Public License for more details.
15		*
16		* You should have received a copy of the GNU General Public License
17		* along with this program; if not, write to the Free Software Foundation,
18		* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19		*
20		*/
21
22		#ifndef _HOST_ALERT_H_
23		#define _HOST_ALERT_H_
24
25		#include "ntop_includes.h"
26
27		class HostCheck;
28
29		class HostAlert {
30		private:
31		Host* host;
32		bool released; /* to be released */
33		bool last_released_for_host; /* there no other engaged alert at the time this
34		has been released */
35		bool expiring; /* engaged, under re-evaluation */
36		HostCheckID check_id;
37		std::string check_name;
38		u_int64_t rowid; /* row id used by engaged alert in the in-memory table */
39		time_t engage_time;
40		time_t release_time;
41		time_t timeout_time; /* used by alerts with no C++ Check to automatically
42		disengage */
43		risk_percentage
44		cli_pctg; /* The fraction of total risk that goes to the client */
45		bool is_attacker, is_victim; /* Whether the host of this alert is considered
46		to be an attacker o a victim */
47		/*
48		Adds to the passed `serializer` (generated with `getAlertSerializer`)
49		information specific to this alert
50		*/
51	0	virtual ndpi_serializer* getAlertJSON(ndpi_serializer* serializer) {
52	0	return serializer;
53	0	}
54		void init(HostCheckID _check_id, std::string _check_name, Host* h,
55		risk_percentage _cli_pctg);
56
57		public:
58		HostAlert(HostCheckID check_id, std::string check_name, Host* h,
59		risk_percentage _cli_pctg);
60		HostAlert(HostCheck* c, Host* h, risk_percentage _cli_pctg);
61		virtual ~HostAlert();
62
63	0	inline u_int8_t getCliScore() const {
64	0	return (cli_pctg * getAlertScore()) / 100;
65	0	}
66	0	inline u_int8_t getSrvScore() const {
67	0	return (getAlertScore() - getCliScore());
68	0	}
69		/*
70		An alert is assumed to be client if the client score is positive and greater
71		than the server score. Similarly, it is assumed to be server when the server
72		score is positive and greater than the client score.
73		*/
74	0	inline bool isClient() const {
75	0	return getCliScore() > 0 && getCliScore() > getSrvScore();
76	0	}
77	0	inline bool isServer() const {
78	0	return getSrvScore() > 0 && getSrvScore() > getCliScore();
79	0	}
80
81	0	inline void setAttacker() { is_attacker = true; }
82	0	inline void setVictim() { is_victim = true; }
83	0	inline bool isAttacker() const { return is_attacker; }
84	0	inline bool isVictim() const { return is_victim; }
85
86		virtual HostAlertType getAlertType() const = 0;
87	0	virtual u_int8_t getAlertScore() const { return SCORE_LEVEL_NOTICE; };
88
89		/* Alert automatically released when the condition is no longer satisfied. */
90	0	virtual bool hasAutoRelease() { return true; }
91
92	0	inline Host* getHost() const { return (host); }
93	0	inline HostCheckID getCheckType() const { return (check_id); }
94	0	inline std::string getCheckName() const { return (check_name); }
95
96	0	inline void setEngaged(u_int64_t _rowid) {
97	0	expiring = released = false;
98	0	rowid = _rowid;
99	0	}
100
101	0	inline void setExpiring() { expiring = true; }
102	0	inline bool isExpired() { return expiring; }
103
104	0	inline void setTimeout(time_t t) { timeout_time = t; }
105	0	inline time_t getTimeout() { return timeout_time; }
106
107	0	inline void release() {
108	0	released = true;
109	0	release_time = time(NULL);
110	0	}
111	0	inline bool isReleased() { return released; }
112
113	0	inline void setLastReleased() { last_released_for_host = true; }
114	0	inline bool isLastReleased() { return last_released_for_host; }
115
116	0	inline time_t getEngageTime() { return engage_time; }
117	0	inline time_t getReleaseTime() { return release_time; }
118	0	inline u_int32_t getRowID() { return rowid; }
119
120	0	inline bool equals(HostAlertType type) {
121	0	return getAlertType().id == type.id;
122	0	}
123
124	0	virtual bool autoAck() const { return false; };
125
126		/* Generates the JSON alert serializer with base information and per-check
127		* information gathered with `getAlertJSON`. NOTE: memory must be freed by the
128		* caller. */
129		ndpi_serializer* getSerializedAlert();
130		};
131
132		#endif /* _HOST_ALERT_H_ */