Implement Alert Interface

[ackepenek]

Implement Alert Interface

[ULAKBIM]

This interface should enable a Plug-in admin to run two type queries. The first one can be named as verification query which lets the admin to run the query number in alert on the time window specified in alert (by taking Time Zone into account) with an IP filter (src net A.B.C.D/24 or dst net A.B.C.D/24) of the Plug-in with ID again identified in the alert. (To see if you really attacked)

E.g. Alert: Running Q15 in Plug-in 3 resulted in 11 matches during 6.00 A.M - 7.00 A.M (GMT+3) with IP addresses from your domian.
Verification Query: run Q15 on your flows during 6.00 A.M - 7.00 A.M (GMT+3) (modify this according to your timezone) with IP filter of Plug-in 3.
2nd Query: Run Verification query without IP filter to see if you have attacked to other destination qith the same pattern in Q15. So run Q15 (either on the same time window or another one)