NetAlertX icon indicating copy to clipboard operation
NetAlertX copied to clipboard

Published 20 hours ago β€’ verified publisher icon jokob-sk

revisit default alerting and guessed types/icons

Open FlyingToto opened this issue 7 months ago β€’ 5 comments

Is there an existing issue for this?

  • [X] I have searched the existing open and closed issues

Am I willing to test this? πŸ§ͺ

  • [X] I will do my best to test this feature on the netlertx-dev image when requested within 48h and report bugs to help deliver a great user experience for everyone and not to break existing installations.

Can I help implement this? πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

  • [X] Yes
  • [X] No

Is your feature request related to a problem? Please describe

Not an issue aside from human laziness... it can be a bit tedious to customize a lot of params manually.. basically, I think we could enhance NaX guesses in terms of types/icons and from there refine alerting...

Describe the solution you'd like

taking a multi-steps approach:

Best guess unknown device types (and logo) by:

  1. routing details (we already identify the ISP gateway throrugh dig, we can identify routers and/or firewalls from traceroute/interfaces settings, )
  2. services (leveraging nmap/nbdt/... ) we might be able to identify a server vs win pc vs linux vs a phone?
  3. from the MAC address, we can most likely make an educated guess from the Vendor MAC (unifi,cisco,...=switch/ap/router), irobot 80% chance= vaccuum,... )
  4. vendor logo and family-generic type ie: if MAC=amazon then logo=amazon, type=IOT (people can then refine it between speaker, TVstreamer, doorbell... )
  5. use a vendor logo and type=undefined
  6. use ? logo and type=unknown as a last resort

based on best practices and guessed types pre-configure default alerts...

for insance:

  1. rogue DHCP Server -> call the cops & army
  2. if new MAC detected for the first time-> notify by texts, phone calls,
  3. if router/gateway goes down -> notify by texts,....
  4. if switch/servers/IOT goes down -> notify by email
  5. everything else, generate weekly report by email... etc....

Describe alternatives you've considered

for the time being, I have been using the device screens and sorting to select devices by types or by MAC and manually mult-edit them accordingly... that works but takes a bit of time....

Anything else?

maybe we could setup a google spreadsheet over the internet to ask users to fill in their preferences in terms of guessed types/logos/alerts.... basically crowdsource it...

FlyingToto avatar Jul 18 '24 16:07 FlyingToto