Notify admins when unexpected devices pop up on network

[nqb]

Description

Be informed (through security event) when a device pops up into a VLAN or a subnet that shouldn’t be there.

In order to trigger a security event, PacketFence must receive: DHCP traffic or RADIUS accounting. We don't trigger on RADIUS authentication requests.

If we receive several DHCP or RADIUS requests for the same device but IP isn't updated, security event will not be triggered again due to:

pfqueue(3805535) DEBUG: [mac:unknown] No recent data found for 33:33:33:33:33:33, will not trigger device profiling. Was last updated at 2023-06-21T10:17:12.067524888Z and last process timestamp is 2023-06-21T10:17:12 (pf::fingerbank::process)

Issue

fixes #7529

Delete branch after merge

YES

Checklist

(REQUIRED) - [yes, no or n/a]

• Document the feature
• Add unit tests

NEWS file entries

Enhancements

• Be informed (through security event) when a device pops up into a VLAN or a subnet that shouldn’t be there

[nqb]

@satkunas, I need your help to make "Device is not" field perform a search exactly like "Device" field is doing (using api/v1/fingerbank/all/devices/search). I was not able to figure out how to do it.

[nqb]

I just need help to finalize frontend but nothing more to do on my side.

[nqb]

@jrouzierinverse I had a discussion with @satkunas and in fact, the code needs to be adjusted on backend. pfperl-api currently returns:

# pfperl-api get -M OPTIONS /api/v1/config/security_events
[..]
"device": {                                                                                                                                                                                                                       │
            "allow_custom": false,                                                                                                                                                                                                          │
            "allowed_lookup": {                                                                                                                                                                                                             │
              "field_name": "name",                                                                                                                                                                                                         │
              "search_path": "/api/v1/fingerbank/all/devices/search",                                                                                                                                                                       │
              "value_name": "id"                                                                                                                                                                                                            │
            },               
[..]
"device_is_not": {                                                                                                                                                                                                                │
            "default": null,                                                                                                                                                                                                                │
            "implied": null,                                                                                                                                                                                                                │
            "placeholder": null,                                                                                                                                                                                                            │
            "required": false,                                                                                                                                                                                                              │
            "type": "string"                                                                                                                                                                                                                │
          },

I would like to have similar results for device_is_not but I'm not able to figure out which portion of the code should I changed.
I think the logic is under /usr/local/pf/lib/pf/UnifiedApi/Controller/Config.pm.
Could you provide some help @jrouzierinverse ?

[nqb]

@jrouzierinverse, I made changes you requested in Trigger.pm + unit tests. Frontend behaves as it should now.
If you are happy with the state of this PR, please merge.