Adds skeleton for alerts exclusion lists

Addresses #4942
2026-05-03 09:20:10 +00:00 · 2021-02-05 09:41:50 +01:00 · 2021-02-05 09:41:50 +01:00 · 146b8fc1b0
commit 146b8fc1b0
parent 7a16c58485
2 changed files with 15 additions and 1 deletions
--- a/scripts/plugins/alerts/security/new_api_demo/user_scripts/flow/new_flow_api_demo.lua
+++ b/scripts/plugins/alerts/security/new_api_demo/user_scripts/flow/new_flow_api_demo.lua
@ -16,6 +16,13 @@ local script = {
   -- NOTE: hooks defined below
   hooks = {},

+   filter = {
+      -- Overrides filter.default_fields in the flow entry of user_scripts.available_subdirs
+      -- This will make default filters populated only with the source IP
+      -- NOTE: Fields must be in the filter.available_fields of the flow entry of user_scripts.available_subdirs
+      default_fields = {"srv.ip"},
+   },
+
   gui = {
      i18n_title = "New API Demo",
      i18n_description = "Demonstrate the use of the new API for flow alerts",