diff --git a/scripts/locales/en.lua b/scripts/locales/en.lua
index d35665c3ff..16be53e32c 100644
--- a/scripts/locales/en.lua
+++ b/scripts/locales/en.lua
@@ -851,7 +851,7 @@ local lang = {
["scan_detected"] = "%{entity} is a scanner [%{value} > %{threshold} scan attempts]",
["score_number_anomaly"] = "%{role} Score: %{score} [Expected Range: %{lower_bound} ... %{upper_bound} ][Cybersecurity Score: %{cat_sec}% | Network Score: %{cat_net}%][Flow Alerts: ][Past Host Alerts: ][Engaged Host Alerts: ]",
["score_number_anomaly_threshold"] = "%{metric} exceeded by %{entity} [%{value} > %{threshold}]",
- ["score_threshold"] = "Score exceeded by %{entity} as %{cli_or_srv} [%{value} > %{threshold}]",
+ ["score_threshold"] = "Score exceeded by %{entity} as %{cli_or_srv} [%{value} > %{threshold}] %{flows_info}",
["shell_script_executed"] = "Shell script '%{script_exec_comm}' executed in response of an alert: '%{alert_type}'",
["slow_periodic_activity"] = "Periodic activity \"%{script}\" running for too long [more than %{max_duration}] or executed too late (blocked in queue).",
["slow_purge"] = "Hash table idle entries purging on %{iface} is too slow. This could lead to high memory utilization, data accuracy loss and missing alerts. [%{idle}%% > %{max_idle}%%]",
diff --git a/scripts/lua/modules/alert_consts.lua b/scripts/lua/modules/alert_consts.lua
index 7179b879a8..fbf5f6c59f 100644
--- a/scripts/lua/modules/alert_consts.lua
+++ b/scripts/lua/modules/alert_consts.lua
@@ -161,7 +161,7 @@ end
-- ##############################################
function alert_consts.formatHostAlert(ifid, host, vlan)
- return hostinfo2label({host = host, vlan = vlan})
+ return hostinfo2label({host = host, vlan = vlan}, vlan)
end
-- ##############################################
diff --git a/scripts/lua/modules/alert_definitions/host/host_alert_score_threshold.lua b/scripts/lua/modules/alert_definitions/host/host_alert_score_threshold.lua
index 4b25dda7de..cb742a6ae4 100644
--- a/scripts/lua/modules/alert_definitions/host/host_alert_score_threshold.lua
+++ b/scripts/lua/modules/alert_definitions/host/host_alert_score_threshold.lua
@@ -51,9 +51,51 @@ function host_alert_score_threshold.format(ifid, alert, alert_type_params)
local host = alert_consts.formatHostAlert(ifid, alert["ip"], alert["vlan_id"])
local threshold = alert_type_params["threshold"] or 0
local as_cli_or_srv = i18n("client")
+ local as_cli = true
if alert_type_params["is_client_alert"] == false then
as_cli_or_srv = i18n("server")
+ as_cli = false
+ end
+
+ local flows_info_href = '(check live: )'
+ local ifName = _GET["ifid"]
+ if ntop.isClickHouseEnabled() then
+
+ local extra_params = {
+ ifid = {
+ value = ifName,
+ operator = "eq"
+ },
+ epoch_begin = {
+ value = _GET["epoch_begin"],
+ operator = "eq"
+ },
+ epoch_end = {
+ value = _GET["epoch_end"],
+ operator = "eq"
+ }
+ }
+ if alert["vlan_id"] ~= 0 then
+ extra_params.vlan_id = {
+ value = alert["vlan_id"],
+ operator = "eq"
+ }
+ end
+
+ if as_cli then
+ extra_params.cli_ip = {
+ value = alert["ip"],
+ operator = "eq"
+ }
+ else
+ extra_params.srv_ip = {
+ value = alert["ip"],
+ operator = "eq"
+ }
+ end
+
+ flows_info_href = flows_info_href..' (check historical: )'
end
if (tonumber(alert_type_params["value"]) > tonumber(threshold)) and (threshold > 0) then
@@ -63,6 +105,7 @@ function host_alert_score_threshold.format(ifid, alert, alert_type_params)
cli_or_srv = as_cli_or_srv,
value = alert_type_params["value"],
threshold = threshold,
+ flows_info = flows_info_href
})
end
end