Add syn-vs-rst and misbehaving-vs-total-flows alerts

2026-05-01 00:19:33 +00:00 · 2019-08-27 16:32:47 +02:00 · 2019-08-27 16:32:47 +02:00 · 3bf6ed1ecd
commit 3bf6ed1ecd
parent 606e681d8e
6 changed files with 204 additions and 46 deletions
--- a/scripts/lua/modules/alerts_api.lua
+++ b/scripts/lua/modules/alerts_api.lua
@ -853,6 +853,40 @@ end

 -- ##############################################

+function alerts_api.anomalousTCPFlagsType(num_syn, num_rst, ratio, is_sent, granularity)
+  return({
+    alert_type = alert_consts.alert_types.anomalous_tcp_flags,
+    alert_subtype = ternary(is_sent, "sent", "rcvd"),
+    alert_granularity = alert_consts.alerts_granularities[granularity],
+    alert_severity = alert_consts.alert_severities.warning,
+    alert_type_params = {
+      num_syn = num_syn,
+      num_rst = num_rst,
+      is_sent = is_sent,
+      ratio = ratio,
+    }
+  })
+end
+
+-- ##############################################
+
+function alerts_api.misbehavingFlowsRatioType(misbehaving_flows, total_flows, ratio, is_sent, granularity)
+  return({
+    alert_type = alert_consts.alert_types.misbehaving_flows_ratio,
+    alert_subtype = ternary(is_sent, "sent", "rcvd"),
+    alert_granularity = alert_consts.alerts_granularities[granularity],
+    alert_severity = alert_consts.alert_severities.warning,
+    alert_type_params = {
+      misbehaving_flows = misbehaving_flows,
+      total_flows = total_flows,
+      is_sent = is_sent,
+      ratio = ratio,
+    }
+  })
+end
+
+-- ##############################################
+
 function alerts_api.load_check_modules(subdir, str_granularity)
  local checks_dir = os_utils.fixPath(ALERT_CHECKS_MODULES_BASEDIR .. "/" .. subdir)
  local available_modules = {}