vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-02 00:40:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Adds scores to flow-risk based alerts

Browse source
This commit is contained in:
Simone Mainardi 2021-06-11 12:35:32 +02:00
parent 6b8ddcaad4
commit 62e20d471b
45 changed files with 189 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

10
include/flow_alerts/FlowRiskBinaryApplicationTransferAlert.h
View file

@ -24,17 +24,21 @@
#include "ntop_includes.h"
class FlowRiskBinaryApplicationTransferAlert : public FlowAlert {
class FlowRiskBinaryApplicationTransferAlert : public FlowRiskAlert {
private:
ndpi_serializer *getAlertJSON(ndpi_serializer* serializer);
public:
static ndpi_risk_enum getClassRisk() { return NDPI_BINARY_APPLICATION_TRANSFER; }
static FlowAlertType getClassType() { return { flow_alert_suspicious_file_transfer, alert_category_security }; }
static u_int8_t getDefaultScore() { u_int16_t c, s; ndpi_risk2score(getClassRisk(), &c, &s); return c + s; }
FlowRiskBinaryApplicationTransferAlert(FlowCallback *c, Flow *f) : FlowAlert(c, f) { };
FlowRiskBinaryApplicationTransferAlert(FlowCallback *c, Flow *f) : FlowRiskAlert(c, f) { };
~FlowRiskBinaryApplicationTransferAlert() { };
FlowAlertType getAlertType() const { return getClassType(); }
FlowAlertType getAlertType() const { return getClassType(); }
ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
u_int8_t getAlertScore() const { return getDefaultScore(); }
};
#endif /* _FR_BINARY_APPLICATION_TRANSFER_ALERT_H_ */