Adds search by tcp flags in SYN scan alert

2026-04-28 23:19:33 +00:00 · 2021-08-02 18:43:08 +02:00 · 2021-08-02 18:43:08 +02:00 · 805b99f03c
commit 805b99f03c
parent d84fc3405a
2 changed files with 9 additions and 3 deletions
--- a/scripts/lua/modules/alert_utils.lua
+++ b/scripts/lua/modules/alert_utils.lua
@ -590,7 +590,13 @@ function alert_utils.getLinkToPastFlows(ifid, alert, alert_json)
 	       end
 	    elseif string.contains(name, "tcp_flags") then
 	       -- Assumes IN query
-	       tags[#tags + 1] = {name = name, op = "in", val = tostring(val)}
+	       if val >= 0 then
+		  -- Assumes IN
+		  tags[#tags + 1] = {name = name, op = "in", val = tostring(val)}
+	       else
+		  -- A negative value assumes NOT IN
+		  tags[#tags + 1] = {name = name, op = "nin", val = tostring(-val)}
+	       end
 	    else
 	       -- Fallback, assume equality
 	       tags[#tags + 1] = {name = name, op = "eq", val = tostring(val)}