Fixes alert score/flow anomaly description (#5522)

2026-05-06 03:45:26 +00:00 · 2021-06-18 15:19:08 +02:00 · 2021-06-18 15:19:08 +02:00 · 89071f0a9a
commit 89071f0a9a
parent 8a1e315496
3 changed files with 24 additions and 33 deletions
--- a/scripts/lua/modules/alert_definitions/host/host_alert_flow_anomaly.lua
+++ b/scripts/lua/modules/alert_definitions/host/host_alert_flow_anomaly.lua
@ -46,28 +46,26 @@ end
 -- @param alert_type_params Table `alert_type_params` as built in the `:init` method
 -- @return A human-readable string
 function host_alert_flow_anomaly.format(ifid, alert, alert_type_params)
-  local alert_consts = require("alert_consts")
-  local json = json.decode(alert.json)
-  local is_both = alert_type_params["is_both"]
-  local is_client_alert = alert_type_params["is_client_alert"]
-  local role
-  local host = alert_consts.formatHostAlert(ifid, alert["ip"], alert["vlan_id"])
+   local is_both = alert_type_params["is_both"]
+   local is_client_alert = alert_type_params["is_client_alert"]
+   local role

-  if(is_both) then
-     role = "client and server"
-  elseif(is_client_alert) then
-     role = "client"
-  else
-     role = "server"
-  end
+   tprint(alert_type_params)

-  return i18n("alert_messages.flow_number_anomaly", {
-		 role = role,
-		 host = host,
-		 value = alert_type_params["value"],
-		 lower_bound = alert_type_params["lower_bound"],
-		 upper_bound = alert_type_params["upper_bound"],
-  })
+   if(is_both) then
+      role = i18n("client_and_server")
+   elseif(is_client_alert) then
+      role = i18n("client")
+   else
+      role = i18n("server")
+   end
+
+return i18n("alert_messages.flow_number_anomaly", {
+     role = role,
+     value = alert_type_params["value"],
+     lower_bound = alert_type_params["lower_bound"],
+     upper_bound = alert_type_params["upper_bound"],
+})
 end

 -- #######################################################
--- a/scripts/lua/modules/alert_definitions/host/host_alert_score_anomaly.lua
+++ b/scripts/lua/modules/alert_definitions/host/host_alert_score_anomaly.lua
@ -81,18 +81,13 @@ function host_alert_score_anomaly.format(ifid, alert, alert_type_params)
  local is_both = alert_type_params["is_both"]
  local role
  local host = alert_consts.formatHostAlert(ifid, alert["ip"], alert["vlan_id"])
-  local sec_cat = 0
-  local net_cat = 0
  
  if(is_both) then
     role = i18n("client_and_server")
-     net_cat, sec_cat = get_problematic_category(alert_type_params, true)
  elseif(is_client_alert) then
     role = i18n("client")
-     net_cat, sec_cat = get_problematic_category(alert_type_params, nil, "client")
  else
     role = i18n("server")
-     net_cat, sec_cat = get_problematic_category(alert_type_params, nil, "server")
  end
  
  return i18n("alert_messages.score_number_anomaly", {
@ -101,8 +96,6 @@ function host_alert_score_anomaly.format(ifid, alert, alert_type_params)
 		 score = alert_type_params["value"],
 		 lower_bound = alert_type_params["lower_bound"],
 		 upper_bound = alert_type_params["upper_bound"],
-		 network = net_cat,
-		 security = sec_cat,
  })
 end