Added confidence filter

scripts/lua/modules/historical_flow_utils.lua

@@ -329,7 +329,7 @@ local function dt_format_l7_proto(l7_proto, record)
    if not isEmptyString(l7_proto) then
     local json = require "dkjson"
     local title = interface.getnDPIProtoName(tonumber(l7_proto))
-    local confidence = ""
+    local confidence = nil
     local alert_json = {}
     
     if record["ALERT_JSON"] then
@@ -337,11 +337,7 @@ local function dt_format_l7_proto(l7_proto, record)
     end
 
     if (alert_json.proto) and (alert_json.proto.confidence) and (not isEmptyString(alert_json.proto.confidence)) then
-      if string.starts(alert_json.proto.confidence, "DPI") then
-        confidence = i18n("confidence_dpi")
-      else
-        confidence = i18n("confidence_guessed")  
-      end
+      confidence = alert_json.proto.confidence
     end
 
     l7_proto = {
@@ -1124,6 +1120,7 @@ function historical_flow_utils.get_tags()
    flow_defined_tags["snmp_interface"] = tag_utils.defined_tags["snmp_interface"]
    flow_defined_tags["country"] = tag_utils.defined_tags["country"]
    flow_defined_tags["l7_error_id"] = tag_utils.defined_tags["l7_error_id"]
+   flow_defined_tags["confidence"] = tag_utils.defined_tags["confidence"]
 
    return flow_defined_tags
 end

scripts/lua/modules/http_lint.lua

@@ -1650,6 +1650,7 @@ local known_parameters = {
    ["role"]                    = validateListOfTypeInline(validateFilters(validateSingleWord)), -- attacker/victim
    ["role_cli_srv"]            = validateListOfTypeInline(validateFilters(validateSingleWord)), -- client/server
    ["l7_error_id"]             = validateListOfTypeInline(validateFilters(validateNumber)), -- client/server
+   ["confidence"]              = validateListOfTypeInline(validateFilters(validateSingleWord)), -- client/server
    ["acknowledged"]            = validateListOfTypeInline(validateFilters(validateSingleWord)), -- acknowledged
    ["asn"]                     = validateNumber,                -- An ASN number
    ["module"]                  = validateTopModule,             -- A top script module

scripts/lua/modules/tag_utils.lua

@@ -321,6 +321,11 @@ tag_utils.defined_tags = {
       i18n_label = i18n('db_search.tags.error_code'),
       operators = {'eq', 'neq'},
    },
+   confidence = {
+      value_type = 'confidence',
+      i18n_label = i18n('db_search.tags.confidence'),
+      operators = {'eq', 'neq'},
+   },
 }
 
 -- #####################################
@@ -333,6 +338,13 @@ tag_utils.ip_location = {
 
 -- #####################################
 
+tag_utils.confidence = {
+   { label = "DPI", id = "DPI" },
+   { label = "Guessed",  id = "Guessed" },
+}
+
+-- #####################################
+
 function tag_utils.build_request_filter(key, op, value)
   return key .. '=' .. value .. tag_utils.SEPARATOR .. op
 end
@@ -506,12 +518,19 @@ function tag_utils.get_tag_info(id, entity)
          filter.options[#filter.options+1] = { value = pool_id, label = label }
       end
 
-   elseif tag.value_type == "location" then
-      filter.value_type = 'array'
-      filter.options = {}
-      for  _, v in pairsByField(tag_utils.ip_location, 'label', asc) do
-         filter.options[#filter.options+1] = { value = v.id, label = v.label }
-      end
+    elseif tag.value_type == "location" then
+       filter.value_type = 'array'
+       filter.options = {}
+       for  _, v in pairsByField(tag_utils.ip_location, 'label', asc) do
+          filter.options[#filter.options+1] = { value = v.id, label = v.label }
+       end
+
+    elseif tag.value_type == "confidence" then
+        filter.value_type = 'array'
+        filter.options = {}
+        for  _, v in pairsByField(tag_utils.confidence, 'label', asc) do
+          filter.options[#filter.options+1] = { value = v.id, label = v.label }
+        end
 
    elseif tag.value_type == "l4_proto" then
       filter.value_type = 'array'