Removed threshold configuration from Score Anomaly check (#5845)

2026-04-28 23:19:33 +00:00 · 2021-09-07 11:45:16 +02:00 · 2021-09-07 11:45:16 +02:00 · a1e4e21c01
commit a1e4e21c01
parent c15b62407c
2 changed files with 13 additions and 30 deletions
--- a/scripts/lua/modules/alert_definitions/host/host_alert_score_anomaly.lua
+++ b/scripts/lua/modules/alert_definitions/host/host_alert_score_anomaly.lua
@ -31,13 +31,9 @@ host_alert_score_anomaly.meta = {

 -- @brief Prepare an alert table used to generate the alert
 -- @return A table with the alert built
-function host_alert_score_anomaly:init(threshold)
+function host_alert_score_anomaly:init()
   -- Call the parent constructor
   self.super:init()
-
-   self.alert_type_params = {
-      threshold = threshold,
-   }
 end

 -- ##############################################
@ -83,7 +79,6 @@ function host_alert_score_anomaly.format(ifid, alert, alert_type_params)
   local is_both = alert_type_params["is_both"]
   local role
   local host = alert_consts.formatHostAlert(ifid, alert["ip"], alert["vlan_id"])
-   local threshold = alert_type_params["threshold"] or 0
   local cli_or_srv
  
   if(is_both) then
@ -98,26 +93,16 @@ function host_alert_score_anomaly.format(ifid, alert, alert_type_params)

   local cat_net, cat_sec = get_problematic_category(alert_type_params, is_both, cli_or_srv)

-   if (tonumber(alert_type_params["value"]) > tonumber(threshold)) and (threshold > 0) then
-      -- Anomaly due to threshold crossed
-      return i18n("alert_messages.score_number_anomaly_threshold", {
-         metric = role .. " Score",
-         entity = host,
-         value = alert_type_params["value"],
-         threshold = threshold,
-      })
-   else
-      -- Anomaly due to DES anomaly
-      return i18n("alert_messages.score_number_anomaly", {
-   		role = role,
-   		host = host,
-   		score = alert_type_params["value"],
-   		lower_bound = alert_type_params["lower_bound"],
-   		upper_bound = alert_type_params["upper_bound"],
-         cat_net = cat_net,
-         cat_sec = cat_sec,
-      })
-   end
+   -- Anomaly due to DES anomaly
+   return i18n("alert_messages.score_number_anomaly", {
+		role = role,
+		host = host,
+		score = alert_type_params["value"],
+		lower_bound = alert_type_params["lower_bound"],
+		upper_bound = alert_type_params["upper_bound"],
+      cat_net = cat_net,
+      cat_sec = cat_sec,
+   })
 end

 -- #######################################################