Implements builders for each flow status definition

[FlowsK] alert_blacklisted_country.lua [FlowsK] alert_flow_blacklisted.lua [FlowsK] alert_device_protocol_not_allowed.lua [FlowsK] external_alert.lua [FlowsK] alert_potentially_dangerous_protocol.lua [FlowsK] tls_certificate_mismatch.lua [FlowsK] tls_certificate_expired.lua [FlowsK] tls_malicious_signature.lua [FlowsK] elephant_flows.lua [FlowsK] not_purged.lua [FlowsK] web_mining.lua [FlowsK] potentially_dangerous.lua [FlowsK] alert_flow_blocked.lua
2026-05-02 17:00:10 +00:00 · 2020-04-27 12:42:26 +02:00 · 2020-04-27 12:42:26 +02:00 · ab1690ad9e
commit ab1690ad9e
parent f323aa741c
18 changed files with 258 additions and 15 deletions
--- a/scripts/plugins/device_application_not_allowed/user_scripts/flow/device_protocol_not_allowed.lua
+++ b/scripts/plugins/device_application_not_allowed/user_scripts/flow/device_protocol_not_allowed.lua
@ -47,8 +47,18 @@ function script.hooks.protocolDetected(now)
      srv_score = 80
    end

-    flow.triggerStatus(flow_consts.status_types.status_device_protocol_not_allowed, alert_info,
-      flow_score, cli_score, srv_score)
+    flow.triggerStatus(
+       flow_consts.status_types.status_device_protocol_not_allowed.builder(
+	  flow_consts.status_types.status_device_protocol_not_allowed.alert_severity,
+	  alert_info["cli.devtype"],
+	  alert_info["srv.devtype"],
+	  alert_info["devproto_forbidden_peer"],
+	  alert_info["devproto_forbidden_id"]
+       ),
+       flow_score,
+       cli_score,
+       srv_score
+    )
  end
 end