Implements skeleton to drilldown historical flows from alerts

Addresses #5326
2026-04-29 07:29:32 +00:00 · 2021-07-28 17:19:44 +02:00 · 2021-07-28 17:19:44 +02:00 · b6913c946d
commit b6913c946d
parent 0043e9c0d6
4 changed files with 74 additions and 9 deletions
--- a/scripts/lua/modules/alert_definitions/host/host_alert_dns_server_contacts.lua
+++ b/scripts/lua/modules/alert_definitions/host/host_alert_dns_server_contacts.lua
@ -63,4 +63,21 @@ end

 -- #######################################################

+function host_alert_dns_server_contacts.filter_to_past_flows(ifid, alert, alert_type_params)
+   local res = {}
+   local host_key = hostinfo2hostkey({ip = alert["ip"], vlan = alert["vlan_id"]})
+
+   if alert["is_client"] == true or alert["is_client"] == "1" then
+      res["client_ip"] = host_key
+   elseif alert["is_server"] == true or alert["is_server"] == "1" then
+      res["server_ip"] = host_key
+   end
+
+   res["l7_proto"] = "DNS"
+
+   return res
+end
+
+-- #######################################################
+
 return host_alert_dns_server_contacts