Migrates alerts to an object-oriented implementation

2026-05-03 09:20:10 +00:00 · 2020-12-22 14:46:26 +01:00 · 2020-12-22 14:46:26 +01:00 · bcf2c2c1ed
commit bcf2c2c1ed
parent e24ef4ef35
95 changed files with 1923 additions and 1522 deletions
--- a/scripts/plugins/alerts/security/device_application_not_allowed/user_scripts/flow/device_protocol_not_allowed.lua
+++ b/scripts/plugins/alerts/security/device_application_not_allowed/user_scripts/flow/device_protocol_not_allowed.lua
@ -6,6 +6,7 @@ local flow_consts = require("flow_consts")
 local user_scripts = require("user_scripts")
 local alerts_api = require "alerts_api"
 local alert_severities = require "alert_severities"
+local alert_consts = require("alert_consts")

 -- #################################################################

@ -54,16 +55,18 @@ function script.hooks.protocolDetected(now)
      victim = flow_info["cli.ip"]
    end

-    local dev_proto_not_allowed_type = flow_consts.status_types.status_device_protocol_not_allowed.create(
-        alert_info["cli.devtype"],
-        alert_info["srv.devtype"],
-        alert_info["devproto_forbidden_peer"],
-        alert_info["devproto_forbidden_id"],
-        attacker,
-        victim
-      )
-     
-    alerts_api.trigger_status(dev_proto_not_allowed_type, alert_severities.error, cli_score, srv_score, flow_score)
+    local alert = alert_consts.alert_types.alert_device_protocol_not_allowed.new(
+      alert_info["cli.devtype"],
+      alert_info["srv.devtype"],
+      alert_info["devproto_forbidden_peer"],
+      alert_info["devproto_forbidden_id"]
+    )
+
+    alert:set_severity(alert_severities.error)
+    alert:set_attacker(attacker)
+    alert:set_victim(victim)
+
+    alert:trigger_status(cli_score, srv_score, flow_score)
  end
 end