Migrates alerts to an object-oriented implementation

scripts/plugins/alerts/security/flow_risks/modules/ndpi_binary_application_transfer_handler.lua

@@ -5,6 +5,7 @@
 local alerts_api = require "alerts_api"
 local flow_consts = require("flow_consts")
 local alert_severities = require "alert_severities"
+local alert_consts = require("alert_consts")
 
 -- #################################################################
 
@@ -21,11 +22,13 @@ function handler.handle_risk(risk_id, flow_score, cli_score, srv_score)
    local url = http_info["protos.http.last_url"] or ""
 
    -- Set flow status and trigger an alert when a suspicious file transfer is detected
-   local suspicious_file_transfer_type = flow_consts.status_types.status_suspicious_file_transfer.create(
+   local alert = alert_consts.alert_types.alert_suspicious_file_transfer.new(
       http_info
    )
-   
-   alerts_api.trigger_status(suspicious_file_transfer_type, alert_severities.error, cli_score or 0, srv_score or 0, flow_score or 0)
+
+   alert:set_severity(alert_severities.error)
+
+   alert:trigger_status(cli_score or 0, srv_score or 0, flow_score or 0)
    
 end
 

scripts/plugins/alerts/security/flow_risks/modules/ndpi_known_protocol_on_non_standard_port_handler.lua

@@ -5,6 +5,7 @@
 local alerts_api = require "alerts_api"
 local flow_consts = require("flow_consts")
 local alert_severities = require "alert_severities"
+local alert_consts = require("alert_consts")
 
 -- #################################################################
 
@@ -16,12 +17,14 @@ local handler = {}
 function handler.handle_risk(risk_id, flow_score, cli_score, srv_score)
    -- NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT
 
-   -- Set the flow status and trigger an alert when a known protocol is found to use a non-standard port
-   local known_proto_on_non_std_port_type = flow_consts.status_types.status_known_proto_on_non_std_port.create(
+   -- Set the flow status and trigger an alert when a known protocol is found to use a non-standard port  
+   local alert = alert_consts.alert_types.alert_known_proto_on_non_std_port.new(
       flow.getInfo()
    )
-   
-   alerts_api.trigger_status(known_proto_on_non_std_port_type, alert_severities.info, cli_score or 0, srv_score or 0, flow_score or 0)
+
+   alert:set_severity(alert_severities.info)
+
+   alert:trigger_status(cli_score or 0, srv_score or 0, flow_score or 0)
 
 end
 

scripts/plugins/alerts/security/flow_risks/modules/risk_handler.lua

@@ -5,6 +5,7 @@
 local alerts_api = require "alerts_api"
 local flow_consts = require("flow_consts")
 local alert_severities = require "alert_severities"
+local alert_consts = require("alert_consts")
 
 -- #################################################################
 
@@ -23,12 +24,13 @@ local handler = {}
 function handler.handle_risk(risk_id, flow_score, cli_score, srv_score)
    -- Set a flow status for the generic flow_risk. This will also
    -- cause an alert to be generated.
-   local flow_risk_type = flow_consts.status_types.status_flow_risk.create(
+   local alert = alert_consts.alert_types.alert_flow_risk.new(
       risk_id
    )
-   
-   alerts_api.trigger_status(flow_risk_type, alert_severities.warning, cli_score or 0, srv_score or 0, flow_score or 0)
 
+   alert:set_severity(alert_severities.warning)
+
+   alert:trigger_status(cli_score or 0, srv_score or 0, flow_score or 0)
 end
 
 -- #################################################################