Unifies misbehaving with alerted flows

Implements #4596
2026-05-05 19:15:03 +00:00 · 2020-10-16 18:58:20 +02:00 · 2020-10-16 18:58:20 +02:00 · d3dda0bb82
commit d3dda0bb82
parent d9bba4b4b2
38 changed files with 217 additions and 145 deletions
--- a/scripts/plugins/alerts/security/flow_risks/modules/ndpi_known_protocol_on_non_standard_port_handler.lua
+++ b/scripts/plugins/alerts/security/flow_risks/modules/ndpi_known_protocol_on_non_standard_port_handler.lua
@ -15,8 +15,11 @@ function handler.handle_risk(flow_score, cli_score, srv_score)
   -- NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT

   -- Set the flow status and trigger an alert when a known protocol is found to use a non-standard port
-   flow.setStatus(
-      flow_consts.status_types.status_known_proto_on_non_std_port,
+   flow.triggerStatus(
+      flow_consts.status_types.status_known_proto_on_non_std_port.create(
+	 flow_consts.status_types.status_known_proto_on_non_std_port.alert_severity,
+	 flow.getInfo()
+      ),
      flow_score or 0, -- flow_score
      cli_score or 0,  -- cli_score
      srv_score or 0   -- srv_score
--- a/scripts/plugins/alerts/security/flow_risks/modules/risk_handler.lua
+++ b/scripts/plugins/alerts/security/flow_risks/modules/risk_handler.lua
@ -20,8 +20,11 @@ local handler = {}
 function handler.handle_risk(flow_score, cli_score, srv_score)
   -- Set a flow status for the generic flow_risk. This will also
   -- cause an alert to be generated.
-   flow.setStatus(
-      flow_consts.status_types.status_flow_risk,
+   flow.triggerStatus(
+      flow_consts.status_types.status_flow_risk.create(
+	 flow_consts.status_types.status_flow_risk.alert_severity,
+	 flow.getInfo()
+      ),
      flow_score or 0, -- flow_score
      cli_score or 0,  -- cli_score
      srv_score or 0   -- srv_score