Fixed #4737 integration with fail2ban

2026-05-01 00:19:33 +00:00 · 2020-12-30 11:44:36 +01:00 · 2020-12-30 11:44:36 +01:00 · e94f2cb0b4
commit e94f2cb0b4
parent 8eb29b3716
18 changed files with 151 additions and 20 deletions
--- a/scripts/plugins/alerts/security/flow_flood/user_scripts/host/flow_flood_attacker.lua
+++ b/scripts/plugins/alerts/security/flow_flood/user_scripts/host/flow_flood_attacker.lua
@ -39,9 +39,14 @@ local script = {
 function script.hooks.min(params)
  local ff = host.getFlowFlood()
  local value = ff["hits.flow_flood_attacker"] or 0
+  local attacker = nil
+
+  if value ~= 0 then
+    attacker = params.alert_entity.alert_entity_val
+  end

  -- Check if the configured threshold is crossed by the value and possibly trigger an alert
-  alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_flows_flood, value)
+  alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_flows_flood, value, attacker)
 end

 -- #################################################################
--- a/scripts/plugins/alerts/security/flow_flood/user_scripts/host/flow_flood_victim.lua
+++ b/scripts/plugins/alerts/security/flow_flood/user_scripts/host/flow_flood_victim.lua
@ -40,9 +40,14 @@ local script = {
 function script.hooks.min(params)
  local ff = host.getFlowFlood()
  local value = ff["hits.flow_flood_victim"] or 0
+  local victim = nil
+
+  if value ~= 0 then
+    victim = params.alert_entity.alert_entity_val
+  end

  -- Check if the configured threshold is crossed by the value and possibly trigger an alert
-  alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_flows_flood, value)
+  alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_flows_flood, value, nil, victim)
 end

 -- #################################################################
--- a/scripts/plugins/alerts/security/flow_flood/user_scripts/network/flow_flood_victim.lua
+++ b/scripts/plugins/alerts/security/flow_flood/user_scripts/network/flow_flood_victim.lua
@ -35,9 +35,14 @@ local script = {

 function script.hooks.min(params)
  local value = params.entity_info["hits.flow_flood_victim"] or 0
+  local victim = nil
+
+  if value ~= 0 then
+    victim = params.alert_entity.alert_entity_val
+  end

  -- Check if the configured threshold is crossed by the value and possibly trigger an alert
-  alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_flows_flood, value)
+  alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_flows_flood, value, nil, victim)
 end

 -- #################################################################