Flow risk report improvemements

scripts/plugins/flow_risks/user_scripts/flow/flow_risks.lua

@@ -26,14 +26,18 @@ function script.hooks.protocolDetected(now)
    local flow_risk = flow.getRiskInfo()
 
    -- For value information see nDPI/src/include/ndpi_typedefs.h
+
    for label,value in pairs(flow_risk) do
       if(value == 4) then
+	 local httpInfo = flow.getHTTPInfo()
+	 local url      = httpInfo["protos.http.last_url"] or ""
+	 
 	 -- NDPI_BINARY_APPLICATION_TRANSFER
 	 -- scripts/lua/modules/alert_definitions/alert_binary_application_transfer.lua
 	 flow.triggerStatus(
 	    flow_consts.status_types.status_binary_application_transfer.create(
 	       flow_consts.status_types.status_binary_application_transfer.alert_severity,
-	       info
+	       url
 	    ),
 	    200, -- flow_score
 	    200, -- cli_score
@@ -42,10 +46,13 @@ function script.hooks.protocolDetected(now)
       elseif(value == 5) then
 	 -- NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT
 	 -- scripts/lua/modules/alert_definitions/alert_known_proto_on_non_std_port.lua
+	 local info = flow.getInfo()
+	 local ndpi_proto = info["proto.ndpi_app"] or "?"
+
 	 flow.triggerStatus(
 	    flow_consts.status_types.status_known_proto_on_non_std_port.create(
 	       flow_consts.status_types.status_known_proto_on_non_std_port.alert_severity,
-	       info
+	       ndpi_proto
 	    ),
 	    100, -- flow_score
 	    100, -- cli_score