vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 23:49:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Code cleanup

Browse source
This commit is contained in:
Alfredo Cardigliano 2025-02-17 16:02:19 +01:00
parent 656cee7230
commit f81f282442
1 changed files with 8 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

18
scripts/lua/modules/check_definitions/host/suspicious_domain_scan.lua
View file

@ -46,6 +46,7 @@ local script = {
-- #################################################################
-- Generate alert (store)
local function report_host(params, ip, vlan, victim, num_domains)
local hostinfo = {
host = ip,
@ -54,8 +55,6 @@ local function report_host(params, ip, vlan, victim, num_domains)
local descr = ""
local score = 100
-- Generate alert
local alert = alert_consts.alert_types.host_alert_suspicious_domain_scan.new(
interface.getId(),
victim,
@ -78,6 +77,7 @@ end
-- #################################################################
-- Check number of domains contacted by an host towards another host
local function domains_check(params)
-- Settings
@ -118,17 +118,15 @@ local function domains_check(params)
for _, row in ipairs(results) do
local count = tonumber(row.count) or 0
if count > threshold then
local vlan_id = tonumber(row.vlan_id) or 0
local vlan_id = tonumber(row.vlan_id) or 0
local ip = row.ip_src_4
if row.ip_src_6 and row.ip_src_6 ~= '::' then ip = row.ip_src_6 end
local ip = row.ip_src_4
if row.ip_src_6 and row.ip_src_6 ~= '::' then ip = row.ip_src_6 end
local victim_ip = row.ip_dst_4
if row.ip_dst_6 and row.ip_dst_6 ~= '::' then victim_ip = row.ip_dst_6 end
local victim_ip = row.ip_dst_4
if row.ip_dst_6 and row.ip_dst_6 ~= '::' then victim_ip = row.ip_dst_6 end
report_host(params, ip, vlan_id, victim_ip, count)
end
report_host(params, ip, vlan_id, victim_ip, count)
end
end