vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-05 10:41:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Migrates alerts to an object-oriented implementation

Browse source
This commit is contained in:
matteo 2020-12-22 12:58:51 +01:00
parent c1a7ff08ae
commit fbc283f12f
108 changed files with 2793 additions and 1737 deletions
Download patch file Download diff file Expand all files Collapse all files

23
scripts/plugins/alerts/security/device_application_not_allowed/user_scripts/flow/device_protocol_not_allowed.lua
View file

@ -6,6 +6,7 @@ local flow_consts = require("flow_consts")
local user_scripts = require("user_scripts")
local alerts_api = require "alerts_api"
local alert_severities = require "alert_severities"
local alert_consts = require("alert_consts")
-- #################################################################
@ -54,16 +55,18 @@ function script.hooks.protocolDetected(now)
victim = flow_info["cli.ip"]
end
local dev_proto_not_allowed_type = flow_consts.status_types.status_device_protocol_not_allowed.create(
alert_info["cli.devtype"],
alert_info["srv.devtype"],
alert_info["devproto_forbidden_peer"],
alert_info["devproto_forbidden_id"],
attacker,
victim
)
alerts_api.trigger_status(dev_proto_not_allowed_type, alert_severities.error, cli_score, srv_score, flow_score)
local alert = alert_consts.alert_types.alert_device_protocol_not_allowed.new(
alert_info["cli.devtype"],
alert_info["srv.devtype"],
alert_info["devproto_forbidden_peer"],
alert_info["devproto_forbidden_id"]
)
alert:set_severity(alert_severities.error)
alert:set_attacker(attacker)
alert:set_victim(victim)
alert:trigger_status(cli_score, srv_score, flow_score)
end
end