Fixes Host/Flow anomaly description

Implements #5337 Implements #5333
2026-04-28 23:19:33 +00:00 · 2021-05-17 14:52:17 +02:00 · 2021-05-17 14:52:17 +02:00 · fdf8fbadb8
commit fdf8fbadb8
parent c3dfe67eb5
9 changed files with 31 additions and 20 deletions
--- a/scripts/lua/modules/alert_definitions/host/host_alert_flow_anomaly.lua
+++ b/scripts/lua/modules/alert_definitions/host/host_alert_flow_anomaly.lua
@ -48,11 +48,14 @@ end
 function host_alert_flow_anomaly.format(ifid, alert, alert_type_params)
  local alert_consts = require("alert_consts")
  local json = json.decode(alert.json)
-  local is_client_alert = json.is_client_alert
+  local is_both = alert_type_params["is_both"]
+  local is_client_alert = alert_type_params["is_client_alert"]
  local role
  local host = alert_consts.formatHostAlert(ifid, alert["ip"], alert["vlan_id"])
-  
-  if(is_client_alert) then
+
+  if(is_both) then
+     role = "client and server"
+  elseif(is_client_alert) then
     role = "client"
  else
     role = "server"
--- a/scripts/lua/modules/alert_definitions/host/host_alert_score_anomaly.lua
+++ b/scripts/lua/modules/alert_definitions/host/host_alert_score_anomaly.lua
@ -47,12 +47,14 @@ end
 -- @return A human-readable string
 function host_alert_score_anomaly.format(ifid, alert, alert_type_params)
  local alert_consts = require("alert_consts")
-  local json = json.decode(alert.json)
-  local is_client_alert = json.is_client_alert
+  local is_client_alert = alert_type_params["is_client_alert"]
+  local is_both = alert_type_params["is_both"]
  local role
  local host = alert_consts.formatHostAlert(ifid, alert["ip"], alert["vlan_id"])
-  
-  if(is_client_alert) then
+
+  if(is_both) then
+     role = "client and server"
+  elseif(is_client_alert) then
     role = "client"
  else
     role = "server"