Added the ability to set custom alert score

ntop · Apr 29, 2024 · ddd449e · ddd449e
1 parent 7078912
commit ddd449e
Show file tree

Hide file tree

Showing 75 changed files with 1,602 additions and 1,616 deletions.
diff --git a/include/Flow.h b/include/Flow.h
@@ -63,6 +63,7 @@ class Flow : public GenericHashEntry {
      predominant of a flow, which is written into `predominant_alert`.
   */
   Bitmap128 alerts_map;
+  std::unordered_map<FlowAlertTypeEnum,u_int16_t /* score */> alert_score;
   FlowAlertType predominant_alert;   /* This is the predominant alert */
   u_int16_t predominant_alert_score; /* The score associated to the predominant alert */
   FlowSource flow_source;

diff --git a/include/FlowAlert.h b/include/FlowAlert.h
@@ -30,7 +30,8 @@ class FlowAlert {
   std::string check_name;
   bool cli_attacker, srv_attacker;
   bool cli_victim, srv_victim;
-
+  u_int8_t alert_score;
+
   /*
      Adds to the passed `serializer` (generated with `getAlertSerializer`)
      information specific to this alert
@@ -55,8 +56,9 @@ class FlowAlert {
   inline bool isSrvVictim() { return srv_victim; }
 
   virtual FlowAlertType getAlertType() const = 0;
-  virtual u_int8_t getAlertScore() const { return SCORE_LEVEL_INFO; };
-
+  u_int8_t getAlertScore() const { return alert_score; };
+  void setAlertScore(u_int8_t value)     { alert_score = value;     };
+
   /* false = alert that requires attention, true = not important (auto ack) */
   virtual bool autoAck() const { return true; };
 

diff --git a/include/FlowCheck.h b/include/FlowCheck.h
@@ -55,7 +55,7 @@ class FlowCheck : public Check {
 
   virtual std::string getName() const = 0;
 
-  static void computeCliSrvScore(FlowAlertType alert_type,
+  static void computeCliSrvScore(u_int8_t alert_score,
                                  risk_percentage cli_pctg, u_int8_t *cli_score,
                                  u_int8_t *srv_score);
 

diff --git a/include/flow_alerts/BlacklistedClientContactAlert.h b/include/flow_alerts/BlacklistedClientContactAlert.h
@@ -32,7 +32,7 @@ class BlacklistedClientContactAlert : public FlowAlert {
   static FlowAlertType getClassType() {
     return {flow_alert_blacklisted_client_contact, alert_category_security};
   }
-  static u_int8_t getDefaultScore() { return SCORE_LEVEL_NOTICE; };
+  static u_int8_t getDefaultScore() { return SCORE_LEVEL_WARNING; };
 
   BlacklistedClientContactAlert(FlowCheck* c, Flow* f) : FlowAlert(c, f) {};
   ~BlacklistedClientContactAlert(){};

diff --git a/include/flow_alerts/CustomFlowLuaScriptAlert.h b/include/flow_alerts/CustomFlowLuaScriptAlert.h
@@ -26,7 +26,6 @@
 
 class CustomFlowLuaScriptAlert : public FlowAlert {
  private:
-  u_int8_t score;
   std::string msg;
   ndpi_serializer* getAlertJSON(ndpi_serializer* serializer);
 
@@ -35,14 +34,12 @@ class CustomFlowLuaScriptAlert : public FlowAlert {
     return {flow_alert_custom_lua_script, alert_category_security};
   }
   static u_int8_t getDefaultScore() { return SCORE_LEVEL_ERROR; };
-
-  CustomFlowLuaScriptAlert(FlowCheck* c, Flow* f) : FlowAlert(c, f){};
+  
+  CustomFlowLuaScriptAlert(FlowCheck* c, Flow* f) : FlowAlert(c, f){ setAlertScore(SCORE_LEVEL_ERROR); };
   ~CustomFlowLuaScriptAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); };
   void setAlertMessage(std::string m) { msg = m; };
-  void setAlertScore(u_int8_t v) { score = v; };
-  virtual u_int8_t getAlertScore() const { return (score); };
   bool autoAck() const { return false; };
 };
 

diff --git a/include/flow_alerts/FlowRiskBinaryApplicationTransferAlert.h b/include/flow_alerts/FlowRiskBinaryApplicationTransferAlert.h
@@ -40,12 +40,11 @@ class FlowRiskBinaryApplicationTransferAlert : public FlowRiskAlert {
   }
 
   FlowRiskBinaryApplicationTransferAlert(FlowCheck *c, Flow *f)
-      : FlowRiskAlert(c, f){};
+    : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore()); };
   ~FlowRiskBinaryApplicationTransferAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 
   bool autoAck() const { return false; };
 };

diff --git a/include/flow_alerts/FlowRiskClearTextCredentialsAlert.h b/include/flow_alerts/FlowRiskClearTextCredentialsAlert.h
@@ -36,12 +36,11 @@ class FlowRiskClearTextCredentialsAlert : public FlowRiskAlert {
   }
 
   FlowRiskClearTextCredentialsAlert(FlowCheck *c, Flow *f)
-      : FlowRiskAlert(c, f){};
+    : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskClearTextCredentialsAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_CLEAR_TEXT_CREDENTIALS_H_ */
diff --git a/include/flow_alerts/FlowRiskDNSFragmentedAlert.h b/include/flow_alerts/FlowRiskDNSFragmentedAlert.h
@@ -35,12 +35,11 @@ class FlowRiskDNSFragmentedAlert : public FlowRiskAlert {
     return FlowRiskAlerts::getFlowRiskScore(getClassRisk());
   }
 
-  FlowRiskDNSFragmentedAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){};
+  FlowRiskDNSFragmentedAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskDNSFragmentedAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_DNS_FRAGMENTED_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskDNSLargePacketAlert.h b/include/flow_alerts/FlowRiskDNSLargePacketAlert.h
@@ -35,12 +35,11 @@ class FlowRiskDNSLargePacketAlert : public FlowRiskAlert {
     return FlowRiskAlerts::getFlowRiskScore(getClassRisk());
   }
 
-  FlowRiskDNSLargePacketAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){};
+  FlowRiskDNSLargePacketAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){  setAlertScore(getDefaultScore());};
   ~FlowRiskDNSLargePacketAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_DNS_LARGE_PACKET_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskDNSSuspiciousTrafficAlert.h b/include/flow_alerts/FlowRiskDNSSuspiciousTrafficAlert.h
@@ -35,14 +35,13 @@ class FlowRiskDNSSuspiciousTrafficAlert : public FlowRiskAlert {
   }
 
   FlowRiskDNSSuspiciousTrafficAlert(FlowCheck *c, Flow *f)
-      : FlowRiskAlert(c, f){};
+    : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskDNSSuspiciousTrafficAlert(){};
 
   bool autoAck() const { return false; };
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_DNS_SUSPICIOUS_TRAFFIC_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskDesktopOrFileSharingSessionAlert.h b/include/flow_alerts/FlowRiskDesktopOrFileSharingSessionAlert.h
@@ -37,12 +37,11 @@ class FlowRiskDesktopOrFileSharingSessionAlert : public FlowRiskAlert {
   }
 
   FlowRiskDesktopOrFileSharingSessionAlert(FlowCheck *c, Flow *f)
-      : FlowRiskAlert(c, f){};
+    : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskDesktopOrFileSharingSessionAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_DESKTOP_OR_FILE_SHARING_SESSION_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskGenericAlert.h b/include/flow_alerts/FlowRiskGenericAlert.h
@@ -34,16 +34,14 @@ class FlowRiskGenericAlert : public FlowRiskAlert {
   FlowRiskGenericAlert(FlowCheck *c, Flow *f, ndpi_risk_enum _risk)
       : FlowRiskAlert(c, f) {
     risk = _risk;
+    setAlertScore(FlowRiskAlerts::getFlowRiskScore(risk));
   };
   ~FlowRiskGenericAlert(){};
 
   FlowAlertType getAlertType() const {
     return FlowRiskAlerts::getFlowRiskAlertType(risk);
   }
   ndpi_risk_enum getAlertRisk() const { return risk; }
-  u_int8_t getAlertScore() const {
-    return FlowRiskAlerts::getFlowRiskScore(risk);
-  }
 };
 
 #endif /* _FR_SIMPLE_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskHTTPObsoleteServerAlert.h b/include/flow_alerts/FlowRiskHTTPObsoleteServerAlert.h
@@ -35,12 +35,11 @@ class FlowRiskHTTPObsoleteServerAlert : public FlowRiskAlert {
   }
 
   FlowRiskHTTPObsoleteServerAlert(FlowCheck *c, Flow *f)
-      : FlowRiskAlert(c, f){};
+    : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskHTTPObsoleteServerAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_HTTP_OBSOLETE_SERVER_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskHTTPSuspiciousHeaderAlert.h b/include/flow_alerts/FlowRiskHTTPSuspiciousHeaderAlert.h
@@ -35,12 +35,11 @@ class FlowRiskHTTPSuspiciousHeaderAlert : public FlowRiskAlert {
   }
 
   FlowRiskHTTPSuspiciousHeaderAlert(FlowCheck *c, Flow *f)
-      : FlowRiskAlert(c, f){};
+    : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskHTTPSuspiciousHeaderAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_HTTP_SUSPICIOUS_HEADER_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskHTTPSuspiciousURLAlert.h b/include/flow_alerts/FlowRiskHTTPSuspiciousURLAlert.h
@@ -34,12 +34,11 @@ class FlowRiskHTTPSuspiciousURLAlert : public FlowRiskAlert {
     return FlowRiskAlerts::getFlowRiskScore(getClassRisk());
   }
 
-  FlowRiskHTTPSuspiciousURLAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){};
+  FlowRiskHTTPSuspiciousURLAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){  setAlertScore(getDefaultScore());};
   ~FlowRiskHTTPSuspiciousURLAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_HTTP_SUSPICIOUS_URL_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskHTTPSuspiciousUserAgentAlert.h b/include/flow_alerts/FlowRiskHTTPSuspiciousUserAgentAlert.h
@@ -37,12 +37,11 @@ class FlowRiskHTTPSuspiciousUserAgentAlert : public FlowRiskAlert {
   }
 
   FlowRiskHTTPSuspiciousUserAgentAlert(FlowCheck *c, Flow *f)
-      : FlowRiskAlert(c, f){};
+    : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskHTTPSuspiciousUserAgentAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_HTTP_SUSPICIOUS_USER_AGENT_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskKnownProtocolOnNonStandardPortAlert.h b/include/flow_alerts/FlowRiskKnownProtocolOnNonStandardPortAlert.h
@@ -40,12 +40,11 @@ class FlowRiskKnownProtocolOnNonStandardPortAlert : public FlowRiskAlert {
   }
 
   FlowRiskKnownProtocolOnNonStandardPortAlert(FlowCheck* c, Flow* f)
-      : FlowRiskAlert(c, f){};
+    : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskKnownProtocolOnNonStandardPortAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskMalformedPacketAlert.h b/include/flow_alerts/FlowRiskMalformedPacketAlert.h
@@ -34,12 +34,11 @@ class FlowRiskMalformedPacketAlert : public FlowRiskAlert {
     return FlowRiskAlerts::getFlowRiskScore(getClassRisk());
   }
 
-  FlowRiskMalformedPacketAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){};
+  FlowRiskMalformedPacketAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskMalformedPacketAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_MALFORMED_PACKET_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskMaliciousJA3Alert.h b/include/flow_alerts/FlowRiskMaliciousJA3Alert.h
@@ -39,7 +39,6 @@ class FlowRiskMaliciousJA3Alert : public FlowRiskAlert {
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 
   bool autoAck() const { return false; };
 };

diff --git a/include/flow_alerts/FlowRiskMaliciousSHA1CertificateAlert.h b/include/flow_alerts/FlowRiskMaliciousSHA1CertificateAlert.h
@@ -37,12 +37,11 @@ class FlowRiskMaliciousSHA1CertificateAlert : public FlowRiskAlert {
   }
 
   FlowRiskMaliciousSHA1CertificateAlert(FlowCheck *c, Flow *f)
-      : FlowRiskAlert(c, f){};
+    : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskMaliciousSHA1CertificateAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 
   bool autoAck() const { return false; };
 };

diff --git a/include/flow_alerts/FlowRiskMalwareHostContactedAlert.h b/include/flow_alerts/FlowRiskMalwareHostContactedAlert.h
@@ -34,12 +34,11 @@ class FlowRiskMalwareHostContactedAlert : public FlowRiskAlert {
     return FlowRiskAlerts::getFlowRiskScore(getClassRisk());
   }
 
-  FlowRiskMalwareHostContactedAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){};
+  FlowRiskMalwareHostContactedAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskMalwareHostContactedAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_MALWARE_HOST_CONTACTED_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskNumericIPHostAlert.h b/include/flow_alerts/FlowRiskNumericIPHostAlert.h
@@ -34,12 +34,11 @@ class FlowRiskNumericIPHostAlert : public FlowRiskAlert {
     return FlowRiskAlerts::getFlowRiskScore(getClassRisk());
   }
 
-  FlowRiskNumericIPHostAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){};
+  FlowRiskNumericIPHostAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskNumericIPHostAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_NUMERIC_IP_HOST_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskPeriodicFlowAlert.h b/include/flow_alerts/FlowRiskPeriodicFlowAlert.h
@@ -34,12 +34,11 @@ class FlowRiskPeriodicFlowAlert : public FlowRiskAlert {
     return FlowRiskAlerts::getFlowRiskScore(getClassRisk());
   }
 
-  FlowRiskPeriodicFlowAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){};
+  FlowRiskPeriodicFlowAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskPeriodicFlowAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_PERIODIC_FLOW_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskRiskyASNAlert.h b/include/flow_alerts/FlowRiskRiskyASNAlert.h
@@ -34,12 +34,11 @@ class FlowRiskRiskyASNAlert : public FlowRiskAlert {
     return FlowRiskAlerts::getFlowRiskScore(getClassRisk());
   }
 
-  FlowRiskRiskyASNAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){};
+  FlowRiskRiskyASNAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskRiskyASNAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_RISKY_ASN_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskRiskyDomainAlert.h b/include/flow_alerts/FlowRiskRiskyDomainAlert.h
@@ -34,12 +34,11 @@ class FlowRiskRiskyDomainAlert : public FlowRiskAlert {
     return FlowRiskAlerts::getFlowRiskScore(getClassRisk());
   }
 
-  FlowRiskRiskyDomainAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){};
+  FlowRiskRiskyDomainAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskRiskyDomainAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_TLS_MISSING_SNI_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskSMBInsecureVersionAlert.h b/include/flow_alerts/FlowRiskSMBInsecureVersionAlert.h
@@ -35,12 +35,11 @@ class FlowRiskSMBInsecureVersionAlert : public FlowRiskAlert {
   }
 
   FlowRiskSMBInsecureVersionAlert(FlowCheck *c, Flow *f)
-      : FlowRiskAlert(c, f){};
+    : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskSMBInsecureVersionAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_SMB_INSECURE_VERSION_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskSSHObsoleteClientAlert.h b/include/flow_alerts/FlowRiskSSHObsoleteClientAlert.h
@@ -39,12 +39,11 @@ class FlowRiskSSHObsoleteClientAlert : public FlowRiskAlert {
     return FlowRiskAlerts::getFlowRiskScore(getClassRisk());
   }
 
-  FlowRiskSSHObsoleteClientAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){};
+  FlowRiskSSHObsoleteClientAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskSSHObsoleteClientAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_SSH_OBSOLETE_CLIENT_ALERT_H_ */
diff --git a/include/flow_alerts/FlowRiskSSHObsoleteServerAlert.h b/include/flow_alerts/FlowRiskSSHObsoleteServerAlert.h
@@ -39,12 +39,11 @@ class FlowRiskSSHObsoleteServerAlert : public FlowRiskAlert {
     return FlowRiskAlerts::getFlowRiskScore(getClassRisk());
   }
 
-  FlowRiskSSHObsoleteServerAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){};
+  FlowRiskSSHObsoleteServerAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){ setAlertScore(getDefaultScore());};
   ~FlowRiskSSHObsoleteServerAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
-  u_int8_t getAlertScore() const { return getDefaultScore(); }
 };
 
 #endif /* _FR_SSH_OBSOLETE_SERVER_ALERT_H_ */