I'm trying to use Javascript actions (as suggested here:
to detect port scans from a set of "drop" events generated by
For example I'd like to trigger a "Port sweep" correlated event
everytime a single host (InitIP or InitHostName) tries to contact more
than N distinct targets on the same TCP/UDP port and these connections
are blocked by firewalls.

I'm implementig this check by means of an action script that is
triggered by a correlation rule, fired everytime a single host performs
more than 100 drops in 1 minute. The script counts the number of
distinct targets in the list of correlated events and evaluates to true
if that number exceeds a given threshold (N).
Now, I can verify the functionality of my script with the integrated
Javascript debugger but I'm not able to generate a correlated event when
the script evaluates to true. The documentation for developing custom
Javascript actions available on http://www.novell.com/developer does not
cover all SDK objects and methods (e.g.: CorrelatedEvent).

How can I generate a correlated events from a JS action script
triggered by a correlation? I tried to modify the triggering correlated
event with

this.corrEvent.setEvt(instance.CONFIG.params.scanT ype+" detected");

but the modified event is not sent to DB or GUI.
How can I trigger another action (such as Configure Correlated Event or
Send Email) from a JavaScript Action?

Any idea?

m_gandolfi's Profile: http://forums.novell.com/member.php?userid=53553
View this thread: http://forums.novell.com/showthread.php?t=425156