Now adding correct protocols

warden3/contrib/connectors/hp-labrea/labrea-idea.py

@@ -259,13 +259,15 @@ class IdeaGen(object):
                 "category": ["Recon.Scanning"],
                 "description": "TCP connections/scan",
                 "template": "labrea-001",
-                "note": "Connections from remote host to never assigned IP"
+                "note": "Connections from remote host to never assigned IP",
+                "proto": ["tcp"]
             },
             "ping": {
                 "category": ["Recon.Scanning"],
                 "description": "Ping scan",
                 "template": "labrea-002",
-                "note": "Ping requests from remote host to never assigned IP"
+                "note": "Ping requests from remote host to never assigned IP",
+                "proto": ["icmp"]
             },
             "synack": {
                 "category": ["Availability.DoS"],
@@ -273,7 +275,8 @@ class IdeaGen(object):
                 "template": "labrea-003",
                 "note": "Unsolicited SYN/ACK packet received from remote host to never assigned IP",
                 "source_type": ["Backscatter"],
-                "source_to_target": True
+                "source_to_target": True,
+                "proto": ["tcp"]
             }
         }
 
@@ -284,7 +287,7 @@ class IdeaGen(object):
         tmpl = self.template[template]
         isource = {
             "IP6" if ":" in src else "IP4": [src],
-            "Proto": ["tcp"]
+            "Proto": tmpl["proto"]
         }
         if "source_type" in tmpl:
             isource["Type"] = tmpl["source_type"]
@@ -296,7 +299,7 @@ class IdeaGen(object):
             folded_tgt.setdefault(frozenset(ports), []).append(tgt)
         itargets = []
         for ports, tgt in folded_tgt.items():
-            itarget = {"Proto": ["tcp"]}
+            itarget = {"Proto": tmpl["proto"]}
             tgts4 = [ip for ip in tgt if ":" not in ip]
             tgts6 = [ip for ip in tgt if ":" in ip]
             if tgts4: