fix problem passing the correct saddr when setting evidence on multip…

…le empty http connections

modules/http_analyzer/http_analyzer.py

@@ -129,7 +129,6 @@ def check_multiple_empty_connections(
             google, bing, yandex and yahoo on port 80
         and evidence is generted only when the 4 conns have an empty uri
         """
-        print(f"@@@@@@@@@@@@@@@@ contacted host {contacted_host}")
         # to test this wget google.com:80 twice
         # wget makes multiple connections per command,
         # 1 to google.com and another one to www.google.com
@@ -161,7 +160,7 @@ def check_multiple_empty_connections(
         if connections == self.empty_connections_threshold:
             threat_level: ThreatLevel = ThreatLevel.MEDIUM
             confidence: float = 1
-            saddr: str = profileid.split('_')[0]
+            saddr: str = profileid.split('_')[-1]
             description: str = f'Multiple empty HTTP connections to {host}'
 
             attacker = Attacker(

slips_files/core/database/database_manager.py

@@ -896,7 +896,10 @@ def get_branch(self, *args, **kwargs):
         return self.rdb.get_branch(*args, **kwargs)
 
     def add_alert(self, alert: dict):
-        twid_starttime: float = self.rdb.get_tw_start_time(alert['profileid'], alert['twid'])
+        twid_starttime: float = self.rdb.get_tw_start_time(
+            alert['profileid'],
+            alert['twid']
+        )
         twid_endtime: float = twid_starttime + RedisDB.width
         alert.update({'tw_start': twid_starttime, 'tw_end': twid_endtime})
         return self.sqlite.add_alert(alert)