Refactor severity handling in WAF detection to use action-based values in LogConsumerService

This update introduces a new function, serverityFromAttackAction, to determine the severity level based on the attack action (warn, block, pass). The severity for generated WAF detection signals and events is now dynamically set using this function, enhancing the accuracy of event categorization.

internal/service/log_consumer.go

@@ -178,10 +178,23 @@ func (s *LogConsumerService) genWafDetection(wafDetectionMessage model.WafDetect
 	return wafDetection, nil
 }
 
+func serverityFromAttackAction(action string) int {
+	switch action {
+	case "warn":
+		return 5
+	case "block":
+		return 3
+	case "pass":
+		return 7
+	default:
+		return 7
+	}
+}
+
 func (s *LogConsumerService) genWafDetectionSignal(wafDetectionMessage model.WafDetectionMessage, attackedLog model.WafDetectionAttackedLog, eventID string) (model.Signal, error) {
 	signal := model.Signal{
 		ID:      id.Str(),
-		RuleKey: &model.RuleKey{Name: attackedLog.RuleName, Category: "WAF"},
+		RuleKey: &model.RuleKey{Name: attackedLog.AttackType, Category: "WAF"},
 		Scope: &map[string]model.Scope{
 			"cluster": {
 				Kind: "cluster",
@@ -199,7 +212,7 @@ func (s *LogConsumerService) genWafDetectionSignal(wafDetectionMessage model.Waf
 				Name: fmt.Sprintf("%s(%s)", wafDetectionMessage.WafDetectionMessageBasic.ResName, wafDetectionMessage.WafDetectionMessageBasic.ResKind),
 			},
 		},
-		Severity: 6,
+		Severity: serverityFromAttackAction(attackedLog.Action),
 		Tags:     []string{"waf"},
 		EventIDs: []string{eventID},
 		Context: map[string]interface{}{
@@ -292,7 +305,7 @@ func (s *LogConsumerService) genWafDetectionEvent(wafDetectionMessage model.WafD
 		},
 		CreatedAt: attackedLog.AttackTime,
 		UpdatedAt: attackedLog.AttackTime,
-		Severity:  6,
+		Severity:  serverityFromAttackAction(attackedLog.Action),
 		Timestamp: time.Now(),
 		Context: map[string]interface{}{
 			"attack_ip":   attackedLog.AttackIP,