TsgcWebSocketFirewall › Events › OnThreatScoreChanged
Fires when the cumulative threat score of an IP is updated.
property OnThreatScoreChanged: TsgcFirewallOnThreatScoreChanged;
// TsgcFirewallOnThreatScoreChanged = procedure(Sender: TObject; const aIP: string; aOldScore, aNewScore: Integer) of object—
OnThreatScoreChanged is raised by the ThreatScore module every time an IP’s score is recomputed after a violation. aOldScore is the decayed score before the new violation weight was added and aNewScore is the resulting value (clamped to the 0–100 range). Weights per violation type, the decay rate (DecayPerHour) and the auto-ban threshold (AutoBanThreshold) are configured on the ThreatScore property; when aNewScore reaches AutoBanThreshold the IP is automatically banned (permanent ban, DurationSec = 0) and an OnFiltered/OnViolation pair is raised for subsequent requests. Use this event to surface rising-risk clients in dashboards or to integrate with external reputation systems. The handler runs in the server I/O thread; keep it short and thread-safe.
procedure TForm1.sgcWebSocketFirewall1ThreatScoreChanged(Sender: TObject;
const aIP: string; aOldScore, aNewScore: Integer);
begin
Memo1.Lines.Add(Format('threat score %s: %d -> %d',
[aIP, aOldScore, aNewScore]));
// proactively notify ops when an IP crosses a warning threshold
if (aOldScore < 50) and (aNewScore >= 50) then
NotifyOps('High threat score for ' + aIP);
end;