From e559e16e358ff5c9a6e2ff27e8ba14d8594e9e0c Mon Sep 17 00:00:00 2001
From: Spencer <toamidan@gmail.com>
Date: Mon, 15 Sep 2025 13:24:43 -0500
Subject: [PATCH] refactor: Change UFW block anomaly severity to medium

Changed the severity of the UFW block anomaly from "high" to "medium".
A high number of blocked connections is not a critical issue as long as the firewall is working correctly.
---
 monitor_agent.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/monitor_agent.py b/monitor_agent.py
index 01e8dba..7130cb6 100755
--- a/monitor_agent.py
+++ b/monitor_agent.py
@@ -333,7 +333,7 @@ def analyze_data_locally(data, baselines, known_issues, port_applications):
         for ip, count in blocked_ips.items():
             if count > 10:
                 anomalies.append({
-                    "severity": "high",
+                    "severity": "medium",
                     "reason": f"High number of blocked connections ({count}) from IP address: {ip}"
                 })