vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-06 03:45:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Tests update (add alerts query stats: duration, sql)

Browse source
This commit is contained in:
Alfredo Cardigliano 2021-11-23 09:16:32 +01:00
parent d1416cf802
commit 3809c5d957
30 changed files with 30 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/rest/result/v1/alert_dns_data_exfiltration_01.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v1/alert_dns_data_exfiltration_02.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v1/alert_flow_exclusion_lists.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v1/alert_flow_invalid_dns_query_01.out
View file

@ -1,3 +1,3 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":{"success":true}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":"","alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Invalid DNS query","value":"7"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Invalid DNS query","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":"Invalid DNS query [Score: 10] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"label":"devel","label_long":"devel","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"label":"9.9.9.9","label_long":"9.9.9.9","reference":"<a href='/lua/host_details.lua?host=9.9.9.9' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"9.9.9.9"},"srv_port":"53"},"l7_proto":{"label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=invalid_dns_query#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Invalid DNS query [Score: 10] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Invalid DNS query","name":"Invalid DNS query","value":7},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"invalid_dns_query","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"tstamp":{"highlight":"#5cd65c","label":"06:34:50","value":1635917690},"vlan_id":"0"}]}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Invalid DNS query","value":"7"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Invalid DNS query","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Invalid DNS query [Score: 10] [Query Type: 1] [Return Code: 0] [URL: asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Svr Cli]","shorten_descr":"Invalid DNS query [Score: 10] [Query Type: 1] [Return Code: 0] [URL: asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.as…"},"duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"country":"","label":"devel","label_long":"devel","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"country":"US","label":"9.9.9.9","label_long":"9.9.9.9","reference":"<a href='/lua/host_details.lua?host=9.9.9.9' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"9.9.9.9"},"srv_port":"53"},"l7_proto":{"label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=invalid_dns_query#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Invalid DNS query [Score: 10] [Query Type: 1] [Return Code: 0] [URL: asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Svr Cli]","fullname":"Invalid DNS query","name":"Invalid DNS query","value":7},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"invalid_dns_query","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"tstamp":{"highlight":"#5cd65c","label":"06:29:59","value":1637645399},"vlan_id":"0"}]}}

2
tests/rest/result/v1/alert_flow_invalid_dns_query_02.out
View file

@ -1,2 +1,2 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":"Invalid DNS query [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli], Remote to Remote [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server fo…","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server fo…","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"label":"192.168.2.222","label_long":"192.168.2.222","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"label":"9.9.9.9","label_long":"9.9.9.9","reference":"<a href='/lua/host_details.lua?host=9.9.9.9' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"9.9.9.9"},"srv_port":"53"},"l7_proto":{"label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server fo…","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"120","value":120},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"06:35:19","value":1635917719},"vlan_id":"0"}]}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Invalid DNS query [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button> <a class='ntopng-external-link' href='https://asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it' target='_blank'><i class='fas fa-external-link-alt'></i> asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it</a>] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli], Remote to Remote [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button> <a class='ntopng-external-link' href='https://asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it' target='_blank'><i class='fas fa-external-link-alt'></i> asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it</a>] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Invalid DNS query [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor:…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server fo…","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server fo…","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Svr Cli]","shorten_descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsf…"},"duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"country":"US","label":"9.9.9.9","label_long":"9.9.9.9","reference":"<a href='/lua/host_details.lua?host=9.9.9.9' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"9.9.9.9"},"srv_port":"53"},"l7_proto":{"label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Svr Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server fo…","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"120","value":120},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"06:30:30","value":1637645430},"vlan_id":"0"}]}}

2
tests/rest/result/v1/alert_flow_risk_dga_01.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v1/alert_flow_risk_dga_02.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v1/alert_flow_risk_http_numeric_ip_host.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v1/alert_flow_risk_missing_tls_sni.out
View file

@ -1,2 +1,2 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":"Remote to Remote [Score: 50] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli], TLS not carrying HTTPS <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-015\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","value":"54"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","count":1,"description":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=362652409&flow_hash_id=0","cli_ip":{"label":"10.206.131.18@258","label_long":"10.206.131.18@258","reference":"<a href='/lua/host_details.lua?host=10.206.131.18@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.131.18@258"},"cli_port":"58657","srv_ip":{"label":"10.206.65.249@258","label_long":"10.206.65.249@258","reference":"<a href='/lua/host_details.lua?host=10.206.65.249@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.65.249@258"},"srv_port":"443"},"l7_proto":{"label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_missing_sni#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Missing TLS SNI","name":"Missing TLS SNI","value":54},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"ndpi_tls_missing_sni","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"06:37:20","value":1635917840},"vlan_id":"258"}]}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli], TLS not carrying HTTPS <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-015\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli], TLS not carrying HTTPS <a href=\"https://www.ntop.org/guides…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","value":"54"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","count":1,"description":{"descr":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]"},"duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=362652409&flow_hash_id=0","cli_ip":{"country":"","label":"10.206.131.18@258","label_long":"10.206.131.18@258","reference":"<a href='/lua/host_details.lua?host=10.206.131.18@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.131.18@258"},"cli_port":"58657","srv_ip":{"country":"","label":"10.206.65.249@258","label_long":"10.206.65.249@258","reference":"<a href='/lua/host_details.lua?host=10.206.65.249@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.65.249@258"},"srv_port":"443"},"l7_proto":{"label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_missing_sni#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]","fullname":"Missing TLS SNI","name":"Missing TLS SNI","value":54},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"ndpi_tls_missing_sni","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"06:32:30","value":1637645550},"vlan_id":"258"}]}}

2
tests/rest/result/v1/alert_flow_risk_unsafe_protocol.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v1/alert_tls_certificate_expired.out
View file

@ -1,2 +1,2 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":"Remote to Remote [Score: 100] [Predominant Traffic: Cli <i class='fas fa-arrow-right'></i> Srv]","alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":"TLS Certificate Expired [www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][07/03/2019 01:00:00 - 05/05/2020 13:00:00] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Predominant Traffic: Cli <i class='fas fa-arrow-right'></i> Srv]","duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=689480653&flow_hash_id=0","cli_ip":{"label":"192.168.2.126","label_long":"192.168.2.126","reference":"<a href='/lua/host_details.lua?host=192.168.2.126' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.126"},"cli_port":"60174","srv_ip":{"label":"www.repubblica.it","label_long":"www.repubblica.it","reference":"<a href='/lua/host_details.lua?host=104.111.215.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"104.111.215.93"},"srv_port":"443"},"l7_proto":{"label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired [www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][07/03/2019 01:00:00 - 05/05/2020 13:00:00] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Predominant Traffic: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"06:38:19","value":1635917899},"vlan_id":"0"}]}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Svr]"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":{"descr":"TLS Certificate Expired [www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Score: 100] [Main Direction: Cli Svr]","shorten_descr":"TLS Certificate Expired [www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.geles…"},"duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=689480653&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.126","label_long":"192.168.2.126","reference":"<a href='/lua/host_details.lua?host=192.168.2.126' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.126"},"cli_port":"60174","srv_ip":{"country":"DE","label":"www.repubblica.it","label_long":"www.repubblica.it","reference":"<a href='/lua/host_details.lua?host=104.111.215.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"104.111.215.93"},"srv_port":"443"},"l7_proto":{"label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired [www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Score: 100] [Main Direction: Cli Svr]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"06:33:30","value":1637645610},"vlan_id":"0"}]}}

2
tests/rest/result/v1/alert_tls_certificate_selfsigned.out
View file

@ -1,2 +1,2 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":"TLS Certificate Self-signed <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-006\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli], Application on Non-Standard Port <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-005\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=4261499100&flow_hash_id=0","cli_ip":{"label":"localhost","label_long":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"cli_port":"51607","srv_ip":{"label":"localhost","label_long":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"srv_port":"3001"},"l7_proto":{"label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"250","value":250},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"06:38:49","value":1635917929},"vlan_id":"0"}]}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"TLS Certificate Self-signed <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-006\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli], Application on Non-Standard Port <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-005\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"TLS Certificate Self-signed <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-006\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":{"descr":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]"},"duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=4261499100&flow_hash_id=0","cli_ip":{"country":"","label":"localhost","label_long":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"cli_port":"51607","srv_ip":{"country":"","label":"localhost","label_long":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"srv_port":"3001"},"l7_proto":{"label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"250","value":250},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"06:33:59","value":1637645639},"vlan_id":"0"}]}}

2
tests/rest/result/v1/alert_web_mining.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v1/get_alert_data_01.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/alert_dns_data_exfiltration_01.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/alert_dns_data_exfiltration_02.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/alert_flow_exclusion_lists.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/alert_flow_invalid_dns_query_01.out
View file

@ -1,3 +1,3 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":{"success":true}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":"","alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Invalid DNS query","value":"7"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Invalid DNS query","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":"Invalid DNS query [Score: 10] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"label":"devel","label_long":"devel","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"label":"9.9.9.9","label_long":"9.9.9.9","reference":"<a href='/lua/host_details.lua?host=9.9.9.9' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"9.9.9.9"},"srv_port":"53"},"l7_proto":{"label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=invalid_dns_query#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Invalid DNS query [Score: 10] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Invalid DNS query","name":"Invalid DNS query","value":7},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"invalid_dns_query","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"tstamp":{"highlight":"#5cd65c","label":"06:58:05","value":1635919085},"vlan_id":"0"}]}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Invalid DNS query","value":"7"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Invalid DNS query","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Invalid DNS query [Score: 10] [Query Type: 1] [Return Code: 0] [URL: asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Svr Cli]","shorten_descr":"Invalid DNS query [Score: 10] [Query Type: 1] [Return Code: 0] [URL: asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.as…"},"duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"country":"","label":"devel","label_long":"devel","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"country":"US","label":"9.9.9.9","label_long":"9.9.9.9","reference":"<a href='/lua/host_details.lua?host=9.9.9.9' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"9.9.9.9"},"srv_port":"53"},"l7_proto":{"label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=invalid_dns_query#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Invalid DNS query [Score: 10] [Query Type: 1] [Return Code: 0] [URL: asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Svr Cli]","fullname":"Invalid DNS query","name":"Invalid DNS query","value":7},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"invalid_dns_query","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"tstamp":{"highlight":"#5cd65c","label":"06:53:15","value":1637646795},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.16283988952637}}}

2
tests/rest/result/v2/alert_flow_invalid_dns_query_02.out
View file

@ -1,2 +1,2 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":"Invalid DNS query [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli], Remote to Remote [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server fo…","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server fo…","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"label":"192.168.2.222","label_long":"192.168.2.222","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"label":"9.9.9.9","label_long":"9.9.9.9","reference":"<a href='/lua/host_details.lua?host=9.9.9.9' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"9.9.9.9"},"srv_port":"53"},"l7_proto":{"label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server fo…","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"120","value":120},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"06:58:35","value":1635919115},"vlan_id":"0"}]}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Invalid DNS query [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button> <a class='ntopng-external-link' href='https://asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it' target='_blank'><i class='fas fa-external-link-alt'></i> asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it</a>] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli], Remote to Remote [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button> <a class='ntopng-external-link' href='https://asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it' target='_blank'><i class='fas fa-external-link-alt'></i> asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it</a>] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Invalid DNS query [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor:…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server fo…","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server fo…","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Svr Cli]","shorten_descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsf…"},"duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"country":"US","label":"9.9.9.9","label_long":"9.9.9.9","reference":"<a href='/lua/host_details.lua?host=9.9.9.9' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"9.9.9.9"},"srv_port":"53"},"l7_proto":{"label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.asdfadsfadsfadfasdfasdfad.sfadsfadfasdfasdfadsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Svr Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server fo…","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"120","value":120},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"06:53:45","value":1637646825},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.16903877258301}}}

2
tests/rest/result/v2/alert_flow_risk_dga_01.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/alert_flow_risk_dga_02.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/alert_flow_risk_http_numeric_ip_host.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/alert_flow_risk_missing_tls_sni.out
View file

@ -1,2 +1,2 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":"Remote to Remote [Score: 50] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli], TLS not carrying HTTPS <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-015\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","value":"54"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","count":1,"description":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=362652409&flow_hash_id=0","cli_ip":{"label":"10.206.131.18@258","label_long":"10.206.131.18@258","reference":"<a href='/lua/host_details.lua?host=10.206.131.18@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.131.18@258"},"cli_port":"58657","srv_ip":{"label":"10.206.65.249@258","label_long":"10.206.65.249@258","reference":"<a href='/lua/host_details.lua?host=10.206.65.249@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.65.249@258"},"srv_port":"443"},"l7_proto":{"label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_missing_sni#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Missing TLS SNI","name":"Missing TLS SNI","value":54},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"ndpi_tls_missing_sni","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"07:00:36","value":1635919236},"vlan_id":"258"}]}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli], TLS not carrying HTTPS <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-015\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli], TLS not carrying HTTPS <a href=\"https://www.ntop.org/guides…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","value":"54"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","count":1,"description":{"descr":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]"},"duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=362652409&flow_hash_id=0","cli_ip":{"country":"","label":"10.206.131.18@258","label_long":"10.206.131.18@258","reference":"<a href='/lua/host_details.lua?host=10.206.131.18@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.131.18@258"},"cli_port":"58657","srv_ip":{"country":"","label":"10.206.65.249@258","label_long":"10.206.65.249@258","reference":"<a href='/lua/host_details.lua?host=10.206.65.249@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.65.249@258"},"srv_port":"443"},"l7_proto":{"label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_missing_sni#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]","fullname":"Missing TLS SNI","name":"Missing TLS SNI","value":54},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"ndpi_tls_missing_sni","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"06:55:46","value":1637646946},"vlan_id":"258"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.17499923706055}}}

2
tests/rest/result/v2/alert_flow_risk_unsafe_protocol.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/alert_tls_cert_validity_too_long.out
View file

@ -1,2 +1,2 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":"Remote to Remote [Score: 50] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Too Long TLS Certificate…","value":"60"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Too Long TLS Certificate…","count":1,"description":"Too Long TLS Certificate Validity <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-032\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=3573560583&flow_hash_id=0","cli_ip":{"label":"192.168.2.222","label_long":"192.168.2.222","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"40124","srv_ip":{"label":"wdcp.microsoft.com","label_long":"wdcp.microsoft.com","reference":"<a href='/lua/host_details.lua?host=20.86.186.134' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"20.86.186.134"},"srv_port":"443"},"l7_proto":{"label":"TCP:TLS.Microsoft","value":"212"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_cert_validity_too_long#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Too Long TLS Certificate Validity <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-032\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Too Long TLS Certificate Validity","name":"Too Long TLS Certificate…","value":60},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_cert_validity_too_long","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"07:03:34","value":1635919414},"vlan_id":"0"}]}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Too Long TLS Certificate…","value":"60"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Too Long TLS Certificate…","count":1,"description":{"descr":"Too Long TLS Certificate Validity <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-032\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]"},"duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=3573560583&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"40124","srv_ip":{"country":"NL","label":"wdcp.microsoft.com","label_long":"wdcp.microsoft.com","reference":"<a href='/lua/host_details.lua?host=20.86.186.134' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"20.86.186.134"},"srv_port":"443"},"l7_proto":{"label":"TCP:TLS.Microsoft","value":"212"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_cert_validity_too_long#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Too Long TLS Certificate Validity <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-032\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]","fullname":"Too Long TLS Certificate Validity","name":"Too Long TLS Certificate…","value":60},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_cert_validity_too_long","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"06:58:45","value":1637647125},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.16093254089355}}}

2
tests/rest/result/v2/alert_tls_certificate_expired.out
View file

@ -1,2 +1,2 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":"Remote to Remote [Score: 100] [Predominant Traffic: Cli <i class='fas fa-arrow-right'></i> Srv]","alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":"TLS Certificate Expired [www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][07/03/2019 01:00:00 - 05/05/2020 13:00:00] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Predominant Traffic: Cli <i class='fas fa-arrow-right'></i> Srv]","duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=689480653&flow_hash_id=0","cli_ip":{"label":"192.168.2.126","label_long":"192.168.2.126","reference":"<a href='/lua/host_details.lua?host=192.168.2.126' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.126"},"cli_port":"60174","srv_ip":{"label":"www.repubblica.it","label_long":"www.repubblica.it","reference":"<a href='/lua/host_details.lua?host=104.111.215.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"104.111.215.93"},"srv_port":"443"},"l7_proto":{"label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired [www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][07/03/2019 01:00:00 - 05/05/2020 13:00:00] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Predominant Traffic: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07:02:34","value":1635919354},"vlan_id":"0"}]}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Svr]"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":{"descr":"TLS Certificate Expired [www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Score: 100] [Main Direction: Cli Svr]","shorten_descr":"TLS Certificate Expired [www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.geles…"},"duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=689480653&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.126","label_long":"192.168.2.126","reference":"<a href='/lua/host_details.lua?host=192.168.2.126' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.126"},"cli_port":"60174","srv_ip":{"country":"DE","label":"www.repubblica.it","label_long":"www.repubblica.it","reference":"<a href='/lua/host_details.lua?host=104.111.215.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"104.111.215.93"},"srv_port":"443"},"l7_proto":{"label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired [www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Score: 100] [Main Direction: Cli Svr]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"06:57:45","value":1637647065},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.15807151794434}}}

2
tests/rest/result/v2/alert_tls_certificate_selfsigned.out
View file

@ -1,2 +1,2 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":"TLS Certificate Self-signed <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-006\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli], Application on Non-Standard Port <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-005\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=4261499100&flow_hash_id=0","cli_ip":{"label":"localhost","label_long":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"cli_port":"51607","srv_ip":{"label":"localhost","label_long":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"srv_port":"3001"},"l7_proto":{"label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Predominant Traffic: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"250","value":250},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07:03:04","value":1635919384},"vlan_id":"0"}]}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"TLS Certificate Self-signed <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-006\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli], Application on Non-Standard Port <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-005\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"TLS Certificate Self-signed <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-006\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":{"descr":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]"},"duration":0,"family":"flow","flow":{"active_url":"/lua/flow_details.lua?flow_key=4261499100&flow_hash_id=0","cli_ip":{"country":"","label":"localhost","label_long":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"cli_port":"51607","srv_ip":{"country":"","label":"localhost","label_long":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"srv_port":"3001"},"l7_proto":{"label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Svr <i class='fas fa-arrow-right'></i> Cli]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"250","value":250},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"06:58:14","value":1637647094},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.16307830810547}}}

2
tests/rest/result/v2/alert_web_mining.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/get_alert_data_01.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/mac_alert_bcast_domains_01.out
View file

@ -1 +1 @@
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":0,"recordsTotal":0,"rsp":{"records":[]}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":0,"recordsTotal":0,"rsp":{"records":[],"stats":{"query":" SELECT 5 entity_id, (tstamp_end - tstamp) duration, * FROM `mac_alerts` WHERE 1 = 1 ","query_duration_msec":0.093936920166016}}}