vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-06 03:45:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Tests update (add num_records_processed)

Browse source
This commit is contained in:
Alfredo Cardigliano 2022-01-24 16:00:36 +01:00
parent 291b226ef6
commit c927aab7a5
13 changed files with 13 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/rest/result/v2/alert_dns_data_exfiltration_01.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/alert_dns_data_exfiltration_02.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/alert_flow_exclusion_lists.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/alert_flow_invalid_dns_query_02.out
View file

@ -1,2 +1,2 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button> <a class='ntopng-external-link' href='https://adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it' target='_blank'><i class='fas fa-external-link-alt'></i> adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: …"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Srv Cli]","shorten_descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdf…"},"duration":29085047,"family":"flow","filter":{"bpf":"host 192.168.2.222 and host 9.9.9.9 and port 59610 and port 53","epoch_begin":1613488852,"epoch_end":1642573900},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"country":"US","label":"9.9.9.9","label_long":"9.9.9.9","reference":"<a href='/lua/host_details.lua?host=9.9.9.9' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"9.9.9.9"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Srv Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"16/02/2021 16:20:52","value":1613488852},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.18596649169922}}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button> <a class='ntopng-external-link' href='https://adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it' target='_blank'><i class='fas fa-external-link-alt'></i> adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: …"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Srv Cli]","shorten_descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdf…"},"duration":29517002,"family":"flow","filter":{"bpf":"host 192.168.2.222 and host 9.9.9.9 and port 59610 and port 53","epoch_begin":1613488852,"epoch_end":1643005855},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"country":"US","label":"9.9.9.9","label_long":"9.9.9.9","reference":"<a href='/lua/host_details.lua?host=9.9.9.9' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"9.9.9.9"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Srv Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"16/02/2021 16:20:52","value":1613488852},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.2589225769043}}}

2
tests/rest/result/v2/alert_flow_risk_dga_01.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/alert_flow_risk_dga_02.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/alert_flow_risk_http_numeric_ip_host.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/alert_flow_risk_missing_tls_sni.out
View file

@ -1,2 +1,2 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], TLS not carrying HTTPS <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-015\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'>…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","value":"54"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","count":1,"description":{"descr":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":84755420,"family":"flow","filter":{"bpf":"host 10.206.131.18 and host 10.206.65.249 and port 58657 and port 443","epoch_begin":1557818846,"epoch_end":1642574267},"flow":{"active_url":"/lua/flow_details.lua?flow_key=362652409&flow_hash_id=0","cli_ip":{"country":"","label":"10.206.131.18@258","label_long":"10.206.131.18@258","reference":"<a href='/lua/host_details.lua?host=10.206.131.18@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.131.18@258"},"cli_port":"58657","srv_ip":{"country":"","label":"10.206.65.249@258","label_long":"10.206.65.249@258","reference":"<a href='/lua/host_details.lua?host=10.206.65.249@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.65.249@258"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_missing_sni#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Missing TLS SNI","name":"Missing TLS SNI","value":54},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"ndpi_tls_missing_sni","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"14/05/2019 08:27:26","value":1557818846},"vlan_id":"258"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.21195411682129}}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], TLS not carrying HTTPS <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-015\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'>…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","value":"54"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","count":1,"description":{"descr":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":85187358,"family":"flow","filter":{"bpf":"host 10.206.131.18 and host 10.206.65.249 and port 58657 and port 443","epoch_begin":1557818846,"epoch_end":1643006205},"flow":{"active_url":"/lua/flow_details.lua?flow_key=362652409&flow_hash_id=0","cli_ip":{"country":"","label":"10.206.131.18@258","label_long":"10.206.131.18@258","reference":"<a href='/lua/host_details.lua?host=10.206.131.18@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.131.18@258"},"cli_port":"58657","srv_ip":{"country":"","label":"10.206.65.249@258","label_long":"10.206.65.249@258","reference":"<a href='/lua/host_details.lua?host=10.206.65.249@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.65.249@258"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_missing_sni#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Missing TLS SNI","name":"Missing TLS SNI","value":54},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"ndpi_tls_missing_sni","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"14/05/2019 08:27:26","value":1557818846},"vlan_id":"258"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.19192695617676}}}

2
tests/rest/result/v2/alert_flow_risk_unsafe_protocol.out
View file

File diff suppressed because one or more lines are too long

2
tests/rest/result/v2/alert_tls_cert_validity_too_long.out
View file

@ -1,2 +1,2 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'>…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Too Long TLS Certificate Validity","value":"60"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Too Long TLS Certificate Validity","count":1,"description":{"descr":"Too Long TLS Certificate Validity <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-032\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":19872844,"family":"flow","filter":{"bpf":"host 192.168.2.222 and host 20.86.186.134 and port 40124 and port 443","epoch_begin":1622701860,"epoch_end":1642574705},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3573560583&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"40124","srv_ip":{"country":"NL","label":"wdcp.microsoft.com","label_long":"wdcp.microsoft.com","name":"wdcp.microsoft.com","reference":"<a href='/lua/host_details.lua?host=20.86.186.134' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"20.86.186.134"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Microsoft","label":"TCP:TLS.Microsoft","value":"212"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_cert_validity_too_long#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Too Long TLS Certificate Validity <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-032\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Too Long TLS Certificate Validity","name":"Too Long TLS Certificate Validity","value":60},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_cert_validity_too_long","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"03/06/2021 07:31:00","value":1622701860},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.19288063049316}}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'>…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Too Long TLS Certificate Validity","value":"60"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Too Long TLS Certificate Validity","count":1,"description":{"descr":"Too Long TLS Certificate Validity <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-032\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":20304768,"family":"flow","filter":{"bpf":"host 192.168.2.222 and host 20.86.186.134 and port 40124 and port 443","epoch_begin":1622701860,"epoch_end":1643006629},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3573560583&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"40124","srv_ip":{"country":"NL","label":"wdcp.microsoft.com","label_long":"wdcp.microsoft.com","name":"wdcp.microsoft.com","reference":"<a href='/lua/host_details.lua?host=20.86.186.134' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"20.86.186.134"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Microsoft","label":"TCP:TLS.Microsoft","value":"212"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_cert_validity_too_long#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Too Long TLS Certificate Validity <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-032\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Too Long TLS Certificate Validity","name":"Too Long TLS Certificate Validity","value":60},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_cert_validity_too_long","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"03/06/2021 07:31:00","value":1622701860},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.19502639770508}}}

2
tests/rest/result/v2/alert_tls_certificate_expired.out
View file

@ -1,2 +1,2 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":{"descr":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":20014728,"family":"flow","filter":{"bpf":"host 192.168.2.126 and host 104.111.215.93 and port 60174 and port 443","epoch_begin":1622559830,"epoch_end":1642574559},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689480653&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.126","label_long":"192.168.2.126","reference":"<a href='/lua/host_details.lua?host=192.168.2.126' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.126"},"cli_port":"60174","srv_ip":{"country":"DE","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"<a href='/lua/host_details.lua?host=104.111.215.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"104.111.215.93"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"01/06/2021 16:03:50","value":1622559830},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.18000602722168}}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":{"descr":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":20446658,"family":"flow","filter":{"bpf":"host 192.168.2.126 and host 104.111.215.93 and port 60174 and port 443","epoch_begin":1622559830,"epoch_end":1643006489},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689480653&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.126","label_long":"192.168.2.126","reference":"<a href='/lua/host_details.lua?host=192.168.2.126' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.126"},"cli_port":"60174","srv_ip":{"country":"DE","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"<a href='/lua/host_details.lua?host=104.111.215.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"104.111.215.93"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"01/06/2021 16:03:50","value":1622559830},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.20599365234375}}}

2
tests/rest/result/v2/alert_tls_certificate_selfsigned.out
View file

@ -1,2 +1,2 @@
{"success":true}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"TLS Certificate Self-signed <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-006\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Application on Non-Standard Port <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-005\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"TLS Certificate Self-signed <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-006\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":{"descr":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53652983,"family":"flow","filter":{"bpf":"host 127.0.0.1 and host 127.0.0.1 and port 51607 and port 3001","epoch_begin":1588921646,"epoch_end":1642574630},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4261499100&flow_hash_id=0","cli_ip":{"country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"cli_port":"51607","srv_ip":{"country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"srv_port":"3001"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"250","value":250},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"08/05/2020 08:07:26","value":1588921646},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.17595291137695}}}
{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"TLS Certificate Self-signed <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-006\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Application on Non-Standard Port <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-005\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"TLS Certificate Self-signed <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-006\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":{"descr":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":54084912,"family":"flow","filter":{"bpf":"host 127.0.0.1 and host 127.0.0.1 and port 51607 and port 3001","epoch_begin":1588921646,"epoch_end":1643006559},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4261499100&flow_hash_id=0","cli_ip":{"country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"cli_port":"51607","srv_ip":{"country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"srv_port":"3001"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"250","value":250},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"08/05/2020 08:07:26","value":1588921646},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.17499923706055}}}

2
tests/rest/result/v2/alert_web_mining.out
View file

File diff suppressed because one or more lines are too long