vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-05 10:41:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
26031 commits 26 branches 19 tags 448 MiB
Commit graph

151 commits

Author SHA1 Message Date
Matteo Biscosi
23f1250451 Fixes query in case of NULL IPs 2026-01-13 11:45:02 +01:00
Matteo Biscosi
02e4a66de3 Fixes scan alert not correctly settings some parameters 2026-01-09 16:46:41 +01:00
Manuel Ceroni
16a021ff58
Added sanity checks to the Redis reads/writes exceeded alert (#9906) 2025-12-19 09:44:50 +01:00
Alfredo Cardigliano
1057d3b397 Add safety checks on all calls to ifstats.probes 2025-11-04 15:44:38 +01:00
Luca Deri
2061b4e47f Added exporter check 2025-11-04 11:31:10 +01:00
Alfredo Cardigliano
f001449bbd Comments 2025-10-31 10:52:11 +01:00
Matteo Biscosi
c211349d3a Added flag to skip warning in case of non-periodic checks (#9704) 2025-09-26 16:22:36 +02:00
Alfredo Cardigliano
0d6e639772 Add support for AS checks in scripts/lua/modules/check_definitions/as/ 2025-09-04 14:57:07 +02:00
Luca
1630b1a471 Added value check 2025-08-07 19:44:21 +02:00
Alfredo Cardigliano
48c849f4c7 Skip (and report) bad IPs in scan check 2025-05-27 16:05:40 +02:00
Matteo Biscosi
f697b62ec5 added check 2025-05-16 18:03:54 +02:00
Matteo Biscosi
eba11253f5 Added uptime check for no_if_activity alert 2025-04-23 17:04:48 +02:00
Manuel Ceroni
26c23347e7
Improved Scan Alerts with MITRE and fixes (#9127) 2025-04-08 11:33:53 +02:00
Manuel Ceroni
e1328ae36b
Implemented Scan Realtime Alert (#9106) 
* Implemented Scan Realtime Alert

* Removed old scan alerts
 2025-04-04 12:42:46 +02:00
Luca Deri
e0b908b42e Removed obsoleted TLSSuspiciousESNIUsage 
Improved device type guessing based on the OS
 2025-03-25 21:56:38 +01:00
Manuel Ceroni
fe0975ba2a
Added Service Down check to Scan Alert (#9066) 2025-03-21 16:55:29 +01:00
Alfredo Cardigliano
b1fb4322f9 Fix correlation of suricata alerts for dns flows 2025-03-18 08:59:46 +01:00
Alfredo Cardigliano
8690becceb Parse query id from syslog alerts 2025-03-17 20:14:56 +01:00
Manuel Ceroni
f5ea2e1062
Updated scan alert to display network address instead of network ID (#9043) 2025-03-17 15:39:59 +01:00
Manuel Ceroni
69e91bd875
Updated service scan check and changed limits in Scan Alert (#9026) 2025-03-11 12:33:42 +01:00
Manuel Ceroni
00c6efdce6
Implemented network and service scan checks, merging them with the port scan check into a single alert (Scan Alert) (#9024) 2025-03-10 21:19:05 +01:00
Matteo Biscosi
34b559e66d Added attacker in port scan (#9009) 2025-03-05 11:52:56 +01:00
Manuel Ceroni
83d6fb24da
Port scan alert aggregation (#9021) 2025-03-04 16:12:13 +01:00
Luca
a72491832f Periodic flow check is now disabled by default 2025-02-28 18:58:34 +01:00
manuelceroni
bbbcd6510a Changed interval size and priority for port scan alerts 2025-02-28 13:14:17 +01:00
Alfredo Cardigliano
ab9224d2ce Extend lua alerts API with alert:set_require_attention() 2025-02-28 11:58:08 +01:00
Manuel Ceroni
d4b7a3d375
Implemented port scan alert (clickhouse) (#9006) 2025-02-27 10:44:18 +01:00
Manuel Ceroni
4ad05ce8e5
Implemented an alert for anomalous Redis reads and writes number (#8969) 2025-02-19 17:48:47 +01:00
Alfredo Cardigliano
2c1908b43e Fix dup condition 2025-02-19 09:47:19 +01:00
Alfredo Cardigliano
f81f282442 Code cleanup 2025-02-17 16:02:19 +01:00
Alfredo Cardigliano
31752105d9 Add Lua host check example (Suspicious Domain Scans) #8956 2025-02-17 15:14:30 +01:00
Matteo Biscosi
e89f07f238 Merged score threshold and dangerous hosts alerts (#8827) 2024-12-12 16:45:43 +01:00
Alfredo Cardigliano
027a4ebbf4 Add missing require 2024-12-09 09:24:45 +01:00
Luca Deri
d3e469a316 Mergec TCP Probing and Probin attempt 2024-11-20 22:08:07 +01:00
YellowMan
d396297985
Tcp Probing Attempt Alert (#8821) 
* Implemented TCP Probing Attempt Alert

---------

Co-authored-by: DiPalmaGiuseppe <g.dipalma6@studenti.unipi.it>
 2024-11-20 10:58:36 +01:00
Alfredo Cardigliano
57fb25a60d Parse ndpi confidence from suricata 2024-11-06 12:22:21 +01:00
Alfredo Cardigliano
3d87347f4c Set flow l7 proto when collecting flows from suricata 2024-11-06 12:06:55 +01:00
Luca
1117e71d18 Removed SYN flood check that was partially overlapping with SYN scan 2024-10-22 15:46:50 +02:00
Matteo Biscosi
952e136080 Moved unexpected gateway check from flows to hosts 2024-10-07 16:58:31 +02:00
Matteo Biscosi
5314a61f7c Added gateway alert and configuration (#8687); Fixes nedge compilation issue 2024-10-02 11:07:19 +02:00
GabrieleDeri
6dca44aeb6
Added network configuration menu section. Removed checks text box area (#8710) 
* Added network configuration menu section. Removed checks text box area
 2024-09-09 09:53:17 +02:00
Alfredo Cardigliano
3b0b60c422 Remove JA3 leftovers. Update alert keys. Rename malivious JA3 to malicious Fingerprint. 2024-09-02 18:34:17 +02:00
Alfredo Cardigliano
548c9aeec5 Remove obsolete JA3 support 2024-08-09 09:08:32 +02:00
Matteo Biscosi
4b1b37103a Changed alert msg and added support to zmq only interface alerts 2024-08-08 17:25:35 +02:00
Matteo Biscosi
46fff4d8e3 Updated checks documentation (#8463) 2024-08-08 17:25:35 +02:00
Luca Deri
16b5a8ccc1 Implemented no exporter/probe activity (#8608) 2024-08-07 18:06:51 +02:00
Alfredo Cardigliano
b09688beee Add new alert no_exporter_activity 2024-08-07 13:05:48 +02:00
Alfredo Cardigliano
60c6d0c9a7 Do not trigger no_if_activity for pcap or db dump anlysis 2024-07-18 13:59:22 +00:00
Luca Deri
4ecd7e8bf6 Removed trace 2024-07-16 21:30:01 +02:00
Matteo Biscosi
13287d609e Added alert when dropping flows due to flow exporters limit exceeded 2024-07-15 18:58:36 +02:00