vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-30 07:59:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
10971 commits 26 branches 19 tags 446 MiB
Commit graph

40 commits

Author SHA1 Message Date
Simone Mainardi
ec9d092423 Fixes DNS stats when collecting from ZMQ 
Fixes #4148
 2020-07-29 10:40:53 +02:00
Simone Mainardi
0b894bcec9 Typo 2020-07-24 13:22:17 +02:00
Simone Mainardi
c3bf89e984 Improves loading of flow definitions (uses require in place of dofile) 2020-07-23 14:31:09 +02:00
Alfredo Cardigliano
2364e73345 DSCP utiliti functions 2020-07-17 10:40:38 +02:00
Simone Mainardi
83c4d36e34 Simplifies flow.triggerStatus using internal flow status reference 2020-04-27 17:48:56 +02:00
Simone Mainardi
290175b16f Refactors alrt builders into creators 
Refactors builders into creators: calls
 2020-04-27 15:53:56 +02:00
Simone Mainardi
ab1690ad9e Implements builders for each flow status definition 
[FlowsK] alert_blacklisted_country.lua

[FlowsK] alert_flow_blacklisted.lua

[FlowsK] alert_device_protocol_not_allowed.lua

[FlowsK] external_alert.lua

[FlowsK] alert_potentially_dangerous_protocol.lua

[FlowsK] tls_certificate_mismatch.lua

[FlowsK] tls_certificate_expired.lua

[FlowsK] tls_malicious_signature.lua

[FlowsK] elephant_flows.lua

[FlowsK] not_purged.lua

[FlowsK] web_mining.lua

[FlowsK] potentially_dangerous.lua

[FlowsK] alert_flow_blocked.lua
 2020-04-27 12:43:37 +02:00
Simone Mainardi
78b334e4eb Refactors alerts and flow statuses in builtin and plugins 
Implements #3811
Implements #3812

Refactors builtin alerts

Refactors builtin flow statuses
 2020-04-21 22:27:49 +02:00
Simone Mainardi
0a9a7015e0 Unifies status_id and status_key 2020-04-15 14:29:03 +02:00
Simone Mainardi
4177ee61ab Implements constant flow and alert ids 
Enlarges AlertType size

Changes alerts database
 2020-04-14 22:20:44 +02:00
emanuele-f
15c013922d Improve plugins reload to avoid transient errors 
A "shadow directory" is now populated when the reload occurs and then swapped as the active directory.
This avoids breaking the directory structure or changing files when other threads are possibly working
on them.

Fixes #3595
 2020-03-26 14:21:11 +01:00
emanuele-f
58b3d42d22 Set max score on hosts contacting blacklisted hosts 2020-02-17 15:16:01 +01:00
emanuele-f
13ec0d2f44 Use the flow score to determine the status priority 2020-02-07 19:17:07 +01:00
Alfredo Cardigliano
9d57d9ffce Fix error string (2) 2020-01-30 10:04:34 +01:00
emanuele-f
566b9ece0b Score changes 
- Move score from status definition to user scripts
- Separate flow score counter from the peers score
- Create a new HostScore class to hold the score data
 2020-01-16 18:11:14 +01:00
Simone Mainardi
48910b9f87 Implements auto assignment of user script alert and status ids 2020-01-15 13:08:58 +01:00
emanuele-f
d7528e1628 Score improvements 
The score is now calculated differently on the client and on the server of the flow.
The hosts flow is updated every minute and charted.
It's now possible to trigger an alert when the score threshold is exceeded
 2020-01-15 12:34:16 +01:00
Luca Deri
170bc60f19 Updated (C) 2020-01-08 23:52:51 +01:00
Luca
165e7cdea3 Changes for TLS certificate expire check 2020-01-03 21:26:48 +01:00
emanuele-f
8883a5321a Fix plugins errors due to demo expiration 2019-12-12 17:26:56 +01:00
emanuele-f
e9a081903c More robust plugins loading and error reporting 
This prevents malformed scripts in plugins from breaking ntopng
 2019-12-11 13:20:11 +01:00
emanuele-f
a3432e00e8 Implement ntopng plugins 
Plugins are a convenient way to group together related lua scripts.
Their primary use case is to group user scripts and their alert/status
definition.
The builtin ntopng user scripts and definitions are now
packed into plugins directories. In future, we will support loading of
user created plugins.
Plugins are loaded at startup into some runtime directories and then
used. Other changes provided by this commit include:

- Add sample flow logger plugin
- Initial support for system user scripts
- Rename edge to threshold
- Migrate system probes to user scripts/plugins
- Migrate scripts to more explicit alerts_api.checkThresholdAlert api
 2019-12-10 09:25:57 +01:00
Alfredo Cardigliano
e38835a603 Rename SSL to TLS (fix #3013) 2019-11-15 12:40:01 +01:00
Alfredo Cardigliano
fa57c701bb Displaying file id to retrieve files stored by Suricata 2019-10-28 12:24:15 +01:00
emanuele-f
6fbc01b28e Remove redis hash access for user scripts disabled check 2019-10-23 14:41:10 +02:00
emanuele-f
b3374651ce Merge branch 'alerts_cleanup' into dev 2019-10-22 10:50:21 +02:00
emanuele-f
b3a8c6d49a Migrate C flow status alerts to Lua user scripts 
- Alerts and flow status cleanup
- Community flow user scripts migration
- Implement scripts filters by l7 proto and packet interface only
- Migrate flow2statusinfojson
- Lower flow periodic update to 30 seconds if there is flow activity
- Display flow scripts without a gui section
 2019-10-22 10:42:22 +02:00
Alfredo Cardigliano
9b071bb873 Ingesting JA3 from Suricata, uniformed TLS IE names with those exported by cento, added localization for missing IEs 2019-10-17 13:04:42 +02:00
emanuele-f
6533175336 Add flow/alerts definitions directories 2019-10-16 17:45:55 +02:00
emanuele-f
9386fdd2b1 Add status/alerts definitions overview page and documentation 2019-10-16 17:23:54 +02:00
emanuele-f
7a14a9cf11 Improvements in status definition API 2019-10-16 10:33:19 +02:00
emanuele-f
9ea7ff01b8 Improve flow alert trigger logic and fix support for custom message 2019-10-15 18:36:41 +02:00
emanuele-f
b217909966 Split flow status definitions in multiple files 2019-10-15 17:28:45 +02:00
Alfredo Cardigliano
240fa15149 Handle additional fields from Suricata 2019-10-15 15:48:12 +02:00
emanuele-f
2fdc860ed2 Add support for custom flow alerts in user scripts 2019-10-11 19:48:11 +02:00
Alfredo Cardigliano
7e9678de37 IDS alert -> External alert 2019-10-09 11:35:51 +02:00
Simone Mainardi
fa17aab9db Implements lua flow method calls using ids to be more efficient 2019-09-30 17:29:01 +02:00
emanuele-f
6e14f978d6 Flow alerts status cleanup 2019-09-10 13:12:11 +02:00
Alfredo Cardigliano
871bb63b61 Added default relevance per flow status 2019-09-05 11:53:42 +02:00
Alfredo Cardigliano
141622f151 Lua: created flow_consts module, getFlowStatusTypes has been replaced by flow_consts.flow_status_types, added flow.status_map to the Lua flow info 2019-09-04 22:20:51 +02:00