vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-01 00:19:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
12901 commits 26 branches 19 tags 446 MiB
Commit graph

95 commits

Author SHA1 Message Date
Matteo Biscosi
d27d5b0439 Fixes unexpected host behaviour alert error 2021-03-17 11:24:29 +01:00
Matteo Biscosi
39d3618351 Fixes flow alerts table column width and description 2021-02-26 16:10:48 +01:00
Matteo Biscosi
fa5088d49b Removed useless description from some flow alert 2021-02-26 12:58:06 +01:00
Simone Mainardi
36e26cd0fc Cleanup old ip reassignment / remote to remote alerts code 
Fixes #5038
 2021-02-26 11:36:21 +01:00
Matteo Biscosi
41163ac7f6 Implements low risk alert type must be further split 
Implements #5066
 2021-02-25 19:09:17 +01:00
Matteo Biscosi
dbfdec34fe Implements Local Host behaviour analysis and it's alert 
Alert in case the host has an unexpected behaviour
 2021-02-25 12:04:05 +01:00
Simone Mainardi
1524deae52 Fixes broken remote to remote flow alerts 2021-02-18 11:39:44 +01:00
Matteo Biscosi
3685b103b8 Fixes #5012 missing script localisation 2021-02-04 11:44:22 +01:00
Matteo Biscosi
a0a3e656d7 Fixes contacted_peers.lua gives errors 
Implements #5009
 2021-02-04 10:58:59 +01:00
Luca Deri
4fa925a4c4 Fixed language 2021-02-03 19:57:10 +01:00
Luca Deri
a745c2f38e Fixed error while displaying engaged alerts 2021-02-03 19:48:48 +01:00
Matteo Biscosi
467bb9411d Implements #5009 contacted_peers.lua gives errors 2021-02-03 19:33:03 +01:00
Matteo Biscosi
a0de61248c Removed port from lateral movement alert description 2021-02-03 18:09:40 +01:00
Matteo Biscosi
fe01117324 Implements #4006 alerts when host contacts an unusual number of peers 
Partial implementation, the rest is under the Pro Repository
 2021-02-02 13:31:21 +01:00
Simone Mainardi
38d31a474a Makes multiple score increments status-dependent 
Implements #4993
 2021-01-30 12:45:04 +01:00
Alfredo Cardigliano
b3cf18d821 Rename alert_tls_old_version -> alert_tls_old_protocol_version everywhere for consistency 2021-01-29 11:10:43 +01:00
Matteo Biscosi
b033132bda Removed wrongly named alert definitions 2021-01-28 19:20:53 +01:00
Matteo Biscosi
d42e34359e Fixed wrongly named alert definitions 2021-01-28 19:15:30 +01:00
Matteo Biscosi
769e311dd8 Fixed info length of Periodicity Changed alert 2021-01-21 18:58:07 +01:00
Matteo Biscosi
cdc420dd68 Fixed #2977 alert for remote->local insecure protocols 2021-01-20 11:56:56 +01:00
Simone Mainardi
46e3c10c36 Typos 2021-01-11 14:38:02 +01:00
Simone Mainardi
ecf4cf0010 Adds migrated external_alert.lua 
Fixes #4895
 2021-01-11 11:12:24 +01:00
Simone Mainardi
ad59b61245 Implements dropdown search for interfaces 
Partially addresses #4800
 2021-01-08 17:45:41 +01:00
Simone Mainardi
1aaf92e843 Reworks attacker/victim in alerts 2021-01-07 19:03:42 +01:00
Matteo Biscosi
bf12e0c103 Added Victim and Attacker shown into the Developer page 2021-01-07 16:34:45 +01:00
Luca Deri
a1178a0791 Updated (C) 2021-01-02 12:08:23 +01:00
Matteo Biscosi
e94f2cb0b4 Fixed #4737 integration with fail2ban 2020-12-30 11:46:10 +01:00
Simone Mainardi
19ceb22095 Fixes broken list download succeeded alert 2020-12-24 10:26:29 +01:00
Simone Mainardi
6bb8a1cd68 Fixes list download succeeded alerts 2020-12-24 10:20:05 +01:00
Matteo Biscosi
101c53336e Migrates alerts to an object-oriented implementation 2020-12-23 11:46:26 +01:00
Simone Mainardi
c1bdfb8722 Unifies flow_keys and status_keys 2020-12-22 19:14:16 +01:00
Simone Mainardi
c273478b7a Reworks UI list of defined alert and flow keys 2020-12-22 16:51:26 +01:00
Matteo Biscosi
bcf2c2c1ed Migrates alerts to an object-oriented implementation 2020-12-22 14:48:00 +01:00
matteo
e24ef4ef35 Revert "Migrates alerts to an object-oriented implementation" 
This reverts commit fbc283f12f.
 2020-12-22 13:13:57 +01:00
matteo
fbc283f12f Migrates alerts to an object-oriented implementation 2020-12-22 13:00:25 +01:00
Simone Mainardi
3baa932a01 Migrates alerts to an object-oriented implementation 
Migrates alert_malicious_signature alert_elephant_local_to_remote alert_elephant_remote_to_local

Migrates long_lived

Migrates alert_flow_blocked

Migrates alert_tls_old_version

Migrates alert_tls_certificate_mismatch

Migrates alert_tls_certificate_expired

Migrates alert_tls_unsafe_ciphers

Migrates alert_tls_certificate_selfsigned

Migrates alert_potentially_dangerous_protocol

Migrates alert_snmp_device_reset

Migrates alert_port_mac_changed

Migrates alert_port_duplexstatus_change

Mirgates alert_port_errors

Migrates alert_port_status_change

Migrates alert_port_load_threshold_exceeded

Migrates alert_data_exfiltration

Migrates alert_dns_data_exfiltration

Migrates alert_suspicious_tcp_probing alert_suspicious_tcp_syn_probing alert_tcp_connection_refused

Migrates alert_dns_invalid_query

Migrates alert_attack_mitigation_via_snmp

Migrates alert_lateral_movement

Migrates alert_periodicity_update

Migrates alert_dns_positive_error_ratio

Migrates alert_iec104_error
 2020-12-22 09:56:38 +01:00
Simone Mainardi
7c6c249adf Fixes attempt to index a nil value (global 'dirs') 2020-12-21 10:01:42 +01:00
Alfredo Cardigliano
da2b6e152c Fix undefined dirs in alert_slow_periodic_activity.lua 2020-12-18 10:02:23 +01:00
Simone Mainardi
1a71ba4f5f Removes remote assistance 
Fixes #4785
 2020-12-17 19:41:37 +01:00
MatteoBiscosi
de340b66ef Fixed #2789 implement remote DNS resolution failure alert 2020-12-11 09:54:02 +01:00
Simone Mainardi
b3dc39c641 Refactors alert_severities into an independend Lua module 2020-11-30 15:28:17 +01:00
matteo
86008481b5 Fixes #4266 plugin for triggering alerts on periodic behaviour 2020-11-27 09:01:21 +01:00
Luca Deri
06161556ac Fixes issues with unexpected XXX alerts where impacted server was not reported 
Added Lua getFlowProtoClientIP/getFlowProtoServerIP calls in flows
 2020-11-25 15:52:03 +01:00
Matteo Biscosi
507583db64
Added host category to flow and host alerts (#4767) 
* Fixed shell endpoint bug and added notice when executing the script

* Added victim and attacker to security plugins

* Updated hosts alert with host_category info

* Added host category to hosts alert description

* Added host category to flows

Co-authored-by: matteo <biscosi@ntop.org>
 2020-11-20 19:14:07 +01:00
Matteo Biscosi
b07f943f34
Fixed formatConnectionIssues bug, expecting table but getting number 2020-11-19 12:50:57 +01:00
Matteo Biscosi
e543b207c9
Fixed shell endpoint bug and added notice when executing the script (#4748) 
Co-authored-by: matteo <biscosi@ntop.org>
 2020-11-18 17:06:06 +01:00
Matteo Biscosi
0e341f3d0b
Modified flow scripts in view of the new trigger_status (#4710) 
* Modified blacklisted script in view of the new flow_script API

* Modified plugins scripting in view of the new API

* Modified flow scripts with the new trigger API

* Fixed creators severity

Co-authored-by: matteo <biscosi@ntop.org>
 2020-11-12 13:52:53 +01:00
Simone Mainardi
d13a4451d2 Changes for the migration to the new alerts_api.trigger_status 2020-11-12 11:48:59 +01:00
Luca Deri
83816cefae Zero window alert improvement 2020-11-07 00:41:02 +01:00
Simone Mainardi
389f9c2beb Reworks TCP issues flow user script 2020-10-30 15:56:36 +01:00