vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-28 23:19:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
24325 commits 26 branches 19 tags 444 MiB
Commit graph

476 commits

Author SHA1 Message Date
Luca Deri
a4e09a03e4 Minor cosmetic changes 2025-03-21 16:59:47 +01:00
Manuel Ceroni
fe0975ba2a
Added Service Down check to Scan Alert (#9066) 2025-03-21 16:55:29 +01:00
Alfredo Cardigliano
b077895c01 Fix format 2025-03-18 09:05:55 +01:00
Alfredo Cardigliano
8690becceb Parse query id from syslog alerts 2025-03-17 20:14:56 +01:00
Alfredo Cardigliano
0cff924bf8 Fix ext alert formatter 2025-03-17 18:34:04 +01:00
Manuel Ceroni
43ead976bb
Implemented QoE Issues Alert (#9033) 
* Implemented QoE Issues Alert

* Fixed QoE Issue alert serializer
 2025-03-14 11:41:25 +01:00
Manuel Ceroni
00c6efdce6
Implemented network and service scan checks, merging them with the port scan check into a single alert (Scan Alert) (#9024) 2025-03-10 21:19:05 +01:00
Matteo Biscosi
34b559e66d Added attacker in port scan (#9009) 2025-03-05 11:52:56 +01:00
Manuel Ceroni
83d6fb24da
Port scan alert aggregation (#9021) 2025-03-04 16:12:13 +01:00
Manuel Ceroni
d4b7a3d375
Implemented port scan alert (clickhouse) (#9006) 2025-02-27 10:44:18 +01:00
Manuel Ceroni
4ad05ce8e5
Implemented an alert for anomalous Redis reads and writes number (#8969) 2025-02-19 17:48:47 +01:00
Alfredo Cardigliano
31752105d9 Add Lua host check example (Suspicious Domain Scans) #8956 2025-02-17 15:14:30 +01:00
Alfredo Cardigliano
aebd8b459c Add more info to login activities alerts 2025-02-14 16:48:43 +01:00
Alfredo Cardigliano
95ba6d19c6 Indent 2025-02-14 12:19:06 +01:00
Luca Deri
ac6788a311 Bug fix 2024-12-23 21:01:01 +01:00
Luca Deri
4b160de275 Improved host policy alert 2024-12-23 10:32:04 +01:00
Matteo Biscosi
133f5339b3 Added host policy alert in lua 2024-12-19 10:23:46 +01:00
Matteo Biscosi
a514dc9cdb Fixes periodicity changed description (#8853) 2024-12-17 11:06:52 +01:00
Matteo Biscosi
e89f07f238 Merged score threshold and dangerous hosts alerts (#8827) 2024-12-12 16:45:43 +01:00
YellowMan
c712750200
Remote to local insecure flow (#8871) 
* Fixed domain names contact alert behaviour

* enanched remote to local insecure flow alert description

* minor fix
 2024-12-11 16:54:01 +01:00
Luca Deri
76e47112e8 Fixes invalid format error 2024-12-05 12:22:23 +01:00
Matteo Biscosi
0ebe2b9e88 Fixes missing blacklist (#8841) 2024-12-02 18:34:00 +01:00
Matteo Biscosi
2a47b8667f Fixes mac addresses alerts 2024-12-02 17:32:55 +01:00
Matteo Biscosi
07ef54c7cc Added ACL violation ARP alert (#8696) 2024-12-02 13:07:56 +01:00
Matteo Biscosi
819f39830b Added ACL Violation alert (#8696) 2024-11-28 18:02:53 +01:00
Luca Deri
fb06400fe2 Changed alert serialization 2024-11-28 09:34:57 +01:00
Luca Deri
084e295af8 Minor fixes 2024-11-27 15:26:31 +01:00
Matteo Biscosi
b2a37ea016 Fixes missing protocol mapping (#8805) 2024-11-12 11:07:47 +01:00
Matteo Biscosi
4fffe8b449 Fixes host alert score treshold description 2024-10-23 16:11:31 +02:00
Luca
1117e71d18 Removed SYN flood check that was partially overlapping with SYN scan 2024-10-22 15:46:50 +02:00
Matteo Biscosi
952e136080 Moved unexpected gateway check from flows to hosts 2024-10-07 16:58:31 +02:00
Matteo Biscosi
5314a61f7c Added gateway alert and configuration (#8687); Fixes nedge compilation issue 2024-10-02 11:07:19 +02:00
Alfredo Cardigliano
3b0b60c422 Remove JA3 leftovers. Update alert keys. Rename malivious JA3 to malicious Fingerprint. 2024-09-02 18:34:17 +02:00
Luca Deri
1477437b7c Improvements for no exporter/probe activity 2024-08-07 18:06:51 +02:00
Luca Deri
16b5a8ccc1 Implemented no exporter/probe activity (#8608) 2024-08-07 18:06:51 +02:00
Alfredo Cardigliano
b09688beee Add new alert no_exporter_activity 2024-08-07 13:05:48 +02:00
Alfredo Cardigliano
206b86544f Fix corner cases in alert_elephant_flow.format 2024-08-05 18:00:22 +02:00
Matteo Biscosi
63ebb9071a Removed same info stored 2024-08-02 12:10:23 +02:00
Matteo Biscosi
ffa80bb51a Added blacklist info to alert_json 2024-08-02 12:10:06 +02:00
Alfredo Cardigliano
47e293b2df Difine new alert type snmp_trap. Add ability to trigger snmp_trap from C. 2024-07-25 08:16:33 +00:00
Luca Ferretti
7cceb656c0
fixed typo (#8565) 
* added netbox documentation

* Update asset_inventory.rst

* added ndpi-protocols ipv6 rules

* updated ipv6 check for custom rule

* fix typo

* implemented mitre_table_info inside database

* fixed typo

* changed tecnique to technique typo

* Update host_alert_scan_detected.lua
 2024-07-24 18:23:47 +02:00
Luca Ferretti
61628b55c0
fixed mitre_id typo (#8562) 
* added netbox documentation

* Update asset_inventory.rst

* added ndpi-protocols ipv6 rules

* updated ipv6 check for custom rule

* fix typo

* implemented mitre_table_info inside database

* fixed typo
 2024-07-24 16:19:33 +02:00
Matteo Biscosi
13287d609e Added alert when dropping flows due to flow exporters limit exceeded 2024-07-15 18:58:36 +02:00
Alfredo Cardigliano
01de4b646f Add missing return 2024-07-04 16:44:38 +00:00
Alfredo Cardigliano
39494e3002 Add cloud broker host in case of disconnection and reconnection 2024-07-04 16:42:46 +00:00
Alfredo Cardigliano
8d326f2718 Define new alert cloud_reconnected 2024-06-21 17:59:14 +02:00
Alfredo Cardigliano
dab5aeba99 Define new alert cloud_disconnected 2024-06-21 17:33:05 +02:00
Luca Deri
de0325d22a Added SNMP alert in case of unresposive devices 
Modifie InfluxDB 1.x -> 1.x/2.x string
 2024-06-20 23:56:12 +02:00
Luca Ferretti
1b3a0ec19a
initial mitre att&ck standardization (#8446) 
* added feature sorting flows by protocol

* changed protocols comparison order

* initial commit for bitmap of server ports

* bitmap added to redis

* added debug string, bitmap not working

* Update alerts_list_per_license.rst

* Update alerts_list_per_license.rst

* initial mitre att&ck standardization

* Update ServerPortsBitmap.h

* updated mitre standardization
 2024-06-12 15:55:10 +02:00
Luca Deri
c53b79e302 Definition of SNMP polling error 2024-06-02 17:55:37 +02:00