vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-30 07:59:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
11825 commits 26 branches 19 tags 446 MiB
Commit graph

57 commits

Author SHA1 Message Date
Simone Mainardi
b3dc39c641 Refactors alert_severities into an independend Lua module 2020-11-30 15:28:17 +01:00
Luca Deri
a2e436213e Removed list https://hosts-file.net/ad_servers.txt as it is no longer existing 2020-11-06 23:15:35 +01:00
Luca Deri
ea83944609 Cosmetic message changes 2020-10-29 09:46:29 +01:00
Simone Mainardi
d3dda0bb82 Unifies misbehaving with alerted flows 
Implements #4596
 2020-10-16 18:58:20 +02:00
Luca Deri
77ab1e3a8a Added fix for #4534 
- in case of startup crash and automtic restart, ntopng would reload lists resetting errors. This caused the storm of updates
- updated the URL to https://snort.org/downloads/ip-block-list
- in case of failure we retry the URL only once (it used to be twice) after one hour.
 2020-10-15 17:17:35 +02:00
Simone Mainardi
4b1329c7c0 Fixes list download failed alert message 2020-10-14 15:12:32 +02:00
Simone Mainardi
5d80b67327 Adds info-level alerts upon successful lists download 
Addresses #4554
 2020-10-14 15:08:01 +02:00
Simone Mainardi
0a7b0214ea Fixes format of list hosts and adds debug 2020-10-08 15:46:31 +02:00
Simone Mainardi
0353ac7985 Fixes attempt to index a nil value (local 'list') 2020-06-22 19:22:52 +02:00
Simone Mainardi
290175b16f Refactors alrt builders into creators 
Refactors builders into creators: calls
 2020-04-27 15:53:56 +02:00
Simone Mainardi
2739aac076 Implements alert builders for each alert definition 
[AlertsK] Implements alert consts builder

[AlertsK] alert_threshold_cross.lua

[AlertsK] too_many_drops.lua

[AlertsK] alert_test_failed.lua

[AlertsK] alert_flows_flood.lua alert_tcp_syn_flood.lua lert_tcp_syn_scan.lua

[AlertsK] alert_snmp_topology_changed.lua

[AlertsK] snmp_device_reset.lua

[AlertsK] alert_slow_periodic_activity.lua

[AlertsK] alert_port_status_change.lua

[AlertsK] alert_port_status_change.lua

[AlertsK] alert_port_load_threshold_exceeded.lua

[AlertsK] alert_port_errors.lua

[AlertsK] alert_port_duplexstatus_change.lua

[AlertsK] alert_periodic_activity_not_executed.lua

[AlertsK] alert_misbehaving_flows_ratio.lua

[AlertsK] alert_influxdb_error.lua

[AlertsK] alert_influxdb_dropped_points.lua

[AlertsK] alert_dropped_alerts.lua

[AlertsK] alert_am_threshold_cross.lua

[AlertsK] alert_broadcast_domain_too_large.lua

[AlertsK] alert_device_connection.lua

[AlertsK] alert_device_connection.lua

[AlertsK] alert_host_pool_connection.lua alert_host_pool_disconnection.lua

[AlertsK] alert_ghost_network.lua

[AlertsK] alert_ip_outsite_dhcp_range.lua

[AlertsK] alert_list_download_failed.lua

[AlertsK] alert_login_failed.lua

[AlertsK] alert_mac_ip_association_change.lua

[AlertsK] alert_slow_purge.lua

[AlertsK] alert_request_reply_ratio.lua

[AlertsK] alert_quota_exceeded.lua

[AlertsK] alert_process_notification.lua

[AlertsK] alert_nfq_flushed.lua

[AlertsK] alert_misconfigured_app.lua alert_new_device.lua

[AlertsK] alert_influxdb_export_failure.lua

[AlertsK] alert_unresponsive_device.lua

[AlertsK] alert_user_activity.lua

[AlertsK] alert_user_script_calls_drops.lua

[AlertsK] minor fix
 2020-04-24 15:35:44 +02:00
emanuele-f
e1f28243d0 Add check to avoid "list x has 0 rules" on interrupted shutdowns 
Fixes #3468
 2020-03-27 15:33:34 +01:00
emanuele-f
90adf52ab6 Add check for broadcast address in category lists 2020-02-06 16:09:28 +01:00
emanuele-f
75ec3a246c Remove discontinued Ransomware Tracker lists 2020-01-20 10:17:40 +01:00
emanuele-f
7910ee0874 Fix ntop meltdown list type and add more debug messages 2020-01-20 10:17:40 +01:00
Luca Deri
170bc60f19 Updated (C) 2020-01-08 23:52:51 +01:00
emanuele-f
679f0638f6 Additional checks for bad domain/ip addresses 2019-12-04 17:40:18 +01:00
Luca
5f72aa0c2e nDPI cleanup 2019-11-08 11:38:03 +00:00
Luca
1fb32a0795 Unified nDPI struct across interfaces 2019-11-06 23:02:35 +00:00
emanuele-f
191e530f6f Clean category lists error status on startup and remove debug prints 2019-11-04 13:07:24 +01:00
Luca Deri
d61470c653 Workaround for #3033 but a proper fix is necessary 2019-11-02 20:22:35 +01:00
emanuele-f
1de959ed88 Missing reload fix 2019-10-29 12:07:27 +01:00
emanuele-f
378a1e2cd8 Optimize nDPI categories reload to avoid packet drops 2019-10-29 12:07:27 +01:00
emanuele-f
943012e8c3 Avoid un-necessary hourly reload of category lists when nothing changed 2019-10-28 12:22:57 +01:00
emanuele-f
d1d789ea88 Improve category lists limits and reporting 2019-10-23 18:12:24 +02:00
emanuele-f
bb51396151 Fix bad categories lists limit check 2019-10-23 16:17:08 +02:00
emanuele-f
19f820f1bc Add max rules limit for category lists 
Fixes #2966
 2019-10-23 11:53:21 +02:00
emanuele-f
4b29fa2af1 Only save the edited preferences in category lists 
Fixes #2967
 2019-10-23 11:37:04 +02:00
Luca Deri
a31c59efb6 Updated ntop category lists URLs 2019-10-20 19:02:28 +02:00
Luca Deri
657e673af3 Changed defaults 2019-10-18 17:22:12 +02:00
Simone Mainardi
c68b9af4af Stops lists load during shutdown 2019-10-18 14:46:02 +02:00
Luca Deri
f006b7304d Updated black lists with the ntop meltdown 2019-10-18 13:53:48 +02:00
emanuele-f
c6668f05c1 Remove Nooder Networks list as no more available 2019-09-17 15:38:18 +02:00
emanuele-f
91222ada6b Add Nooder Networks blacklist 2019-09-09 16:17:52 +02:00
emanuele-f
8e6cd5962a Fix blacklisted host alerts not generated when reading from PCAP dump 2019-09-03 17:50:08 +02:00
emanuele-f
b66b71fd7e Implement alert on JA3 malicious signatures 
Closes #2788
 2019-08-28 18:33:13 +02:00
emanuele-f
2814a94077 Report curl error while a list download fails 
Fixes #2777
 2019-08-23 09:52:58 +02:00
Simone Mainardi
061eb632a6 Initial implementation of the icinga2 checker plugin 2019-08-22 17:16:14 +02:00
emanuele-f
c183a577be Alerts API cleanup and JSON migration 2019-07-29 15:17:22 +02:00
emanuele-f
2df194a282 Implement alert release 2019-06-28 15:06:39 +02:00
emanuele-f
a9d3c78587 Alerts changes 
NOTE: database schema changed. Existing alerts will be lost.

- Unified engaged and closed tables
- Simplified hosts engaged alert counters handling: periodically set by lua
- Removed alert engine and replaced with alert periodicity
- Now engage is implicitly derived from the alert end timestamp and periodicity
- New alerts_api.lua to easily emit alerts
- Removed past alerts counter aggregation by hash
- Alert notifications for non-flow alerts are now removed from C and triggered by lua
 2019-06-28 10:47:17 +02:00
emanuele-f
bcf1d9c123 Add ad lists 2019-04-05 12:41:04 +02:00
emanuele-f
c00478f30f Improve "hosts" lists support and add MalwareDomainList 2019-03-18 12:52:21 +01:00
emanuele-f
405841431c Add Custom Lists download alert and handle hourly download retry 
Closes #2410
 2019-02-21 01:07:22 +01:00
emanuele-f
3d8e20bf5f Extend list download timeout to 1 minute 2019-02-18 12:16:08 +01:00
emanuele-f
6879dc6c7d Extend lists download timeout and show error messages 2019-02-15 10:26:09 +01:00
emanuele-f
b1cf5c0fcd Category lists improvements 2019-02-13 10:33:13 +01:00
emanuele-f
2525b82ca4 Update blacklisted hosts when lists are reloaded 2019-02-12 11:00:04 +01:00
emanuele-f
62e2c67672 Fix issue when adding new builtin category lists 2019-02-11 19:33:14 +01:00
emanuele-f
67f212b866 Add more categories lists 2019-02-11 19:33:14 +01:00