vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 23:49:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
12744 commits 26 branches 19 tags 446 MiB
Commit graph

54 commits

Author SHA1 Message Date
Luca Deri
a3990cd904 Added Some IPFIX stanndard fields collected by ntopng/nProbe in pass throught mode 2021-02-23 12:33:07 +01:00
Luca Deri
a1178a0791 Updated (C) 2021-01-02 12:08:23 +01:00
Simone Mainardi
16e2c9efe2 Cleanup to remove flow_consts no longer needed 2020-12-22 17:59:51 +01:00
Simone Mainardi
636ac2e804 Cleanup parametric alert severities from flow status definitions 2020-11-12 12:12:25 +01:00
Simone Mainardi
8b7a99aa94 Fixes for flow-status-dependent severity 2020-11-12 12:02:27 +01:00
Simone Mainardi
93920ccdce Implements example of simplified flow alerts 2020-11-10 15:10:54 +01:00
Simone Mainardi
d42057baf5 Additional fixes for Zero TCP window detection 2020-11-07 15:38:39 +01:00
Simone Mainardi
357f11900f Fixes exceptions upon plugins reload 
Fixes #4633
 2020-10-27 17:35:14 +01:00
Luca Deri
51ea9c53cf Reworked alert icon colors 2020-10-16 19:38:04 +02:00
Simone Mainardi
d3dda0bb82 Unifies misbehaving with alerted flows 
Implements #4596
 2020-10-16 18:58:20 +02:00
Simone Mainardi
cbe28fb750 Makes loadDefinition local to flow_consts 
Possible fix for #4560
 2020-10-11 19:02:52 +02:00
Simone Mainardi
b82738330c Adds extra indications upon plugin load failures 
Fixes #4549
 2020-10-09 09:23:11 +02:00
Luca Deri
c7b7f2ee1b Minor cleanup 2020-09-23 09:35:32 +02:00
Alfredo Cardigliano
721a32b9a4 Indentation 2020-09-18 18:27:21 +02:00
Simone Mainardi
ec9d092423 Fixes DNS stats when collecting from ZMQ 
Fixes #4148
 2020-07-29 10:40:53 +02:00
Simone Mainardi
0b894bcec9 Typo 2020-07-24 13:22:17 +02:00
Simone Mainardi
c3bf89e984 Improves loading of flow definitions (uses require in place of dofile) 2020-07-23 14:31:09 +02:00
Alfredo Cardigliano
2364e73345 DSCP utiliti functions 2020-07-17 10:40:38 +02:00
Simone Mainardi
83c4d36e34 Simplifies flow.triggerStatus using internal flow status reference 2020-04-27 17:48:56 +02:00
Simone Mainardi
290175b16f Refactors alrt builders into creators 
Refactors builders into creators: calls
 2020-04-27 15:53:56 +02:00
Simone Mainardi
ab1690ad9e Implements builders for each flow status definition 
[FlowsK] alert_blacklisted_country.lua

[FlowsK] alert_flow_blacklisted.lua

[FlowsK] alert_device_protocol_not_allowed.lua

[FlowsK] external_alert.lua

[FlowsK] alert_potentially_dangerous_protocol.lua

[FlowsK] tls_certificate_mismatch.lua

[FlowsK] tls_certificate_expired.lua

[FlowsK] tls_malicious_signature.lua

[FlowsK] elephant_flows.lua

[FlowsK] not_purged.lua

[FlowsK] web_mining.lua

[FlowsK] potentially_dangerous.lua

[FlowsK] alert_flow_blocked.lua
 2020-04-27 12:43:37 +02:00
Simone Mainardi
78b334e4eb Refactors alerts and flow statuses in builtin and plugins 
Implements #3811
Implements #3812

Refactors builtin alerts

Refactors builtin flow statuses
 2020-04-21 22:27:49 +02:00
Simone Mainardi
0a9a7015e0 Unifies status_id and status_key 2020-04-15 14:29:03 +02:00
Simone Mainardi
4177ee61ab Implements constant flow and alert ids 
Enlarges AlertType size

Changes alerts database
 2020-04-14 22:20:44 +02:00
emanuele-f
15c013922d Improve plugins reload to avoid transient errors 
A "shadow directory" is now populated when the reload occurs and then swapped as the active directory.
This avoids breaking the directory structure or changing files when other threads are possibly working
on them.

Fixes #3595
 2020-03-26 14:21:11 +01:00
emanuele-f
58b3d42d22 Set max score on hosts contacting blacklisted hosts 2020-02-17 15:16:01 +01:00
emanuele-f
13ec0d2f44 Use the flow score to determine the status priority 2020-02-07 19:17:07 +01:00
Alfredo Cardigliano
9d57d9ffce Fix error string (2) 2020-01-30 10:04:34 +01:00
emanuele-f
566b9ece0b Score changes 
- Move score from status definition to user scripts
- Separate flow score counter from the peers score
- Create a new HostScore class to hold the score data
 2020-01-16 18:11:14 +01:00
Simone Mainardi
48910b9f87 Implements auto assignment of user script alert and status ids 2020-01-15 13:08:58 +01:00
emanuele-f
d7528e1628 Score improvements 
The score is now calculated differently on the client and on the server of the flow.
The hosts flow is updated every minute and charted.
It's now possible to trigger an alert when the score threshold is exceeded
 2020-01-15 12:34:16 +01:00
Luca Deri
170bc60f19 Updated (C) 2020-01-08 23:52:51 +01:00
Luca
165e7cdea3 Changes for TLS certificate expire check 2020-01-03 21:26:48 +01:00
emanuele-f
8883a5321a Fix plugins errors due to demo expiration 2019-12-12 17:26:56 +01:00
emanuele-f
e9a081903c More robust plugins loading and error reporting 
This prevents malformed scripts in plugins from breaking ntopng
 2019-12-11 13:20:11 +01:00
emanuele-f
a3432e00e8 Implement ntopng plugins 
Plugins are a convenient way to group together related lua scripts.
Their primary use case is to group user scripts and their alert/status
definition.
The builtin ntopng user scripts and definitions are now
packed into plugins directories. In future, we will support loading of
user created plugins.
Plugins are loaded at startup into some runtime directories and then
used. Other changes provided by this commit include:

- Add sample flow logger plugin
- Initial support for system user scripts
- Rename edge to threshold
- Migrate system probes to user scripts/plugins
- Migrate scripts to more explicit alerts_api.checkThresholdAlert api
 2019-12-10 09:25:57 +01:00
Alfredo Cardigliano
e38835a603 Rename SSL to TLS (fix #3013) 2019-11-15 12:40:01 +01:00
Alfredo Cardigliano
fa57c701bb Displaying file id to retrieve files stored by Suricata 2019-10-28 12:24:15 +01:00
emanuele-f
6fbc01b28e Remove redis hash access for user scripts disabled check 2019-10-23 14:41:10 +02:00
emanuele-f
b3374651ce Merge branch 'alerts_cleanup' into dev 2019-10-22 10:50:21 +02:00
emanuele-f
b3a8c6d49a Migrate C flow status alerts to Lua user scripts 
- Alerts and flow status cleanup
- Community flow user scripts migration
- Implement scripts filters by l7 proto and packet interface only
- Migrate flow2statusinfojson
- Lower flow periodic update to 30 seconds if there is flow activity
- Display flow scripts without a gui section
 2019-10-22 10:42:22 +02:00
Alfredo Cardigliano
9b071bb873 Ingesting JA3 from Suricata, uniformed TLS IE names with those exported by cento, added localization for missing IEs 2019-10-17 13:04:42 +02:00
emanuele-f
6533175336 Add flow/alerts definitions directories 2019-10-16 17:45:55 +02:00
emanuele-f
9386fdd2b1 Add status/alerts definitions overview page and documentation 2019-10-16 17:23:54 +02:00
emanuele-f
7a14a9cf11 Improvements in status definition API 2019-10-16 10:33:19 +02:00
emanuele-f
9ea7ff01b8 Improve flow alert trigger logic and fix support for custom message 2019-10-15 18:36:41 +02:00
emanuele-f
b217909966 Split flow status definitions in multiple files 2019-10-15 17:28:45 +02:00
Alfredo Cardigliano
240fa15149 Handle additional fields from Suricata 2019-10-15 15:48:12 +02:00
emanuele-f
2fdc860ed2 Add support for custom flow alerts in user scripts 2019-10-11 19:48:11 +02:00
Alfredo Cardigliano
7e9678de37 IDS alert -> External alert 2019-10-09 11:35:51 +02:00