vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 07:29:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
25194 commits 26 branches 19 tags 444 MiB
Commit graph

490 commits

Author SHA1 Message Date
Alfredo Cardigliano
206b86544f Fix corner cases in alert_elephant_flow.format 2024-08-05 18:00:22 +02:00
Matteo Biscosi
63ebb9071a Removed same info stored 2024-08-02 12:10:23 +02:00
Matteo Biscosi
ffa80bb51a Added blacklist info to alert_json 2024-08-02 12:10:06 +02:00
Alfredo Cardigliano
47e293b2df Difine new alert type snmp_trap. Add ability to trigger snmp_trap from C. 2024-07-25 08:16:33 +00:00
Luca Ferretti
7cceb656c0
fixed typo (#8565) 
* added netbox documentation

* Update asset_inventory.rst

* added ndpi-protocols ipv6 rules

* updated ipv6 check for custom rule

* fix typo

* implemented mitre_table_info inside database

* fixed typo

* changed tecnique to technique typo

* Update host_alert_scan_detected.lua
 2024-07-24 18:23:47 +02:00
Luca Ferretti
61628b55c0
fixed mitre_id typo (#8562) 
* added netbox documentation

* Update asset_inventory.rst

* added ndpi-protocols ipv6 rules

* updated ipv6 check for custom rule

* fix typo

* implemented mitre_table_info inside database

* fixed typo
 2024-07-24 16:19:33 +02:00
Matteo Biscosi
13287d609e Added alert when dropping flows due to flow exporters limit exceeded 2024-07-15 18:58:36 +02:00
Alfredo Cardigliano
01de4b646f Add missing return 2024-07-04 16:44:38 +00:00
Alfredo Cardigliano
39494e3002 Add cloud broker host in case of disconnection and reconnection 2024-07-04 16:42:46 +00:00
Alfredo Cardigliano
8d326f2718 Define new alert cloud_reconnected 2024-06-21 17:59:14 +02:00
Alfredo Cardigliano
dab5aeba99 Define new alert cloud_disconnected 2024-06-21 17:33:05 +02:00
Luca Deri
de0325d22a Added SNMP alert in case of unresposive devices 
Modifie InfluxDB 1.x -> 1.x/2.x string
 2024-06-20 23:56:12 +02:00
Luca Ferretti
1b3a0ec19a
initial mitre att&ck standardization (#8446) 
* added feature sorting flows by protocol

* changed protocols comparison order

* initial commit for bitmap of server ports

* bitmap added to redis

* added debug string, bitmap not working

* Update alerts_list_per_license.rst

* Update alerts_list_per_license.rst

* initial mitre att&ck standardization

* Update ServerPortsBitmap.h

* updated mitre standardization
 2024-06-12 15:55:10 +02:00
Luca Deri
c53b79e302 Definition of SNMP polling error 2024-06-02 17:55:37 +02:00
Luca Ferretti
edef411ebc
added contacted_server_port alert (#8408) 
* initial integretion of server port check

* update learning period and received packet time

* updated host initial time

* Update Flow.cpp

* fixed reported issues

* added server_ports_contacts alert

* minor changes
 2024-05-28 12:52:36 +02:00
Matteo Biscosi
9b8695eb05 Possible fix for dga domain alert description (#8325) 2024-05-08 12:28:13 -04:00
Matteo Biscosi
57eb0c7207 Started fixing issue #8325 2024-05-03 09:30:17 -04:00
Luca Deri
8f49ce0f4b Cleaned up bkaclisted flow label (removed UID) 2024-04-25 11:04:12 +02:00
Nicolò Maio
59075f5e10
Splitting blacklisted flow alert and creating two new alerts. (#8354) (#8355) 
* Splitting blacklisted flow alert and creating two new alerts. (#8354)

* Renaming to 'Blacklisted Client Contact' and 'Blacklisted Server Contact'. (#8354)
 2024-04-24 17:37:30 +02:00
Nicolò Maio
636ba2975c
Add Flow Reset Alert and counter. (#8264) (#8348) 
* Add Flow Reset Alert and counter. (#8264)

* Renaming to TCP Flow Reset. (#8264)

* Renaming the value retrieved by the getName method. (#8264)
 2024-04-24 17:15:20 +02:00
Nicolò Maio
fd6b0958c3
Rename the alert to "Remote to Local Insecure Flow". (#8257) (#8339) 2024-04-18 12:45:54 +02:00
Nicolo Maio
2caddb8b04 Add absolute percentage as a metric in SNMP rules. 2024-04-16 14:47:19 +02:00
Matteo Biscosi
0cfd1246c1 Fixes some alerts description 2024-04-12 11:03:33 -04:00
Matteo Biscosi
0fecdee1e4 Reworked blacklists page 2024-04-11 12:48:59 -04:00
Matteo Biscosi
1460eda751 Fixes SQL injection description 2024-04-10 07:16:13 -04:00
Luca Deri
f26d56959c Renamed HostBlackHoleContactsAlert to HostScannerAlert 2024-04-08 18:35:49 +02:00
Matteo Biscosi
436bf03e56 Removed html when not requested and fixed some alerts description(#8304) 2024-04-08 10:45:11 -04:00
Matteo Biscosi
cbec26e3b4 Fixes missing alert descriptions (#8314 #8313) 2024-04-08 07:02:17 -04:00
Nicolo Maio
a68667861e Fix Host Alert BlackHole Contacts title. 2024-03-29 11:24:37 +01:00
Nicolo Maio
b20e06482c Fix the logic for HostBlackHoleContacts and RXOnlyHostScan checks. 2024-03-29 10:09:57 +01:00
Nicolò Maio
2deb42a7a2
Add the blackhole contacts alerts and update the scan detection alert. (#8290) 2024-03-28 08:55:45 +01:00
Nicolo Maio
8372d80dc8 Add UID to the description of blacklisted flow alerts. (#7799) 2024-03-01 16:38:46 +01:00
Nicolo Maio
4e9d324236 Add traffic profiles rules. (#7839) 2024-03-01 15:18:08 +01:00
Matteo Biscosi
88e5d26afe Removed no more used checks (#8235) 2024-02-27 05:49:44 -05:00
Luca Deri
2ee2c180a5 Removed alerts no longer necessary as they have been replaced by local traffic rules 2024-02-21 22:54:22 +01:00
Luca Deri
ab34197603 Various script fixed 
Improved error message when scripts fail
 2024-02-19 22:13:01 +01:00
Matteo Biscosi
e597e83e15 Removed and fixes some dependencies 2024-02-19 12:38:56 +00:00
Nicolo Maio
df2e4bd12a Add VLAN rules. (#8193) 2024-02-06 17:47:15 +01:00
Nicolo Maio
d537a71781 Add usage metric in SNMP devices rules. 2024-01-19 11:15:19 +01:00
Nicolo Maio
b3c573498f Reworked SNMP interfaces average usage and replaced the interface load alert with the interface average usage alert (#8168) 2024-01-17 12:41:59 +01:00
Luca Deri
55870e97b9 (C) Update 2024-01-12 11:44:18 +01:00
Matteo Biscosi
2b13cdc177 Fixes various issues on exporters rules 2023-12-21 18:30:33 +00:00
Nicolo Maio
418b37ffcd Fix flow exporter ifname on local traffic rules. (#8099) 2023-12-15 13:02:08 +01:00
Nicolo Maio
98bea0a032 [VS] Fix in ipv4_netscan the host not detected case. (#8086) 2023-12-11 19:50:27 +01:00
Nicolo Maio
9d61a1f41e [VS] Fix not configured alert description. 2023-12-05 19:03:26 +01:00
Nicolo Maio
3e5b3a8218 [VS] Add multiselect on ipv4_netscan. 2023-12-05 17:40:49 +01:00
Nicolo Maio
a5a2146cfb Add isVSConfiguredHost and triggertHostNotConfiguredAlert. (#8051) 2023-11-30 09:36:48 +01:00
Matteo Biscosi
d75454a709 Added blacklisted flow alert debug 2023-11-29 16:20:14 +00:00
Matteo Biscosi
e8b8b7e570 Fixes blacklisted flow message in case of custom categories 2023-11-28 11:13:53 +00:00
Nicolo Maio
fb0ff0850c [VS] Add check on the host before TCP/UDP portscan. (#8050) 2023-11-23 14:58:37 +01:00