vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-28 23:19:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
25194 commits 26 branches 19 tags 444 MiB
Commit graph

490 commits

Author SHA1 Message Date
Matteo Biscosi
dbfdec34fe Implements Local Host behaviour analysis and it's alert 
Alert in case the host has an unexpected behaviour
 2021-02-25 12:04:05 +01:00
Simone Mainardi
1524deae52 Fixes broken remote to remote flow alerts 2021-02-18 11:39:44 +01:00
Matteo Biscosi
3685b103b8 Fixes #5012 missing script localisation 2021-02-04 11:44:22 +01:00
Matteo Biscosi
a0a3e656d7 Fixes contacted_peers.lua gives errors 
Implements #5009
 2021-02-04 10:58:59 +01:00
Luca Deri
4fa925a4c4 Fixed language 2021-02-03 19:57:10 +01:00
Luca Deri
a745c2f38e Fixed error while displaying engaged alerts 2021-02-03 19:48:48 +01:00
Matteo Biscosi
467bb9411d Implements #5009 contacted_peers.lua gives errors 2021-02-03 19:33:03 +01:00
Matteo Biscosi
a0de61248c Removed port from lateral movement alert description 2021-02-03 18:09:40 +01:00
Matteo Biscosi
fe01117324 Implements #4006 alerts when host contacts an unusual number of peers 
Partial implementation, the rest is under the Pro Repository
 2021-02-02 13:31:21 +01:00
Simone Mainardi
38d31a474a Makes multiple score increments status-dependent 
Implements #4993
 2021-01-30 12:45:04 +01:00
Alfredo Cardigliano
b3cf18d821 Rename alert_tls_old_version -> alert_tls_old_protocol_version everywhere for consistency 2021-01-29 11:10:43 +01:00
Matteo Biscosi
b033132bda Removed wrongly named alert definitions 2021-01-28 19:20:53 +01:00
Matteo Biscosi
d42e34359e Fixed wrongly named alert definitions 2021-01-28 19:15:30 +01:00
Matteo Biscosi
769e311dd8 Fixed info length of Periodicity Changed alert 2021-01-21 18:58:07 +01:00
Matteo Biscosi
cdc420dd68 Fixed #2977 alert for remote->local insecure protocols 2021-01-20 11:56:56 +01:00
Simone Mainardi
46e3c10c36 Typos 2021-01-11 14:38:02 +01:00
Simone Mainardi
ecf4cf0010 Adds migrated external_alert.lua 
Fixes #4895
 2021-01-11 11:12:24 +01:00
Simone Mainardi
ad59b61245 Implements dropdown search for interfaces 
Partially addresses #4800
 2021-01-08 17:45:41 +01:00
Simone Mainardi
1aaf92e843 Reworks attacker/victim in alerts 2021-01-07 19:03:42 +01:00
Matteo Biscosi
bf12e0c103 Added Victim and Attacker shown into the Developer page 2021-01-07 16:34:45 +01:00
Luca Deri
a1178a0791 Updated (C) 2021-01-02 12:08:23 +01:00
Matteo Biscosi
e94f2cb0b4 Fixed #4737 integration with fail2ban 2020-12-30 11:46:10 +01:00
Simone Mainardi
19ceb22095 Fixes broken list download succeeded alert 2020-12-24 10:26:29 +01:00
Simone Mainardi
6bb8a1cd68 Fixes list download succeeded alerts 2020-12-24 10:20:05 +01:00
Matteo Biscosi
101c53336e Migrates alerts to an object-oriented implementation 2020-12-23 11:46:26 +01:00
Simone Mainardi
c1bdfb8722 Unifies flow_keys and status_keys 2020-12-22 19:14:16 +01:00
Simone Mainardi
c273478b7a Reworks UI list of defined alert and flow keys 2020-12-22 16:51:26 +01:00
Matteo Biscosi
bcf2c2c1ed Migrates alerts to an object-oriented implementation 2020-12-22 14:48:00 +01:00
matteo
e24ef4ef35 Revert "Migrates alerts to an object-oriented implementation" 
This reverts commit fbc283f12f.
 2020-12-22 13:13:57 +01:00
matteo
fbc283f12f Migrates alerts to an object-oriented implementation 2020-12-22 13:00:25 +01:00
Simone Mainardi
3baa932a01 Migrates alerts to an object-oriented implementation 
Migrates alert_malicious_signature alert_elephant_local_to_remote alert_elephant_remote_to_local

Migrates long_lived

Migrates alert_flow_blocked

Migrates alert_tls_old_version

Migrates alert_tls_certificate_mismatch

Migrates alert_tls_certificate_expired

Migrates alert_tls_unsafe_ciphers

Migrates alert_tls_certificate_selfsigned

Migrates alert_potentially_dangerous_protocol

Migrates alert_snmp_device_reset

Migrates alert_port_mac_changed

Migrates alert_port_duplexstatus_change

Mirgates alert_port_errors

Migrates alert_port_status_change

Migrates alert_port_load_threshold_exceeded

Migrates alert_data_exfiltration

Migrates alert_dns_data_exfiltration

Migrates alert_suspicious_tcp_probing alert_suspicious_tcp_syn_probing alert_tcp_connection_refused

Migrates alert_dns_invalid_query

Migrates alert_attack_mitigation_via_snmp

Migrates alert_lateral_movement

Migrates alert_periodicity_update

Migrates alert_dns_positive_error_ratio

Migrates alert_iec104_error
 2020-12-22 09:56:38 +01:00
Simone Mainardi
7c6c249adf Fixes attempt to index a nil value (global 'dirs') 2020-12-21 10:01:42 +01:00
Alfredo Cardigliano
da2b6e152c Fix undefined dirs in alert_slow_periodic_activity.lua 2020-12-18 10:02:23 +01:00
Simone Mainardi
1a71ba4f5f Removes remote assistance 
Fixes #4785
 2020-12-17 19:41:37 +01:00
MatteoBiscosi
de340b66ef Fixed #2789 implement remote DNS resolution failure alert 2020-12-11 09:54:02 +01:00
Simone Mainardi
b3dc39c641 Refactors alert_severities into an independend Lua module 2020-11-30 15:28:17 +01:00
matteo
86008481b5 Fixes #4266 plugin for triggering alerts on periodic behaviour 2020-11-27 09:01:21 +01:00
Luca Deri
06161556ac Fixes issues with unexpected XXX alerts where impacted server was not reported 
Added Lua getFlowProtoClientIP/getFlowProtoServerIP calls in flows
 2020-11-25 15:52:03 +01:00
Matteo Biscosi
507583db64
Added host category to flow and host alerts (#4767) 
* Fixed shell endpoint bug and added notice when executing the script

* Added victim and attacker to security plugins

* Updated hosts alert with host_category info

* Added host category to hosts alert description

* Added host category to flows

Co-authored-by: matteo <biscosi@ntop.org>
 2020-11-20 19:14:07 +01:00
Matteo Biscosi
b07f943f34
Fixed formatConnectionIssues bug, expecting table but getting number 2020-11-19 12:50:57 +01:00
Matteo Biscosi
e543b207c9
Fixed shell endpoint bug and added notice when executing the script (#4748) 
Co-authored-by: matteo <biscosi@ntop.org>
 2020-11-18 17:06:06 +01:00
Matteo Biscosi
0e341f3d0b
Modified flow scripts in view of the new trigger_status (#4710) 
* Modified blacklisted script in view of the new flow_script API

* Modified plugins scripting in view of the new API

* Modified flow scripts with the new trigger API

* Fixed creators severity

Co-authored-by: matteo <biscosi@ntop.org>
 2020-11-12 13:52:53 +01:00
Simone Mainardi
d13a4451d2 Changes for the migration to the new alerts_api.trigger_status 2020-11-12 11:48:59 +01:00
Luca Deri
83816cefae Zero window alert improvement 2020-11-07 00:41:02 +01:00
Simone Mainardi
389f9c2beb Reworks TCP issues flow user script 2020-10-30 15:56:36 +01:00
Simone Mainardi
355be90e5d Improves alerts with better descriptions and hyperlinks 
Implements #4585
 2020-10-23 14:24:16 +02:00
Simone Mainardi
cbfd2c8025 Implements user script for remote to remote host alerts 
Addresses #4614
 2020-10-22 16:25:31 +02:00
Simone Mainardi
d811d27b3b Avoids printing empty members list in pool alerts 
Partially addresses #4585
 2020-10-21 15:28:48 +02:00
Simone Mainardi
27c1318ab6 Fixes risk not shown in generated flow-risk alerts 
Fixes #4594
 2020-10-19 11:10:19 +02:00
Simone Mainardi
d3dda0bb82 Unifies misbehaving with alerted flows 
Implements #4596
 2020-10-16 18:58:20 +02:00