141 commits

Author	SHA1	Message	Date
Luca Deri	0957e56852	Improved unhandled hostname support	2025-08-06 15:31:06 +02:00
Luca	9568fa96aa	Added support for unresolved hostname risk	2025-08-04 22:52:19 +02:00
Matteo Biscosi	13ebc1e8d0	Possible fix for issue description and removed Connection Refused alert (#9233)	2025-05-23 11:21:06 +02:00
Matteo Biscosi	6cdfca5eca	Removed FREE (Obsolete) checks (#9190)	2025-05-08 12:24:30 +02:00
Manuel Ceroni	e1328ae36b	Implemented Scan Realtime Alert (#9106) ... * Implemented Scan Realtime Alert * Removed old scan alerts	2025-04-04 12:42:46 +02:00
Manuel Ceroni	486dc0e33e	Implemented nat detected alert (#9074)	2025-03-27 11:28:16 +01:00
Luca Deri	e0b908b42e	Removed obsoleted TLSSuspiciousESNIUsage ... Improved device type guessing based on the OS	2025-03-25 21:56:38 +01:00
Luca Deri	54f5b00098	Assets improvements	2025-03-21 18:57:34 +01:00
Manuel Ceroni	43ead976bb	Implemented QoE Issues Alert (#9033) ... * Implemented QoE Issues Alert * Fixed QoE Issue alert serializer	2025-03-14 11:41:25 +01:00
Manuel Ceroni	00c6efdce6	Implemented network and service scan checks, merging them with the port scan check into a single alert (Scan Alert) (#9024)	2025-03-10 21:19:05 +01:00
Manuel Ceroni	d4b7a3d375	Implemented port scan alert (clickhouse) (#9006)	2025-02-27 10:44:18 +01:00
Manuel Ceroni	4ad05ce8e5	Implemented an alert for anomalous Redis reads and writes number (#8969)	2025-02-19 17:48:47 +01:00
Alfredo Cardigliano	31752105d9	Add Lua host check example (Suspicious Domain Scans) #8956	2025-02-17 15:14:30 +01:00
Matteo Biscosi	133f5339b3	Added host policy alert in lua	2024-12-19 10:23:46 +01:00
Matteo Biscosi	e89f07f238	Merged score threshold and dangerous hosts alerts (#8827)	2024-12-12 16:45:43 +01:00
Matteo Biscosi	07ef54c7cc	Added ACL violation ARP alert (#8696)	2024-12-02 13:07:56 +01:00
Matteo Biscosi	819f39830b	Added ACL Violation alert (#8696)	2024-11-28 18:02:53 +01:00
Luca	1117e71d18	Removed SYN flood check that was partially overlapping with SYN scan	2024-10-22 15:46:50 +02:00
Matteo Biscosi	952e136080	Moved unexpected gateway check from flows to hosts	2024-10-07 16:58:31 +02:00
Matteo Biscosi	5314a61f7c	Added gateway alert and configuration (#8687); Fixes nedge compilation issue	2024-10-02 11:07:19 +02:00
Alfredo Cardigliano	a3261edbcc	Cleanup unused code	2024-09-03 09:03:16 +02:00
Alfredo Cardigliano	3b0b60c422	Remove JA3 leftovers. Update alert keys. Rename malivious JA3 to malicious Fingerprint.	2024-09-02 18:34:17 +02:00
GabrieleDeri	c21fed6982	Split ndpi flow alerts enum from ntopng flow alerts enum (#8675) ... * Split ndpi flow alerts enum from ntopng flow alerts enum * Separated ndpi flow alerts form ntopng * Removed tracing * Fixed doc/remediation links not working in live hist flows	2024-08-27 15:40:50 +02:00
Luca Deri	16b5a8ccc1	Implemented no exporter/probe activity (#8608)	2024-08-07 18:06:51 +02:00
Alfredo Cardigliano	b09688beee	Add new alert no_exporter_activity	2024-08-07 13:05:48 +02:00
Alfredo Cardigliano	47e293b2df	Difine new alert type snmp_trap. Add ability to trigger snmp_trap from C.	2024-07-25 08:16:33 +00:00
Matteo Biscosi	13287d609e	Added alert when dropping flows due to flow exporters limit exceeded	2024-07-15 18:58:36 +02:00
Alfredo Cardigliano	8d326f2718	Define new alert cloud_reconnected	2024-06-21 17:59:14 +02:00
Alfredo Cardigliano	dab5aeba99	Define new alert cloud_disconnected	2024-06-21 17:33:05 +02:00
Luca Deri	c53b79e302	Definition of SNMP polling error	2024-06-02 17:55:37 +02:00
Luca Ferretti	edef411ebc	added contacted_server_port alert (#8408) ... * initial integretion of server port check * update learning period and received packet time * updated host initial time * Update Flow.cpp * fixed reported issues * added server_ports_contacts alert * minor changes	2024-05-28 12:52:36 +02:00
Luca Deri	91bea0bce2	Added risk NDPI_PROBING_ATTEMPT	2024-05-22 18:44:10 +02:00
Nicolò Maio	59075f5e10	Splitting blacklisted flow alert and creating two new alerts. (#8354) (#8355) ... * Splitting blacklisted flow alert and creating two new alerts. (#8354) * Renaming to 'Blacklisted Client Contact' and 'Blacklisted Server Contact'. (#8354)	2024-04-24 17:37:30 +02:00
Nicolò Maio	636ba2975c	Add Flow Reset Alert and counter. (#8264) (#8348) ... * Add Flow Reset Alert and counter. (#8264) * Renaming to TCP Flow Reset. (#8264) * Renaming the value retrieved by the getName method. (#8264)	2024-04-24 17:15:20 +02:00
Alfredo Cardigliano	3dbdcc4966	Fix filters on alert types for non host/flow alerts	2024-04-22 18:39:55 +02:00
Luca Deri	ee6b67ed0c	Added support for nDPI's NDPI_BINARY_DATA_TRANSFER	2024-04-09 10:35:49 +02:00
Luca Deri	f26d56959c	Renamed HostBlackHoleContactsAlert to HostScannerAlert	2024-04-08 18:35:49 +02:00
Nicolò Maio	2deb42a7a2	Add the blackhole contacts alerts and update the scan detection alert. (#8290)	2024-03-28 08:55:45 +01:00
Nicolo Maio	4e9d324236	Add traffic profiles rules. (#7839)	2024-03-01 15:18:08 +01:00
Matteo Biscosi	88e5d26afe	Removed no more used checks (#8235)	2024-02-27 05:49:44 -05:00
Matteo Biscosi	af9011684b	Moved host traffic checks to unused	2024-02-27 05:30:20 -05:00
Luca Deri	2ee2c180a5	Removed alerts no longer necessary as they have been replaced by local traffic rules	2024-02-21 22:54:22 +01:00
Nicolo Maio	df2e4bd12a	Add VLAN rules. (#8193)	2024-02-06 17:47:15 +01:00
Nicolo Maio	d537a71781	Add usage metric in SNMP devices rules.	2024-01-19 11:15:19 +01:00
Nicolo Maio	b3c573498f	Reworked SNMP interfaces average usage and replaced the interface load alert with the interface average usage alert (#8168)	2024-01-17 12:41:59 +01:00
Luca Deri	55870e97b9	(C) Update	2024-01-12 11:44:18 +01:00
Matteo Biscosi	ed4ab2836f	Added system alert in case of ntopng failure (#8040)	2023-11-22 10:22:22 +00:00
Luca Deri	17a843b47e	Added NDPI_MALWARE_HOST_CONTACTED support!	2023-10-18 00:08:29 +02:00
Luca Deri	d1761ba70c	Updated with latest nDPi risks	2023-09-11 15:19:37 +02:00
Nicolo Maio	7d3696c076	Add host pools and networks in Local Traffic Rules. (#7754)	2023-08-17 17:45:32 +02:00