vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-30 07:59:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
24356 commits 26 branches 19 tags 446 MiB
Commit graph

58 commits

Author SHA1 Message Date
Luca Deri
e0b908b42e Removed obsoleted TLSSuspiciousESNIUsage 
Improved device type guessing based on the OS
 2025-03-25 21:56:38 +01:00
Luca Deri
54f5b00098 Assets improvements 2025-03-21 18:57:34 +01:00
Manuel Ceroni
43ead976bb
Implemented QoE Issues Alert (#9033) 
* Implemented QoE Issues Alert

* Fixed QoE Issue alert serializer
 2025-03-14 11:41:25 +01:00
Matteo Biscosi
133f5339b3 Added host policy alert in lua 2024-12-19 10:23:46 +01:00
Matteo Biscosi
819f39830b Added ACL Violation alert (#8696) 2024-11-28 18:02:53 +01:00
Matteo Biscosi
952e136080 Moved unexpected gateway check from flows to hosts 2024-10-07 16:58:31 +02:00
Matteo Biscosi
5314a61f7c Added gateway alert and configuration (#8687); Fixes nedge compilation issue 2024-10-02 11:07:19 +02:00
Alfredo Cardigliano
3b0b60c422 Remove JA3 leftovers. Update alert keys. Rename malivious JA3 to malicious Fingerprint. 2024-09-02 18:34:17 +02:00
Luca Deri
91bea0bce2 Added risk NDPI_PROBING_ATTEMPT 2024-05-22 18:44:10 +02:00
Nicolò Maio
59075f5e10
Splitting blacklisted flow alert and creating two new alerts. (#8354) (#8355) 
* Splitting blacklisted flow alert and creating two new alerts. (#8354)

* Renaming to 'Blacklisted Client Contact' and 'Blacklisted Server Contact'. (#8354)
 2024-04-24 17:37:30 +02:00
Nicolò Maio
636ba2975c
Add Flow Reset Alert and counter. (#8264) (#8348) 
* Add Flow Reset Alert and counter. (#8264)

* Renaming to TCP Flow Reset. (#8264)

* Renaming the value retrieved by the getName method. (#8264)
 2024-04-24 17:15:20 +02:00
Luca Deri
ee6b67ed0c Added support for nDPI's NDPI_BINARY_DATA_TRANSFER 2024-04-09 10:35:49 +02:00
Luca Deri
55870e97b9 (C) Update 2024-01-12 11:44:18 +01:00
Luca Deri
17a843b47e Added NDPI_MALWARE_HOST_CONTACTED support! 2023-10-18 00:08:29 +02:00
Luca Deri
d1761ba70c Updated with latest nDPi risks 2023-09-11 15:19:37 +02:00
Alfredo Cardigliano
823757f0a1 Typo 2023-07-31 09:44:52 +02:00
Luca Deri
e86cd0f2ce added Modbus Invalid Transition Alert 2023-06-05 00:53:27 +02:00
Luca Deri
4a13dc41d5 Implemented Modbus exceptions 2023-06-01 22:53:59 +02:00
Luca Deri
96e10b12a5 Added stub for RareDestination check/alert implementation #6416 and #6417 2023-03-22 15:11:53 +01:00
Matteo Biscosi
fc82eff56b Updated alert to NDPI_NUMERIC_IP_HOST 2023-03-02 15:18:40 +00:00
MatteoBiscosi
ddb55b4d7e Updated ndpi alerts (#7200) 2023-02-09 18:46:37 +01:00
Nicolò Maio
7162045cdd
Add VLAN bidirectional traffic alert (#7126) (#7194) 
* Add VLAN bidirectional traffic alert (#7126)

* Add alert description. (#7126)
 2023-02-03 10:33:25 +01:00
Luca Deri
8acaf30b2e Enhancement to support NDPI_TCP_ISSUES flow risk 2023-01-24 23:11:25 +01:00
Luca Deri
ccd8890e54 Fixed bug that reported wrong DNS information 2023-01-23 19:18:17 +01:00
Luca Deri
f718854bce Improved report of periodic flows 
Updated nDPI flow risks list
 2022-12-31 18:08:21 +01:00
Luca Deri
21101c43f1 Added detection of periodic flows and exported it as flow risk in both flows and alerts 2022-12-30 19:48:26 +01:00
MatteoBiscosi
63aacc9ec9 Fixes incorrect flow alert key 2022-11-28 12:09:51 +01:00
Luca Deri
80db634bfe Implemented skeleton of CustomFlowLuaScriptAlert check 2022-11-19 20:31:24 +01:00
MatteoBiscosi
7bfc2fdde4 Fixes Flow risks not defined (#6939) 2022-10-21 13:37:08 +02:00
Luca
0aa60f5001 Added support for HTTP Obsolete HTTP server flow risk 2022-10-04 22:34:21 +02:00
MatteoBiscosi
755c90e0c2 Changed from UDP unidirection to unidirectiont traffic 2022-06-21 15:11:54 +02:00
MatteoBiscosi
4f8c5c6cec Moved UDP unidirection to nDPI alerts 2022-06-21 11:37:46 +02:00
Luca Deri
5de07dc827 Added support for nDPI unidirectional traffic risk 2022-06-20 00:46:51 +02:00
Luca Deri
9d364c69b4 Fixed TCP with no answer alert definition 2022-06-07 13:11:35 +02:00
MatteoBiscosi
e9147aa37d Implemented connection failed alert (#6622) 2022-05-27 10:45:25 +02:00
Luca Deri
7c038e29da Implemented IEC104 Invalid Command Transition check/alert 2022-05-11 23:16:45 +02:00
MatteoBiscosi
2bcf7c8dfa Added Suspicious Entropy alert (#6563) 2022-05-04 22:11:44 +02:00
Luca Deri
c724f0fbb2 Implemented spider/bot detection risk 
Fixes for double flag visualization
 2022-02-17 21:06:44 +01:00
Luca
66450d4811 Added support for NDPI_ERROR_CODE_DETECTED security risk 2022-02-03 14:56:51 +01:00
Luca
d1a31b5b1f Added IDN risk handling 2022-02-03 11:57:14 +01:00
Luca Deri
0eec59aa2e Added support for NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE flow risk 2022-01-26 09:54:34 +01:00
Alfredo Cardigliano
257ece18c0 Copyright update (Lua) 2022-01-03 09:42:33 +01:00
Luca Deri
3dcad5296b Added support for nDPI possible exploit detection used to detect Log4J/Log4Shell exploits 2021-12-23 21:47:37 +01:00
Simone Mainardi
e89fe31dc1 Comments 2021-12-22 17:48:03 +01:00
MatteoBiscosi
4528e5a660 Added Broadcast non-UDP traffic alert and minor fixes to apexcharts 2021-12-17 13:33:11 +01:00
Simone Mainardi
a014ce46a6 Fixes cleanup of old alerts when stored in Clickhouse 
Addresses #6066
 2021-11-10 16:50:44 +01:00
MatteoBiscosi
4b197ca2cc Changed alert name (#5805) 2021-10-01 15:52:51 +02:00
Luca Deri
4cddc6c280 Added DNS fragment and packet too long alerts 2021-09-17 16:31:02 +02:00
Simone Mainardi
aecc1e3e65 Adds HTTP susp. content risk as example 
Addresses #5743
 2021-09-15 16:13:14 +02:00
Simone Mainardi
fef7723445 Implements dynamic loading of flow risk alerts in Lua 
Addresses #5743
 2021-09-15 13:57:43 +02:00