vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-30 16:09:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
12163 commits 26 branches 19 tags 446 MiB
Commit graph

30 commits

Author SHA1 Message Date
Matteo Biscosi
bf12e0c103 Added Victim and Attacker shown into the Developer page 2021-01-07 16:34:45 +01:00
Matteo Biscosi
e94f2cb0b4 Fixed #4737 integration with fail2ban 2020-12-30 11:46:10 +01:00
Luca Deri
3728f783e7 Added invalid IEC transition 2020-12-28 19:06:35 +01:00
Matteo Biscosi
101c53336e Migrates alerts to an object-oriented implementation 2020-12-23 11:46:26 +01:00
Simone Mainardi
c273478b7a Reworks UI list of defined alert and flow keys 2020-12-22 16:51:26 +01:00
Simone Mainardi
3baa932a01 Migrates alerts to an object-oriented implementation 
Migrates alert_malicious_signature alert_elephant_local_to_remote alert_elephant_remote_to_local

Migrates long_lived

Migrates alert_flow_blocked

Migrates alert_tls_old_version

Migrates alert_tls_certificate_mismatch

Migrates alert_tls_certificate_expired

Migrates alert_tls_unsafe_ciphers

Migrates alert_tls_certificate_selfsigned

Migrates alert_potentially_dangerous_protocol

Migrates alert_snmp_device_reset

Migrates alert_port_mac_changed

Migrates alert_port_duplexstatus_change

Mirgates alert_port_errors

Migrates alert_port_status_change

Migrates alert_port_load_threshold_exceeded

Migrates alert_data_exfiltration

Migrates alert_dns_data_exfiltration

Migrates alert_suspicious_tcp_probing alert_suspicious_tcp_syn_probing alert_tcp_connection_refused

Migrates alert_dns_invalid_query

Migrates alert_attack_mitigation_via_snmp

Migrates alert_lateral_movement

Migrates alert_periodicity_update

Migrates alert_dns_positive_error_ratio

Migrates alert_iec104_error
 2020-12-22 09:56:38 +01:00
MatteoBiscosi
de340b66ef Fixed #2789 implement remote DNS resolution failure alert 2020-12-11 09:54:02 +01:00
matteo
86008481b5 Fixes #4266 plugin for triggering alerts on periodic behaviour 2020-11-27 09:01:21 +01:00
Matteo Biscosi
e543b207c9
Fixed shell endpoint bug and added notice when executing the script (#4748) 
Co-authored-by: matteo <biscosi@ntop.org>
 2020-11-18 17:06:06 +01:00
Matteo Biscosi
a8cf3836d7
Fixes #4709 unexpected new device plugin (#4728) 
* Added unexpected new device plugin, needs review

* Fixes #4709 unexpected new device plugin

Co-authored-by: matteo <biscosi@ntop.org>
 2020-11-16 12:41:19 +01:00
Luca Deri
2120bf2486 Added alert for log goodput flows 2020-11-14 00:23:35 +01:00
Simone Mainardi
a091efcb09 Fixes for Zero TCP window detection user script 2020-11-07 10:58:16 +01:00
Matteo Biscosi
383a6659dc
Fixes #4648 trigger an alert when no flows are collected (#4679) 
* Added no_if_activity alert to user script keys

* Added no_if_activity description alert

* Fixes #4648 trigger an alert when no flows are collected

* Changed the time past one call of the alert and an other

* Fixes #4648 reorganized files and cache management

Co-authored-by: matteo <biscosi@ntop.org>
 2020-11-05 17:58:38 +01:00
Simone Mainardi
389f9c2beb Reworks TCP issues flow user script 2020-10-30 15:56:36 +01:00
Simone Mainardi
5d80b67327 Adds info-level alerts upon successful lists download 
Addresses #4554
 2020-10-14 15:08:01 +02:00
Luca Deri
c5e0db54b7 Added support for lateral movement detection 2020-10-11 18:30:21 +02:00
Luca Deri
7616249acd Defined new keys for flows with severe retransmissions 2020-10-11 14:51:16 +02:00
Luca Deri
4565f8af04 Added plugin for detecting unexpected NTP servers 2020-10-10 10:54:19 +02:00
Luca Deri
6190b1e351 Added 
- alert_unexpected_dns_server          = {NO_PEN, 63},
- alert_unexpected_smtp_server         = {NO_PEN, 64},
- alert_unexpected_dhcp_server         = {NO_PEN, 65},

alert keys
 2020-10-09 10:37:44 +02:00
Simone Mainardi
814ee67cf9 Reworks nDPI Risks flow plugins to handle all risks and scores 
Fixes #4432
 2020-09-23 17:58:51 +02:00
Luca Deri
8db941c31e Improved IEC 104 plugin 2020-09-16 23:24:40 +02:00
Simone Mainardi
7f241d71d5 Implements attack mitigation via SNMP 
Implements #3833 along with companion pro commit
 2020-08-24 15:05:35 +02:00
Alfredo Cardigliano
e8fcbd2a90 Trigger host alerts for collected syslog messages (also to companions) 2020-05-18 12:52:38 +02:00
Simone Mainardi
c543df45f9 Reworks suspicious file transfers 2020-05-13 19:38:24 +02:00
Luca Deri
e315158c1d Added plugin for handling flow risks reported by nDPI 2020-05-12 12:18:50 +02:00
Simone Mainardi
f6952358e7 Uniforms handling of alert ids 
Implements #3823
 2020-04-23 10:27:05 +02:00
Simone Mainardi
ac8bd534ea Implents PEN for alert keys 
Implements #3823
 2020-04-22 13:21:40 +02:00
Simone Mainardi
78b334e4eb Refactors alerts and flow statuses in builtin and plugins 
Implements #3811
Implements #3812

Refactors builtin alerts

Refactors builtin flow statuses
 2020-04-21 22:27:49 +02:00
emanuele-f
0be2da4f57 Cleanup remaining references to RTT 2020-04-20 12:21:39 +02:00
Simone Mainardi
4177ee61ab Implements constant flow and alert ids 
Enlarges AlertType size

Changes alerts database
 2020-04-14 22:20:44 +02:00