vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-30 07:59:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
25081 commits 26 branches 19 tags 446 MiB
Commit graph

164 commits

Author SHA1 Message Date
Matteo Biscosi
13ebc1e8d0 Possible fix for issue description and removed Connection Refused alert (#9233) 2025-05-23 11:21:06 +02:00
Matteo Biscosi
52a9c5c0e8 Fixes unexpected server alerts not working 2025-05-22 12:30:10 +02:00
Manuel Ceroni
534048ac4f
Fixed empty description column (#9216) 2025-05-16 12:00:11 +02:00
Matteo Biscosi
3d6d26422a Fixes bidirectional traffic check description 2025-05-13 17:04:03 +02:00
Alfredo Cardigliano
f4e5625669 Add safety check 2025-04-15 11:21:17 +02:00
Alfredo Cardigliano
8e9532680d Fix elephant flows description. Print exceeding threshold only. #9075 2025-04-14 14:36:49 +02:00
Luca Deri
e0b908b42e Removed obsoleted TLSSuspiciousESNIUsage 
Improved device type guessing based on the OS
 2025-03-25 21:56:38 +01:00
Alfredo Cardigliano
b077895c01 Fix format 2025-03-18 09:05:55 +01:00
Alfredo Cardigliano
8690becceb Parse query id from syslog alerts 2025-03-17 20:14:56 +01:00
Alfredo Cardigliano
0cff924bf8 Fix ext alert formatter 2025-03-17 18:34:04 +01:00
Manuel Ceroni
43ead976bb
Implemented QoE Issues Alert (#9033) 
* Implemented QoE Issues Alert

* Fixed QoE Issue alert serializer
 2025-03-14 11:41:25 +01:00
Luca Deri
ac6788a311 Bug fix 2024-12-23 21:01:01 +01:00
Luca Deri
4b160de275 Improved host policy alert 2024-12-23 10:32:04 +01:00
Matteo Biscosi
133f5339b3 Added host policy alert in lua 2024-12-19 10:23:46 +01:00
Matteo Biscosi
a514dc9cdb Fixes periodicity changed description (#8853) 2024-12-17 11:06:52 +01:00
YellowMan
c712750200
Remote to local insecure flow (#8871) 
* Fixed domain names contact alert behaviour

* enanched remote to local insecure flow alert description

* minor fix
 2024-12-11 16:54:01 +01:00
Luca Deri
76e47112e8 Fixes invalid format error 2024-12-05 12:22:23 +01:00
Matteo Biscosi
0ebe2b9e88 Fixes missing blacklist (#8841) 2024-12-02 18:34:00 +01:00
Matteo Biscosi
819f39830b Added ACL Violation alert (#8696) 2024-11-28 18:02:53 +01:00
Luca Deri
fb06400fe2 Changed alert serialization 2024-11-28 09:34:57 +01:00
Luca Deri
084e295af8 Minor fixes 2024-11-27 15:26:31 +01:00
Matteo Biscosi
952e136080 Moved unexpected gateway check from flows to hosts 2024-10-07 16:58:31 +02:00
Matteo Biscosi
5314a61f7c Added gateway alert and configuration (#8687); Fixes nedge compilation issue 2024-10-02 11:07:19 +02:00
Alfredo Cardigliano
3b0b60c422 Remove JA3 leftovers. Update alert keys. Rename malivious JA3 to malicious Fingerprint. 2024-09-02 18:34:17 +02:00
Alfredo Cardigliano
206b86544f Fix corner cases in alert_elephant_flow.format 2024-08-05 18:00:22 +02:00
Matteo Biscosi
63ebb9071a Removed same info stored 2024-08-02 12:10:23 +02:00
Matteo Biscosi
ffa80bb51a Added blacklist info to alert_json 2024-08-02 12:10:06 +02:00
Luca Ferretti
7cceb656c0
fixed typo (#8565) 
* added netbox documentation

* Update asset_inventory.rst

* added ndpi-protocols ipv6 rules

* updated ipv6 check for custom rule

* fix typo

* implemented mitre_table_info inside database

* fixed typo

* changed tecnique to technique typo

* Update host_alert_scan_detected.lua
 2024-07-24 18:23:47 +02:00
Luca Ferretti
61628b55c0
fixed mitre_id typo (#8562) 
* added netbox documentation

* Update asset_inventory.rst

* added ndpi-protocols ipv6 rules

* updated ipv6 check for custom rule

* fix typo

* implemented mitre_table_info inside database

* fixed typo
 2024-07-24 16:19:33 +02:00
Luca Ferretti
1b3a0ec19a
initial mitre att&ck standardization (#8446) 
* added feature sorting flows by protocol

* changed protocols comparison order

* initial commit for bitmap of server ports

* bitmap added to redis

* added debug string, bitmap not working

* Update alerts_list_per_license.rst

* Update alerts_list_per_license.rst

* initial mitre att&ck standardization

* Update ServerPortsBitmap.h

* updated mitre standardization
 2024-06-12 15:55:10 +02:00
Matteo Biscosi
9b8695eb05 Possible fix for dga domain alert description (#8325) 2024-05-08 12:28:13 -04:00
Matteo Biscosi
57eb0c7207 Started fixing issue #8325 2024-05-03 09:30:17 -04:00
Luca Deri
8f49ce0f4b Cleaned up bkaclisted flow label (removed UID) 2024-04-25 11:04:12 +02:00
Nicolò Maio
59075f5e10
Splitting blacklisted flow alert and creating two new alerts. (#8354) (#8355) 
* Splitting blacklisted flow alert and creating two new alerts. (#8354)

* Renaming to 'Blacklisted Client Contact' and 'Blacklisted Server Contact'. (#8354)
 2024-04-24 17:37:30 +02:00
Nicolò Maio
636ba2975c
Add Flow Reset Alert and counter. (#8264) (#8348) 
* Add Flow Reset Alert and counter. (#8264)

* Renaming to TCP Flow Reset. (#8264)

* Renaming the value retrieved by the getName method. (#8264)
 2024-04-24 17:15:20 +02:00
Nicolò Maio
fd6b0958c3
Rename the alert to "Remote to Local Insecure Flow". (#8257) (#8339) 2024-04-18 12:45:54 +02:00
Matteo Biscosi
0cfd1246c1 Fixes some alerts description 2024-04-12 11:03:33 -04:00
Matteo Biscosi
1460eda751 Fixes SQL injection description 2024-04-10 07:16:13 -04:00
Matteo Biscosi
436bf03e56 Removed html when not requested and fixed some alerts description(#8304) 2024-04-08 10:45:11 -04:00
Matteo Biscosi
cbec26e3b4 Fixes missing alert descriptions (#8314 #8313) 2024-04-08 07:02:17 -04:00
Nicolo Maio
8372d80dc8 Add UID to the description of blacklisted flow alerts. (#7799) 2024-03-01 16:38:46 +01:00
Luca Deri
ab34197603 Various script fixed 
Improved error message when scripts fail
 2024-02-19 22:13:01 +01:00
Luca Deri
55870e97b9 (C) Update 2024-01-12 11:44:18 +01:00
Matteo Biscosi
d75454a709 Added blacklisted flow alert debug 2023-11-29 16:20:14 +00:00
Matteo Biscosi
e8b8b7e570 Fixes blacklisted flow message in case of custom categories 2023-11-28 11:13:53 +00:00
Luca Deri
463b906b59 Added supporto for ModBUS Scattered Holding Register Read 2023-11-10 11:36:35 +01:00
Matteo Biscosi
f9a55743b6 Added malware host contacted check 2023-10-18 10:40:54 +00:00
Nicolo Maio
2fb921e5f9 Fix server IP in unexpected DHCP server alert. 2023-08-14 16:21:20 +02:00
Alfredo Cardigliano
7a314e9d69 Add sample custom query for host alerts. Fix host alerts format to handle empty fields. 2023-07-24 15:50:59 +02:00
Nicolo Maio
9c3acf2f06 Add alert notification retention policy by default 1h. (#6240) 2023-07-19 16:25:32 +00:00