vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 23:49:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
25081 commits 26 branches 19 tags 446 MiB
Commit graph

142 commits

Author SHA1 Message Date
Alfredo Cardigliano
48c849f4c7 Skip (and report) bad IPs in scan check 2025-05-27 16:05:40 +02:00
Matteo Biscosi
f697b62ec5 added check 2025-05-16 18:03:54 +02:00
Matteo Biscosi
eba11253f5 Added uptime check for no_if_activity alert 2025-04-23 17:04:48 +02:00
Manuel Ceroni
26c23347e7
Improved Scan Alerts with MITRE and fixes (#9127) 2025-04-08 11:33:53 +02:00
Manuel Ceroni
e1328ae36b
Implemented Scan Realtime Alert (#9106) 
* Implemented Scan Realtime Alert

* Removed old scan alerts
 2025-04-04 12:42:46 +02:00
Luca Deri
e0b908b42e Removed obsoleted TLSSuspiciousESNIUsage 
Improved device type guessing based on the OS
 2025-03-25 21:56:38 +01:00
Manuel Ceroni
fe0975ba2a
Added Service Down check to Scan Alert (#9066) 2025-03-21 16:55:29 +01:00
Alfredo Cardigliano
b1fb4322f9 Fix correlation of suricata alerts for dns flows 2025-03-18 08:59:46 +01:00
Alfredo Cardigliano
8690becceb Parse query id from syslog alerts 2025-03-17 20:14:56 +01:00
Manuel Ceroni
f5ea2e1062
Updated scan alert to display network address instead of network ID (#9043) 2025-03-17 15:39:59 +01:00
Manuel Ceroni
69e91bd875
Updated service scan check and changed limits in Scan Alert (#9026) 2025-03-11 12:33:42 +01:00
Manuel Ceroni
00c6efdce6
Implemented network and service scan checks, merging them with the port scan check into a single alert (Scan Alert) (#9024) 2025-03-10 21:19:05 +01:00
Matteo Biscosi
34b559e66d Added attacker in port scan (#9009) 2025-03-05 11:52:56 +01:00
Manuel Ceroni
83d6fb24da
Port scan alert aggregation (#9021) 2025-03-04 16:12:13 +01:00
Luca
a72491832f Periodic flow check is now disabled by default 2025-02-28 18:58:34 +01:00
manuelceroni
bbbcd6510a Changed interval size and priority for port scan alerts 2025-02-28 13:14:17 +01:00
Alfredo Cardigliano
ab9224d2ce Extend lua alerts API with alert:set_require_attention() 2025-02-28 11:58:08 +01:00
Manuel Ceroni
d4b7a3d375
Implemented port scan alert (clickhouse) (#9006) 2025-02-27 10:44:18 +01:00
Manuel Ceroni
4ad05ce8e5
Implemented an alert for anomalous Redis reads and writes number (#8969) 2025-02-19 17:48:47 +01:00
Alfredo Cardigliano
2c1908b43e Fix dup condition 2025-02-19 09:47:19 +01:00
Alfredo Cardigliano
f81f282442 Code cleanup 2025-02-17 16:02:19 +01:00
Alfredo Cardigliano
31752105d9 Add Lua host check example (Suspicious Domain Scans) #8956 2025-02-17 15:14:30 +01:00
Matteo Biscosi
e89f07f238 Merged score threshold and dangerous hosts alerts (#8827) 2024-12-12 16:45:43 +01:00
Alfredo Cardigliano
027a4ebbf4 Add missing require 2024-12-09 09:24:45 +01:00
Luca Deri
d3e469a316 Mergec TCP Probing and Probin attempt 2024-11-20 22:08:07 +01:00
YellowMan
d396297985
Tcp Probing Attempt Alert (#8821) 
* Implemented TCP Probing Attempt Alert

---------

Co-authored-by: DiPalmaGiuseppe <g.dipalma6@studenti.unipi.it>
 2024-11-20 10:58:36 +01:00
Alfredo Cardigliano
57fb25a60d Parse ndpi confidence from suricata 2024-11-06 12:22:21 +01:00
Alfredo Cardigliano
3d87347f4c Set flow l7 proto when collecting flows from suricata 2024-11-06 12:06:55 +01:00
Luca
1117e71d18 Removed SYN flood check that was partially overlapping with SYN scan 2024-10-22 15:46:50 +02:00
Matteo Biscosi
952e136080 Moved unexpected gateway check from flows to hosts 2024-10-07 16:58:31 +02:00
Matteo Biscosi
5314a61f7c Added gateway alert and configuration (#8687); Fixes nedge compilation issue 2024-10-02 11:07:19 +02:00
GabrieleDeri
6dca44aeb6
Added network configuration menu section. Removed checks text box area (#8710) 
* Added network configuration menu section. Removed checks text box area
 2024-09-09 09:53:17 +02:00
Alfredo Cardigliano
3b0b60c422 Remove JA3 leftovers. Update alert keys. Rename malivious JA3 to malicious Fingerprint. 2024-09-02 18:34:17 +02:00
Alfredo Cardigliano
548c9aeec5 Remove obsolete JA3 support 2024-08-09 09:08:32 +02:00
Matteo Biscosi
4b1b37103a Changed alert msg and added support to zmq only interface alerts 2024-08-08 17:25:35 +02:00
Matteo Biscosi
46fff4d8e3 Updated checks documentation (#8463) 2024-08-08 17:25:35 +02:00
Luca Deri
16b5a8ccc1 Implemented no exporter/probe activity (#8608) 2024-08-07 18:06:51 +02:00
Alfredo Cardigliano
b09688beee Add new alert no_exporter_activity 2024-08-07 13:05:48 +02:00
Alfredo Cardigliano
60c6d0c9a7 Do not trigger no_if_activity for pcap or db dump anlysis 2024-07-18 13:59:22 +00:00
Luca Deri
4ecd7e8bf6 Removed trace 2024-07-16 21:30:01 +02:00
Matteo Biscosi
13287d609e Added alert when dropping flows due to flow exporters limit exceeded 2024-07-15 18:58:36 +02:00
Luca Deri
d780b05308 Added additional check (#8389) 2024-05-10 12:07:55 +02:00
Nicolò Maio
59075f5e10
Splitting blacklisted flow alert and creating two new alerts. (#8354) (#8355) 
* Splitting blacklisted flow alert and creating two new alerts. (#8354)

* Renaming to 'Blacklisted Client Contact' and 'Blacklisted Server Contact'. (#8354)
 2024-04-24 17:37:30 +02:00
Nicolò Maio
636ba2975c
Add Flow Reset Alert and counter. (#8264) (#8348) 
* Add Flow Reset Alert and counter. (#8264)

* Renaming to TCP Flow Reset. (#8264)

* Renaming the value retrieved by the getName method. (#8264)
 2024-04-24 17:15:20 +02:00
Nicolò Maio
fd6b0958c3
Rename the alert to "Remote to Local Insecure Flow". (#8257) (#8339) 2024-04-18 12:45:54 +02:00
Matteo Biscosi
88e5d26afe Removed no more used checks (#8235) 2024-02-27 05:49:44 -05:00
Matteo Biscosi
5edfdeedcd Fixes various lua memory issues 2024-02-22 11:22:52 +00:00
Luca Deri
2ee2c180a5 Removed alerts no longer necessary as they have been replaced by local traffic rules 2024-02-21 22:54:22 +01:00
Matteo Biscosi
48462f4d96 Fixes circular dependency between lua_utils and rest_utils 2024-02-20 10:02:33 +00:00
Matteo Biscosi
64b603d855 Fixes slow periodic activities failing in case of empty string 2024-02-17 09:35:53 +00:00