Busy times for OT analysts. Last month the number of known OT (operational technology) malware increased from five to seven. First malware discovered is Industroyer2 which was caught in the Ukraine. As nowadays popular, security companies name the malware they discover. That is why for the second malware two names were assigned, Incontroller or Pipedream. […]
Registration for ntopConf 2022 (June 23-24) is now Open
This year the ntop community will meet in Milan, Italy on June 23-24. Conference will take place the first day, whereas the second day will be used for training. We’ll be talking about network traffic monitoring, cybersecurity, and discuss future roadmap items. It is a good chance to get together after pandemic restrictions, as well […]
HowTo Use TLS for Securing Flow Export/Collection
One of the main limitations of flow-based protocols such as IPFIX and NetFlow is that the traffic is sent in cleartext. This means that it can be observed in transit and that it is pretty simple to send fake flow packets that can then pollute the collected information. As of today, unencrypted protocols need to […]
How PF_RING is Used to Fight Internet Censorship: Refraction Networking
Internet censorship is a global phenomenon (see Figure 1) that aims to throttle or entirely block access to certain Internet resources. National or regional governments impose Internet censorship by using sophisticated networking appliances—strategically placed at the edge of their networks at various Internet inter-connection points—capable of inspecting and discarding network packets destined to sites with […]
ntop Conference 2022: Call for Speakers
This is to announce the dates of the ntop conference 2022 that will take place in Milan at UniBocconi: June 23rd conference, 24th training. We are currently looking for speakers as we want to hear your voice. Topics include (but are not limited to): Cybersecurity IoT monitoring Integration of Kibana/Grafana/CheckMK/Nagios with ntop tools Attacks and […]
How We Simplified Data Search in ntopng
ntopng users are familiar with the search box present at the top of each page. It was originally designed to find hosts and jump to their details page. Over the years we have added a lot of new information in ntopng, and limiting its scope only to hosts was not a good idea. The image […]
Dispatching Alerts: How to Master Notifications in ntopng
Alerts in ntopng are the result of traffic analysis based on checks. Checks detect that specific indicators on traffic require attention: for instance a host whose behavioural score has exceeded a given threshold or a flow that is exfiltrating data. Checks process traffic information with respect to a specific Network element, and for this reason […]
Incident Analysis: How to Correlate Alerts with Flows and Packets
In incident analysis it is important to provide evidence of the problem at various level of details: Alerts Alerts are the result of traffic analysis (in ntopng based on checks) that have detected specific indicators in traffic that triggered the alert. For instance a host whose behavioural score has exceeded a given threshold or a […]
Using ntopng with Checkmk: A Tutorial
Today we’ll discuss the ntopng integration with Checkmk, a popular open source infrastructure monitoring tool to which ntopng adds traffic visibility. If IT infrastructure monitoring and network usage monitoring would see each other on Tinder, they would both for sure swipe right and match. Bringing the big picture perspective of IT infrastructure monitoring together with […]
You’re invited at FOSDEM 2022 (5 and 6 February) in the ntop stand
As most of our users know, every year we were used to meet the world of open source at FOSDEM in Brussels. Due to pandemic, this yearly event has been moved online so we invite you to attend it wherever you are. You can find more info at this page, but in summary we have […]