Yesterday we have been invited to the NetEye Users Group Meeting to give a speech about monitoring and cybersecurity. During the talk we covered out 25 years journey in this industry and the decisions we have made during that time: Network vendors provide (after 25 years) poor monitoring data: flaws, proprietary formats, sampling, device limitations […]
Announcing ntop Professional Training: November 2023
ntop tools range from packet capture, traffic analysis and processing, and sometimes it is not easy to keep up on product updates as well master all the tools. This has been the driving force for organising ntop professional training: . This is to announce that in May we have scheduled the next ntop Professional Training […]
How to Send ntopng Alerts to PagerDuty
PagerDuty is a popular incident-response platform that allows problem notifications to be delivered in a flexible way to the correct team member. We have integrated it in ntopng Enterprise and this post shows you howto configure it. First of all you need to create a PagerDuty account and select a plan (there is a free […]
How nDPI Improved Bloom Filters Implementation
A Bloom filter is. probabilistic data-structure used to test whether an element is present in a set. Blooms are affected by false positives, meaning that when a bloom returns true it does not mean that the searched element is part of the set but that it is “likely” to be part of the set. nDPI […]
How we Improved Alarm Delivery in ntopng
Sometimes, a critical issue shows up in your network and you’d like to be notified by ntopng on Telegram or by E-Mail. ntopng allows you to filter alerts for each recipient based on a few criteria including alert family, category, severity, or affected hosts. However in some case you want to be notified about a […]
Introducing PF_RING 8.6: Runtime Filtering and On Demand IDS at 100 Gbit
This is to announce a new PF_RING release 8.6 ! This stable release introduces a new Runtime component in PF_RING, which adds support for runtime filtering. This allows an external application to push filtering rules (through a Redis queue) while the socket is running, and offload them to the adapter when supported (e.g. on NVIDIA/Mellanox Connect-X […]
Sorting Out and Clustering Alerts in ntopng
In a previous post, What’s In The (Alert) Inbox?, we’ve discussed how alerts are organised in the Alerts Explorer. The new “inbox” design allows us to cluster alerts into separate folders high-priority events, that require attention and needs to be addresses as soon as possible, from other minor events. This solves one issue: having all […]
What’s In The (Alert) Inbox?
ntopng emits alerts in order to report relevant. They can be triggered by traffic thresholds, user scripts, behavioural checks, or due to Security issues, including those detected by IDS systems integrated with ntopng (the full list of built-in checks, and related alerts, that can be enabled in ntopng is available in the Alerts section of […]
How Effective Are IP Blacklists When Used For Detecting Malicious Activities?
A blacklist is an access control mechanism which denies access to selected network resources to peers belonging to a curated list. Blacklists often represent the first line of defence for many networks as they can reduce internal hosts’ risk of establishing communications with peers with a bad reputation. Many companies use blacklists for detecting malicious […]
How nDPI Identifies Fully Encrypted Protocols
In the paper How the Great Firewall of China Detects and Blocks Fully Encrypted Traffic it is described a technique used in censorship to identify and block fully encrypted protocols. This technique, limited to TCP flows, uses a few techniques that are applied on the first TCP packet with payload, making it fast and convenient […]