Alerts List per License¶
some ntopng alerts are available with a specific license. Here a list of all the alerts divided by family and their availability depending on the license.
Host Behavioural Checks¶
Community | Pro | Enterprise M | Enterprise L | Enterprise XL | |
---|---|---|---|---|---|
Countries Contacts | x | x | x | x | x |
Dangerous Host | x | x | x | x | x |
DNS Flood | x | x | x | x | |
DNS Server Contacts | x | x | x | x | x |
DNS Traffic | x | x | x | x | x |
Domain Names Contacts | x | x | x | x | x |
Flow Flood | x | x | x | x | x |
Flows Anomaly | x | x | x | x | |
Host External Check (REST) | x | x | x | x | x |
Host User Check Script | x | x | x | x | x |
ICMP Flood | x | x | x | x | x |
NTP Server Contacts | x | x | x | x | x |
NTP Traffic | x | x | x | x | x |
P2P Traffic | x | x | x | x | x |
Packets Exceeded | x | x | x | x | x |
Remote Connection | x | x | x | x | x |
RST Scan | x | x | x | x | x |
Scan Detection | x | x | x | x | x |
Score Anomaly | x | x | x | x | |
Score Threshold Exceeded | x | x | x | x | x |
SMTP Server Contacts | x | x | x | x | x |
SNMP Flood | x | x | x | x | |
SYN Flood | x | x | x | x | x |
SYN Scan | x | x | x | x | x |
FIN Scan | x | x | x | x | x |
Interface Behavioural Checks¶
Community | Pro | Enterprise M | Enterprise L | Enterprise XL | |
---|---|---|---|---|---|
Alerts Drops | x | x | x | x | x |
DHCP Storm | x | x | x | x | |
Ghost Networks | x | x | x | x | x |
Idle Hash Table Entries | x | x | x | x | |
No Traffic Activity | x | x | x | x | x |
Packet Drops | x | x | x | x | |
Periodic Activity Not Executed | x | x | x | x | x |
Slow Periodic Activity | x | x | x | x | x |
Throughput Exceeded | x | x | x | x | x |
Unexpected Application Behaviour | x | x | |||
Unexpected ASN Behaviour | x | x | |||
Unexpected Device Connected/Disconnected | x | x | x | ||
Unexpected Network Behaviour | x | x | |||
Unexpected Score Behaviour | x | x | |||
Unexpected Traffic Behaviour | x | x | x |
Local Networks Behavioural Checks¶
Community | Pro | Enterprise M | Enterprise L | Enterprise XL | |
---|---|---|---|---|---|
Broadcast Domain Too Large | x | x | x | x | x |
Egress Traffic | x | x | x | x | x |
Flow Flood Victim | x | x | x | x | x |
Ingress Traffic | x | x | x | x | x |
Inner Traffic | x | x | x | x | x |
IP/MAC Reassoc/Spoofing | x | x | x | x | x |
Network Discovery | x | x | x | x | x |
Network Issues | x | x | x | x | x |
Network Score per Host | x | x | x | x | |
SYN Flood Victim | x | x | x | x | x |
SYN Scan Victim | x | x | x | x | x |
SNMP Behavioural Checks¶
Flow Behavioural Checks¶
Community | Pro | Enterprise M | Enterprise L | Enterprise XL | |
---|---|---|---|---|---|
Anonymous Subscriber | x | x | x | x | x |
Binary Application Transfer | x | x | x | x | x |
Blacklisted Country | x | x | x | x | x |
Blacklisted Flow | x | x | x | x | x |
Broadcast Non-UDP Traffic | x | x | x | x | x |
Clear-Text Credentials | x | x | x | x | x |
Crawler/Bot | x | x | x | x | x |
Desktop/File Sharing | x | x | x | x | x |
DNS Data Exfiltration | x | x | x | ||
DNS Invalid Characters | x | x | x | x | x |
Elephant flow | x | x | x | x | |
Error Code | x | x | x | x | x |
External Alert | x | x | x | x | |
Flow User Check Script | x | x | x | x | x |
Fragmented DNS Message | x | x | x | x | x |
HTTP Obsolete Server | x | x | x | x | x |
HTTP Susp Content | x | x | x | x | x |
HTTP Susp Header | x | x | x | x | x |
HTTP Susp URL | x | x | x | x | x |
HTTP Susp User-Agent | x | x | x | x | x |
HTTP/TLS/QUIC Numeric Hostname/SNI | x | x | x | x | x |
ICMP Data Exfiltration | x | x | x | ||
IEC Invalid Command Transition | x | x | x | x | x |
IEC Invalid Transition | x | x | x | x | x |
IEC Unexpected TypeID | x | x | x | x | x |
Invalid DNS Query | x | x | x | x | |
Known Proto on Non-Standard Port | x | x | x | x | x |
Large DNS Packet (512+ bytes) | x | x | x | x | x |
Lateral Movement Detection | x | x | |||
Long Lived | x | x | |||
Low Goodput | x | x | x | x | x |
Malformed packets | x | x | x | x | x |
Malicious JA3 Fingerp | x | x | x | x | x |
Malicious JA3 SHA1 Cert | x | x | x | x | x |
Minor Issues | x | x | x | x | x |
Missing SNI TLS Extn | x | x | x | x | x |
ModbusTCP Invalid Transition | x | x | |||
ModbusTCP Too Many Exceptions | x | x | |||
ModbusTCP Unexpected Function Code | x | x | |||
Not Purged | x | x | x | x | x |
Obsolete SSH Client Version or Cipher | x | x | x | x | x |
Obsolete SSH Server Version or Cipher | x | x | x | x | x |
Old TLS Version | x | x | x | x | x |
Periodic Flow | x | x | x | x | x |
Periodicity Changed | x | x | |||
Possible Exploit | x | x | x | x | x |
Possible RCE | x | x | x | x | x |
Possible SQL Inj | x | x | x | x | x |
Punicody IDN | x | x | x | x | x |
Rare Destination | x | x | x | x | x |
Remote Access | x | x | x | x | x |
Remote to Local Insecure Protocol | x | x | x | x | x |
Remote to Remote Flow | x | x | x | x | x |
Risky ASN | x | x | x | x | x |
Risky Domain | x | x | x | x | x |
SMB insecure | x | x | x | x | x |
Susp DGA Domain name | x | x | x | x | x |
Susp Entropy | x | x | x | x | x |
Susp Device Protocol | x | x | x | x | x |
Suspicious DNS traffic | x | x | x | x | x |
TCP Connection Issues | x | x | x | x | |
TCP Connection Refused | x | x | x | ||
TCP No Data Exchanged | x | x | x | x | x |
TCP Packets Issues | x | x | x | x | x |
TCP With No Answer | x | x | x | x | x |
TCP Zero Window | x | x | x | x | x |
TLS (probably) Not Carrying HTTPS | x | x | x | x | x |
TLS Cert About To Expire | x | x | x | x | x |
TLS Cert Expired | x | x | x | x | |
TLS Cert Validity Too Long | x | x | x | x | |
TLS Cert Issues | x | x | x | x | x |
TLS Cert Self-Signed | x | x | x | x | |
TLS Fatal Alert | x | x | x | x | |
TLS Susp ESNI Usage | x | x | x | x | |
TLS Suspicious Extension | x | x | x | x | |
TLS Uncommon ALPN | x | x | x | x | |
TLS Unsafe Ciphers | x | x | x | x | |
Unexpected DHCP | x | x | x | x | x |
Unexpected DNS | x | x | x | x | x |
Unexpected NTP | x | x | x | x | x |
Unexpected SMTP | x | x | x | x | x |
Unidirectional Flow | x | x | x | x | x |
Unsafe protocol | x | x | x | x | x |
VLAN Bidirectional Flow | x | x | x | x | x |
WEb Mining | x | x | x | x | x |
XSS Attack | x | x | x | x | x |
System Behavioural Checks¶
Community | Pro | Enterprise M | Enterprise L | Enterprise XL | |
---|---|---|---|---|---|
Intrusion Detection and Prevention Log | x | x | x | x | x |
Periodic Activity Not Executed | x | x | x | x | x |
Slow Periodic Activity | x | x | x | x | x |
System Alerts Drops | x | x | x | x | x |
Vulnerability Scan Changes | x | x |
Syslog Behavioural Checks¶
Community | Pro | Enterprise M | Enterprise L | Enterprise XL | |
---|---|---|---|---|---|
Fortinet | x | x | |||
Host Log | x | x | x | x | x |
Kerberos/NXLog | x | x | |||
nBox | x | x | x | x | x |
OpenVPN | x | x | |||
OPNsense | x | x | |||
SonicWALL | x | x | |||
Sophos | x | x | |||
Suricata | x | x | x | x | x |