Alerts List per License

some ntopng alerts are available with a specific license. Here a list of all the alerts divided by family and their availability depending on the license.

Host Behavioural Checks

  Community Pro Enterprise M Enterprise L Enterprise XL
Countries Contacts x x x x x
Dangerous Host x x x x x
DNS Flood   x x x x
DNS Server Contacts x x x x x
DNS Traffic x x x x x
Domain Names Contacts x x x x x
Flow Flood x x x x x
Flows Anomaly   x x x x
Host External Check (REST) x x x x x
Host User Check Script x x x x x
ICMP Flood x x x x x
NTP Server Contacts x x x x x
NTP Traffic x x x x x
P2P Traffic x x x x x
Packets Exceeded x x x x x
Remote Connection x x x x x
RST Scan x x x x x
Scan Detection x x x x x
Score Anomaly   x x x x
Score Threshold Exceeded x x x x x
SMTP Server Contacts x x x x x
SNMP Flood   x x x x
SYN Flood x x x x x
SYN Scan x x x x x
FIN Scan x x x x x

Interface Behavioural Checks

  Community Pro Enterprise M Enterprise L Enterprise XL
Alerts Drops x x x x x
DHCP Storm   x x x x
Ghost Networks x x x x x
Idle Hash Table Entries   x x x x
No Traffic Activity x x x x x
Packet Drops   x x x x
Periodic Activity Not Executed x x x x x
Slow Periodic Activity x x x x x
Throughput Exceeded x x x x x
Unexpected Application Behaviour       x x
Unexpected ASN Behaviour       x x
Unexpected Device Connected/Disconnected     x x x
Unexpected Network Behaviour       x x
Unexpected Score Behaviour       x x
Unexpected Traffic Behaviour     x x x

Local Networks Behavioural Checks

  Community Pro Enterprise M Enterprise L Enterprise XL
Broadcast Domain Too Large x x x x x
Egress Traffic x x x x x
Flow Flood Victim x x x x x
Ingress Traffic x x x x x
Inner Traffic x x x x x
IP/MAC Reassoc/Spoofing x x x x x
Network Discovery x x x x x
Network Issues x x x x x
Network Score per Host   x x x x
SYN Flood Victim x x x x x
SYN Scan Victim x x x x x

SNMP Behavioural Checks

Flow Behavioural Checks

  Community Pro Enterprise M Enterprise L Enterprise XL
Anonymous Subscriber x x x x x
Binary Application Transfer x x x x x
Blacklisted Country x x x x x
Blacklisted Flow x x x x x
Broadcast Non-UDP Traffic x x x x x
Clear-Text Credentials x x x x x
Crawler/Bot x x x x x
Desktop/File Sharing x x x x x
DNS Data Exfiltration     x x x
DNS Invalid Characters x x x x x
Elephant flow   x x x x
Error Code x x x x x
External Alert   x x x x
Flow User Check Script x x x x x
Fragmented DNS Message x x x x x
HTTP Obsolete Server x x x x x
HTTP Susp Content x x x x x
HTTP Susp Header x x x x x
HTTP Susp URL x x x x x
HTTP Susp User-Agent x x x x x
HTTP/TLS/QUIC Numeric Hostname/SNI x x x x x
ICMP Data Exfiltration     x x x
IEC Invalid Command Transition x x x x x
IEC Invalid Transition x x x x x
IEC Unexpected TypeID x x x x x
Invalid DNS Query   x x x x
Known Proto on Non-Standard Port x x x x x
Large DNS Packet (512+ bytes) x x x x x
Lateral Movement Detection       x x
Long Lived       x x
Low Goodput x x x x x
Malformed packets x x x x x
Malicious JA3 Fingerp x x x x x
Malicious JA3 SHA1 Cert x x x x x
Minor Issues x x x x x
Missing SNI TLS Extn x x x x x
ModbusTCP Invalid Transition       x x
ModbusTCP Too Many Exceptions       x x
ModbusTCP Unexpected Function Code       x x
Not Purged x x x x x
Obsolete SSH Client Version or Cipher x x x x x
Obsolete SSH Server Version or Cipher x x x x x
Old TLS Version x x x x x
Periodic Flow x x x x x
Periodicity Changed       x x
Possible Exploit x x x x x
Possible RCE x x x x x
Possible SQL Inj x x x x x
Punicody IDN x x x x x
Rare Destination x x x x x
Remote Access x x x x x
Remote to Local Insecure Protocol x x x x x
Remote to Remote Flow x x x x x
Risky ASN x x x x x
Risky Domain x x x x x
SMB insecure x x x x x
Susp DGA Domain name x x x x x
Susp Entropy x x x x x
Susp Device Protocol x x x x x
Suspicious DNS traffic x x x x x
TCP Connection Issues   x x x x
TCP Connection Refused     x x x
TCP No Data Exchanged x x x x x
TCP Packets Issues x x x x x
TCP With No Answer x x x x x
TCP Zero Window x x x x x
TLS (probably) Not Carrying HTTPS x x x x x
TLS Cert About To Expire x x x x x
TLS Cert Expired   x x x x
TLS Cert Validity Too Long   x x x x
TLS Cert Issues x x x x x
TLS Cert Self-Signed   x x x x
TLS Fatal Alert   x x x x
TLS Susp ESNI Usage   x x x x
TLS Suspicious Extension   x x x x
TLS Uncommon ALPN   x x x x
TLS Unsafe Ciphers   x x x x
Unexpected DHCP x x x x x
Unexpected DNS x x x x x
Unexpected NTP x x x x x
Unexpected SMTP x x x x x
Unidirectional Flow x x x x x
Unsafe protocol x x x x x
VLAN Bidirectional Flow x x x x x
WEb Mining x x x x x
XSS Attack x x x x x

System Behavioural Checks

  Community Pro Enterprise M Enterprise L Enterprise XL
Intrusion Detection and Prevention Log x x x x x
Periodic Activity Not Executed x x x x x
Slow Periodic Activity x x x x x
System Alerts Drops x x x x x
Vulnerability Scan Changes       x x

Syslog Behavioural Checks

  Community Pro Enterprise M Enterprise L Enterprise XL
Fortinet       x x
Host Log x x x x x
Kerberos/NXLog       x x
nBox x x x x x
OpenVPN       x x
OPNsense       x x
SonicWALL       x x
Sophos       x x
Suricata x x x x x