In ntopng it’s possible to exclude Hosts from specific alerts.
This feature is only available from Enterprise M Version
By clicking the + close to the Search above the table, it’s possible to add a new host or network to exclude for an Host and a Flow Alert. Excluded Hosts/Networks will not trigger the specified alert.
An other way to exclude an host for a specific alert is by going in the Alert Page (Alerts), click the Action button and then click ‘Disable’. From the opened pop-up it’s possible to disable the alert (‘Any host’) or exclude an host (Client or Server). To remove from the database the alerts disabled for the host, toggle the ‘Delete Alerts’ box or untoggle to not remove them.
Exclude Risks Domain/Networks with nDPI¶
It’s even possible to exclude Hosts, Networks and even Domains from nDPI Risk Alerts (nDPI Risks) by using nDPI itself. To do it, specify a nDPI protocol file (an example can be found in nDPI) that contains exceptions as follows:
Then pass this file, using the ‘-p’ option, to ntopng ([–ndpi-protocols|-p] <file>.protos). More information can be found in this article