1. RESTful API v2 Specification

1.1. Authentication

The HTTP/HTTPS authentication should be used, for example with curl it is possible to specify username and password with -u <user>:<password>

Using HTTPS is recommended for security. See this post to enable HTTPS.

1.2. Request Format

Parameters can be provided both using GET with a query string or POST using JSON (in this case please make sure the correct Content Type is provided). For example, to download data for a host you can use the below curl command line using GET:

curl -s -u admin:admin "http://192.168.1.1:3000/lua/rest/v2/get/host/data.lua?ifid=1&host=192.168.1.2"

or the below curl command line using POST:

curl -s -u admin:admin -H "Content-Type: application/json" -d '{"ifid": "1", "host": "192.168.1.2"}' "http://192.168.1.1:3000/lua/rest/v2/get/host/data.lua"

Please check the Examples section for more examples.

1.3. Response Format

An API response is usually represented by a JSON message matching a standard structure. This JSON message consists of an envelope containing:

  • a return code rc

  • a human-readable string rc_str describing the return code

  • the actual response in rsp

Example:

{
 "rc": 0
 "rc_str": "OK",
 "rsp": {
    ...
 }
}

1.4. API

1.4.1. Interfaces

GET /lua/pro/rest/v2/delete/host/asset.lua

Get ntopng actively monitored interfaces names and ids

  • Description: Interface name and integer interface id for each actively monitored ntopng interface

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

serial_key

query

Host identifier

integer

Responses

0 - OK

1.4.2. Hosts

GET /lua/pro/rest/v2/get/geo_map/hosts.lua

Get hosts location

  • Description: Get hosts location and other info

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/pro/rest/v2/get/interface/top/local/talkers.lua

Get Top local talkers

  • Description: Get the Top 10 local talkers

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface ID

number

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/pro/rest/v2/get/interface/top/remote/talkers.lua

Get Top remote talkers

  • Description: Get the Top 10 remote talkers

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface ID

number

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/pro/rest/v2/get/interface/top_ts_stats.lua

Get Top Timeseries stats

  • Description: Get the Top timeseries stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

Start time (epoch)

integer

ts_query

query

data used to get the timeseries; e.g. format: ‘ifid:1,protocol:DNS’ , where ‘ifid:1’ stands for interface ID 1 and ‘protocol:DNS’ stands for DNS protocol information

integer

detail_view

query

Top information requested, currently available: top_protocols -> Top Application data, top_categories -> Top Categories data, top_senders -> Top Local Senders data, top_receivers -> Top Local Receivers data

string

Responses

0 - OK

-2 - INVALID_INTERFACE

POST /lua/rest/v2/add/host/to_scan.lua

Add host to vulnerability scan hosts list

  • Description: Add Host to Scan

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

host

formData

Host address

string

scan_type

formData

Vulnerability Scan Type

string

scan_ports

formData

Comma separeted ports list

string

scan_frequency

formData

Available only from Pro License. Automatic scanning, one option between: disabled, 1day (scan once per day), 1week (scan once a week)

string

scan_id

formData

Scan ID

string

cidr

formData

Network CIDR

string

Responses

0 - OK

-6 - INTERNAL_ERROR

-8 - BAD_CONTENT

POST /lua/rest/v2/exec/host/schedule_vulnerability_scan.lua

Delete host from vulnerability scan hosts list

  • Description: Delete Host to Scan

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

host

formData

Host address

string

scan_type

formData

Vulnerability Scan Type

string

scan_ports

formData

Comma separeted ports list

string

scan_single_host

formData

Boolean to a single or all hosts

boolean

Responses

0 - OK

-6 - INTERNAL_ERROR

-8 - BAD_CONTENT

1.4.3. Alerts

GET /lua/pro/rest/v2/acknowledge/snmp/device/alerts.lua

Acknowledge SNMP device alerts

  • Description: Acknowledge SNMP device historical alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

label

query

Describe why the alert was ackowledge, it can be an empty string

string

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

row_id

query

Alert identifier of the exact alert

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

snmp_interface

query

SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/add/alert/exclusion.lua

Add an alert exclusion

  • Description: Add an alert exclusion

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

type

query

Type of the host to exclude (currently available: ‘host’, ‘domain’, ‘certificate’)

string

alert_addr

query

Host IP of the address to exclude (with type: ‘host’)

string

alert_domain

query

Domain to exclude (with type ‘host’)

string

alert_certificate

query

Certificate to exclude (with type ‘certificate’)

string

subdir

query

Type of alert to exclude (currently available: ‘flow’ or ‘host’

string

flow_alert_key

query

Flow alert identifier

string

host_alert_key

query

Host alert identifier

string

delete_alerts

query

Return true to delete the excluded alerts, false otherwise

boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/add/device/exclusion.lua

Add a device to exclude

  • Description: Add a device to exclude to the MAC tracking (see for more info: Device/MAC Address Tracking)

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

mac_list

query

List of MAC addresses to exclude separated by commas

string

trigger_alerts

query

Trigger the Unexpected Device Connected/Disconnected alert if set to true, otherwise not

boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/delete/alert/exclusion.lua

Delete an alert exclusion

  • Description: Delete an alert exclusion

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

type

query

Type of the host to exclude (currently available: ‘host’, ‘domain’, ‘certificate’)

string

alert_addr

query

Host IP of the address to exclude (with type: ‘host’)

string

alert_domain

query

Domain to exclude (with type ‘host’)

string

alert_certificate

query

Certificate to exclude (with type ‘certificate’)

string

subdir

query

Type of alert to exclude (currently available: ‘flow’ or ‘host’

string

flow_alert_key

query

Flow alert identifier

string

host_alert_key

query

Host alert identifier

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/delete/all/alert/exclusions.lua

Delete all alert exclusions

  • Description: Delete all configured host or flow alert exclusions for a specific host

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

type

query

Either ‘host’ or ‘flow’

string

host

query

The IP address of the host

string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/delete/device/exclusion.lua

Remove a device to exclude

  • Description: Remove a device to exclude to the MAC tracking (see for more info: Device/MAC Address Tracking)

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

device

query

MAC addresses to remove from the exclusions, or ‘all’ to delete all the MAC addresses excluded until now

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/delete/flow/alert/exclusions.lua

Delete flow alert exclusions

  • Description: Delete flow alert exclusions

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

alert_addr

query

The host IP address

string

alert_key

query

The flow alert key to exclude from flow alerts

integer

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/delete/host/alert/exclusions.lua

Delete host alert exclusions

  • Description: Delete host alert exclusions

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

alert_addr

query

The host IP address

string

alert_key

query

The host alert key to exclude from host alerts

integer

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/delete/snmp/device/alerts.lua

Delete SNMP device alerts

  • Description: Delete SNMP device alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

snmp_interface

query

SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/edit/device/exclusion.lua

Edit a device to exclude

  • Description: Edit a device to exclude to the MAC tracking (see for more info: Device/MAC Address Tracking)

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

mac

query

MAC address to edit

string

mac_alias

query

Alias used to rename the MAC address

string

mac_status

query

MAC address status

string

trigger_alerts

query

Trigger the Unexpected Device Connected/Disconnected alert if set to true, otherwise not

boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/alert/exclusion.lua

Get the alert exclusions

  • Description: Get all the available alert exclusions

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

type

query

Type of the host to exclude (currently available: ‘host’, ‘domain’, ‘certificate’)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/all/alert/top.lua

Get all alert stats

  • Description: Get all alert stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

Start time (epoch)

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/am_host/alert/top.lua

Get Active Monitoring alert stats

  • Description: Get Active Monitoring alert stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/device/exclusion.lua

List of excluded devices

  • Description: Return the list of the excluded devices (see for more info: Device/MAC Address Tracking)

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/domain/alert/exclusions.lua

Get domain alert exclusions

  • Description: Get domain alert exclusions

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/flow/alert/exclusions.lua

Get flow alert exclusions

  • Description: Get flow alert exclusions

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

host

query

The host IP address

string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/flow/alert/top.lua

Get flow alert stats

  • Description: Get flow alert stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

ip_version

query

IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_ip

query

Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_ip

query

Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_name

query

Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

srv_name

query

Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

cli_port

query

Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_port

query

Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

vlan_id

query

VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

l7proto

query

Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_country

query

Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_country

query

Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

probe_ip

query

Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

input_snmp

query

Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

output_snmp

query

Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

snmp_interface

query

SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_host_pool_id

query

Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

srv_host_pool_id

query

Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

cli_network

query

Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_network

query

Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

l7_error_id

query

Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

traffic_direction

query

Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

format

query

Format of the return data (json or txt)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/flowdevice/stats.lua

Get flow device stats

  • Description: get flow device stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

ip

query

The IP address of the device

string

ifIdx

query

The interface index

integer

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/flowdevices/stats.lua

Get flow devices stats

  • Description: get flow devices stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/host/alert/exclusions.lua

Get host alert exclusions

  • Description: Get host alert exclusions

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

host

query

The host IP address

string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/host/alert/top.lua

Get host alert stats

  • Description: Get host alert stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

vlan_id

query

VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

ip_version

query

IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

name

query

Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

host_pool_id

query

Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

network

query

Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/interface/alert/top.lua

Get interface alert stats

  • Description: Get interface alert stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

subtype

query

Alert subtype

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/mac/alert/top.lua

Get MAC alert stats

  • Description: Get MAC alert stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/network/alert/top.lua

Get network alert stats

  • Description: Get network alert stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

network_name

query

Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/observation_points/stats.lua

Get observation points alert stats

  • Description: Get observation points alert stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/sflowdevice/stats.lua

Get sFlow device stats

  • Description: get sFlow device stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

ip

query

The IP address of the device

string

ifIdx

query

The interface index

integer

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/sflowdevices/stats.lua

Get sFlow devices stats

  • Description: get sFlow devices stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/alert/list.lua

Get SNMP device alerts list

  • Description: Get SNMP device alerts list

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

start

query

Starting record (e.g. start=100, it will start returning records from the 101st)

integer

length

query

Maximum number of records to get

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

snmp_interface

query

SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

format

query

Format of the return data (json or txt)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/alert/top.lua

Get SNMP device alert stats

  • Description: Get SNMP device alert stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

snmp_interface

query

SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/alert/ts.lua

Get SNMP device alerts timeseries

  • Description: Get SNMP device alerts timeseries

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

snmp_interface

query

SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/system/alert/top.lua

Get system alert stats

  • Description: Get system alert stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/user/alert/top.lua

Get user alert stats

  • Description: Get user alert stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/am_host/alerts.lua

Acknowledge Active Monitoring alerts

  • Description: Acknowledge Active Monitoring historical alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

label

query

Describe why the alert was ackowledge, it can be an empty string

string

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

row_id

query

Alert identifier of the exact alert

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/flow/alerts.lua

Acknowledge flow alerts

  • Description: Acknowledge flow historical alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

label

query

Describe why the alert was ackowledge, it can be an empty string

string

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

row_id

query

Alert identifier of the exact alert

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

ip_version

query

IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_ip

query

Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_ip

query

Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_name

query

Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

srv_name

query

Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

cli_port

query

Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_port

query

Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

vlan_id

query

VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

l7proto

query

Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_country

query

Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_country

query

Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

probe_ip

query

Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

input_snmp

query

Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

output_snmp

query

Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

snmp_interface

query

SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_host_pool_id

query

Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

srv_host_pool_id

query

Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

cli_network

query

Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_network

query

Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

l7_error_id

query

Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

traffic_direction

query

Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/host/alerts.lua

Acknowledge host alerts

  • Description: Acknowledge host historical alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

label

query

Describe why the alert was ackowledge, it can be an empty string

string

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

row_id

query

Alert identifier of the exact alert

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

vlan_id

query

VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

ip_version

query

IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

name

query

Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

host_pool_id

query

Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

network

query

Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/interface/alerts.lua

Acknowledge interface alerts

  • Description: Acknowledge interface historical alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

label

query

Describe why the alert was ackowledge, it can be an empty string

string

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

row_id

query

Alert identifier of the exact alert

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

subtype

query

Alert subtype

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/mac/alerts.lua

Acknowledge MAC alerts

  • Description: Acknowledge MAC historical alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

label

query

Describe why the alert was ackowledge, it can be an empty string

string

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

row_id

query

Alert identifier of the exact alert

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/network/alerts.lua

Acknowledge network alerts

  • Description: Acknowledge network historical alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

label

query

Describe why the alert was ackowledge, it can be an empty string

string

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

row_id

query

Alert identifier of the exact alert

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

network_name

query

Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/system/alerts.lua

Acknowledge system alerts

  • Description: Acknowledge system historical alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

label

query

Describe why the alert was ackowledge, it can be an empty string

string

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

row_id

query

Alert identifier of the exact alert

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/user/alerts.lua

Acknowledge user alerts

  • Description: Acknowledge user historical alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

label

query

Describe why the alert was ackowledge, it can be an empty string

string

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

row_id

query

Alert identifier of the exact alert

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/all/alerts.lua

Delete all alerts

  • Description: Delete all historical alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/am_host/alerts.lua

Delete active monitoring hosts alerts

  • Description: Delete active monitoring hosts historical alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/flow/alerts.lua

Delete flow alerts

  • Description: Delete flow historical alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

ip_version

query

IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_ip

query

Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_ip

query

Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_name

query

Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

srv_name

query

Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

cli_port

query

Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_port

query

Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

vlan_id

query

VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

l7proto

query

Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_country

query

Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_country

query

Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

probe_ip

query

Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

input_snmp

query

Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

output_snmp

query

Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

snmp_interface

query

SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_host_pool_id

query

Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

srv_host_pool_id

query

Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

cli_network

query

Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_network

query

Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

l7_error_id

query

Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

traffic_direction

query

Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/host/alerts.lua

Delete host alerts

  • Description: Delete historical host alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

vlan_id

query

VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

ip_version

query

IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

name

query

Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

host_pool_id

query

Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

network

query

Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/host/new_devices.lua

Delete all new devices

  • Description: Delete all new devices learned by ntopng

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

GET /lua/rest/v2/delete/interface/alerts.lua

Delete interface alerts

  • Description: Delete historical interface alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

subtype

query

Alert subtype

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/mac/alerts.lua

Delete MAC alerts

  • Description: Delete MAC historical alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/network/alerts.lua

Delete network alerts

  • Description: Delete historical network alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

network_name

query

Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/system/alerts.lua

Delete system alerts

  • Description: Delete system historical alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/user/alerts.lua

Delete user alerts

  • Description: Delete user historical alerts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

1.4.4. Flows

GET /lua/pro/rest/v2/get/db/columns_info.lua

Get Clickhouse available columns

  • Description: Executes a query to the flows database and return all the available columns the DB has

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/db/flows.lua

Get flows data. Columns include (but are not limited to) IP_PROTOCOL_VERSION, FLOW_TIME, FIRST_SEEN, LAST_SEEN, VLAN_ID, PACKETS, TOTAL_BYTES, SRC2DST_BYTES, DST2SRC_BYTES, IPV4_SRC_ADDR, IPV4_DST_ADDR, IPV6_SRC_ADDR, IPV6_DST_ADDR, PROTOCOL, L7_PROTO.

  • Description: Executes a query to the flows database

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

begin_time_clause

query

Start time (epoch)

integer

end_time_clause

query

Start time (epoch)

integer

select_clause

query

Select clause (default: *)

string

where_clause

query

Where clause (default: none). IP values should be double-quoted and between parenthesis (e.g. IPV4_SRC_ADDR = (“192.168.1.1”)).

string

maxhits_clause

query

Max hits (default: 10)

integer

order_by_clause

query

Order by clause (default: no order)

string

group_by_clause

query

Group by clause (default: no group)

string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/db/topk_flows.lua

Get Top-K flows data. Columns include (but are not limited to) IP_PROTOCOL_VERSION, FLOW_TIME, FIRST_SEEN, LAST_SEEN, VLAN_ID, PACKETS, TOTAL_BYTES, SRC2DST_BYTES, DST2SRC_BYTES, IPV4_SRC_ADDR, IPV4_DST_ADDR, IPV6_SRC_ADDR, IPV6_DST_ADDR, PROTOCOL, L7_PROTO

  • Description: Executes a top-k query to the flows database

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

begin_time_clause

query

Start time (epoch)

integer

end_time_clause

query

End time (epoch)

integer

select_keys_clause

query

Select comma-separated keys list (default: IPV4_SRC_ADDR,IPV4_DST_ADDR,L7_PROTO)

string

select_values_clause

query

Select value (default: BYTES)

string

where_clause

query

Where clause (default: none)

string

topk_clause

query

Top-K clause (default: SUM)

string

approx_search

query

Approximate search (default: true)

string

maxhits_clause

query

Max hits (default: 10)

integer

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

1.4.5. PCAP

GET /lua/pro/rest/v2/get/db/filter/bpf.lua

BPF filter generation

  • Description: Convert tags used to extract data from the database into the equivalent BPF filter, suitable for traffic extraction

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

l7proto

query

Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

l7proto_master

query

Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

l7cat

query

Application category identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

flow_risk

query

Flow risk identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

l4proto

query

Transport protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip_version

query

IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_ip

query

Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_ip

query

Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

traffic_direction

query

Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

name

query

Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

cli_name

query

Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

srv_name

query

Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

network_name

query

Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

src2dst_dscp

query

Client to Server DSCP identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_port

query

Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_port

query

Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

country

query

Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_country

query

Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_country

query

Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_asn

query

Client ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_asn

query

Server ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_nw_latency

query

Client network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

srv_nw_latency

query

Server network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

observation_point_id

query

Observation point identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

probe_ip

query

Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

vlan_id

query

VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

snmp_interface

query

SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

input_snmp

query

Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

output_snmp

query

Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

src2dst_tcp_flags

query

Client to Server TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

dst2src_tcp_flags

query

Server to Client TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

mac

query

MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_mac

query

Client MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_mac

query

Server MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

network

query

Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_network

query

Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_network

query

Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

info

query

Info field (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

bytes

query

Total Bytes (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

packets

query

Total Packets (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

host_pool_id

query

Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

cli_host_pool_id

query

Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

srv_host_pool_id

query

Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

l7_error_id

query

Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_proc_name

query

Client process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_proc_name

query

Server process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_user_name

query

Client user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_user_name

query

Server user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

FILE - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

1.4.6. Users

POST /lua/rest/v2/add/ntopng/user.lua

Add ntopng user

  • Description: Add a ntopng user

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

username

formData

Username

string

full_name

formData

Full name

string

password

formData

Password

string

confirm_password

formData

Confirmed password

string

user_role

formData

User role (unprivileged / administrator)

string

allowed_networks

formData

Allowed networks (e.g. 0.0.0.0/0,::/0)

string

allowed_interface

formData

Allowed interfaces (empty for all)

string

user_language

formData

Language (en, it, de, jp, pt, cz)

string

allow_pcap_download

formData

Allow PCAPs download (1 to allow)

string

allow_historical_flows

formData

Allow Historical Flows page (1 to allow, 0 to deny)

string

allow_alerts

formData

Allow Alerts page (1 to allow, 0 to deny)

string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-19 - PASSWORD_MISMATCH

-20 - ADD_USER_FAILED

-23 - USER_ALREADY_EXISTING

POST /lua/rest/v2/create/ntopng/session.lua

Create a new ntopng user session Cookie

  • Description: Generate a new user session to be used as session Cookie

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

username

formData

Username

string

auth_session_duration

formData

Session duration (seconds). Default: 0 (no expiration).

integer

Responses

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/delete/ntopng/user.lua

Delete ntopng user

  • Description: Delete a ntopng user

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

username

formData

Username

string

Responses

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-21 - DELETE_USER_FAILED

POST /lua/rest/v2/edit/ntopng/user.lua

Edit a ntopng user

  • Description: Edit an existing ntopng user

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

username

formData

Username

string

full_name

formData

Full name

string

password

formData

Password

string

confirm_password

formData

Confirmed password

string

user_role

formData

User role (unprivileged / administrator)

string

allowed_networks

formData

Allowed networks (e.g. 0.0.0.0/0,::/0)

string

allowed_interface

formData

Allowed interfaces (empty for all)

string

user_language

formData

Language (en, it, de, jp, pt, cz)

string

allow_pcap_download

formData

Allow PCAPs download (1 to allow)

string

allow_historical_flows

formData

Allow Historical Flows page (1 to allow, 0 to deny)

string

allow_alerts

formData

Allow Alerts page (1 to allow, 0 to deny)

string

Responses

-5 - INVALID_ARGUMENTS

-21 - DELETE_USER_FAILED

-23 - USER_DOES_NOT_EXIST

-24 - EDIT_USER_FAILED

1.4.7. Infrastructures

POST /lua/pro/rest/v2/add/infrastructure/instance.lua

Add a new infrastructure configuration

  • Description: Add a new infrastructure configuration

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

url

The URL of the ntopng in the infrastructure

string

alias

An alias for the infrastructure

string

token

The REST API Token for the authentication

string

rtt_threshold

RTT threshold used by the active monitoring

int32

bandwidth_threshold

Bandwidth threshold used by the active monitoring

int32

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-34 - INFRASTRUCTURE_INSTANCE_EMPTY_ALIAS

-35 - INFRASTRUCTURE_INSTANCE_EMPTY_URL

-36 - INFRASTRUCTURE_INSTANCE_EMPTY_TOKEN

-37 - INFRASTRUCTURE_INSTANCE_EMPTY_RTT_THRESHOLD

-39 - INFRASTRUCTURE_INSTANCE_SAME_ALIAS

-40 - INFRASTRUCTURE_INSTANCE_SAME_URL

-41 - INFRASTRUCTURE_INSTANCE_SAME_TOKEN

-42 - INFRASTRUCTURE_INSTANCE_ALREADY_EXISTING

-47 - INFRASTRUCTURE_INSTANCE_EMPTY_BANDWIDTH_THRESHOLD

POST /lua/pro/rest/v2/delete/infrastructure/instance.lua

Delete an existing infrastructure configuration

  • Description: Delete an existing infrastructure configuration

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

instance_id

The ID of the infrastructure to delete

string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-32 - INFRASTRUCTURE_INSTANCE_NOT_FOUND

-33 - INFRASTRUCTURE_INSTANCE_EMPTY_ID

POST /lua/pro/rest/v2/edit/infrastructure/instance.lua

Edit an existing infrastructure configuration

  • Description: Edit an existing infrastructure configuration

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

instance_id

The ID of the infrastructure configuration to edit

string

url

The URL of the ntopng in the infrastructure

string

alias

An alias for the infrastructure

string

token

The REST API Token for the authentication

string

rtt_threshold

RTT threshold used by the active monitoring

int32

bandwidth_threshold

Bandwidth threshold used by the active monitoring

int32

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-32 - INFRASTRUCTURE_INSTANCE_NOT_FOUND

-33 - INFRASTRUCTURE_INSTANCE_EMPTY_ID

-34 - INFRASTRUCTURE_INSTANCE_EMPTY_ALIAS

-35 - INFRASTRUCTURE_INSTANCE_EMPTY_URL

-36 - INFRASTRUCTURE_INSTANCE_EMPTY_TOKEN

-37 - INFRASTRUCTURE_INSTANCE_EMPTY_RTT_THRESHOLD

-39 - INFRASTRUCTURE_INSTANCE_SAME_ALIAS

-40 - INFRASTRUCTURE_INSTANCE_SAME_URL

-41 - INFRASTRUCTURE_INSTANCE_SAME_TOKEN

-47 - INFRASTRUCTURE_INSTANCE_EMPTY_BANDWIDTH_THRESHOLD

GET /lua/pro/rest/v2/get/infrastructure/instance.lua

Get one or all infrastructure configs

  • Description: Get one or all infrastructure configs

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Add statistics collected by the active monitoring module

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-32 - INFRASTRUCTURE_INSTANCE_NOT_FOUND

GET /lua/rest/v2/export/infrastructure/config.lua

Export the Infrastructure configurations as a JSON file

  • Description: Export the configuration for the infrastructure configurations

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

download

query

Download as file (no REST envelope)

boolean

Responses

0 - OK

-3 - NOT_GRANTED

1.4.8. Health

GET /lua/pro/rest/v2/get/system/health/clickhouse.lua

Get Clickhouse Stats

  • Description: Get all the available Clickhouse Statistics

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-6 - INTERNAL_ERROR

1.4.9. Configurations

1.4.10. Vulnerability Scan

GET /lua/pro/rest/v2/delete/vs/report.lua

Delete a vulnerability scan report

  • Description: Delete a vulnerability scan report

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

epoch_end

query

Epoch of vulnerability scan report to delete

integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/edit/vs/report.lua

Edit a Vulnerability Scan report

  • Description: Edit an existing Vulnerability Scan report

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

epoch_end

query

Epoch of vulnerability scan report to edit

integer

report_title

query

The new report name

string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/vs/report_list.lua

Get all vulnerability scan reports

  • Description: Get VS reports

  • Produces: [‘application/json’]

Responses

0 - OK

GET /lua/rest/v2/edit/host/update_va_scan_period.lua

Update Vulnerability Scan

  • Description: Update Vulnerability Scan Frequency

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

scan_frequency

query

Auto scan frequency, can be: disabled, 1day, 1week

string

Responses

0 - OK

-3 - NOT_GRANTED

1.4.11. Host

GET /lua/pro/rest/v2/add/interface/host_rules/add_host_rule.lua

Add Host Rule

  • Description: Add an host rule to an interface, used to run periodic check on traffic and similar, on the timeseries

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

host

query

Host to apply the check, IP address of the host or * to check for all the hosts

string

frequency

query

Frequency of the check to run, every minute, every 5 minutes, every hour or daily (‘min’, ‘5min’, ‘hour’, ‘day’)

string

metric

query

Timeseries schema of the metric to analyze

string

threshold

query

Threshold that if exceeded, it’s going to trigger an alert

string

metric_type

query

metric used to analyze the data, Throughput or Volume? (currently available: ‘throughput’, ‘volume’)

string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/pro/rest/v2/delete/interface/host_rules/add_host_rule.lua

Remove an Host Rule

  • Description: Remove an host rule from an interface, used to run periodic check on traffic and similar, on the timeseries

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

rule_id

query

Identifier of the rule to delete

string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/host/flows/data.lua

Get host flows data

  • Description: Given an host return the information used to create the sankey chart with all the flows information regarding that hosts (protocols, traffic, ecc.)

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

host

formData

Host address

string

hosts_type

query

Currently available: local_only -> return only flows between local hosts, remote_only -> return only flows between remote hosts, local_origin_remote_target -> return only flows between local clients and remote servers, remote_origin_local_target -> return only flows between local servers and remote clients, all_hosts -> return all flows

string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/interface/host_rules/host_rules_data.lua

Get Host Rule

  • Description: Get an host rule to an interface, used to run periodic check on traffic and similar, on the timeseries

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/pro/rest/v2/get/interface/host_rules/host_rules_metric.lua

Get Host Rule available metrics

  • Description: Get an host rule available metrics, used to run periodic check on traffic and similar, on the timeseries

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

1.4.12. SNMP

GET /lua/pro/rest/v2/add/snmp/device.lua

Add SNMP devices

  • Description: Add devices to the monitored SNMP devices

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

snmp_host

query

IP address or symbolic name of and an SNMP device

string

snmp_read_community

query

The SNMP read community to use (SNMP v1/v2c only)

string

snmp_write_community

query

The SNMP write community to use (SNMP v1/v2c only)

string

snmp_version

query

The SNMP version to use: 2 (SNMP v3), 1 (v2c) or 0 (v1)

string

snmp_level

query

Used only with SNMP v3: noAuthNoPriv, authNoPriv, or authPriv)

string

snmp_auth_protocol

query

Used only with SNMP v3 and level not set to noAuthNoPriv: MD5 or SHA

string

snmp_auth_passphrase

query

Used only with SNMP v3 and level not set to noAuthNoPriv: 8 chars+ passphrase

string

snmp_privacy_protocol

query

Used only with SNMP v3 and level set to autPriv: DES or AES

string

snmp_privacy_passphrase

query

Used only with SNMP v3 and level set to autPriv: 8 chars+ passphrase

string

cidr

query

Either 24 or 32. If 32, snmp_host is treated as single host. If 24 snmp_host is treated as as CIDR address

string

Responses

-3 - NOT_GRANTED

-4 - INVALID_HOST

-5 - INVALID_ARGUMENTS

-9 - NAME_RESOLUTION_FAILED

-10 - SNMP_DEVICE_ALREADY_ADDED

-11 - SNMP_DEVICE_UNREACHABLE

-12 - NO_SNMP_DEVICE_DISCOVERED

GET /lua/pro/rest/v2/change/snmp/device/interface/status.lua

Change SNMP device interface status

  • Description: Change the status of an SNMP device in terface to up or down

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

host

query

IP address of an SNMP device

string

snmp_admin_status

query

The new admin status, either ‘up’ or ‘down’

string

snmp_port_idx

query

The index of the SNMP device interface

string

Responses

0 - OK

-3 - NOT_GRANTED

-4 - INVALID_HOST

-5 - INVALID_ARGUMENTS

-26 - SNMP_DEVICE_INTERFACE_STATUS_CHANGE_FAILED

GET /lua/pro/rest/v2/delete/snmp/device.lua

Delete an SNMP device

  • Description: Delete an SNMP device from the monitored SNMP devices

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

host

query

IP address of an SNMP device

string

Responses

0 - SNMP_DEVICE_DELETED_SUCCESSFULLY

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/edit/snmp/device/device.lua

Edit a SNMP device

  • Description: Edit an existing monitored SNMP device

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

snmp_host

query

IP address or symbolic name of and an SNMP device

string

snmp_read_community

query

The SNMP read community to use (SNMP v1/v2c only)

string

snmp_write_community

query

The SNMP write community to use (SNMP v1/v2c only)

string

snmp_version

query

The SNMP version to use: 2 (SNMP v3), 1 (v2c) or 0 (v1)

string

snmp_level

query

Used only with SNMP v3: noAuthNoPriv, authNoPriv, or authPriv)

string

snmp_auth_protocol

query

Used only with SNMP v3 and level not set to noAuthNoPriv: MD5 or SHA

string

snmp_auth_passphrase

query

Used only with SNMP v3 and level not set to noAuthNoPriv: 8 chars+ passphrase

string

snmp_privacy_protocol

query

Used only with SNMP v3 and level set to autPriv: DES or AES

string

snmp_privacy_passphrase

query

Used only with SNMP v3 and level set to autPriv: 8 chars+ passphrase

string

Responses

-3 - NOT_GRANTED

-4 - INVALID_HOST

-5 - INVALID_ARGUMENTS

-9 - NAME_RESOLUTION_FAILED

-10 - SNMP_DEVICE_ALREADY_ADDED

-11 - SNMP_DEVICE_UNREACHABLE

-12 - NO_SNMP_DEVICE_DISCOVERED

-22 - SNMP_UNKNOWN_DEVICE

GET /lua/pro/rest/v2/get/snmp/device/bridge.lua

Get bridge MIB information

  • Description: Get bridge MIB information for a single or all SNMP devices

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

host

query

The IP address of the SNMP device (optional, all devices are returned if empty)

string

Responses

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/interfaces.lua

Get interfaces information

  • Description: Get interfaces information for a single or all SNMP devices

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

host

query

The IP address of the SNMP device (optional, all devices are returned if empty)

string

Responses

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/lldp.lua

Get LLDP adjacency information

  • Description: Get LLDP adjacencies for a single or all SNMP devices

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

host

query

The IP address of the SNMP device (optional, all devices are returned if empty)

string

Responses

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/list.lua

Get all SNMP devices

  • Description: Retrieve all configured SNMP devices.

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/system.lua

Get system information

  • Description: Get system information for a single or all SNMP devices

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

host

query

The IP address of the SNMP device (optional, all devices are returned if empty)

string

Responses

-3 - NOT_GRANTED

1.4.13. All

POST /lua/pro/rest/v2/check/infrastructure/config.lua

Test an infrastructure configuration

  • Description: Uses an url and token to connect to the REST API of an ntopng in the infrastructure

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

url

query

The URL of the ntopng in the infrastructure

string

token

query

The REST API Token for the authentication

string

Responses

0 - OK

-42 - INFRASTRUCTURE_INSTANCE_ALREADY_EXISTING

-43 - INFRASTRUCTURE_INSTANCE_CHECK_FAILED

-44 - INFRASTRUCTURE_INSTANCE_CHECK_NOT_FOUND

-45 - INFRASTRUCTURE_INSTANCE_CHECK_INVALID_RESPONSE

-46 - INFRASTRUCTURE_INSTANCE_CHECK_AUTH_FAILED

GET /lua/rest/v2/export/all/config.lua

Export all configurations as a JSON file

  • Description: Export all configurations including Pools, Active Monitoring, Notifications (Endpoints and Recipients), Checks, SNMP devices

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

download

query

Download as file (no REST envelope)

boolean

Responses

0 - OK

-3 - NOT_GRANTED

1.4.14. Observation Point

GET /lua/pro/rest/v2/delete/observation_point/stats.lua

Remove an Observation Point stats

  • Description: Remove Observation Point stats stored until now. If the Observation Point is no more seen on the network, even the entry is going to be deleted

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

observation_point

query

Identifier of the rule to delete

integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/delete/observation_points/stats.lua

Delete an Observation Point

  • Description: Given an Observation Point ID, it is going to delete it and all the information related to it

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

observation_point_id

query

Observation Point ID

integer

ifid

query

Interface identifier

integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/observation_points/alias.lua

Get the alias of an Observation Point

  • Description: The alias of an Observation Point is returned

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

observation_point_id

query

Observation Point ID

integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

POST /lua/pro/rest/v2/set/observation_points/alias.lua

Set the alias of an Observation Point

  • Description: Set the alias of an Observation Point is returned

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

alias

formData

New Observation Point Alias

string

observation_point_id

formData

Observation Point ID

integer

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

1.4.15. Pools

GET /lua/pro/rest/v2/export/pool/policy.lua

Export pool policies

  • Description: Export pool policies

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/set/pool/policy.lua

Set pool policy

  • Description: Set pool policy

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/pro/rest/v2/set/pool/policy_autoconf.lua

Set a pool policy from autoconfiguration

  • Description: Set a pool policy from autoconfiguration

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

POST /lua/rest/v2/add/host/pool.lua

Add an host pool

  • Description: Add an host pool with members and configuration

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

pool_name

formData

Host Pool Name

string

pool_members

formData

List of IPs separated by commas

string

confset_id

formData

Configuration ID

integer

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-13 - ADD_POOL_FAILED

GET /lua/rest/v2/bind/host/pool/member.lua

Bind a member to an host pool

  • Description: Bind a member to an host pool

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

pool

query

Host Pool ID

integer

member

query

IP/MAC/Network CIDR to add to the Host Pool ID

string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-17 - BIND_POOL_MEMBER_FAILED

POST /lua/rest/v2/delete/host/pool.lua

Delete an host pool

  • Description: Delete an host pool

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

pool

query

Host Pool ID, required to delete the given pool

number

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-16 - POOL_NOT_FOUND

POST /lua/rest/v2/delete/pools.lua

Delete all pools for any available pool type

  • Description: Delete all pools for any available pool type

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

POST /lua/rest/v2/edit/host/pool.lua

Edit an host pool

  • Description: Edit an host pool with members and configuration

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

pool

formData

Pool ID

integer

pool_name

formData

Pool Name

string

pool_members

formData

Comma separated list of IPs/MACs/Networks cidr

string

confset_id

formData

Configuration ID

integer

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-14 - EDIT_POOL_FAILED

POST /lua/rest/v2/edit/host_pool/pool.lua

Edit an host pool pool

  • Description: Edit an host pool pool (only recipients edit is allowed)

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-14 - EDIT_POOL_FAILED

GET /lua/rest/v2/export/pool/config.lua

Export the pools configuration as a JSON file

  • Description: Export the configuration of all pools and dependencies (notifications, SNMP, active monitoring, checks

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

download

query

Download as file (no REST envelope)

boolean

Responses

0 - OK

-3 - NOT_GRANTED

1.4.16. Traffic

GET /lua/pro/rest/v2/get/db/historical_db_search.lua

Get historical flows info

  • Description: Get historical flows info

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

start

query

Starting record (e.g. start=100, it will start returning records from the 101st)

integer

length

query

Maximum number of records to get

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

l7proto

query

Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

l7proto_master

query

Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

l7cat

query

Application category identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

flow_risk

query

Flow risk identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

l4proto

query

Transport protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip_version

query

IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_ip

query

Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_ip

query

Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

traffic_direction

query

Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

name

query

Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

cli_name

query

Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

srv_name

query

Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

network_name

query

Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

src2dst_dscp

query

Client to Server DSCP identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_port

query

Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_port

query

Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

country

query

Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_country

query

Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_country

query

Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_asn

query

Client ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_asn

query

Server ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_nw_latency

query

Client network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

srv_nw_latency

query

Server network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

observation_point_id

query

Observation point identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

probe_ip

query

Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

vlan_id

query

VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

snmp_interface

query

SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

input_snmp

query

Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

output_snmp

query

Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

src2dst_tcp_flags

query

Client to Server TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

dst2src_tcp_flags

query

Server to Client TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

mac

query

MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_mac

query

Client MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_mac

query

Server MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

network

query

Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_network

query

Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_network

query

Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

info

query

Info field (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

bytes

query

Total Bytes (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

packets

query

Total Packets (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

host_pool_id

query

Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

cli_host_pool_id

query

Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

srv_host_pool_id

query

Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

l7_error_id

query

Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_proc_name

query

Client process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_proc_name

query

Server process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_user_name

query

Client user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_user_name

query

Server user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/connect/test.lua

Test ntopng

  • Description: Test ntopng reachability and authentication

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

1.4.17. Timeseries

GET /lua/pro/rest/v2/get/db/ts.lua

Return the number of flows in a period of time

  • Description: Return the timeseries of number of flows in a period of time

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

l7proto

query

Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

l7proto_master

query

Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

l7cat

query

Application category identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

flow_risk

query

Flow risk identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

l4proto

query

Transport protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip_version

query

IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_ip

query

Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_ip

query

Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

traffic_direction

query

Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

name

query

Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

cli_name

query

Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

srv_name

query

Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

network_name

query

Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

src2dst_dscp

query

Client to Server DSCP identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_port

query

Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_port

query

Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

country

query

Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_country

query

Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_country

query

Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_asn

query

Client ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_asn

query

Server ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_nw_latency

query

Client network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

srv_nw_latency

query

Server network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

observation_point_id

query

Observation point identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

probe_ip

query

Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

vlan_id

query

VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

snmp_interface

query

SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

input_snmp

query

Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

output_snmp

query

Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

src2dst_tcp_flags

query

Client to Server TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

dst2src_tcp_flags

query

Server to Client TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

mac

query

MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_mac

query

Client MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_mac

query

Server MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

network

query

Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_network

query

Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_network

query

Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

info

query

Info field (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

bytes

query

Total Bytes (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

packets

query

Total Packets (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

host_pool_id

query

Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

cli_host_pool_id

query

Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

srv_host_pool_id

query

Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

l7_error_id

query

Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_proc_name

query

Client process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_proc_name

query

Server process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_user_name

query

Client user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_user_name

query

Server user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

FILE - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

POST /lua/pro/rest/v2/get/timeseries/ts_multi.lua

Return timeseries

  • Description: Return the requested timeseries in the requested timeframe

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

limit

query

Maximum number of timeseries points

number

ts_compare

query

Choices available: ‘30m’, ‘1h’, ‘1d’. A string reporting the timeframe of the timeseries to be compared to (e.g. ‘30m’, means to return other then the timeserie requested, the 30 minutes before)

string

ts_requests

query

An array of timeseries to be returned, containing ts_query, ts_schema and tskey (e.g. [{ts_query: ‘ifid:1,asn:199524’, ts_schema: ‘asn:traffic’, tskey: ‘199524’}]; the explaination of these three parameters can be found into ‘/lua/rest/v2/get/timeseries/ts.lua’ REST)

array

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

1.4.18. Peers

GET /lua/pro/rest/v2/get/host/no_tx_peers.lua

Get RX-only host peers

  • Description: Get list of host with RX-only traffic (i.e. no TX traffic sent)

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

1.4.19. Top

GET /lua/pro/rest/v2/get/host/top/local/sites.lua

Get host top local sites

  • Description: Get host top local sites

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

host

query

The IP address of the host

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/interface/top/l7_stats.lua

Get interface top Layer-7 stats

  • Description: Get interface top Layer-7 stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/pro/rest/v2/get/interface/top/realtime_traffic.lua

Get interface top traffic stats

  • Description: Get interface top traffic stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/pro/rest/v2/get/interface/top/score.lua

Get interface top score stats

  • Description: Get interface top score stats

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

1.4.20. System

GET /lua/pro/rest/v2/get/infrastructure/data.lua

Get infrastructure data

  • Description: Get infrastructure data

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/system/data.lua

Get system data

  • Description: Get system data

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

1.4.21. Sites

GET /lua/pro/rest/v2/get/interface/top/sites.lua

Get interface top sites

  • Description: Get the top sites for an interface

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

1.4.22. Maps

GET /lua/pro/rest/v2/get/maps/periodicity_map.lua

Get the periodicity map of an interface

  • Description: Get the periodicity map of an interface

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/maps/service_map.lua

Get the service map of an interface

  • Description: Get the service map of an interface

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

1.4.23. User

POST /lua/rest/v2/create/ntopng/api_token.lua

Create an API token

  • Description: Create an API token

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

username

formData

An existing ntopng username

string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

1.4.24. Checks

GET /lua/rest/v2/delete/application/application.lua

Remove a custom protocol

  • Description: If run ntopng using -p option, delete a custom protocol if it exists

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

protocol_alias

form

Application Name

string

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/disable/check.lua

Disables a check

  • Description: Disables a check

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

check_subdir

form

The check subdir

string

script_key

form

The key of the script

string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/edit/application/application.lua

Edit a custom protocol

  • Description: If run ntopng using -p option, edit a custom protocol if it exists

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

protocol_alias

form

Application Name

string

category

form

Category ID

integer

l7_proto_id

form

Application ID

integer

custom_rules

form

List of custom rules separated by commas

string

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/enable/check.lua

Enables a check

  • Description: Enables a check

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

check_subdir

form

The check subdir

string

script_key

form

The key of the script

string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/export/checks/config.lua

Export Checks configuration

  • Description: Export Checks configuration

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

1.4.25. Notification Endpoints

POST /lua/rest/v2/delete/endpoints.lua

Delete all defined notification endpoints and reset them to factory-defaults

  • Description: Delete all defined notification endpoints and reset them to factory-defaults

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

1.4.26. Notification Recipients

POST /lua/rest/v2/delete/recipients.lua

Delete all defined recipients and reset them to factory-defaults

  • Description: Delete all defined recipients and reset them to factory-defaults

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

1.4.27. L7 Application Categories

GET /lua/rest/v2/edit/category/category.lua

Change the custom hosts for a specific category

  • Description: Given a category, an alias for the category and a list of hosts, networks or domain names, separated by comma, it is going to change the alias of the category and aggregate the traffic done by those hosts into the category

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

category

query

Category, formatted as cat_{id}, where ID is the ID of the category

string

custom_hosts

query

List of Hosts, Networks, Domain Names, separated by comma

string

alias

query

Alias of the Category

string

Responses

0 - OK

1.4.28. Configuration

POST /lua/rest/v2/edit/ntopng/incr_flows.lua

Double the maximum number of flows managed by ntopng

  • Description: Double the maximum number of flows managed by ntopng

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

-7 - BAD_FORMAT

POST /lua/rest/v2/edit/ntopng/incr_hosts.lua

Double the maximum number of hosts managed by ntopng

  • Description: Double the maximum number of hosts managed by ntopng

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

-7 - BAD_FORMAT

1.4.29. Active Monitoring

GET /lua/rest/v2/export/active_monitoring/config.lua

Export the active monitoring configuration as a JSON file

  • Description: Export the active monitoring configuration

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

download

query

Download as file (no REST envelope)

boolean

Responses

0 - OK

-3 - NOT_GRANTED

1.4.30. Notifications

GET /lua/rest/v2/export/notifications/config.lua

Export the notifications configuration as a JSON file

  • Description: Export the configuration for endpoints and recipients

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

download

query

Download as file (no REST envelope)

boolean

Responses

0 - OK

-3 - NOT_GRANTED

1.4.31.

GET /lua/rest/v2/export/scripts/config.lua

Export the Checks configuration as a JSON file

  • Description: Export the configuration for all checks

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

download

query

Download as file (no REST envelope)

boolean

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/export/snmp/config.lua

Export the SNMP configuration as a JSON file

  • Description: Export the configuration for the SNMP devices

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

download

query

Download as file (no REST envelope)

boolean

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/get/alert/filter/consts.lua

Get available alert filters

  • Description: Given a specific alert type (flow, host, …) return the available filters

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

page

query

Alert Page (interface, flow, host, network, snmp_device, mac, user, am_host, system)

string

Responses

0 - OK

GET /lua/rest/v2/get/alert/list/alerts.lua

List stored interface alerts

  • Description: List alerts stored in the ntopng alert database

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

alert_family

query

Alert family. Possible values: active_monitoring, flow, host, interface, mac , network , snmp , system , user

string

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

select_clause

query

Select clause (default: *)

string

where_clause

query

Where clause (default: none). IP values should be double-quoted and between parenthesis (e.g. IPV4_SRC_ADDR = (“192.168.1.1”)).

string

maxhits_clause

query

Max hits (default: 10)

integer

order_by

query

Order by clause (default: no order)

string

group_by

query

Group by clause (default: no group)

string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/alert/severity/consts.lua

Get alert severity constants

  • Description: Alert severity string and integer severity id for each defined severity

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

GET /lua/rest/v2/get/alert/severity/counters.lua

Get alert counters by severity

  • Description: Alert severity counters in descending order

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

status

query

Status filter (historical, historical-flows)

string

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

Start time (epoch)

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/alert/type/consts.lua

Get alert type constants

  • Description: Alert type string and integer alert key for each defined alert

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

GET /lua/rest/v2/get/alert/type/counters.lua

Get alert counters by type

  • Description: Alert type counters indescending order

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

status

query

Status filter (historical, historical-flows)

string

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/all/alert/list.lua

Get all alerts list

  • Description: Get all alerts list

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

start

query

Starting record (e.g. start=100, it will start returning records from the 101st)

integer

length

query

Maximum number of records to get

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

format

query

Format of the return data (json or txt)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/all/alert/ts.lua

Get all alerts timeseries

  • Description: Get all alerts timeseries

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

Start time (epoch)

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/am_host/alert/list.lua

Get Active Monitoring alerts list

  • Description: Get Active Monitoring alerts list

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

start

query

Starting record (e.g. start=100, it will start returning records from the 101st)

integer

length

query

Maximum number of records to get

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

format

query

Format of the return data (json or txt)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/am_host/alert/ts.lua

Get Active Monitoring alerts timeseries

  • Description: Get Active Monitoring alerts timeseries

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

POST /lua/rest/v2/get/asn/asn_info.lua

Get Autonomous systems data

  • Description: Return the ASN data ntopng collected from analyzing the network. If an ASN is given, then return the data regarding the requested ASN

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

asn

formData

Autonomous System ID

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/get/asn/asn_name.lua

Get Autonomous systems name

  • Description: Return the ASN name given an IP

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ip

query

IP Address

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/get/category/list.lua

Get category information

  • Description: Get all the category information available

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/checks/config.lua

Get Checks configuration

  • Description: Get checks configuration

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

download

query

Download the data or not

boolean

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/get/country/country_name.lua

Get Country Name

  • Description: Return the Country name given a country code

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

country_id

query

Country Code

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/get/dns/resolve.lua

Resolve an host name into an IP address

  • Description: Resolve an host name into an IP address

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

hostname

query

The host name to be resolved

string

Responses

0 - OK

-9 - NAME_RESOLUTION_FAILED

GET /lua/rest/v2/get/flow/active.lua

Get active flows

  • Description: List of active flows

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

currentPage

query

Pagination: page (optional)

integer

perPage

query

Pagination: items per page (optional)

integer

sortColumn

query

Pagination: column for sorting (e.g. ‘score’) (optional)

string

sortOrder

query

Pagination: sorting order: ‘asc’ or ‘desc’ (optional)

string

host

query

Host address filter (optional)

string

vlan

query

VLAN ID filter (optional)

integer

l4proto

query

L4 protocol filter (optional)

string

application

query

Application protocol filter (optional)

string

verbose

query

Add more details including TCP stats (optional)

boolean

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/flow/alert/list.lua

Get flow alerts list

  • Description: Get flow alerts list

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

start

query

Starting record (e.g. start=100, it will start returning records from the 101st)

integer

length

query

Maximum number of records to get

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

ip_version

query

IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_ip

query

Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_ip

query

Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_name

query

Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

srv_name

query

Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

cli_port

query

Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_port

query

Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

vlan_id

query

VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

l7proto

query

Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_country

query

Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_country

query

Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

probe_ip

query

Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

input_snmp

query

Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

output_snmp

query

Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

snmp_interface

query

SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_host_pool_id

query

Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

srv_host_pool_id

query

Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

cli_network

query

Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_network

query

Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

l7_error_id

query

Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

traffic_direction

query

Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

format

query

Format of the return data (json or txt)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/flow/alert/ts.lua

Get flow alerts timeseries

  • Description: Get flow alerts timeseries

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

ip_version

query

IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_ip

query

Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_ip

query

Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_name

query

Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

srv_name

query

Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

cli_port

query

Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_port

query

Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

vlan_id

query

VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

l7proto

query

Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_country

query

Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_country

query

Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

probe_ip

query

Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

input_snmp

query

Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

output_snmp

query

Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

snmp_interface

query

SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

cli_host_pool_id

query

Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

srv_host_pool_id

query

Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

cli_network

query

Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

srv_network

query

Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

l7_error_id

query

Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

traffic_direction

query

Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/flow/l4/counters.lua

Get flow counters for L4 protocols

  • Description: Number of active flows per L4 protocol

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/flow/l7/counters.lua

Get flow counters for L7 protocols

  • Description: Number of active flows per L7 application protocol

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/flow/traffic_stats.lua

Get traffic stats for active flows

  • Description: Get traffic stats for active flows

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/host/active.lua

Get active hosts

  • Description: List of active hosts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

currentPage

query

Pagination: page (optional)

integer

perPage

query

Pagination: items per page (optional)

integer

sortColumn

query

Pagination: column for sorting (e.g. ip, name, since, last, alerts, country, vlan, num_flows, traffic, thpt) (optional)

string

sortOrder

query

Pagination: sorting order: ‘asc’ or ‘desc’ (optional)

string

all

query

Get all hosts (optional)

boolean

mode

query

Mode filter: all, local, remote, broadcast_domain, filtered, blacklisted, dhcp (optional)

string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/host/alert/list.lua

Get host alerts list

  • Description: Get host alerts list

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

start

query

Starting record (e.g. start=100, it will start returning records from the 101st)

integer

length

query

Maximum number of records to get

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

vlan_id

query

VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

ip_version

query

IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

name

query

Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

host_pool_id

query

Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

network

query

Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

format

query

Format of the return data (json or txt)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/host/alert/ts.lua

Get host alerts timeseries

  • Description: Get host alerts timeseries

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

vlan_id

query

VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

ip_version

query

IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

ip

query

IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

name

query

Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)

string

host_pool_id

query

Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

string

network

query

Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/host/custom_data.lua

Get host custom data

  • Description: Custom data is returned for one or all hosts

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

host

query

Host address

string

field_alias

query

Field alias

string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-4 - INVALID_HOST

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

-8 - BAD_CONTENT

GET /lua/rest/v2/get/host/data.lua

Get host data

  • Description: Host data is returned

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

host

query

Host address (IP or IP@VLAN if traffic is tagged)

string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-4 - INVALID_HOST

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

-8 - BAD_CONTENT

GET /lua/rest/v2/get/host/dscp/stats.lua

Get IP DSCP statistics for a host

  • Description: DSCP statistics

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

host

query

Host address

string

vlan

query

VLAN ID

integer

direction

query

Select direction: ‘sent’ or ‘recvd’ (default)

boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/host/fingerprint/data.lua

Get counters per type

  • Description: Number of alerts per alert type

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

host

query

Host address

string

fingerprint_type

query

The fingerprint type, either ja3 or hassh

string

Responses

0 - OK

GET /lua/rest/v2/get/host/interfaces.lua

Get host interfaces

  • Description: All interface ids of a given host are returned

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

formData

Interface identifier

integer

host

formData

Host address

string

vlan

formData

VLAN ID

integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/get/host/l4/data.lua

Get the host information about transport protocols

  • Description: Given an host, return the transport protocols information (bytes sent, received, …) of an host

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

host

query

Host address

string

vlan

query

VLAN ID

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/host/l7/stats.lua

Get L7 statistics for a host

  • Description: nDPI statistics

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

host

query

Host address

string

vlan

query

VLAN ID

integer

breed

query

Show breed

boolean

ndpi_category

query

Show nDPI category

boolean

collapse_stats

query

Collapse the returned stats into ‘Other’ stats if bytes/flows are too low (< 3%)

boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/host/inactive_asset.lua

Return the data collected by ntopng relative to an inactive asset (local host)

  • Description: Given a serial key (concatenation of ifid, host ip and host vlan), returns all the data relative to the host requested if present

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

serial_key

query

Host identifier

integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/get/host/pool/members.lua

Get all host pool members

  • Description: Get all the members of a given host pool

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

pool

query

Host Pool ID

integer

member

query

IP/MAC/Network CIDR to add to the Host Pool ID

string

Responses

0 - OK

-16 - POOL_NOT_FOUND

GET /lua/rest/v2/get/host/pool/pools.lua

Get one or all host pools

  • Description: Get one or all host pools

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

pool

query

Host Pool ID

integer

Responses

0 - OK

-16 - POOL_NOT_FOUND

GET /lua/rest/v2/get/host/pool_by_member.lua

Get an host pool given a member

  • Description: Get an host pool given a member

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

member

query

IP/MAC/Network CIDR

string

pool_name_only

query

Return only the pool name (do not return pool details including members)

boolean

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/get/host/processes/listening_ports.lua

Get the host information about listening ports

  • Description: Given an host, return the information about listening ports (transport level protocol, package and process that’s currently running on that port)

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

host

query

Host address

string

vlan

query

VLAN ID

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/host/to_scan_list.lua

Retrieves vulnerability scan hosts list

  • Description: Get Hosts to Scan

  • Produces: [‘application/json’]

Responses

0 - OK

-6 - INTERNAL_ERROR

-8 - BAD_CONTENT

GET /lua/rest/v2/get/host/vulnerability_scan_type_list.lua

Retrieves vulnerability scan types list

  • Description: Get Scan Types List

  • Produces: [‘application/json’]

Responses

0 - OK

GET /lua/rest/v2/get/interface/address.lua

Get interface IP addresses

  • Description: List of interface IP addresses is returned

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/interface/alert/list.lua

Get interface alerts list

  • Description: Get interface alerts list

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

start

query

Starting record (e.g. start=100, it will start returning records from the 101st)

integer

length

query

Maximum number of records to get

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

subtype

query

Alert subtype

string

format

query

Format of the return data (json or txt)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/interface/alert/ts.lua

Get interface alerts timeseries

  • Description: Get interface alerts timeseries

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

subtype

query

Alert subtype

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/interface/arp.lua

Get interface ARP info

  • Description: Get interface ARP info

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

host

query

Host address

string

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/interface/bcast_domains.lua

Get interface broadcast domains

  • Description: Interface broadcast domains as detected from ARP traffic and broadcast traffic are returned

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/interface/data.lua

Get interface data

  • Description: Interface data is returned

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/interface/dscp/stats.lua

Get IP DSCP statistics for an interface

  • Description: DSCP statistics

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/interface/l7/stats.lua

Get L7 statistics for an interface

  • Description: nDPI statistics

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

ndpistats_mode

query

Stats mode: ‘sinceStartup’ or ‘count’

string

breed

query

Show breed

boolean

ndpi_category

query

Show nDPI category

boolean

all_values

query

Return all the values available

boolean

max_values

query

Get at most max_values, by default 5

int16

collapse_stats

query

Collapse the returned stats into ‘Other’ stats if bytes/flows are too low (< 3%)

boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/interface/nprobes/data.lua

Get interface nProbe data

  • Description: Get data for nProbe instances connected to an ntopng interface

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/l4/protocol/consts.lua

Get L4 protocol constants

  • Description: L4 protocol names and integer identifiers

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

GET /lua/rest/v2/get/l7/application/consts.lua

Get L7 application protocol constants

  • Description: L7 application protocol names and integer identifiers

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

GET /lua/rest/v2/get/l7/category/consts.lua

Get L7 application category constants

  • Description: L7 application category names and integer identifiers

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

GET /lua/rest/v2/get/mac/data.lua

Get Macs traffic information

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

mac

query

Mac Address to get information

string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/mac/alert/list.lua

Get MAC alerts list

  • Description: Get MAC alerts list

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

start

query

Starting record (e.g. start=100, it will start returning records from the 101st)

integer

length

query

Maximum number of records to get

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

format

query

Format of the return data (json or txt)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/mac/alert/ts.lua

Get MAC alerts timeseries

  • Description: Get MAC alerts timeseries

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/network/alert/list.lua

Get network alerts list

  • Description: Get network alerts list

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

start

query

Starting record (e.g. start=100, it will start returning records from the 101st)

integer

length

query

Maximum number of records to get

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

network_name

query

Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

format

query

Format of the return data (json or txt)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/network/alert/ts.lua

Get network alerts timeseries

  • Description: Get network alerts timeseries

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

network_name

query

Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/network/discovery/discover.lua

Get interface network discovery data

  • Description: Get data regarding the network discovery done by an ntopng interface

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

operating_system

query

Operating System identifier

integer

device_type

query

Device type identifier

integer

manufacturer

query

Manufacturer of the device

string

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/network/networks.lua

Return list of networks

  • Description: Return the list of all networks

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

GET /lua/rest/v2/get/ntopng/interfaces.lua

Get ntopng actively monitored interfaces names and ids

  • Description: Interface name and integer interface id for each actively monitored ntopng interface

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

GET /lua/rest/v2/get/ntopng/users.lua

Read all configured ntopng users

  • Description: Read all configured ntopng users

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/get/pcap/live_extraction.lua

Extract (live download) PCAP data from the traffic recorded with the continuous recording (n2disk)

  • Description: Raw PCAP data is returned

  • Produces: [‘application/vnd.tcpdump.pcap’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

bpf_filter

query

BPF filter

string

Responses

FILE - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/rest/v2/create/pcap/extraction/task.lua

Schedule PCAP data extraction from traffic recorded with the continuous recording (n2disk). A job ID is returned to check the extraction status (see /lua/rest/v2/get/pcap/extraction/tasks.lua)

  • Description: Job info is returned

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

bpf_filter

query

BPF filter

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/pcap/extraction/tasks.lua

Read PCAP extraction jobs (scheduled with /lua/rest/v2/create/pcap/extraction/task.lua) information

  • Description: All jobs status is returned

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/pcap/extraction/data.lua

Download PCAP data extracted by a scheduled extraction task (scheduled with /lua/rest/v2/create/pcap/extraction/task.lua)

  • Description: Raw PCAP data is returned

  • Produces: [‘application/vnd.tcpdump.pcap’]

Parameters

Name

Position

Description

Type

job_id

query

Job ID

integer

file_id

query

File ID (default 1)

integer

Responses

FILE - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/rest/v2/get/pcap/live_traffic.lua

Live traffic capture

  • Description: Raw PCAP data is returned

  • Produces: [‘application/vnd.tcpdump.pcap’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

bpf_filter

query

BPF filter

string

Responses

FILE - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/rest/v2/get/pools.lua

Get all pools of any type

  • Description: Get all pools defined for any available pool type

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

GET /lua/rest/v2/get/recipient/pools.lua

Get recipient pools

  • Description: Get all pools bound to a recipient

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

recipient_id

query

Recipient identifier

integer

Responses

0 - OK

GET /lua/rest/v2/get/system/alert/list.lua

Get system alerts list

  • Description: Get system alerts list

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

start

query

Starting record (e.g. start=100, it will start returning records from the 101st)

integer

length

query

Maximum number of records to get

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

format

query

Format of the return data (json or txt)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/system/alert/ts.lua

Get system alerts timeseries

  • Description: Get system alerts timeseries

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/system/configurations/download_backup.lua

Get system configuration automatic backup

  • Description: Get on of the automatic system configurations backups

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

epoch

query

The epoch of the backup

integer

download

query

Download the backup or just retrive info

boolean

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/configurations/list_availabled_backups.lua

Get system configurations automatic backups

  • Description: Get list of automatic system configurations backups

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/health/influxdb.lua

Get InfluxDB Stats

  • Description: Get all the available InfluxDB Statistics

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/health/interfaces.lua

Get interfaces stats

  • Description: Get statistics of every active interfaces

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/health/redis.lua

Get Redis Stats

  • Description: Get all the available Redis Statistics

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/health/stats.lua

Get system stats

  • Description: Get statistics of the system on top of which ntopng is running

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/status.lua

Get system status info

  • Description: Get license information and resources used data

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

GET /lua/rest/v2/get/timeseries/ts.lua

Get timeseries data

  • Description: Get timeseries data

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

limit

query

Maximum number of timeseries points

number

initial_point

query

A boolean used to return the first point of the timeseries or not

boolean

ts_compare

query

Choices available: ‘30m’, ‘1h’, ‘1d’. A string reporting the timeframe of the timeseries to be compared to (e.g. ‘30m’, means to return other then the timeserie requested, the 30 minutes before)

string

ts_query

query

Containing the parameters used to find the timeserie in the following format, parameter:value;parameter:value;… (e.g. ‘ifid:1;host:192.168.1.1’)

string

tskey

query

Containing the timeseries key, whom the timeseries is referred to (e.g. if the timeserie is regarding the interface ‘7’ or the host ‘192.168.1.1’, then tskey is going to be ‘7’ or ‘192.168.1.1’)

string

ts_schema

query

Contains the timeserie schema (e.g. ‘iface:traffic’)

string

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/timeseries/type/consts.lua

Get available timeseries

  • Description: Get all the available timeseries given a tag

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

query

query

Tag used to retrieve the timeseries; currently available: iface, host, mac, subnet, asn, country, os, vlan, host_pool, pod, container, ht, system, profile, redis, influxdb, am, snmp_interface, snmp_device, obs_point, sflowdev_port, flowdev, flowdev_port

string

host

query

Host IP@VLAN, REQUIRED in case of timeseries regarding Host, SNMP or Flow devices

string

asn

query

ASN identifier, REQUIRED in case of timeseries regarding Autonomous Systems

integer

pool

query

Host Pool identifier, REQUIRED in case of timeseries regarding Host Pools

integer

vlan

query

VLAN identifier, REQUIRED in case of timeseries regarding VLANs

integer

mac

query

MAC address, REQUIRED in case of timeseries regarding MACs

string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/user/alert/list.lua

Get user alerts list

  • Description: Get user alerts list

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

start

query

Starting record (e.g. start=100, it will start returning records from the 101st)

integer

length

query

Maximum number of records to get

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

format

query

Format of the return data (json or txt)

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/user/alert/ts.lua

Get user alerts timeseries

  • Description: Get user alerts timeseries

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

query

Interface identifier

integer

epoch_begin

query

Start time (epoch)

integer

epoch_end

query

End time (epoch)

integer

alert_id

query

Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)

integer

severity

query

Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

score

query

Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then

integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

POST /lua/rest/v2/import/active_monitoring/config.lua

Import the active monitoring configuration providing a JSON file

  • Description: Import the active monitoring configuration

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

POST /lua/rest/v2/import/all/config.lua

Import all configurations providing a JSON file

  • Description: Import all configurations including Pools, Active Monitoring, Notifications (Endpoints and Recipients), Checks, SNMP devices

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

POST /lua/rest/v2/import/checks/config.lua

Import Checks configuration

  • Description: Import Checks configuration

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

JSON

form

The Checks configuration in JSON

string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

POST /lua/rest/v2/import/infrastructure/config.lua

Import the Infrastructure configuration providing a JSON file

  • Description: Import the configuration for all infrastructure configurations

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

POST /lua/rest/v2/import/notifications/config.lua

Import the notifications configuration providing a JSON file

  • Description: Import the configuration for endpoints and recipients

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

POST /lua/rest/v2/import/pool/config.lua

Import the pools configuration providing a JSON file

  • Description: Import the configuration of all pools and dependencies (notifications, SNMP, active monitoring, checks

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

GET /lua/rest/v2/import/pool/host_pool/members.lua

Import host pool members

  • Description: Import host pool members

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

pool

form

Pool identifier

integer

host_pool_members

form

A newline-separated list of host pool members

string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/import/scripts/config.lua

Import the Checks configuration providing a JSON file

  • Description: Import the configuration for all checks

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

POST /lua/rest/v2/import/snmp/config.lua

Import the SNMP configuration providing a JSON file

  • Description: Import the configuration for the SNMP devices

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

GET /lua/rest/v2/reset/active_monitoring/config.lua

Reset Active Monitoring configuration

  • Description: Reset active monitoring configuration

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/reset/all/config.lua

Reset all configurations

  • Description: Reset all configurations

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/reset/checks/config.lua

Reset Checks configuration

  • Description: Reset checks configuration

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/reset/infrastructure/config.lua

Reset all infrastructure configurations

  • Description: Reset all infrastructure configurations

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/reset/notifications/config.lua

Reset Notifications configuration

  • Description: Reset notifications configuration

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/reset/snmp/config.lua

Reset SNMP configuration

  • Description: Reset SNMP configuration including all configured devices

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/set/checks/config.lua

Set Checks configuration

  • Description: Set Checks configuration

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

JSON

form

Check configuration in JSON

string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/set/host/alias.lua

Set host alias

  • Description: Set host custom name

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

host

formData

Host address

string

custom_name

formData

Custom name

string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/set/device/alias.lua

Set device alias

  • Description: Set device custom name

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

device

formData

Device MAC Address

string

custom_name

formData

Custom name

string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/set/network/alias.lua

Set network alias

  • Description: Set network custom name

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

network_cidr

formData

Network CIDR

string

custom_name

formData

Custom name

string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/set/interface/alias.lua

Set interface alias

  • Description: Set interface custom name

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

formData

Interface ID

string

custom_name

formData

Custom name

string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/set/host/notes.lua

Set host custom notes

  • Description: Given an host and a note, it is going to set that Note to the host

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

custom_notes

form

Custom Host Note

string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/trigger/host/alert.lua

Trigger an external alert on a host

  • Description: Trigger alert

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

ifid

formData

Interface identifier

integer

host

formData

Host address

string

vlan

formData

VLAN ID

integer

score

formData

Set the alert score

boolean

info

formData

Set the alert description

string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/version.lua

Get supported and current REST API versions

  • Description: Return all the supported REST API versions and the current REST API version used

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

0 - OK