1. RESTful API v2 Specification

1.1. Authentication

The HTTP/HTTPS authentication should be used, for example with curl it is possible to specify username and password with -u <user>:<password>

Using HTTPS is recommended for security. See this post to enable HTTPS.

1.2. Request Format

Parameters can be provided both using GET with a query string or POST using JSON (in this case please make sure the correct Content Type is provided). For example, to download data for a host you can use the below curl command line using GET:

curl -s -u admin:admin "http://192.168.1.1:3000/lua/rest/v2/get/host/data.lua?ifid=1&host=192.168.1.2"

or the below curl command line using POST:

curl -s -u admin:admin -H "Content-Type: application/json" -d '{"ifid": "1", "host": "192.168.1.2"}' "http://192.168.1.1:3000/lua/rest/v2/get/host/data.lua"

Please check the Examples section for more examples.

1.3. Response Format

An API response is usually represented by a JSON message matching a standard structure. This JSON message consists of an envelope containing:

  • a return code rc
  • a human-readable string rc_str describing the return code
  • the actual response in rsp

Example:

{
 "rc": 0
 "rc_str": "OK",
 "rsp": {
    ...
 }
}

1.4. API

1.4.1. Interfaces

GET /lua/rest/v2/delete/host/inactive_host.lua

Get ntopng actively monitored interfaces names and ids

  • Description: Interface name and integer interface id for each actively monitored ntopng interface
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
serial_key query Host identifier integer

Responses

0 - OK

1.4.2. Hosts

GET /lua/pro/rest/v2/get/geo_map/hosts.lua

Get hosts location

  • Description: Get hosts location and other info
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/pro/rest/v2/get/interface/top/local/talkers.lua

Get Top local talkers

  • Description: Get the Top 10 local talkers
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface ID number

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/pro/rest/v2/get/interface/top/remote/talkers.lua

Get Top remote talkers

  • Description: Get the Top 10 remote talkers
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface ID number

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/pro/rest/v2/get/interface/top_ts_stats.lua

Get Top Timeseries stats

  • Description: Get the Top timeseries stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query Start time (epoch) integer
ts_query query data used to get the timeseries; e.g. format: ‘ifid:1,protocol:DNS’ , where ‘ifid:1’ stands for interface ID 1 and ‘protocol:DNS’ stands for DNS protocol information integer
detail_view query Top information requested, currently available: top_protocols -> Top Application data, top_categories -> Top Categories data, top_senders -> Top Local Senders data, top_receivers -> Top Local Receivers data string

Responses

0 - OK

-2 - INVALID_INTERFACE

POST /lua/rest/v2/add/host/to_scan.lua

Add host to vulnerability scan hosts list

  • Description: Add Host to Scan
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
host formData Host address string
scan_type formData Vulnerability Scan Type string
scan_ports formData Comma separeted ports list string
scan_frequency formData Available only from Pro License. Automatic scanning, one option between: disabled, 1day (scan once per day), 1week (scan once a week) string
scan_id formData Scan ID string
cidr formData Network CIDR string

Responses

0 - OK

-6 - INTERNAL_ERROR

-8 - BAD_CONTENT

POST /lua/rest/v2/exec/host/schedule_vulnerability_scan.lua

Delete host from vulnerability scan hosts list

  • Description: Delete Host to Scan
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
host formData Host address string
scan_type formData Vulnerability Scan Type string
scan_ports formData Comma separeted ports list string
scan_single_host formData Boolean to a single or all hosts boolean

Responses

0 - OK

-6 - INTERNAL_ERROR

-8 - BAD_CONTENT

1.4.3. Alerts

GET /lua/pro/rest/v2/acknowledge/snmp/device/alerts.lua

Acknowledge SNMP device alerts

  • Description: Acknowledge SNMP device historical alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
label query Describe why the alert was ackowledge, it can be an empty string string
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
row_id query Alert identifier of the exact alert integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
snmp_interface query SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/add/alert/exclusion.lua

Add an alert exclusion

  • Description: Add an alert exclusion
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
type query Type of the host to exclude (currently available: ‘host’, ‘domain’, ‘certificate’) string
alert_addr query Host IP of the address to exclude (with type: ‘host’) string
alert_domain query Domain to exclude (with type ‘host’) string
alert_certificate query Certificate to exclude (with type ‘certificate’) string
subdir query Type of alert to exclude (currently available: ‘flow’ or ‘host’ string
flow_alert_key query Flow alert identifier string
host_alert_key query Host alert identifier string
delete_alerts query Return true to delete the excluded alerts, false otherwise boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/add/device/exclusion.lua

Add a device to exclude

  • Description: Add a device to exclude to the MAC tracking (see for more info: Device/MAC Address Tracking)
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
mac_list query List of MAC addresses to exclude separated by commas string
trigger_alerts query Trigger the Unexpected Device Connected/Disconnected alert if set to true, otherwise not boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/delete/alert/exclusion.lua

Delete an alert exclusion

  • Description: Delete an alert exclusion
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
type query Type of the host to exclude (currently available: ‘host’, ‘domain’, ‘certificate’) string
alert_addr query Host IP of the address to exclude (with type: ‘host’) string
alert_domain query Domain to exclude (with type ‘host’) string
alert_certificate query Certificate to exclude (with type ‘certificate’) string
subdir query Type of alert to exclude (currently available: ‘flow’ or ‘host’ string
flow_alert_key query Flow alert identifier string
host_alert_key query Host alert identifier string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/delete/all/alert/exclusions.lua

Delete all alert exclusions

  • Description: Delete all configured host or flow alert exclusions for a specific host
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
type query Either ‘host’ or ‘flow’ string
host query The IP address of the host string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/delete/device/exclusion.lua

Remove a device to exclude

  • Description: Remove a device to exclude to the MAC tracking (see for more info: Device/MAC Address Tracking)
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
device query MAC addresses to remove from the exclusions, or ‘all’ to delete all the MAC addresses excluded until now string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/delete/flow/alert/exclusions.lua

Delete flow alert exclusions

  • Description: Delete flow alert exclusions
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
alert_addr query The host IP address string
alert_key query The flow alert key to exclude from flow alerts integer

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/delete/host/alert/exclusions.lua

Delete host alert exclusions

  • Description: Delete host alert exclusions
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
alert_addr query The host IP address string
alert_key query The host alert key to exclude from host alerts integer

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/delete/snmp/device/alerts.lua

Delete SNMP device alerts

  • Description: Delete SNMP device alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
snmp_interface query SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/edit/device/exclusion.lua

Edit a device to exclude

  • Description: Edit a device to exclude to the MAC tracking (see for more info: Device/MAC Address Tracking)
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
mac query MAC address to edit string
mac_alias query Alias used to rename the MAC address string
mac_status query MAC address status string
trigger_alerts query Trigger the Unexpected Device Connected/Disconnected alert if set to true, otherwise not boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/alert/exclusion.lua

Get the alert exclusions

  • Description: Get all the available alert exclusions
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
type query Type of the host to exclude (currently available: ‘host’, ‘domain’, ‘certificate’) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/all/alert/top.lua

Get all alert stats

  • Description: Get all alert stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query Start time (epoch) integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/am_host/alert/top.lua

Get Active Monitoring alert stats

  • Description: Get Active Monitoring alert stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/device/exclusion.lua

List of excluded devices

  • Description: Return the list of the excluded devices (see for more info: Device/MAC Address Tracking)
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/domain/alert/exclusions.lua

Get domain alert exclusions

  • Description: Get domain alert exclusions
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/flow/alert/exclusions.lua

Get flow alert exclusions

  • Description: Get flow alert exclusions
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
host query The host IP address string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/flow/alert/top.lua

Get flow alert stats

  • Description: Get flow alert stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
ip_version query IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_ip query Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_ip query Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_name query Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
srv_name query Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
cli_port query Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_port query Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
vlan_id query VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
l7proto query Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_country query Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_country query Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
probe_ip query Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
input_snmp query Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
output_snmp query Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
snmp_interface query SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_host_pool_id query Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
srv_host_pool_id query Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
cli_network query Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_network query Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
l7_error_id query Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
traffic_direction query Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
format query Format of the return data (json or txt) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/flowdevice/stats.lua

Get flow device stats

  • Description: get flow device stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
ip query The IP address of the device string
ifIdx query The interface index integer

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/flowdevices/stats.lua

Get flow devices stats

  • Description: get flow devices stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/host/alert/exclusions.lua

Get host alert exclusions

  • Description: Get host alert exclusions
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
host query The host IP address string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/host/alert/top.lua

Get host alert stats

  • Description: Get host alert stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
vlan_id query VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
ip_version query IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
name query Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
host_pool_id query Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
network query Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/interface/alert/top.lua

Get interface alert stats

  • Description: Get interface alert stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
subtype query Alert subtype string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/mac/alert/top.lua

Get MAC alert stats

  • Description: Get MAC alert stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/network/alert/top.lua

Get network alert stats

  • Description: Get network alert stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
network_name query Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/observation_points/stats.lua

Get observation points alert stats

  • Description: Get observation points alert stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/sflowdevice/stats.lua

Get sFlow device stats

  • Description: get sFlow device stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
ip query The IP address of the device string
ifIdx query The interface index integer

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/sflowdevices/stats.lua

Get sFlow devices stats

  • Description: get sFlow devices stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/alert/list.lua

Get SNMP device alerts list

  • Description: Get SNMP device alerts list
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
start query Starting record (e.g. start=100, it will start returning records from the 101st) integer
length query Maximum number of records to get integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
snmp_interface query SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
format query Format of the return data (json or txt) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/alert/top.lua

Get SNMP device alert stats

  • Description: Get SNMP device alert stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
snmp_interface query SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/alert/ts.lua

Get SNMP device alerts timeseries

  • Description: Get SNMP device alerts timeseries
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
snmp_interface query SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/system/alert/top.lua

Get system alert stats

  • Description: Get system alert stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/user/alert/top.lua

Get user alert stats

  • Description: Get user alert stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/am_host/alerts.lua

Acknowledge Active Monitoring alerts

  • Description: Acknowledge Active Monitoring historical alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
label query Describe why the alert was ackowledge, it can be an empty string string
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
row_id query Alert identifier of the exact alert integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/flow/alerts.lua

Acknowledge flow alerts

  • Description: Acknowledge flow historical alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
label query Describe why the alert was ackowledge, it can be an empty string string
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
row_id query Alert identifier of the exact alert integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
ip_version query IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_ip query Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_ip query Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_name query Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
srv_name query Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
cli_port query Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_port query Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
vlan_id query VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
l7proto query Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_country query Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_country query Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
probe_ip query Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
input_snmp query Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
output_snmp query Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
snmp_interface query SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_host_pool_id query Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
srv_host_pool_id query Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
cli_network query Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_network query Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
l7_error_id query Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
traffic_direction query Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/host/alerts.lua

Acknowledge host alerts

  • Description: Acknowledge host historical alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
label query Describe why the alert was ackowledge, it can be an empty string string
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
row_id query Alert identifier of the exact alert integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
vlan_id query VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
ip_version query IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
name query Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
host_pool_id query Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
network query Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/interface/alerts.lua

Acknowledge interface alerts

  • Description: Acknowledge interface historical alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
label query Describe why the alert was ackowledge, it can be an empty string string
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
row_id query Alert identifier of the exact alert integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
subtype query Alert subtype string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/mac/alerts.lua

Acknowledge MAC alerts

  • Description: Acknowledge MAC historical alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
label query Describe why the alert was ackowledge, it can be an empty string string
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
row_id query Alert identifier of the exact alert integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/network/alerts.lua

Acknowledge network alerts

  • Description: Acknowledge network historical alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
label query Describe why the alert was ackowledge, it can be an empty string string
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
row_id query Alert identifier of the exact alert integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
network_name query Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/system/alerts.lua

Acknowledge system alerts

  • Description: Acknowledge system historical alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
label query Describe why the alert was ackowledge, it can be an empty string string
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
row_id query Alert identifier of the exact alert integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/user/alerts.lua

Acknowledge user alerts

  • Description: Acknowledge user historical alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
label query Describe why the alert was ackowledge, it can be an empty string string
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
row_id query Alert identifier of the exact alert integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/all/alerts.lua

Delete all alerts

  • Description: Delete all historical alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/am_host/alerts.lua

Delete active monitoring hosts alerts

  • Description: Delete active monitoring hosts historical alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/flow/alerts.lua

Delete flow alerts

  • Description: Delete flow historical alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
ip_version query IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_ip query Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_ip query Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_name query Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
srv_name query Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
cli_port query Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_port query Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
vlan_id query VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
l7proto query Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_country query Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_country query Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
probe_ip query Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
input_snmp query Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
output_snmp query Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
snmp_interface query SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_host_pool_id query Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
srv_host_pool_id query Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
cli_network query Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_network query Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
l7_error_id query Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
traffic_direction query Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/host/alerts.lua

Delete host alerts

  • Description: Delete historical host alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
vlan_id query VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
ip_version query IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
name query Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
host_pool_id query Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
network query Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/host/new_devices.lua

Delete all new devices

  • Description: Delete all new devices learned by ntopng
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

GET /lua/rest/v2/delete/interface/alerts.lua

Delete interface alerts

  • Description: Delete historical interface alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
subtype query Alert subtype string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/mac/alerts.lua

Delete MAC alerts

  • Description: Delete MAC historical alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/network/alerts.lua

Delete network alerts

  • Description: Delete historical network alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
network_name query Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/system/alerts.lua

Delete system alerts

  • Description: Delete system historical alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/user/alerts.lua

Delete user alerts

  • Description: Delete user historical alerts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

1.4.4. Flows

GET /lua/pro/rest/v2/get/db/columns_info.lua

Get Clickhouse available columns

  • Description: Executes a query to the flows database and return all the available columns the DB has
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/db/flows.lua

Get flows data. Columns include (but are not limited to) IP_PROTOCOL_VERSION, FLOW_TIME, FIRST_SEEN, LAST_SEEN, VLAN_ID, PACKETS, TOTAL_BYTES, SRC2DST_BYTES, DST2SRC_BYTES, IPV4_SRC_ADDR, IPV4_DST_ADDR, IPV6_SRC_ADDR, IPV6_DST_ADDR, PROTOCOL, L7_PROTO.

  • Description: Executes a query to the flows database
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
begin_time_clause query Start time (epoch) integer
end_time_clause query Start time (epoch) integer
select_clause query Select clause (default: *) string
where_clause query Where clause (default: none). IP values should be double-quoted and between parenthesis (e.g. IPV4_SRC_ADDR = (“192.168.1.1”)). string
maxhits_clause query Max hits (default: 10) integer
order_by_clause query Order by clause (default: no order) string
group_by_clause query Group by clause (default: no group) string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/db/topk_flows.lua

Get Top-K flows data. Columns include (but are not limited to) IP_PROTOCOL_VERSION, FLOW_TIME, FIRST_SEEN, LAST_SEEN, VLAN_ID, PACKETS, TOTAL_BYTES, SRC2DST_BYTES, DST2SRC_BYTES, IPV4_SRC_ADDR, IPV4_DST_ADDR, IPV6_SRC_ADDR, IPV6_DST_ADDR, PROTOCOL, L7_PROTO

  • Description: Executes a top-k query to the flows database
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
begin_time_clause query Start time (epoch) integer
end_time_clause query End time (epoch) integer
select_keys_clause query Select comma-separated keys list (default: IPV4_SRC_ADDR,IPV4_DST_ADDR,L7_PROTO) string
select_values_clause query Select value (default: BYTES) string
where_clause query Where clause (default: none) string
topk_clause query Top-K clause (default: SUM) string
approx_search query Approximate search (default: true) string
maxhits_clause query Max hits (default: 10) integer

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

1.4.5. PCAP

GET /lua/pro/rest/v2/get/db/filter/bpf.lua

BPF filter generation

  • Description: Convert tags used to extract data from the database into the equivalent BPF filter, suitable for traffic extraction
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
l7proto query Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
l7proto_master query Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
l7cat query Application category identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
flow_risk query Flow risk identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
l4proto query Transport protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip_version query IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_ip query Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_ip query Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
traffic_direction query Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
name query Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
cli_name query Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
srv_name query Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
network_name query Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
src2dst_dscp query Client to Server DSCP identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_port query Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_port query Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
country query Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_country query Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_country query Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_asn query Client ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_asn query Server ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_nw_latency query Client network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
srv_nw_latency query Server network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
observation_point_id query Observation point identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
probe_ip query Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
vlan_id query VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
snmp_interface query SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
input_snmp query Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
output_snmp query Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
src2dst_tcp_flags query Client to Server TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
dst2src_tcp_flags query Server to Client TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
mac query MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_mac query Client MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_mac query Server MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
network query Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_network query Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_network query Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
info query Info field (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
bytes query Total Bytes (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
packets query Total Packets (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
host_pool_id query Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
cli_host_pool_id query Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
srv_host_pool_id query Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
l7_error_id query Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_proc_name query Client process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_proc_name query Server process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_user_name query Client user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_user_name query Server user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

FILE - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

1.4.6. Users

POST /lua/rest/v2/add/ntopng/user.lua

Add ntopng user

  • Description: Add a ntopng user
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
username formData Username string
full_name formData Full name string
password formData Password string
confirm_password formData Confirmed password string
user_role formData User role (unprivileged / administrator) string
allowed_networks formData Allowed networks (e.g. 0.0.0.0/0,::/0) string
allowed_interface formData Allowed interfaces (empty for all) string
user_language formData Language (en, it, de, jp, pt, cz) string
allow_pcap_download formData Allow PCAPs download (1 to allow) string
allow_historical_flows formData Allow Historical Flows page (1 to allow, 0 to deny) string
allow_alerts formData Allow Alerts page (1 to allow, 0 to deny) string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-19 - PASSWORD_MISMATCH

-20 - ADD_USER_FAILED

-23 - USER_ALREADY_EXISTING

POST /lua/rest/v2/create/ntopng/session.lua

Create a new ntopng user session Cookie

  • Description: Generate a new user session to be used as session Cookie
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
username formData Username string
auth_session_duration formData Session duration (seconds). Default: 0 (no expiration). integer

Responses

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/delete/ntopng/user.lua

Delete ntopng user

  • Description: Delete a ntopng user
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
username formData Username string

Responses

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-21 - DELETE_USER_FAILED

POST /lua/rest/v2/edit/ntopng/user.lua

Edit a ntopng user

  • Description: Edit an existing ntopng user
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
username formData Username string
full_name formData Full name string
password formData Password string
confirm_password formData Confirmed password string
user_role formData User role (unprivileged / administrator) string
allowed_networks formData Allowed networks (e.g. 0.0.0.0/0,::/0) string
allowed_interface formData Allowed interfaces (empty for all) string
user_language formData Language (en, it, de, jp, pt, cz) string
allow_pcap_download formData Allow PCAPs download (1 to allow) string
allow_historical_flows formData Allow Historical Flows page (1 to allow, 0 to deny) string
allow_alerts formData Allow Alerts page (1 to allow, 0 to deny) string

Responses

-5 - INVALID_ARGUMENTS

-21 - DELETE_USER_FAILED

-23 - USER_DOES_NOT_EXIST

-24 - EDIT_USER_FAILED

1.4.7. Infrastructures

POST /lua/pro/rest/v2/add/infrastructure/instance.lua

Add a new infrastructure configuration

  • Description: Add a new infrastructure configuration
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
url The URL of the ntopng in the infrastructure string
alias An alias for the infrastructure string
token The REST API Token for the authentication string
rtt_threshold RTT threshold used by the active monitoring int32
bandwidth_threshold Bandwidth threshold used by the active monitoring int32

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-34 - INFRASTRUCTURE_INSTANCE_EMPTY_ALIAS

-35 - INFRASTRUCTURE_INSTANCE_EMPTY_URL

-36 - INFRASTRUCTURE_INSTANCE_EMPTY_TOKEN

-37 - INFRASTRUCTURE_INSTANCE_EMPTY_RTT_THRESHOLD

-39 - INFRASTRUCTURE_INSTANCE_SAME_ALIAS

-40 - INFRASTRUCTURE_INSTANCE_SAME_URL

-41 - INFRASTRUCTURE_INSTANCE_SAME_TOKEN

-42 - INFRASTRUCTURE_INSTANCE_ALREADY_EXISTING

-47 - INFRASTRUCTURE_INSTANCE_EMPTY_BANDWIDTH_THRESHOLD

POST /lua/pro/rest/v2/delete/infrastructure/instance.lua

Delete an existing infrastructure configuration

  • Description: Delete an existing infrastructure configuration
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
instance_id The ID of the infrastructure to delete string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-32 - INFRASTRUCTURE_INSTANCE_NOT_FOUND

-33 - INFRASTRUCTURE_INSTANCE_EMPTY_ID

POST /lua/pro/rest/v2/edit/infrastructure/instance.lua

Edit an existing infrastructure configuration

  • Description: Edit an existing infrastructure configuration
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
instance_id The ID of the infrastructure configuration to edit string
url The URL of the ntopng in the infrastructure string
alias An alias for the infrastructure string
token The REST API Token for the authentication string
rtt_threshold RTT threshold used by the active monitoring int32
bandwidth_threshold Bandwidth threshold used by the active monitoring int32

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-32 - INFRASTRUCTURE_INSTANCE_NOT_FOUND

-33 - INFRASTRUCTURE_INSTANCE_EMPTY_ID

-34 - INFRASTRUCTURE_INSTANCE_EMPTY_ALIAS

-35 - INFRASTRUCTURE_INSTANCE_EMPTY_URL

-36 - INFRASTRUCTURE_INSTANCE_EMPTY_TOKEN

-37 - INFRASTRUCTURE_INSTANCE_EMPTY_RTT_THRESHOLD

-39 - INFRASTRUCTURE_INSTANCE_SAME_ALIAS

-40 - INFRASTRUCTURE_INSTANCE_SAME_URL

-41 - INFRASTRUCTURE_INSTANCE_SAME_TOKEN

-47 - INFRASTRUCTURE_INSTANCE_EMPTY_BANDWIDTH_THRESHOLD

GET /lua/pro/rest/v2/get/infrastructure/instance.lua

Get one or all infrastructure configs

  • Description: Get one or all infrastructure configs
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
Add statistics collected by the active monitoring module

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-32 - INFRASTRUCTURE_INSTANCE_NOT_FOUND

GET /lua/rest/v2/export/infrastructure/config.lua

Export the Infrastructure configurations as a JSON file

  • Description: Export the configuration for the infrastructure configurations
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
download query Download as file (no REST envelope) boolean

Responses

0 - OK

-3 - NOT_GRANTED

1.4.8. Health

GET /lua/pro/rest/v2/get/system/health/clickhouse.lua

Get Clickhouse Stats

  • Description: Get all the available Clickhouse Statistics
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-6 - INTERNAL_ERROR

1.4.9. Configurations

1.4.10. Vulnerability Scan

GET /lua/pro/rest/v2/delete/vs/report.lua

Delete a vulnerability scan report

  • Description: Delete a vulnerability scan report
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
epoch_end query Epoch of vulnerability scan report to delete integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/edit/vs/report.lua

Edit a Vulnerability Scan report

  • Description: Edit an existing Vulnerability Scan report
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
epoch_end query Epoch of vulnerability scan report to edit integer
report_title query The new report name string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/vs/report_list.lua

Get all vulnerability scan reports

  • Description: Get VS reports
  • Produces: [‘application/json’]

Responses

0 - OK

GET /lua/rest/v2/edit/host/update_va_scan_period.lua

Update Vulnerability Scan

  • Description: Update Vulnerability Scan Frequency
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
scan_frequency query Auto scan frequency, can be: disabled, 1day, 1week string

Responses

0 - OK

-3 - NOT_GRANTED

1.4.11. Host

GET /lua/pro/rest/v2/add/interface/host_rules/add_host_rule.lua

Add Host Rule

  • Description: Add an host rule to an interface, used to run periodic check on traffic and similar, on the timeseries
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
host query Host to apply the check, IP address of the host or * to check for all the hosts string
frequency query Frequency of the check to run, every minute, every 5 minutes, every hour or daily (‘min’, ‘5min’, ‘hour’, ‘day’) string
metric query Timeseries schema of the metric to analyze string
threshold query Threshold that if exceeded, it’s going to trigger an alert string
metric_type query metric used to analyze the data, Throughput or Volume? (currently available: ‘throughput’, ‘volume’) string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/pro/rest/v2/delete/interface/host_rules/add_host_rule.lua

Remove an Host Rule

  • Description: Remove an host rule from an interface, used to run periodic check on traffic and similar, on the timeseries
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
rule_id query Identifier of the rule to delete string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/host/flows/data.lua

Get host flows data

  • Description: Given an host return the information used to create the sankey chart with all the flows information regarding that hosts (protocols, traffic, ecc.)
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
host formData Host address string
hosts_type query Currently available: local_only -> return only flows between local hosts, remote_only -> return only flows between remote hosts, local_origin_remote_target -> return only flows between local clients and remote servers, remote_origin_local_target -> return only flows between local servers and remote clients, all_hosts -> return all flows string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/interface/host_rules/host_rules_data.lua

Get Host Rule

  • Description: Get an host rule to an interface, used to run periodic check on traffic and similar, on the timeseries
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/pro/rest/v2/get/interface/host_rules/host_rules_metric.lua

Get Host Rule available metrics

  • Description: Get an host rule available metrics, used to run periodic check on traffic and similar, on the timeseries
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

1.4.12. SNMP

GET /lua/pro/rest/v2/add/snmp/device.lua

Add SNMP devices

  • Description: Add devices to the monitored SNMP devices
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
snmp_host query IP address or symbolic name of and an SNMP device string
snmp_read_community query The SNMP read community to use (SNMP v1/v2c only) string
snmp_write_community query The SNMP write community to use (SNMP v1/v2c only) string
snmp_version query The SNMP version to use: 2 (SNMP v3), 1 (v2c) or 0 (v1) string
snmp_level query Used only with SNMP v3: noAuthNoPriv, authNoPriv, or authPriv) string
snmp_auth_protocol query Used only with SNMP v3 and level not set to noAuthNoPriv: MD5 or SHA string
snmp_auth_passphrase query Used only with SNMP v3 and level not set to noAuthNoPriv: 8 chars+ passphrase string
snmp_privacy_protocol query Used only with SNMP v3 and level set to autPriv: DES or AES string
snmp_privacy_passphrase query Used only with SNMP v3 and level set to autPriv: 8 chars+ passphrase string
cidr query Either 24 or 32. If 32, snmp_host is treated as single host. If 24 snmp_host is treated as as CIDR address string

Responses

-3 - NOT_GRANTED

-4 - INVALID_HOST

-5 - INVALID_ARGUMENTS

-9 - NAME_RESOLUTION_FAILED

-10 - SNMP_DEVICE_ALREADY_ADDED

-11 - SNMP_DEVICE_UNREACHABLE

-12 - NO_SNMP_DEVICE_DISCOVERED

GET /lua/pro/rest/v2/change/snmp/device/interface/status.lua

Change SNMP device interface status

  • Description: Change the status of an SNMP device in terface to up or down
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
host query IP address of an SNMP device string
snmp_admin_status query The new admin status, either ‘up’ or ‘down’ string
snmp_port_idx query The index of the SNMP device interface string

Responses

0 - OK

-3 - NOT_GRANTED

-4 - INVALID_HOST

-5 - INVALID_ARGUMENTS

-26 - SNMP_DEVICE_INTERFACE_STATUS_CHANGE_FAILED

GET /lua/pro/rest/v2/delete/snmp/device.lua

Delete an SNMP device

  • Description: Delete an SNMP device from the monitored SNMP devices
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
host query IP address of an SNMP device string

Responses

0 - SNMP_DEVICE_DELETED_SUCCESSFULLY

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/edit/snmp/device/device.lua

Edit a SNMP device

  • Description: Edit an existing monitored SNMP device
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
snmp_host query IP address or symbolic name of and an SNMP device string
snmp_read_community query The SNMP read community to use (SNMP v1/v2c only) string
snmp_write_community query The SNMP write community to use (SNMP v1/v2c only) string
snmp_version query The SNMP version to use: 2 (SNMP v3), 1 (v2c) or 0 (v1) string
snmp_level query Used only with SNMP v3: noAuthNoPriv, authNoPriv, or authPriv) string
snmp_auth_protocol query Used only with SNMP v3 and level not set to noAuthNoPriv: MD5 or SHA string
snmp_auth_passphrase query Used only with SNMP v3 and level not set to noAuthNoPriv: 8 chars+ passphrase string
snmp_privacy_protocol query Used only with SNMP v3 and level set to autPriv: DES or AES string
snmp_privacy_passphrase query Used only with SNMP v3 and level set to autPriv: 8 chars+ passphrase string

Responses

-3 - NOT_GRANTED

-4 - INVALID_HOST

-5 - INVALID_ARGUMENTS

-9 - NAME_RESOLUTION_FAILED

-10 - SNMP_DEVICE_ALREADY_ADDED

-11 - SNMP_DEVICE_UNREACHABLE

-12 - NO_SNMP_DEVICE_DISCOVERED

-22 - SNMP_UNKNOWN_DEVICE

GET /lua/pro/rest/v2/get/snmp/device/bridge.lua

Get bridge MIB information

  • Description: Get bridge MIB information for a single or all SNMP devices
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
host query The IP address of the SNMP device (optional, all devices are returned if empty) string

Responses

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/interfaces.lua

Get interfaces information

  • Description: Get interfaces information for a single or all SNMP devices
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
host query The IP address of the SNMP device (optional, all devices are returned if empty) string

Responses

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/lldp.lua

Get LLDP adjacency information

  • Description: Get LLDP adjacencies for a single or all SNMP devices
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
host query The IP address of the SNMP device (optional, all devices are returned if empty) string

Responses

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/list.lua

Get all SNMP devices

  • Description: Retrieve all configured SNMP devices.
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/system.lua

Get system information

  • Description: Get system information for a single or all SNMP devices
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
host query The IP address of the SNMP device (optional, all devices are returned if empty) string

Responses

-3 - NOT_GRANTED

1.4.13. All

POST /lua/pro/rest/v2/check/infrastructure/config.lua

Test an infrastructure configuration

  • Description: Uses an url and token to connect to the REST API of an ntopng in the infrastructure
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
url query The URL of the ntopng in the infrastructure string
token query The REST API Token for the authentication string

Responses

0 - OK

-42 - INFRASTRUCTURE_INSTANCE_ALREADY_EXISTING

-43 - INFRASTRUCTURE_INSTANCE_CHECK_FAILED

-44 - INFRASTRUCTURE_INSTANCE_CHECK_NOT_FOUND

-45 - INFRASTRUCTURE_INSTANCE_CHECK_INVALID_RESPONSE

-46 - INFRASTRUCTURE_INSTANCE_CHECK_AUTH_FAILED

GET /lua/rest/v2/export/all/config.lua

Export all configurations as a JSON file

  • Description: Export all configurations including Pools, Active Monitoring, Notifications (Endpoints and Recipients), Checks, SNMP devices
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
download query Download as file (no REST envelope) boolean

Responses

0 - OK

-3 - NOT_GRANTED

1.4.14. Observation Point

GET /lua/pro/rest/v2/delete/observation_point/stats.lua

Remove an Observation Point stats

  • Description: Remove Observation Point stats stored until now. If the Observation Point is no more seen on the network, even the entry is going to be deleted
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
observation_point query Identifier of the rule to delete integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/delete/observation_points/stats.lua

Delete an Observation Point

  • Description: Given an Observation Point ID, it is going to delete it and all the information related to it
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
observation_point_id query Observation Point ID integer
ifid query Interface identifier integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/observation_points/alias.lua

Get the alias of an Observation Point

  • Description: The alias of an Observation Point is returned
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
observation_point_id query Observation Point ID integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

POST /lua/pro/rest/v2/set/observation_points/alias.lua

Set the alias of an Observation Point

  • Description: Set the alias of an Observation Point is returned
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
alias formData New Observation Point Alias string
observation_point_id formData Observation Point ID integer

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

1.4.15. Pools

GET /lua/pro/rest/v2/export/pool/policy.lua

Export pool policies

  • Description: Export pool policies
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/set/pool/policy.lua

Set pool policy

  • Description: Set pool policy
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/pro/rest/v2/set/pool/policy_autoconf.lua

Set a pool policy from autoconfiguration

  • Description: Set a pool policy from autoconfiguration
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

POST /lua/rest/v2/add/host/pool.lua

Add an host pool

  • Description: Add an host pool with members and configuration
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
pool_name formData Host Pool Name string
pool_members formData List of IPs separated by commas string
confset_id formData Configuration ID integer

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-13 - ADD_POOL_FAILED

GET /lua/rest/v2/bind/host/pool/member.lua

Bind a member to an host pool

  • Description: Bind a member to an host pool
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
pool query Host Pool ID integer
member query IP/MAC/Network CIDR to add to the Host Pool ID string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-17 - BIND_POOL_MEMBER_FAILED

POST /lua/rest/v2/delete/host/pool.lua

Delete an host pool

  • Description: Delete an host pool
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
pool query Host Pool ID, required to delete the given pool number

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-16 - POOL_NOT_FOUND

POST /lua/rest/v2/delete/pools.lua

Delete all pools for any available pool type

  • Description: Delete all pools for any available pool type
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

POST /lua/rest/v2/edit/host/pool.lua

Edit an host pool

  • Description: Edit an host pool with members and configuration
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
pool formData Pool ID integer
pool_name formData Pool Name string
pool_members formData Comma separated list of IPs/MACs/Networks cidr string
confset_id formData Configuration ID integer

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-14 - EDIT_POOL_FAILED

POST /lua/rest/v2/edit/host_pool/pool.lua

Edit an host pool pool

  • Description: Edit an host pool pool (only recipients edit is allowed)
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-14 - EDIT_POOL_FAILED

GET /lua/rest/v2/export/pool/config.lua

Export the pools configuration as a JSON file

  • Description: Export the configuration of all pools and dependencies (notifications, SNMP, active monitoring, checks
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
download query Download as file (no REST envelope) boolean

Responses

0 - OK

-3 - NOT_GRANTED

1.4.16. Traffic

GET /lua/pro/rest/v2/get/db/historical_db_search.lua

Get historical flows info

  • Description: Get historical flows info
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
start query Starting record (e.g. start=100, it will start returning records from the 101st) integer
length query Maximum number of records to get integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
l7proto query Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
l7proto_master query Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
l7cat query Application category identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
flow_risk query Flow risk identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
l4proto query Transport protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip_version query IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_ip query Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_ip query Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
traffic_direction query Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
name query Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
cli_name query Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
srv_name query Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
network_name query Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
src2dst_dscp query Client to Server DSCP identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_port query Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_port query Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
country query Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_country query Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_country query Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_asn query Client ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_asn query Server ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_nw_latency query Client network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
srv_nw_latency query Server network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
observation_point_id query Observation point identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
probe_ip query Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
vlan_id query VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
snmp_interface query SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
input_snmp query Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
output_snmp query Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
src2dst_tcp_flags query Client to Server TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
dst2src_tcp_flags query Server to Client TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
mac query MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_mac query Client MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_mac query Server MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
network query Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_network query Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_network query Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
info query Info field (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
bytes query Total Bytes (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
packets query Total Packets (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
host_pool_id query Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
cli_host_pool_id query Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
srv_host_pool_id query Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
l7_error_id query Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_proc_name query Client process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_proc_name query Server process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_user_name query Client user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_user_name query Server user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/connect/test.lua

Test ntopng

  • Description: Test ntopng reachability and authentication
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

1.4.17. Timeseries

GET /lua/pro/rest/v2/get/db/ts.lua

Return the number of flows in a period of time

  • Description: Return the timeseries of number of flows in a period of time
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
l7proto query Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
l7proto_master query Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
l7cat query Application category identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
flow_risk query Flow risk identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
l4proto query Transport protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip_version query IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_ip query Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_ip query Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
traffic_direction query Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
name query Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
cli_name query Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
srv_name query Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
network_name query Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
src2dst_dscp query Client to Server DSCP identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_port query Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_port query Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
country query Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_country query Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_country query Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_asn query Client ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_asn query Server ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_nw_latency query Client network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
srv_nw_latency query Server network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
observation_point_id query Observation point identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
probe_ip query Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
vlan_id query VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
snmp_interface query SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
input_snmp query Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
output_snmp query Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
src2dst_tcp_flags query Client to Server TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
dst2src_tcp_flags query Server to Client TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
mac query MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_mac query Client MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_mac query Server MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
network query Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_network query Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_network query Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
info query Info field (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
bytes query Total Bytes (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
packets query Total Packets (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
host_pool_id query Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
cli_host_pool_id query Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
srv_host_pool_id query Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
l7_error_id query Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_proc_name query Client process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_proc_name query Server process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_user_name query Client user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_user_name query Server user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

FILE - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

POST /lua/pro/rest/v2/get/timeseries/ts_multi.lua

Return timeseries

  • Description: Return the requested timeseries in the requested timeframe
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
limit query Maximum number of timeseries points number
ts_compare query Choices available: ‘30m’, ‘1h’, ‘1d’. A string reporting the timeframe of the timeseries to be compared to (e.g. ‘30m’, means to return other then the timeserie requested, the 30 minutes before) string
ts_requests query An array of timeseries to be returned, containing ts_query, ts_schema and tskey (e.g. [{ts_query: ‘ifid:1,asn:199524’, ts_schema: ‘asn:traffic’, tskey: ‘199524’}]; the explaination of these three parameters can be found into ‘/lua/rest/v2/get/timeseries/ts.lua’ REST) array

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

1.4.18. Peers

GET /lua/pro/rest/v2/get/host/no_tx_peers.lua

Get RX-only host peers

  • Description: Get list of host with RX-only traffic (i.e. no TX traffic sent)
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

1.4.19. Top

GET /lua/pro/rest/v2/get/host/top/local/sites.lua

Get host top local sites

  • Description: Get host top local sites
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
host query The IP address of the host string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/interface/top/l7_stats.lua

Get interface top Layer-7 stats

  • Description: Get interface top Layer-7 stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/pro/rest/v2/get/interface/top/realtime_traffic.lua

Get interface top traffic stats

  • Description: Get interface top traffic stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/pro/rest/v2/get/interface/top/score.lua

Get interface top score stats

  • Description: Get interface top score stats
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

1.4.20. System

GET /lua/pro/rest/v2/get/infrastructure/data.lua

Get infrastructure data

  • Description: Get infrastructure data
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/system/data.lua

Get system data

  • Description: Get system data
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

1.4.21. Sites

GET /lua/pro/rest/v2/get/interface/top/sites.lua

Get interface top sites

  • Description: Get the top sites for an interface
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

1.4.22. Maps

GET /lua/pro/rest/v2/get/maps/periodicity_map.lua

Get the periodicity map of an interface

  • Description: Get the periodicity map of an interface
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/maps/service_map.lua

Get the service map of an interface

  • Description: Get the service map of an interface
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

1.4.23. User

POST /lua/rest/v2/create/ntopng/api_token.lua

Create an API token

  • Description: Create an API token
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
username formData An existing ntopng username string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

1.4.24. Checks

GET /lua/rest/v2/delete/application/application.lua

Remove a custom protocol

  • Description: If run ntopng using -p option, delete a custom protocol if it exists
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
protocol_alias form Application Name string

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/disable/check.lua

Disables a check

  • Description: Disables a check
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
check_subdir form The check subdir string
script_key form The key of the script string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/edit/application/application.lua

Edit a custom protocol

  • Description: If run ntopng using -p option, edit a custom protocol if it exists
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
protocol_alias form Application Name string
category form Category ID integer
l7_proto_id form Application ID integer
custom_rules form List of custom rules separated by commas string

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/enable/check.lua

Enables a check

  • Description: Enables a check
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
check_subdir form The check subdir string
script_key form The key of the script string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/export/checks/config.lua

Export Checks configuration

  • Description: Export Checks configuration
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

1.4.25. Notification Endpoints

POST /lua/rest/v2/delete/endpoints.lua

Delete all defined notification endpoints and reset them to factory-defaults

  • Description: Delete all defined notification endpoints and reset them to factory-defaults
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

1.4.26. Notification Recipients

POST /lua/rest/v2/delete/recipients.lua

Delete all defined recipients and reset them to factory-defaults

  • Description: Delete all defined recipients and reset them to factory-defaults
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

1.4.27. L7 Application Categories

GET /lua/rest/v2/edit/category/category.lua

Change the custom hosts for a specific category

  • Description: Given a category, an alias for the category and a list of hosts, networks or domain names, separated by comma, it is going to change the alias of the category and aggregate the traffic done by those hosts into the category
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
category query Category, formatted as cat_{id}, where ID is the ID of the category string
custom_hosts query List of Hosts, Networks, Domain Names, separated by comma string
alias query Alias of the Category string

Responses

0 - OK

1.4.28. Configuration

POST /lua/rest/v2/edit/ntopng/incr_flows.lua

Double the maximum number of flows managed by ntopng

  • Description: Double the maximum number of flows managed by ntopng
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

-7 - BAD_FORMAT

POST /lua/rest/v2/edit/ntopng/incr_hosts.lua

Double the maximum number of hosts managed by ntopng

  • Description: Double the maximum number of hosts managed by ntopng
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

-7 - BAD_FORMAT

1.4.29. Active Monitoring

GET /lua/rest/v2/export/active_monitoring/config.lua

Export the active monitoring configuration as a JSON file

  • Description: Export the active monitoring configuration
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
download query Download as file (no REST envelope) boolean

Responses

0 - OK

-3 - NOT_GRANTED

1.4.30. Notifications

GET /lua/rest/v2/export/notifications/config.lua

Export the notifications configuration as a JSON file

  • Description: Export the configuration for endpoints and recipients
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
download query Download as file (no REST envelope) boolean

Responses

0 - OK

-3 - NOT_GRANTED

1.4.31.

GET /lua/rest/v2/export/scripts/config.lua

Export the Checks configuration as a JSON file

  • Description: Export the configuration for all checks
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
download query Download as file (no REST envelope) boolean

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/export/snmp/config.lua

Export the SNMP configuration as a JSON file

  • Description: Export the configuration for the SNMP devices
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
download query Download as file (no REST envelope) boolean

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/get/alert/filter/consts.lua

Get available alert filters

  • Description: Given a specific alert type (flow, host, …) return the available filters
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
page query Alert Page (interface, flow, host, network, snmp_device, mac, user, am_host, system) string

Responses

0 - OK

GET /lua/rest/v2/get/alert/list/alerts.lua

List stored interface alerts

  • Description: List alerts stored in the ntopng alert database
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
alert_family query Alert family. Possible values: active_monitoring, flow, host, interface, mac , network , snmp , system , user string
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
select_clause query Select clause (default: *) string
where_clause query Where clause (default: none). IP values should be double-quoted and between parenthesis (e.g. IPV4_SRC_ADDR = (“192.168.1.1”)). string
maxhits_clause query Max hits (default: 10) integer
order_by query Order by clause (default: no order) string
group_by query Group by clause (default: no group) string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/alert/severity/consts.lua

Get alert severity constants

  • Description: Alert severity string and integer severity id for each defined severity
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

GET /lua/rest/v2/get/alert/severity/counters.lua

Get alert counters by severity

  • Description: Alert severity counters in descending order
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
status query Status filter (historical, historical-flows) string
epoch_begin query Start time (epoch) integer
epoch_end query Start time (epoch) integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/alert/type/consts.lua

Get alert type constants

  • Description: Alert type string and integer alert key for each defined alert
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

GET /lua/rest/v2/get/alert/type/counters.lua

Get alert counters by type

  • Description: Alert type counters indescending order
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
status query Status filter (historical, historical-flows) string
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/all/alert/list.lua

Get all alerts list

  • Description: Get all alerts list
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
start query Starting record (e.g. start=100, it will start returning records from the 101st) integer
length query Maximum number of records to get integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
format query Format of the return data (json or txt) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/all/alert/ts.lua

Get all alerts timeseries

  • Description: Get all alerts timeseries
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query Start time (epoch) integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/am_host/alert/list.lua

Get Active Monitoring alerts list

  • Description: Get Active Monitoring alerts list
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
start query Starting record (e.g. start=100, it will start returning records from the 101st) integer
length query Maximum number of records to get integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
format query Format of the return data (json or txt) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/am_host/alert/ts.lua

Get Active Monitoring alerts timeseries

  • Description: Get Active Monitoring alerts timeseries
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

POST /lua/rest/v2/get/asn/asn_info.lua

Get Autonomous systems data

  • Description: Return the ASN data ntopng collected from analyzing the network. If an ASN is given, then return the data regarding the requested ASN
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
asn formData Autonomous System ID integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/get/asn/asn_name.lua

Get Autonomous systems name

  • Description: Return the ASN name given an IP
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ip query IP Address integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/get/category/list.lua

Get category information

  • Description: Get all the category information available
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/checks/config.lua

Get Checks configuration

  • Description: Get checks configuration
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
download query Download the data or not boolean

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/get/country/country_name.lua

Get Country Name

  • Description: Return the Country name given a country code
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
country_id query Country Code integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/get/dns/resolve.lua

Resolve an host name into an IP address

  • Description: Resolve an host name into an IP address
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
hostname query The host name to be resolved string

Responses

0 - OK

-9 - NAME_RESOLUTION_FAILED

GET /lua/rest/v2/get/flow/active.lua

Get active flows

  • Description: List of active flows
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
currentPage query Pagination: page (optional) integer
perPage query Pagination: items per page (optional) integer
sortColumn query Pagination: column for sorting (e.g. ‘score’) (optional) string
sortOrder query Pagination: sorting order: ‘asc’ or ‘desc’ (optional) string
host query Host address filter (optional) string
vlan query VLAN ID filter (optional) integer
l4proto query L4 protocol filter (optional) string
application query Application protocol filter (optional) string
verbose query Add more details including TCP stats (optional) boolean

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/flow/alert/list.lua

Get flow alerts list

  • Description: Get flow alerts list
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
start query Starting record (e.g. start=100, it will start returning records from the 101st) integer
length query Maximum number of records to get integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
ip_version query IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_ip query Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_ip query Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_name query Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
srv_name query Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
cli_port query Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_port query Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
vlan_id query VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
l7proto query Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_country query Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_country query Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
probe_ip query Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
input_snmp query Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
output_snmp query Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
snmp_interface query SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_host_pool_id query Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
srv_host_pool_id query Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
cli_network query Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_network query Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
l7_error_id query Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
traffic_direction query Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
format query Format of the return data (json or txt) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/flow/alert/ts.lua

Get flow alerts timeseries

  • Description: Get flow alerts timeseries
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
ip_version query IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_ip query Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_ip query Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_name query Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
srv_name query Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
cli_port query Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_port query Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
vlan_id query VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
l7proto query Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_country query Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_country query Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
probe_ip query Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
input_snmp query Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
output_snmp query Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
snmp_interface query SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
cli_host_pool_id query Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
srv_host_pool_id query Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
cli_network query Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
srv_network query Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
l7_error_id query Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
traffic_direction query Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/flow/l4/counters.lua

Get flow counters for L4 protocols

  • Description: Number of active flows per L4 protocol
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/flow/l7/counters.lua

Get flow counters for L7 protocols

  • Description: Number of active flows per L7 application protocol
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/flow/traffic_stats.lua

Get traffic stats for active flows

  • Description: Get traffic stats for active flows
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/host/active.lua

Get active hosts

  • Description: List of active hosts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
currentPage query Pagination: page (optional) integer
perPage query Pagination: items per page (optional) integer
sortColumn query Pagination: column for sorting (e.g. ip, name, since, last, alerts, country, vlan, num_flows, traffic, thpt) (optional) string
sortOrder query Pagination: sorting order: ‘asc’ or ‘desc’ (optional) string
all query Get all hosts (optional) boolean
mode query Mode filter: all, local, remote, broadcast_domain, filtered, blacklisted, dhcp (optional) string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/host/alert/list.lua

Get host alerts list

  • Description: Get host alerts list
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
start query Starting record (e.g. start=100, it will start returning records from the 101st) integer
length query Maximum number of records to get integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
vlan_id query VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
ip_version query IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
name query Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
host_pool_id query Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
network query Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
format query Format of the return data (json or txt) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/host/alert/ts.lua

Get host alerts timeseries

  • Description: Get host alerts timeseries
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
vlan_id query VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
ip_version query IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
ip query IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
name query Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) string
host_pool_id query Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then string
network query Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/host/custom_data.lua

Get host custom data

  • Description: Custom data is returned for one or all hosts
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
host query Host address string
field_alias query Field alias string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-4 - INVALID_HOST

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

-8 - BAD_CONTENT

GET /lua/rest/v2/get/host/data.lua

Get host data

  • Description: Host data is returned
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
host query Host address (IP or IP@VLAN if traffic is tagged) string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-4 - INVALID_HOST

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

-8 - BAD_CONTENT

GET /lua/rest/v2/get/host/dscp/stats.lua

Get IP DSCP statistics for a host

  • Description: DSCP statistics
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
host query Host address string
vlan query VLAN ID integer
direction query Select direction: ‘sent’ or ‘recvd’ (default) boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/host/fingerprint/data.lua

Get counters per type

  • Description: Number of alerts per alert type
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
host query Host address string
fingerprint_type query The fingerprint type, either ja3 or hassh string

Responses

0 - OK

GET /lua/rest/v2/get/host/interfaces.lua

Get host interfaces

  • Description: All interface ids of a given host are returned
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid formData Interface identifier integer
host formData Host address string
vlan formData VLAN ID integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/get/host/l4/data.lua

Get the host information about transport protocols

  • Description: Given an host, return the transport protocols information (bytes sent, received, …) of an host
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
host query Host address string
vlan query VLAN ID integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/host/l7/stats.lua

Get L7 statistics for a host

  • Description: nDPI statistics
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
host query Host address string
vlan query VLAN ID integer
breed query Show breed boolean
ndpi_category query Show nDPI category boolean
collapse_stats query Collapse the returned stats into ‘Other’ stats if bytes/flows are too low (< 3%) boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/host/pool/members.lua

Get all host pool members

  • Description: Get all the members of a given host pool
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
pool query Host Pool ID integer
member query IP/MAC/Network CIDR to add to the Host Pool ID string

Responses

0 - OK

-16 - POOL_NOT_FOUND

GET /lua/rest/v2/get/host/pool/pools.lua

Get one or all host pools

  • Description: Get one or all host pools
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
pool query Host Pool ID integer

Responses

0 - OK

-16 - POOL_NOT_FOUND

GET /lua/rest/v2/get/host/pool_by_member.lua

Get an host pool given a member

  • Description: Get an host pool given a member
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
member query IP/MAC/Network CIDR string
pool_name_only query Return only the pool name (do not return pool details including members) boolean

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/get/host/processes/listening_ports.lua

Get the host information about listening ports

  • Description: Given an host, return the information about listening ports (transport level protocol, package and process that’s currently running on that port)
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
host query Host address string
vlan query VLAN ID integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/host/to_scan_list.lua

Retrieves vulnerability scan hosts list

  • Description: Get Hosts to Scan
  • Produces: [‘application/json’]

Responses

0 - OK

-6 - INTERNAL_ERROR

-8 - BAD_CONTENT

GET /lua/rest/v2/get/host/vulnerability_scan_type_list.lua

Retrieves vulnerability scan types list

  • Description: Get Scan Types List
  • Produces: [‘application/json’]

Responses

0 - OK

GET /lua/rest/v2/get/interface/address.lua

Get interface IP addresses

  • Description: List of interface IP addresses is returned
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/interface/alert/list.lua

Get interface alerts list

  • Description: Get interface alerts list
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
start query Starting record (e.g. start=100, it will start returning records from the 101st) integer
length query Maximum number of records to get integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
subtype query Alert subtype string
format query Format of the return data (json or txt) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/interface/alert/ts.lua

Get interface alerts timeseries

  • Description: Get interface alerts timeseries
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
subtype query Alert subtype string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/interface/arp.lua

Get interface ARP info

  • Description: Get interface ARP info
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
host query Host address string

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/interface/bcast_domains.lua

Get interface broadcast domains

  • Description: Interface broadcast domains as detected from ARP traffic and broadcast traffic are returned
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/interface/data.lua

Get interface data

  • Description: Interface data is returned
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/interface/dscp/stats.lua

Get IP DSCP statistics for an interface

  • Description: DSCP statistics
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/interface/l7/stats.lua

Get L7 statistics for an interface

  • Description: nDPI statistics
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
ndpistats_mode query Stats mode: ‘sinceStartup’ or ‘count’ string
breed query Show breed boolean
ndpi_category query Show nDPI category boolean
all_values query Return all the values available boolean
max_values query Get at most max_values, by default 5 int16
collapse_stats query Collapse the returned stats into ‘Other’ stats if bytes/flows are too low (< 3%) boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/interface/nprobes/data.lua

Get interface nProbe data

  • Description: Get data for nProbe instances connected to an ntopng interface
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/l4/protocol/consts.lua

Get L4 protocol constants

  • Description: L4 protocol names and integer identifiers
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

GET /lua/rest/v2/get/l7/application/consts.lua

Get L7 application protocol constants

  • Description: L7 application protocol names and integer identifiers
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

GET /lua/rest/v2/get/l7/category/consts.lua

Get L7 application category constants

  • Description: L7 application category names and integer identifiers
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

GET /lua/rest/v2/get/mac/alert/list.lua

Get MAC alerts list

  • Description: Get MAC alerts list
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
start query Starting record (e.g. start=100, it will start returning records from the 101st) integer
length query Maximum number of records to get integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
format query Format of the return data (json or txt) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/mac/alert/ts.lua

Get MAC alerts timeseries

  • Description: Get MAC alerts timeseries
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/network/alert/list.lua

Get network alerts list

  • Description: Get network alerts list
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
start query Starting record (e.g. start=100, it will start returning records from the 101st) integer
length query Maximum number of records to get integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
network_name query Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string
format query Format of the return data (json or txt) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/network/alert/ts.lua

Get network alerts timeseries

  • Description: Get network alerts timeseries
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
network_name query Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/network/discovery/discover.lua

Get interface network discovery data

  • Description: Get data regarding the network discovery done by an ntopng interface
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
operating_system query Operating System identifier integer
device_type query Device type identifier integer
manufacturer query Manufacturer of the device string

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/network/networks.lua

Return list of networks

  • Description: Return the list of all networks
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

GET /lua/rest/v2/get/ntopng/interfaces.lua

Get ntopng actively monitored interfaces names and ids

  • Description: Interface name and integer interface id for each actively monitored ntopng interface
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

GET /lua/rest/v2/get/ntopng/users.lua

Read all configured ntopng users

  • Description: Read all configured ntopng users
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/get/pcap/live_extraction.lua

Extract (live download) PCAP data from the traffic recorded with the continuous recording (n2disk)

  • Description: Raw PCAP data is returned
  • Produces: [‘application/vnd.tcpdump.pcap’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
bpf_filter query BPF filter string

Responses

FILE - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/rest/v2/create/pcap/extraction/task.lua

Schedule PCAP data extraction from traffic recorded with the continuous recording (n2disk). A job ID is returned to check the extraction status (see /lua/rest/v2/get/pcap/extraction/tasks.lua)

  • Description: Job info is returned
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
bpf_filter query BPF filter string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/pcap/extraction/tasks.lua

Read PCAP extraction jobs (scheduled with /lua/rest/v2/create/pcap/extraction/task.lua) information

  • Description: All jobs status is returned
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/pcap/extraction/data.lua

Download PCAP data extracted by a scheduled extraction task (scheduled with /lua/rest/v2/create/pcap/extraction/task.lua)

  • Description: Raw PCAP data is returned
  • Produces: [‘application/vnd.tcpdump.pcap’]

Parameters

Name Position Description Type
job_id query Job ID integer
file_id query File ID (default 1) integer

Responses

FILE - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/rest/v2/get/pcap/live_traffic.lua

Live traffic capture

  • Description: Raw PCAP data is returned
  • Produces: [‘application/vnd.tcpdump.pcap’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
bpf_filter query BPF filter string

Responses

FILE - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/rest/v2/get/pools.lua

Get all pools of any type

  • Description: Get all pools defined for any available pool type
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

GET /lua/rest/v2/get/recipient/pools.lua

Get recipient pools

  • Description: Get all pools bound to a recipient
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
recipient_id query Recipient identifier integer

Responses

0 - OK

GET /lua/rest/v2/get/system/alert/list.lua

Get system alerts list

  • Description: Get system alerts list
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
start query Starting record (e.g. start=100, it will start returning records from the 101st) integer
length query Maximum number of records to get integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
format query Format of the return data (json or txt) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/system/alert/ts.lua

Get system alerts timeseries

  • Description: Get system alerts timeseries
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/system/configurations/download_backup.lua

Get system configuration automatic backup

  • Description: Get on of the automatic system configurations backups
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
epoch query The epoch of the backup integer
download query Download the backup or just retrive info boolean

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/configurations/list_availabled_backups.lua

Get system configurations automatic backups

  • Description: Get list of automatic system configurations backups
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/health/influxdb.lua

Get InfluxDB Stats

  • Description: Get all the available InfluxDB Statistics
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/health/interfaces.lua

Get interfaces stats

  • Description: Get statistics of every active interfaces
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/health/redis.lua

Get Redis Stats

  • Description: Get all the available Redis Statistics
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/health/stats.lua

Get system stats

  • Description: Get statistics of the system on top of which ntopng is running
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/status.lua

Get system status info

  • Description: Get license information and resources used data
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

GET /lua/rest/v2/get/timeseries/ts.lua

Get timeseries data

  • Description: Get timeseries data
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
limit query Maximum number of timeseries points number
initial_point query A boolean used to return the first point of the timeseries or not boolean
ts_compare query Choices available: ‘30m’, ‘1h’, ‘1d’. A string reporting the timeframe of the timeseries to be compared to (e.g. ‘30m’, means to return other then the timeserie requested, the 30 minutes before) string
ts_query query Containing the parameters used to find the timeserie in the following format, parameter:value;parameter:value;… (e.g. ‘ifid:1;host:192.168.1.1’) string
tskey query Containing the timeseries key, whom the timeseries is referred to (e.g. if the timeserie is regarding the interface ‘7’ or the host ‘192.168.1.1’, then tskey is going to be ‘7’ or ‘192.168.1.1’) string
ts_schema query Contains the timeserie schema (e.g. ‘iface:traffic’) string

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/timeseries/type/consts.lua

Get available timeseries

  • Description: Get all the available timeseries given a tag
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
query query Tag used to retrieve the timeseries; currently available: iface, host, mac, subnet, asn, country, os, vlan, host_pool, pod, container, ht, system, profile, redis, influxdb, am, snmp_interface, snmp_device, obs_point, sflowdev_port, flowdev, flowdev_port string
host query Host IP@VLAN, REQUIRED in case of timeseries regarding Host, SNMP or Flow devices string
asn query ASN identifier, REQUIRED in case of timeseries regarding Autonomous Systems integer
pool query Host Pool identifier, REQUIRED in case of timeseries regarding Host Pools integer
vlan query VLAN identifier, REQUIRED in case of timeseries regarding VLANs integer
mac query MAC address, REQUIRED in case of timeseries regarding MACs string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/user/alert/list.lua

Get user alerts list

  • Description: Get user alerts list
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
start query Starting record (e.g. start=100, it will start returning records from the 101st) integer
length query Maximum number of records to get integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
format query Format of the return data (json or txt) string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/user/alert/ts.lua

Get user alerts timeseries

  • Description: Get user alerts timeseries
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid query Interface identifier integer
epoch_begin query Start time (epoch) integer
epoch_end query End time (epoch) integer
alert_id query Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) integer
severity query Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer
score query Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

POST /lua/rest/v2/import/active_monitoring/config.lua

Import the active monitoring configuration providing a JSON file

  • Description: Import the active monitoring configuration
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

POST /lua/rest/v2/import/all/config.lua

Import all configurations providing a JSON file

  • Description: Import all configurations including Pools, Active Monitoring, Notifications (Endpoints and Recipients), Checks, SNMP devices
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

POST /lua/rest/v2/import/checks/config.lua

Import Checks configuration

  • Description: Import Checks configuration
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
JSON form The Checks configuration in JSON string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

POST /lua/rest/v2/import/infrastructure/config.lua

Import the Infrastructure configuration providing a JSON file

  • Description: Import the configuration for all infrastructure configurations
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

POST /lua/rest/v2/import/notifications/config.lua

Import the notifications configuration providing a JSON file

  • Description: Import the configuration for endpoints and recipients
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

POST /lua/rest/v2/import/pool/config.lua

Import the pools configuration providing a JSON file

  • Description: Import the configuration of all pools and dependencies (notifications, SNMP, active monitoring, checks
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

GET /lua/rest/v2/import/pool/host_pool/members.lua

Import host pool members

  • Description: Import host pool members
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
pool form Pool identifier integer
host_pool_members form A newline-separated list of host pool members string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/import/scripts/config.lua

Import the Checks configuration providing a JSON file

  • Description: Import the configuration for all checks
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

POST /lua/rest/v2/import/snmp/config.lua

Import the SNMP configuration providing a JSON file

  • Description: Import the configuration for the SNMP devices
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

GET /lua/rest/v2/reset/active_monitoring/config.lua

Reset Active Monitoring configuration

  • Description: Reset active monitoring configuration
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/reset/all/config.lua

Reset all configurations

  • Description: Reset all configurations
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/reset/checks/config.lua

Reset Checks configuration

  • Description: Reset checks configuration
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/reset/infrastructure/config.lua

Reset all infrastructure configurations

  • Description: Reset all infrastructure configurations
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/reset/notifications/config.lua

Reset Notifications configuration

  • Description: Reset notifications configuration
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/reset/snmp/config.lua

Reset SNMP configuration

  • Description: Reset SNMP configuration including all configured devices
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/set/checks/config.lua

Set Checks configuration

  • Description: Set Checks configuration
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
JSON form Check configuration in JSON string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/set/host/alias.lua

Set host alias

  • Description: Set host custom name
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
host formData Host address string
custom_name formData Custom name string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/set/device/alias.lua

Set device alias

  • Description: Set device custom name
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
device formData Device MAC Address string
custom_name formData Custom name string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/set/network/alias.lua

Set network alias

  • Description: Set network custom name
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
network_cidr formData Network CIDR string
custom_name formData Custom name string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/set/interface/alias.lua

Set interface alias

  • Description: Set interface custom name
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid formData Interface ID string
custom_name formData Custom name string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/set/host/notes.lua

Set host custom notes

  • Description: Given an host and a note, it is going to set that Note to the host
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
custom_notes form Custom Host Note string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/trigger/host/alert.lua

Trigger an external alert on a host

  • Description: Trigger alert
  • Produces: [‘application/json’]

Parameters

Name Position Description Type
ifid formData Interface identifier integer
host formData Host address string
vlan formData VLAN ID integer
score formData Set the alert score boolean
info formData Set the alert description string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/version.lua

Get supported and current REST API versions

  • Description: Return all the supported REST API versions and the current REST API version used
  • Produces: [‘application/json’]

Parameters

Name Position Description Type

Responses

0 - OK