1. RESTful API v2 Specification¶
1.1. Authentication¶
The HTTP/HTTPS authentication should be used, for example with curl
it is possible to specify username and password with
-u <user>:<password>
Using HTTPS is recommended for security. See this post to enable HTTPS.
1.2. Request Format¶
Parameters can be provided both using GET with a query string or POST using JSON (in this case please make sure the correct Content Type is provided). For example, to download data for a host you can use the below curl command line using GET:
curl -s -u admin:admin "http://192.168.1.1:3000/lua/rest/v2/get/host/data.lua?ifid=1&host=192.168.1.2"
or the below curl command line using POST:
curl -s -u admin:admin -H "Content-Type: application/json" -d '{"ifid": "1", "host": "192.168.1.2"}' "http://192.168.1.1:3000/lua/rest/v2/get/host/data.lua"
Please check the Examples section for more examples.
1.3. Response Format¶
An API response is usually represented by a JSON message matching a standard structure. This JSON message consists of an envelope containing:
- a return code rc
- a human-readable string rc_str describing the return code
- the actual response in rsp
Example:
{
"rc": 0
"rc_str": "OK",
"rsp": {
...
}
}
1.4. API¶
1.4.1. Interfaces¶
GET /lua/rest/v2/get/interface/data.lua
Get interface data
- Description: Interface data is returned
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/interface/bcast_domains.lua
Get interface broadcast domains
- Description: Interface broadcast domains as detected from ARP traffic and broadcast traffic are returned
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/interface/address.lua
Get interface IP addresses
- Description: List of interface IP addresses is returned
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/interface/l7/stats.lua
Get L7 statistics for an interface
- Description: nDPI statistics
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| ndpistats_mode | query | Stats mode: ‘sinceStartup’ or ‘count’ | string |
| breed | query | Show breed | boolean |
| ndpi_category | query | Show nDPI category | boolean |
| all_values | query | Return all the values available | boolean |
| max_values | query | Get at most max_values, by default 5 | int16 |
| collapse_stats | query | Collapse the returned stats into ‘Other’ stats if bytes/flows are too low (< 3%) | boolean |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/interface/dscp/stats.lua
Get IP DSCP statistics for an interface
- Description: DSCP statistics
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/ntopng/interfaces.lua
Get ntopng actively monitored interfaces names and ids
- Description: Interface name and integer interface id for each actively monitored ntopng interface
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
1.4.2. Hosts¶
GET /lua/rest/v2/get/host/active.lua
Get active hosts
- Description: List of active hosts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| currentPage | query | Pagination: page (optional) | integer |
| perPage | query | Pagination: items per page (optional) | integer |
| sortColumn | query | Pagination: column for sorting (e.g. ip, name, since, last, alerts, country, vlan, num_flows, traffic, thpt) (optional) | string |
| sortOrder | query | Pagination: sorting order: ‘asc’ or ‘desc’ (optional) | string |
| all | query | Get all hosts (optional) | boolean |
| mode | query | Mode filter: all, local, remote, broadcast_domain, filtered, blacklisted, dhcp (optional) | string |
Responses
0 - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/host/interfaces.lua
Get host interfaces
- Description: All interface ids of a given host are returned
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| host | query | Host address | string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
GET /lua/rest/v2/get/host/data.lua
Get host data
- Description: Host data is returned
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
Responses
0 - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-4 - INVALID_HOST
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
-8 - BAD_CONTENT
GET /lua/rest/v2/get/host/custom_data.lua
Get host custom data
- Description: Custom data is returned for one or all hosts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| field_alias | query | Field alias | string |
Responses
0 - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-4 - INVALID_HOST
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
-8 - BAD_CONTENT
GET /lua/rest/v2/get/host/l7/stats.lua
Get L7 statistics for a host
- Description: nDPI statistics
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| vlan | query | VLAN ID | integer |
| breed | query | Show breed | boolean |
| ndpi_category | query | Show nDPI category | boolean |
| collapse_stats | query | Collapse the returned stats into ‘Other’ stats if bytes/flows are too low (< 3%) | boolean |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/host/dscp/stats.lua
Get IP DSCP statistics for a host
- Description: DSCP statistics
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| vlan | query | VLAN ID | integer |
| direction | query | Select direction: ‘sent’ or ‘recvd’ (default) | boolean |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
POST /lua/rest/v2/set/host/alias.lua
Set host alias
- Description: Set hsot custom name
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| host | formData | Host address | string |
| custom_name | formData | Custom name | string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
GET /lua/rest/v2/trigger/host/alert.lua
Trigger an external alert on a host
- Description: Trigger alert
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | formData | Interface identifier | integer |
| host | formData | Host address | string |
| vlan | formData | VLAN ID | integer |
| score | formData | Set the alert score | boolean |
| info | formData | Set the alert description | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/interface/top/local/talkers.lua
Get Top local talkers
- Description: Get the Top 10 local talkers
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface ID | number |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/pro/rest/v2/get/interface/top_ts_stats.lua
Get Top Timeseries stats
- Description: Get the Top timeseries stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | Start time (epoch) | integer |
| ts_query | query | data used to get the timeseries; e.g. format: ‘ifid:1,protocol:DNS’ , where ‘ifid:1’ stands for interface ID 1 and ‘protocol:DNS’ stands for DNS protocol information | integer |
| detail_view | query | Top information requested, currently available: top_protocols -> Top Application data, top_categories -> Top Categories data, top_senders -> Top Local Senders data, top_receivers -> Top Local Receivers data | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/pro/rest/v2/get/interface/top/remote/talkers.lua
Get Top remote talkers
- Description: Get the Top 10 remote talkers
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface ID | number |
Responses
0 - OK
-2 - INVALID_INTERFACE
1.4.3. Alerts¶
GET /lua/rest/v2/get/alert/type/consts.lua
Get alert type constants
- Description: Alert type string and integer alert key for each defined alert
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
GET /lua/rest/v2/get/alert/list/alerts.lua
List stored interface alerts
- Description: List alerts stored in the ntopng alert database
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| alert_family | query | Alert family. Possible values: active_monitoring, flow, host, interface, mac , network , snmp , system , user | string |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| select_clause | query | Select clause (default: *) | string |
| where_clause | query | Where clause (default: none). IP values should be double-quoted and between parenthesis (e.g. IPV4_SRC_ADDR = (“192.168.1.1”)). | string |
| maxhits_clause | query | Max hits (default: 10) | integer |
| order_by_clause | query | Order by clause (default: no order) | string |
| group_by_clause | query | Group by clause (default: no group) | string |
Responses
0 - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/alert/severity/consts.lua
Get alert severity constants
- Description: Alert severity string and integer severity id for each defined severity
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
GET /lua/rest/v2/get/alert/type/counters.lua
Get alert counters by type
- Description: Alert type counters indescending order
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| status | query | Status filter (historical, historical-flows) | string |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/alert/severity/counters.lua
Get alert counters by severity
- Description: Alert severity counters in descending order
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| status | query | Status filter (historical, historical-flows) | string |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | Start time (epoch) | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
1.4.4. Flows¶
GET /lua/rest/v2/get/flow/active.lua
Get active flows
- Description: List of active flows
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| currentPage | query | Pagination: page (optional) | integer |
| perPage | query | Pagination: items per page (optional) | integer |
| sortColumn | query | Pagination: column for sorting (e.g. ‘score’) (optional) | string |
| sortOrder | query | Pagination: sorting order: ‘asc’ or ‘desc’ (optional) | string |
| host | query | Host address filter (optional) | string |
| vlan | query | VLAN ID filter (optional) | integer |
| l4proto | query | L4 protocol filter (optional) | string |
| application | query | Application protocol filter (optional) | string |
| verbose | query | Add more details including TCP stats (optional) | boolean |
Responses
0 - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/flow/l4/counters.lua
Get flow counters for L4 protocols
- Description: Number of active flows per L4 protocol
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/flow/l7/counters.lua
Get flow counters for L7 protocols
- Description: Number of active flows per L7 application protocol
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/db/columns_info.lua
Get Clickhouse available columns
- Description: Executes a query to the flows database and return all the available columns the DB has
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/db/flows.lua
Get flows data. Columns include (but are not limited to) IP_PROTOCOL_VERSION, FLOW_TIME, FIRST_SEEN, LAST_SEEN, VLAN_ID, PACKETS, TOTAL_BYTES, SRC2DST_BYTES, DST2SRC_BYTES, IPV4_SRC_ADDR, IPV4_DST_ADDR, IPV6_SRC_ADDR, IPV6_DST_ADDR, PROTOCOL, L7_PROTO.
- Description: Executes a query to the flows database
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| begin_time_clause | query | Start time (epoch) | integer |
| end_time_clause | query | Start time (epoch) | integer |
| select_clause | query | Select clause (default: *) | string |
| where_clause | query | Where clause (default: none). IP values should be double-quoted and between parenthesis (e.g. IPV4_SRC_ADDR = (“192.168.1.1”)). | string |
| maxhits_clause | query | Max hits (default: 10) | integer |
| order_by_clause | query | Order by clause (default: no order) | string |
| group_by_clause | query | Group by clause (default: no group) | string |
Responses
0 - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/db/topk_flows.lua
Get Top-K flows data. Columns include (but are not limited to) IP_PROTOCOL_VERSION, FLOW_TIME, FIRST_SEEN, LAST_SEEN, VLAN_ID, PACKETS, TOTAL_BYTES, SRC2DST_BYTES, DST2SRC_BYTES, IPV4_SRC_ADDR, IPV4_DST_ADDR, IPV6_SRC_ADDR, IPV6_DST_ADDR, PROTOCOL, L7_PROTO
- Description: Executes a top-k query to the flows database
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| begin_time_clause | query | Start time (epoch) | integer |
| end_time_clause | query | End time (epoch) | integer |
| select_keys_clause | query | Select comma-separated keys list (default: IPV4_SRC_ADDR,IPV4_DST_ADDR,L7_PROTO) | string |
| select_values_clause | query | Select value (default: BYTES) | string |
| where_clause | query | Where clause (default: none) | string |
| topk_clause | query | Top-K clause (default: SUM) | string |
| approx_search | query | Approximate search (default: true) | string |
| maxhits_clause | query | Max hits (default: 10) | integer |
Responses
0 - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
1.4.5. PCAP¶
GET /lua/rest/v2/get/pcap/live_extraction.lua
Live PCAP traffic extraction
- Description: Raw PCAP data is returned
- Produces: [‘application/vnd.tcpdump.pcap’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | Start time (epoch) | integer |
| bpf_filter | query | BPF filter | string |
Responses
FILE - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
GET /lua/rest/v2/get/pcap/live_traffic.lua
Live traffic capture
- Description: Raw PCAP data is returned
- Produces: [‘application/vnd.tcpdump.pcap’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| bpf_filter | query | BPF filter | string |
Responses
FILE - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
GET /lua/pro/rest/v2/get/db/filter/bpf.lua
BPF filter generation
- Description: Convert tags used to extract data from the database into the equivalent BPF filter, suitable for traffic extraction
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| l7proto | query | Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| l7proto_master | query | Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| l7cat | query | Application category identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| flow_risk | query | Flow risk identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| l4proto | query | Transport protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip_version | query | IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_ip | query | Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_ip | query | Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| traffic_direction | query | Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| name | query | Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| cli_name | query | Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| srv_name | query | Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| network_name | query | Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| src2dst_dscp | query | Client to Server DSCP identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_port | query | Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_port | query | Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| country | query | Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_country | query | Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_country | query | Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_asn | query | Client ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_asn | query | Server ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_nw_latency | query | Client network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| srv_nw_latency | query | Server network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| observation_point_id | query | Observation point identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| probe_ip | query | Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| vlan_id | query | VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| snmp_interface | query | SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| input_snmp | query | Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| output_snmp | query | Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| src2dst_tcp_flags | query | Client to Server TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| dst2src_tcp_flags | query | Server to Client TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| mac | query | MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_mac | query | Client MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_mac | query | Server MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| network | query | Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_network | query | Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_network | query | Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| info | query | Info field (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| bytes | query | Total Bytes (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| packets | query | Total Packets (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| host_pool_id | query | Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| cli_host_pool_id | query | Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| srv_host_pool_id | query | Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| l7_error_id | query | Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_proc_name | query | Client process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_proc_name | query | Server process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_user_name | query | Client user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_user_name | query | Server user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
FILE - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
1.4.6. Users¶
1.4.7. Infrastructures¶
1.4.8. Health¶
1.4.9. Configurations¶
1.4.10. Checks¶
POST /lua/rest/v2/set/host/notes.lua
Set host custom notes
- Description: Given an host and a note, it is going to set that Note to the host
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| custom_notes | form | Custom Host Note | string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
1.4.11. Host¶
POST /lua/pro/rest/v2/get/host/flows/data.lua
Get host flows data
- Description: Given an host return the information used to create the sankey chart with all the flows information regarding that hosts (protocols, traffic, ecc.)
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| host | formData | Host address | string |
| hosts_type | query | Currently available: local_only -> return only flows between local hosts, remote_only -> return only flows between remote hosts, local_origin_remote_target -> return only flows between local clients and remote servers, remote_origin_local_target -> return only flows between local servers and remote clients, all_hosts -> return all flows | string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
1.4.12. Autonomous System¶
POST /lua/rest/v2/get/asn/asn_info.lua
Get Autonomous systems data
- Description: Return the ASN data ntopng collected from analyzing the network. If an ASN is given, then return the data regarding the requested ASN
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| asn | formData | Autonomous System ID | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
POST /lua/rest/v2/get/asn/asn_name.lua
Get Autonomous systems name
- Description: Return the ASN name given an IP
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ip | query | IP Address | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
1.4.13. Country¶
POST /lua/rest/v2/get/country/country_name.lua
Get Country Name
- Description: Return the Country name given a country code
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| country_id | query | Country Code | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
1.4.14. L4 Protocols¶
GET /lua/rest/v2/get/l4/protocol/consts.lua
Get L4 protocol constants
- Description: L4 protocol names and integer identifiers
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
1.4.15. L7 Application Protocols¶
GET /lua/rest/v2/get/l7/application/consts.lua
Get L7 application protocol constants
- Description: L7 application protocol names and integer identifiers
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
1.4.16. L7 Application Categories¶
GET /lua/rest/v2/get/l7/category/consts.lua
Get L7 application category constants
- Description: L7 application category names and integer identifiers
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
GET /lua/rest/v2/edit/category/category.lua
Change the custom hosts for a specific category
- Description: Given a category, an alias for the category and a list of hosts, networks or domain names, separated by comma, it is going to change the alias of the category and aggregate the traffic done by those hosts into the category
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| category | query | Category, formatted as cat_{id}, where ID is the ID of the category | string |
| custom_hosts | query | List of Hosts, Networks, Domain Names, separated by comma | string |
| alias | query | Alias of the Category | string |
Responses
0 - OK
1.4.17. REST API¶
GET /lua/rest/version.lua
Get supported and current REST API versions
- Description: Return all the supported REST API versions and the current REST API version used
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
1.4.18. SNMP¶
GET /lua/pro/rest/v2/get/snmp/device/system.lua
Get system information
- Description: Get system information for a single or all SNMP devices
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| host | query | The IP address of the SNMP device (optional, all devices are returned if empty) | string |
Responses
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/snmp/device/interfaces.lua
Get interfaces information
- Description: Get interfaces information for a single or all SNMP devices
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| host | query | The IP address of the SNMP device (optional, all devices are returned if empty) | string |
Responses
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/snmp/device/lldp.lua
Get LLDP adjacency information
- Description: Get LLDP adjacencies for a single or all SNMP devices
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| host | query | The IP address of the SNMP device (optional, all devices are returned if empty) | string |
Responses
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/snmp/device/bridge.lua
Get bridge MIB information
- Description: Get bridge MIB information for a single or all SNMP devices
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| host | query | The IP address of the SNMP device (optional, all devices are returned if empty) | string |
Responses
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/add/snmp/device.lua
Add SNMP devices
- Description: Add devices to the monitored SNMP devices
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| snmp_host | query | IP address or symbolic name of and an SNMP device | string |
| snmp_read_community | query | The SNMP read community to use (SNMP v1/v2c only) | string |
| snmp_write_community | query | The SNMP write community to use (SNMP v1/v2c only) | string |
| snmp_version | query | The SNMP version to use: 2 (SNMP v3), 1 (v2c) or 0 (v1) | string |
| snmp_level | query | Used only with SNMP v3: noAuthNoPriv, authNoPriv, or authPriv) | string |
| snmp_auth_protocol | query | Used only with SNMP v3 and level not set to noAuthNoPriv: MD5 or SHA | string |
| snmp_auth_passphrase | query | Used only with SNMP v3 and level not set to noAuthNoPriv: 8 chars+ passphrase | string |
| snmp_privacy_protocol | query | Used only with SNMP v3 and level set to autPriv: DES or AES | string |
| snmp_privacy_passphrase | query | Used only with SNMP v3 and level set to autPriv: 8 chars+ passphrase | string |
| cidr | query | Either 24 or 32. If 32, snmp_host is treated as single host. If 24 snmp_host is treated as as CIDR address | string |
Responses
-3 - NOT_GRANTED
-4 - INVALID_HOST
-5 - INVALID_ARGUMENTS
-9 - NAME_RESOLUTION_FAILED
-10 - SNMP_DEVICE_ALREADY_ADDED
-11 - SNMP_DEVICE_UNREACHABLE
-12 - NO_SNMP_DEVICE_DISCOVERED
GET /lua/pro/rest/v2/edit/snmp/device/device.lua
Edit a SNMP device
- Description: Edit an existing monitored SNMP device
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| snmp_host | query | IP address or symbolic name of and an SNMP device | string |
| snmp_read_community | query | The SNMP read community to use (SNMP v1/v2c only) | string |
| snmp_write_community | query | The SNMP write community to use (SNMP v1/v2c only) | string |
| snmp_version | query | The SNMP version to use: 2 (SNMP v3), 1 (v2c) or 0 (v1) | string |
| snmp_level | query | Used only with SNMP v3: noAuthNoPriv, authNoPriv, or authPriv) | string |
| snmp_auth_protocol | query | Used only with SNMP v3 and level not set to noAuthNoPriv: MD5 or SHA | string |
| snmp_auth_passphrase | query | Used only with SNMP v3 and level not set to noAuthNoPriv: 8 chars+ passphrase | string |
| snmp_privacy_protocol | query | Used only with SNMP v3 and level set to autPriv: DES or AES | string |
| snmp_privacy_passphrase | query | Used only with SNMP v3 and level set to autPriv: 8 chars+ passphrase | string |
Responses
-3 - NOT_GRANTED
-4 - INVALID_HOST
-5 - INVALID_ARGUMENTS
-9 - NAME_RESOLUTION_FAILED
-10 - SNMP_DEVICE_ALREADY_ADDED
-11 - SNMP_DEVICE_UNREACHABLE
-12 - NO_SNMP_DEVICE_DISCOVERED
-22 - SNMP_UNKNOWN_DEVICE
GET /lua/pro/rest/v2/change/snmp/device/interface/status.lua
Change SNMP device interface status
- Description: Change the status of an SNMP device in terface to up or down
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| host | query | IP address of an SNMP device | string |
| snmp_admin_status | query | The new admin status, either ‘up’ or ‘down’ | string |
| snmp_port_idx | query | The index of the SNMP device interface | string |
Responses
0 - OK
-3 - NOT_GRANTED
-4 - INVALID_HOST
-5 - INVALID_ARGUMENTS
-26 - SNMP_DEVICE_INTERFACE_STATUS_CHANGE_FAILED
1.4.19. Timeseries¶
GET /lua/pro/rest/v2/get/db/ts.lua
Return the number of flows in a period of time
- Description: Return the timeseries of number of flows in a period of time
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| l7proto | query | Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| l7proto_master | query | Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| l7cat | query | Application category identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| flow_risk | query | Flow risk identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| l4proto | query | Transport protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip_version | query | IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_ip | query | Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_ip | query | Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| traffic_direction | query | Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| name | query | Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| cli_name | query | Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| srv_name | query | Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| network_name | query | Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| src2dst_dscp | query | Client to Server DSCP identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_port | query | Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_port | query | Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| country | query | Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_country | query | Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_country | query | Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_asn | query | Client ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_asn | query | Server ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_nw_latency | query | Client network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| srv_nw_latency | query | Server network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| observation_point_id | query | Observation point identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| probe_ip | query | Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| vlan_id | query | VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| snmp_interface | query | SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| input_snmp | query | Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| output_snmp | query | Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| src2dst_tcp_flags | query | Client to Server TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| dst2src_tcp_flags | query | Server to Client TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| mac | query | MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_mac | query | Client MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_mac | query | Server MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| network | query | Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_network | query | Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_network | query | Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| info | query | Info field (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| bytes | query | Total Bytes (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| packets | query | Total Packets (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| host_pool_id | query | Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| cli_host_pool_id | query | Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| srv_host_pool_id | query | Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| l7_error_id | query | Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_proc_name | query | Client process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_proc_name | query | Server process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_user_name | query | Client user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_user_name | query | Server user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
FILE - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
1.4.20. Pools¶
POST /lua/rest/v2/add/host/pool.lua
Add an host pool
- Description: Add an host pool with members and configuration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-13 - ADD_POOL_FAILED
POST /lua/rest/v2/edit/host/pool.lua
Edit an host pool
- Description: Edit an host pool with members and configuration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-14 - EDIT_POOL_FAILED
POST /lua/rest/v2/edit/host_pool/pool.lua
Edit an host pool pool
- Description: Edit an host pool pool (only recipients edit is allowed)
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-14 - EDIT_POOL_FAILED
POST /lua/rest/v2/delete/host/pool.lua
Delete an host pool
- Description: Delete an host pool
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| pool | query | Host Pool ID, required to delete the given pool | number |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-16 - POOL_NOT_FOUND
POST /lua/rest/v2/delete/pools.lua
Delete all pools for any available pool type
- Description: Delete all pools for any available pool type
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
GET /lua/rest/v2/get/host/pools.lua
Get one or all host pools
- Description: Get one or all host pools
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
Responses
0 - OK
-16 - POOL_NOT_FOUND
GET /lua/rest/v2/get/pools.lua
Get all pools of any type
- Description: Get all pools defined for any available pool type
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
GET /lua/rest/v2/get/host/pool/members.lua
Get all host pool members
- Description: Get all the members of a given host pool
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
Responses
0 - OK
-16 - POOL_NOT_FOUND
GET /lua/rest/v2/bind/host/pool/member.lua
Bind a member to an host pool
- Description: Bind a member to an host pool
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-17 - BIND_POOL_MEMBER_FAILED
GET /lua/rest/v2/get/host/pool_by_member.lua
Get an host pool given a member
- Description: Get an host pool given a member
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
Responses
0 - OK
-5 - INVALID_ARGUMENTS
GET /lua/rest/v2/export/pool/config.lua
Export the pools configuration as a JSON file
- Description: Export the configuration of all pools and dependencies (notifications, SNMP, active monitoring, checks
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| download | query | Download as file (no REST envelope) | boolean |
Responses
0 - OK
-3 - NOT_GRANTED
1.4.21. Notification Recipients¶
POST /lua/rest/v2/delete/recipients.lua
Delete all defined recipients and reset them to factory-defaults
- Description: Delete all defined recipients and reset them to factory-defaults
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
1.4.22. Notification Endpoints¶
POST /lua/rest/v2/delete/endpoints.lua
Delete all defined notification endpoints and reset them to factory-defaults
- Description: Delete all defined notification endpoints and reset them to factory-defaults
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
1.4.23. All¶
GET /lua/rest/v2/export/all/config.lua
Export all configurations as a JSON file
- Description: Export all configurations including Pools, Active Monitoring, Notifications (Endpoints and Recipients), Checks, SNMP devices
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| download | query | Download as file (no REST envelope) | boolean |
Responses
0 - OK
-3 - NOT_GRANTED
1.4.24. Active Monitoring¶
GET /lua/rest/v2/export/active_monitoring/config.lua
Export the active monitoring configuration as a JSON file
- Description: Export the active monitoring configuration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| download | query | Download as file (no REST envelope) | boolean |
Responses
0 - OK
-3 - NOT_GRANTED
1.4.25. Notifications¶
GET /lua/rest/v2/export/notifications/config.lua
Export the notifications configuration as a JSON file
- Description: Export the configuration for endpoints and recipients
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| download | query | Download as file (no REST envelope) | boolean |
Responses
0 - OK
-3 - NOT_GRANTED
1.4.26. ¶
GET /lua/rest/v2/export/scripts/config.lua
Export the Checks configuration as a JSON file
- Description: Export the configuration for all checks
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| download | query | Download as file (no REST envelope) | boolean |
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/rest/v2/export/snmp/config.lua
Export the SNMP configuration as a JSON file
- Description: Export the configuration for the SNMP devices
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| download | query | Download as file (no REST envelope) | boolean |
Responses
0 - OK
-3 - NOT_GRANTED
POST /lua/rest/v2/import/all/config.lua
Import all configurations providing a JSON file
- Description: Import all configurations including Pools, Active Monitoring, Notifications (Endpoints and Recipients), Checks, SNMP devices
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
-28 - PARTIAL_IMPORT
POST /lua/rest/v2/import/active_monitoring/config.lua
Import the active monitoring configuration providing a JSON file
- Description: Import the active monitoring configuration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
-28 - PARTIAL_IMPORT
POST /lua/rest/v2/import/notifications/config.lua
Import the notifications configuration providing a JSON file
- Description: Import the configuration for endpoints and recipients
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
-28 - PARTIAL_IMPORT
POST /lua/rest/v2/import/pool/config.lua
Import the pools configuration providing a JSON file
- Description: Import the configuration of all pools and dependencies (notifications, SNMP, active monitoring, checks
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
-28 - PARTIAL_IMPORT
POST /lua/rest/v2/import/scripts/config.lua
Import the Checks configuration providing a JSON file
- Description: Import the configuration for all checks
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
-28 - PARTIAL_IMPORT
POST /lua/rest/v2/import/snmp/config.lua
Import the SNMP configuration providing a JSON file
- Description: Import the configuration for the SNMP devices
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
-28 - PARTIAL_IMPORT
POST /lua/rest/v2/reset/all/config.lua
Reset all configurations
- Description: Reset all configurations
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
POST /lua/pro/rest/v2/check/infrastructure/config.lua
Test an infrastructure configuration
- Description: Uses an url and token to connect to the REST API of an ntopng in the infrastructure
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| url | query | The URL of the ntopng in the infrastructure | string |
| token | query | The REST API Token for the authentication | string |
Responses
0 - OK
-42 - INFRASTRUCTURE_INSTANCE_ALREADY_EXISTING
-43 - INFRASTRUCTURE_INSTANCE_CHECK_FAILED
-44 - INFRASTRUCTURE_INSTANCE_CHECK_NOT_FOUND
-45 - INFRASTRUCTURE_INSTANCE_CHECK_INVALID_RESPONSE
-46 - INFRASTRUCTURE_INSTANCE_CHECK_AUTH_FAILED
GET /lua/rest/v2/get/ntopng/users.lua
Read all configured ntopng users
- Description: Read all configured ntopng users
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
POST /lua/rest/v2/add/ntopng/user.lua
Add ntopng user
- Description: Add a ntopng user
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| username | formData | Username | string |
| full_name | formData | Full name | string |
| password | formData | Password | string |
| confirm_password | formData | Confirmed password | string |
| user_role | formData | User role (unprivileged / administrator) | string |
| allowed_networks | formData | Allowed networks (e.g. 0.0.0.0/0,::/0) | string |
| allowed_interface | formData | Allowed interfaces (empty for all) | string |
| user_language | formData | Language (en, it, de, jp, pt, cz) | string |
| allow_pcap_download | formData | Allow PCAPs download (1 to allow) | string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-19 - PASSWORD_MISMATCH
-20 - ADD_USER_FAILED
-23 - USER_ALREADY_EXISTING
POST /lua/rest/v2/delete/ntopng/user.lua
Delete ntopng user
- Description: Delete a ntopng user
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| username | formData | Username | string |
Responses
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-21 - DELETE_USER_FAILED
POST /lua/rest/v2/edit/ntopng/user.lua
Edit a ntopng user
- Description: Edit an existing ntopng user
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| username | formData | Username | string |
| user_role | formData | User role (unprivileged / administrator) | string |
| allowed_networks | formData | Allowed networks (e.g. 0.0.0.0/0,::/0) | string |
| allowed_interface | formData | Allowed interfaces (empty for all) | string |
| user_language | formData | Language (en, it, de, jp, pt, cz) | string |
| allow_pcap_download | formData | Allow PCAPs download (1 to allow) | string |
Responses
-5 - INVALID_ARGUMENTS
-21 - DELETE_USER_FAILED
-23 - USER_DOES_NOT_EXIST
-24 - EDIT_USER_FAILED
POST /lua/rest/v2/create/ntopng/session.lua
Create a new ntopng user session Cookie
- Description: Generate a new user session to be used as session Cookie
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| username | formData | Username | string |
| auth_session_duration | formData | Session duration (seconds). Default: 0 (no expiration). | integer |
Responses
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/get/infrastructure/instance.lua
Get one or all infrastructure configs
- Description: Get one or all infrastructure configs
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| Add statistics collected by the active monitoring module |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-32 - INFRASTRUCTURE_INSTANCE_NOT_FOUND
POST /lua/pro/rest/v2/add/infrastructure/instance.lua
Add a new infrastructure configuration
- Description: Add a new infrastructure configuration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| url | The URL of the ntopng in the infrastructure | string | |
| alias | An alias for the infrastructure | string | |
| token | The REST API Token for the authentication | string | |
| rtt_threshold | RTT threshold used by the active monitoring | int32 | |
| bandwidth_threshold | Bandwidth threshold used by the active monitoring | int32 |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-34 - INFRASTRUCTURE_INSTANCE_EMPTY_ALIAS
-35 - INFRASTRUCTURE_INSTANCE_EMPTY_URL
-36 - INFRASTRUCTURE_INSTANCE_EMPTY_TOKEN
-37 - INFRASTRUCTURE_INSTANCE_EMPTY_RTT_THRESHOLD
-39 - INFRASTRUCTURE_INSTANCE_SAME_ALIAS
-40 - INFRASTRUCTURE_INSTANCE_SAME_URL
-41 - INFRASTRUCTURE_INSTANCE_SAME_TOKEN
-42 - INFRASTRUCTURE_INSTANCE_ALREADY_EXISTING
-47 - INFRASTRUCTURE_INSTANCE_EMPTY_BANDWIDTH_THRESHOLD
POST /lua/pro/rest/v2/edit/infrastructure/instance.lua
Edit an existing infrastructure configuration
- Description: Edit an existing infrastructure configuration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| instance_id | The ID of the infrastructure configuration to edit | string | |
| url | The URL of the ntopng in the infrastructure | string | |
| alias | An alias for the infrastructure | string | |
| token | The REST API Token for the authentication | string | |
| rtt_threshold | RTT threshold used by the active monitoring | int32 | |
| bandwidth_threshold | Bandwidth threshold used by the active monitoring | int32 |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-32 - INFRASTRUCTURE_INSTANCE_NOT_FOUND
-33 - INFRASTRUCTURE_INSTANCE_EMPTY_ID
-34 - INFRASTRUCTURE_INSTANCE_EMPTY_ALIAS
-35 - INFRASTRUCTURE_INSTANCE_EMPTY_URL
-36 - INFRASTRUCTURE_INSTANCE_EMPTY_TOKEN
-37 - INFRASTRUCTURE_INSTANCE_EMPTY_RTT_THRESHOLD
-39 - INFRASTRUCTURE_INSTANCE_SAME_ALIAS
-40 - INFRASTRUCTURE_INSTANCE_SAME_URL
-41 - INFRASTRUCTURE_INSTANCE_SAME_TOKEN
-47 - INFRASTRUCTURE_INSTANCE_EMPTY_BANDWIDTH_THRESHOLD
POST /lua/pro/rest/v2/delete/infrastructure/instance.lua
Delete an existing infrastructure configuration
- Description: Delete an existing infrastructure configuration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| instance_id | The ID of the infrastructure to delete | string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-32 - INFRASTRUCTURE_INSTANCE_NOT_FOUND
-33 - INFRASTRUCTURE_INSTANCE_EMPTY_ID
POST /lua/rest/v2/import/infrastructure/config.lua
Import the Infrastructure configuration providing a JSON file
- Description: Import the configuration for all infrastructure configurations
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
-28 - PARTIAL_IMPORT
GET /lua/rest/v2/export/infrastructure/config.lua
Export the Infrastructure configurations as a JSON file
- Description: Export the configuration for the infrastructure configurations
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| download | query | Download as file (no REST envelope) | boolean |
Responses
0 - OK
-3 - NOT_GRANTED
POST /lua/rest/v2/enable/check.lua
Enables a check
- Description: Enables a check
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| check_subdir | form | The check subdir | string |
| script_key | form | The key of the script | string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
POST /lua/rest/v2/disable/check.lua
Disables a check
- Description: Disables a check
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| check_subdir | form | The check subdir | string |
| script_key | form | The key of the script | string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/rest/v2/delete/interface/alerts.lua
Delete interface alerts
- Description: Delete historical interface alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| subtype | query | Alert subtype | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/host/alerts.lua
Delete host alerts
- Description: Delete historical host alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| vlan_id | query | VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| ip_version | query | IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| name | query | Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| host_pool_id | query | Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| network | query | Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/host/new_devices.lua
Delete all new devices
- Description: Delete all new devices learned by ntopng
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
GET /lua/rest/v2/delete/network/alerts.lua
Delete network alerts
- Description: Delete historical network alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| network_name | query | Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/all/alerts.lua
Delete all alerts
- Description: Delete all historical alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/am_host/alerts.lua
Delete active monitoring hosts alerts
- Description: Delete active monitoring hosts historical alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/user/alerts.lua
Delete user alerts
- Description: Delete user historical alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/mac/alerts.lua
Delete MAC alerts
- Description: Delete MAC historical alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/system/alerts.lua
Delete system alerts
- Description: Delete system historical alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/flow/alerts.lua
Delete flow alerts
- Description: Delete flow historical alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| ip_version | query | IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_ip | query | Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_ip | query | Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_name | query | Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| srv_name | query | Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| cli_port | query | Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_port | query | Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| vlan_id | query | VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| l7proto | query | Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_country | query | Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_country | query | Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| probe_ip | query | Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| input_snmp | query | Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| output_snmp | query | Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| snmp_interface | query | SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_host_pool_id | query | Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| srv_host_pool_id | query | Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| cli_network | query | Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_network | query | Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| l7_error_id | query | Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| traffic_direction | query | Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/reset/snmp/config.lua
Reset SNMP configuration
- Description: Reset SNMP configuration including all configured devices
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/rest/v2/reset/checks/config.lua
Reset Checks configuration
- Description: Reset checks configuration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/rest/v2/reset/active_monitoring/config.lua
Reset Active Monitoring configuration
- Description: Reset active monitoring configuration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/rest/v2/reset/notifications/config.lua
Reset Notifications configuration
- Description: Reset notifications configuration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/interface/alerts.lua
Acknowledge interface alerts
- Description: Acknowledge interface historical alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| subtype | query | Alert subtype | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/host/alerts.lua
Acknowledge host alerts
- Description: Acknowledge host historical alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| vlan_id | query | VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| ip_version | query | IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| name | query | Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| host_pool_id | query | Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| network | query | Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/network/alerts.lua
Acknowledge network alerts
- Description: Acknowledge network historical alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| network_name | query | Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/am_host/alerts.lua
Acknowledge Active Monitoring alerts
- Description: Acknowledge Active Monitoring historical alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/user/alerts.lua
Acknowledge user alerts
- Description: Acknowledge user historical alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/mac/alerts.lua
Acknowledge MAC alerts
- Description: Acknowledge MAC historical alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/system/alerts.lua
Acknowledge system alerts
- Description: Acknowledge system historical alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/flow/alerts.lua
Acknowledge flow alerts
- Description: Acknowledge flow historical alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| ip_version | query | IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_ip | query | Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_ip | query | Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_name | query | Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| srv_name | query | Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| cli_port | query | Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_port | query | Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| vlan_id | query | VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| l7proto | query | Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_country | query | Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_country | query | Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| probe_ip | query | Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| input_snmp | query | Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| output_snmp | query | Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| snmp_interface | query | SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_host_pool_id | query | Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| srv_host_pool_id | query | Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| cli_network | query | Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_network | query | Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| l7_error_id | query | Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| traffic_direction | query | Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/charts/host/map.lua
Get an host map
- Description: Get an host map
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| bubble_mode | query | The identifier of the bubble chart to obtain | integer |
| show_remote | query | Whether to show remote hosts | boolean |
Responses
0 - OK
GET /lua/rest/v2/charts/time/data.lua
Get widget time data
- Description: Get widget time data
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| totalRows | query | The number of records | integer |
Responses
0 - OK
GET /lua/rest/v2/get/datasource/interface/packet_distro.lua
Get interface packets distribution
- Description: Get interface packets distribution
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
GET /lua/rest/v2/get/datasource/datasource.lua
Get datasource
- Description: Get datasource
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
GET /lua/rest/v2/get/interface/nprobes/data.lua
Get interface nProbe data
- Description: Get data for nProbe instances connected to an ntopng interface
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/network/discovery/discover.lua
Get interface network discovery data
- Description: Get data regarding the network discovery done by an ntopng interface
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| operating_system | query | Operating System identifier | integer |
| device_type | query | Device type identifier | integer |
| manufacturer | query | Manufacturer of the device | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/interface/alert/ts.lua
Get interface alerts timeseries
- Description: Get interface alerts timeseries
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| subtype | query | Alert subtype | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/interface/alert/list.lua
Get interface alerts list
- Description: Get interface alerts list
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| subtype | query | Alert subtype | string |
| format | query | Format of the return data (json or txt) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/interface/arp.lua
Get interface ARP info
- Description: Get interface ARP info
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/timeseries/type/consts.lua
Get available timeseries
- Description: Get all the available timeseries given a tag
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| query | query | Tag used to retrieve the timeseries; currently available: iface, host, mac, subnet, asn, country, os, vlan, host_pool, pod, container, ht, system, profile, redis, influxdb, am, snmp_interface, snmp_device, obs_point, sflowdev_port, flowdev, flowdev_port | string |
| host | query | Host IP@VLAN, REQUIRED in case of timeseries regarding Host, SNMP or Flow devices | string |
| asn | query | ASN identifier, REQUIRED in case of timeseries regarding Autonomous Systems | integer |
| pool | query | Host Pool identifier, REQUIRED in case of timeseries regarding Host Pools | integer |
| vlan | query | VLAN identifier, REQUIRED in case of timeseries regarding VLANs | integer |
| mac | query | MAC address, REQUIRED in case of timeseries regarding MACs | string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
POST /lua/pro/rest/v2/get/timeseries/ts_multi.lua
Return timeseries
- Description: Return the requested timeseries in the requested timeframe
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| limit | query | Maximum number of timeseries points | number |
| initial_point | query | A boolean used to return the first point of the timeseries or not | boolean |
| ts_compare | query | Choices available: ‘30m’, ‘1h’, ‘1d’. A string reporting the timeframe of the timeseries to be compared to (e.g. ‘30m’, means to return other then the timeserie requested, the 30 minutes before) | string |
| ts_requests | query | An array of timeseries to be returned, containing ts_query, ts_schema and tskey (e.g. [{ts_query: ‘ifid:1,asn:199524’, ts_schema: ‘asn:traffic’, tskey: ‘199524’}]; the explaination of these three parameters can be found into ‘/lua/rest/v2/get/timeseries/ts.lua’ REST) | array |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/timeseries/ts.lua
Get timeseries data
- Description: Get timeseries data
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| limit | query | Maximum number of timeseries points | number |
| initial_point | query | A boolean used to return the first point of the timeseries or not | boolean |
| ts_compare | query | Choices available: ‘30m’, ‘1h’, ‘1d’. A string reporting the timeframe of the timeseries to be compared to (e.g. ‘30m’, means to return other then the timeserie requested, the 30 minutes before) | string |
| ts_query | query | Containing the parameters used to find the timeserie in the following format, parameter:value;parameter:value;… (e.g. ‘ifid:1;host:192.168.1.1’) | string |
| tskey | query | Containing the timeseries key, whom the timeseries is referred to (e.g. if the timeserie is regarding the interface ‘7’ or the host ‘192.168.1.1’, then tskey is going to be ‘7’ or ‘192.168.1.1’) | string |
| ts_schema | query | Contains the timeserie schema (e.g. ‘iface:traffic’) | string |
Responses
0 - OK
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/host/l4/contacted_hosts_data.lua
Get the contacted hosts information
- Description: Given an host, return the number of contacted hosts as a server and as a client
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| vlan | query | VLAN ID | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/host/l4/data.lua
Get the host information about transport protocols
- Description: Given an host, return the transport protocols information (bytes sent, received, …) of an host
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| vlan | query | VLAN ID | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/host/l7/breed_data.lua
Get the host information about breed
- Description: Given an host, return the top breed information (bytes sent, received, …) of an host
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| vlan | query | VLAN ID | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/host/l7/cat_data.lua
Get the host information about categories
- Description: Given an host, return the categories information (bytes sent, received, …) of an host
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| vlan | query | VLAN ID | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/host/l7/proto_data.lua
Get the host information about application protocols
- Description: Given an host, return the application protocols information (bytes sent, received, …) of an host
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| vlan | query | VLAN ID | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/host/packets/arp_data.lua
Get the host information about ARP
- Description: Given an host, return the ARP information (bytes sent, received, …) of an host
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| vlan | query | VLAN ID | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/host/packets/tcp_flags_data.lua
Get the host information about TCP flags
- Description: Given an host, return the TCP flags information (bytes sent, received, …) of an host
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| vlan | query | VLAN ID | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/host/port/cli_port_data.lua
Get the host information about client ports
- Description: Given an host, return the client ports total bytes of an host
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| vlan | query | VLAN ID | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/host/port/srv_port_data.lua
Get the host information about server ports
- Description: Given an host, return the server ports total bytes of an host
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| vlan | query | VLAN ID | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/host/port/table_port_data.lua
Get the host information about ports used by application protocols
- Description: Given an host, return the ports and the protocols used on each port of an host
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| vlan | query | VLAN ID | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/host/processes/listening_ports.lua
Get the host information about listening ports
- Description: Given an host, return the information about listening ports (transport level protocol, package and process that’s currently running on that port)
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| vlan | query | VLAN ID | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/host/fingerprint/data.lua
Get counters per type
- Description: Number of alerts per alert type
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| fingerprint_type | query | The fingerprint type, either ja3 or hassh | string |
Responses
0 - OK
GET /lua/rest/v2/get/host/alert/ts.lua
Get host alerts timeseries
- Description: Get host alerts timeseries
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| vlan_id | query | VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| ip_version | query | IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| name | query | Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| host_pool_id | query | Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| network | query | Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/host/alert/list.lua
Get host alerts list
- Description: Get host alerts list
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| vlan_id | query | VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| ip_version | query | IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| name | query | Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| host_pool_id | query | Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| network | query | Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| format | query | Format of the return data (json or txt) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/recipient/pools.lua
Get recipient pools
- Description: Get all pools bound to a recipient
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| recipient_id | query | Recipient identifier | integer |
Responses
0 - OK
GET /lua/rest/v2/get/checks/config.lua
Get Checks configuration
- Description: Get checks configuration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/rest/v2/get/network/alert/ts.lua
Get network alerts timeseries
- Description: Get network alerts timeseries
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| network_name | query | Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/network/alert/list.lua
Get network alerts list
- Description: Get network alerts list
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| network_name | query | Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| format | query | Format of the return data (json or txt) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/all/alert/ts.lua
Get all alerts timeseries
- Description: Get all alerts timeseries
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | Start time (epoch) | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/all/alert/list.lua
Get all alerts list
- Description: Get all alerts list
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| format | query | Format of the return data (json or txt) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/am_host/alert/ts.lua
Get Active Monitoring alerts timeseries
- Description: Get Active Monitoring alerts timeseries
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/am_host/alert/list.lua
Get Active Monitoring alerts list
- Description: Get Active Monitoring alerts list
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| format | query | Format of the return data (json or txt) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/user/alert/ts.lua
Get user alerts timeseries
- Description: Get user alerts timeseries
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/user/alert/list.lua
Get user alerts list
- Description: Get user alerts list
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| format | query | Format of the return data (json or txt) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/mac/alert/ts.lua
Get MAC alerts timeseries
- Description: Get MAC alerts timeseries
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/mac/alert/list.lua
Get MAC alerts list
- Description: Get MAC alerts list
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| format | query | Format of the return data (json or txt) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/system/alert/ts.lua
Get system alerts timeseries
- Description: Get system alerts timeseries
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/system/alert/list.lua
Get system alerts list
- Description: Get system alerts list
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| format | query | Format of the return data (json or txt) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/dns/resolve.lua
Resolve an host name into an IP address
- Description: Resolve an host name into an IP address
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| hostname | query | The host name to be resolved | string |
Responses
0 - OK
-9 - NAME_RESOLUTION_FAILED
GET /lua/rest/v2/get/category/list.lua
Get category information
- Description: Get all the category information available
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/geo_map/hosts.lua
Get the Geo Map information
- Description: Get the Geo Map information available in ntopng
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host address | string |
| vlan | query | VLAN ID | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/flow/alert/ts.lua
Get flow alerts timeseries
- Description: Get flow alerts timeseries
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| ip_version | query | IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_ip | query | Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_ip | query | Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_name | query | Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| srv_name | query | Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| cli_port | query | Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_port | query | Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| vlan_id | query | VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| l7proto | query | Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_country | query | Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_country | query | Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| probe_ip | query | Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| input_snmp | query | Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| output_snmp | query | Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| snmp_interface | query | SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_host_pool_id | query | Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| srv_host_pool_id | query | Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| cli_network | query | Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_network | query | Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| l7_error_id | query | Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| traffic_direction | query | Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/flow/alert/list.lua
Get flow alerts list
- Description: Get flow alerts list
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| ip_version | query | IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_ip | query | Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_ip | query | Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_name | query | Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| srv_name | query | Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| cli_port | query | Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_port | query | Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| vlan_id | query | VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| l7proto | query | Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_country | query | Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_country | query | Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| probe_ip | query | Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| input_snmp | query | Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| output_snmp | query | Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| snmp_interface | query | SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_host_pool_id | query | Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| srv_host_pool_id | query | Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| cli_network | query | Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_network | query | Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| l7_error_id | query | Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| traffic_direction | query | Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| format | query | Format of the return data (json or txt) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/flow/traffic_stats.lua
Get traffic stats for active flows
- Description: Get traffic stats for active flows
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
POST /lua/rest/v2/edit/ntopng/incr_hosts.lua
Double the maximum number of hosts managed by ntopng
- Description: Double the maximum number of hosts managed by ntopng
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
-7 - BAD_FORMAT
POST /lua/rest/v2/edit/ntopng/incr_flows.lua
Double the maximum number of flows managed by ntopng
- Description: Double the maximum number of flows managed by ntopng
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
-7 - BAD_FORMAT
POST /lua/rest/v2/set/checks/config.lua
Set Checks configuration
- Description: Set Checks configuration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| JSON | form | Check configuration in JSON | string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/rest/v2/export/checks/config.lua
Export Checks configuration
- Description: Export Checks configuration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
POST /lua/rest/v2/import/checks/config.lua
Import Checks configuration
- Description: Import Checks configuration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| JSON | form | The Checks configuration in JSON | string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
POST /lua/rest/v2/set/checks/auto_refresh.lua
Import Checks configuration
- Description: Import Checks configuration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| alert_page_refresh_rate_enabled | form | Enable the alert page refresh (1 to enable, 0 otherwise) | number |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
GET /lua/rest/v2/import/pool/host_pool/members.lua
Import host pool members
- Description: Import host pool members
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| pool | form | Pool identifier | integer |
| host_pool_members | form | A newline-separated list of host pool members | string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
POST /lua/rest/v2/create/ntopng/api_token.lua
Create an API token
- Description: Create an API token
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| username | form | An existing ntopng username | string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/delete/host/alert/exclusions.lua
Delete host alert exclusions
- Description: Delete host alert exclusions
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| alert_addr | query | The host IP address | string |
| alert_key | query | The host alert key to exclude from host alerts | integer |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/delete/snmp/device.lua
Delete an SNMP device
- Description: Delete an SNMP device from the monitored SNMP devices
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| host | query | IP address of an SNMP device | string |
Responses
0 - SNMP_DEVICE_DELETED_SUCCESSFULLY
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/delete/snmp/device/alerts.lua
Delete SNMP device alerts
- Description: Delete SNMP device alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| snmp_interface | query | SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/delete/all/alert/exclusions.lua
Delete all alert exclusions
- Description: Delete all configured host or flow alert exclusions for a specific host
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| type | query | Either ‘host’ or ‘flow’ | string |
| host | query | The IP address of the host | string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/delete/flow/alert/exclusions.lua
Delete flow alert exclusions
- Description: Delete flow alert exclusions
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| alert_addr | query | The host IP address | string |
| alert_key | query | The flow alert key to exclude from flow alerts | integer |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/acknowledge/snmp/device/alerts.lua
Acknowledge SNMP device alerts
- Description: Acknowledge SNMP device historical alerts
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| snmp_interface | query | SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/maps/periodicity_map.lua
Get the periodicity map of an interface
- Description: Get the periodicity map of an interface
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/maps/service_map.lua
Get the service map of an interface
- Description: Get the service map of an interface
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/flowdevices/stats.lua
Get flow devices stats
- Description: get flow devices stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/interface/top/sites.lua
Get interface top sites
- Description: Get the top sites for an interface
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/interface/top/l7_stats.lua
Get interface top Layer-7 stats
- Description: Get interface top Layer-7 stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/pro/rest/v2/get/interface/top/score.lua
Get interface top score stats
- Description: Get interface top score stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/pro/rest/v2/get/interface/top/realtime_traffic.lua
Get interface top traffic stats
- Description: Get interface top traffic stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/pro/rest/v2/get/interface/alert/top.lua
Get interface alert stats
- Description: Get interface alert stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| subtype | query | Alert subtype | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/alert/filter/consts.lua
Get available alert filters
- Description: Given a specific alert type (flow, host, …) return the available filters
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| page | query | Alert Page (interface, flow, host, network, snmp_device, mac, user, am_host, system) | string |
Responses
0 - OK
GET /lua/pro/rest/v2/delete/observation_point/stats.lua
Remove an Observation Point stats
- Description: Remove Observation Point stats stored until now. If the Observation Point is no more seen on the network, even the entry is going to be deleted
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| observation_point | query | Identifier of the rule to delete | integer |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/observation_points/alias.lua
Get the alias of an Observation Point
- Description: The alias of an Observation Point is returned
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| observation_point_id | query | Observation Point ID | integer |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/get/observation_points/stats.lua
Get observation points alert stats
- Description: Get observation points alert stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
POST /lua/pro/rest/v2/set/observation_points/alias.lua
Set the alias of an Observation Point
- Description: Set the alias of an Observation Point is returned
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| alias | formData | New Observation Point Alias | string |
| observation_point_id | formData | Observation Point ID | integer |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/delete/observation_points/stats.lua
Delete an Observation Point
- Description: Given an Observation Point ID, it is going to delete it and all the information related to it
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| observation_point_id | query | Observation Point ID | integer |
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/get/host/top/local/sites.lua
Get host top local sites
- Description: Get host top local sites
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | The IP address of the host | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/host/alert/exclusions.lua
Get host alert exclusions
- Description: Get host alert exclusions
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| host | query | The host IP address | string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/get/host/alert/top.lua
Get host alert stats
- Description: Get host alert stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| vlan_id | query | VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| ip_version | query | IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| name | query | Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| host_pool_id | query | Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| network | query | Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/host/no_tx_peers.lua
Get RX-only host peers
- Description: Get list of host with RX-only traffic (i.e. no TX traffic sent)
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/db/historical_db_search.lua
Get historical flows info
- Description: Get historical flows info
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| l7proto | query | Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| l7proto_master | query | Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| l7cat | query | Application category identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| flow_risk | query | Flow risk identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| l4proto | query | Transport protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip_version | query | IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_ip | query | Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_ip | query | Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| traffic_direction | query | Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| name | query | Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| cli_name | query | Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| srv_name | query | Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| network_name | query | Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| src2dst_dscp | query | Client to Server DSCP identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_port | query | Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_port | query | Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| country | query | Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_country | query | Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_country | query | Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_asn | query | Client ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_asn | query | Server ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_nw_latency | query | Client network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| srv_nw_latency | query | Server network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| observation_point_id | query | Observation point identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| probe_ip | query | Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| vlan_id | query | VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| snmp_interface | query | SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| input_snmp | query | Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| output_snmp | query | Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| src2dst_tcp_flags | query | Client to Server TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| dst2src_tcp_flags | query | Server to Client TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| mac | query | MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_mac | query | Client MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_mac | query | Server MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| network | query | Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_network | query | Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_network | query | Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| info | query | Info field (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| bytes | query | Total Bytes (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| packets | query | Total Packets (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| host_pool_id | query | Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| cli_host_pool_id | query | Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| srv_host_pool_id | query | Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| l7_error_id | query | Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_proc_name | query | Client process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_proc_name | query | Server process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_user_name | query | Client user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_user_name | query | Server user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/snmp/device/alert/ts.lua
Get SNMP device alerts timeseries
- Description: Get SNMP device alerts timeseries
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| snmp_interface | query | SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/snmp/device/alert/top.lua
Get SNMP device alert stats
- Description: Get SNMP device alert stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| snmp_interface | query | SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/snmp/device/alert/list.lua
Get SNMP device alerts list
- Description: Get SNMP device alerts list
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| snmp_interface | query | SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| format | query | Format of the return data (json or txt) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/network/alert/top.lua
Get network alert stats
- Description: Get network alert stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| network_name | query | Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/sflowdevice/stats.lua
Get sFlow device stats
- Description: get sFlow device stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| ip | query | The IP address of the device | string |
| ifIdx | query | The interface index | integer |
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/all/alert/top.lua
Get all alert stats
- Description: Get all alert stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | Start time (epoch) | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/am_host/alert/top.lua
Get Active Monitoring alert stats
- Description: Get Active Monitoring alert stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/user/alert/top.lua
Get user alert stats
- Description: Get user alert stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/mac/alert/top.lua
Get MAC alert stats
- Description: Get MAC alert stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/system/alert/top.lua
Get system alert stats
- Description: Get system alert stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/system/data.lua
Get system data
- Description: Get system data
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
GET /lua/pro/rest/v2/get/infrastructure/data.lua
Get infrastructure data
- Description: Get infrastructure data
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/sflowdevices/stats.lua
Get sFlow devices stats
- Description: get sF devices stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/flowdevice/stats.lua
Get flow device stats
- Description: get flow device stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| ip | query | The IP address of the device | string |
| ifIdx | query | The interface index | integer |
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/flow/alert/exclusions.lua
Get flow alert exclusions
- Description: Get flow alert exclusions
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| host | query | The host IP address | string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/get/domain/alert/exclusions.lua
Get domain alert exclusions
- Description: Get domain alert exclusions
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/get/flow/alert/top.lua
Get flow alert stats
- Description: Get flow alert stats
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| epoch_begin | query | Start time (epoch) | integer |
| epoch_end | query | End time (epoch) | integer |
| alert_id | query | Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | integer |
| severity | query | Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| score | query | Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | integer |
| ip_version | query | IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| ip | query | IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_ip | query | Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_ip | query | Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_name | query | Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| srv_name | query | Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) | string |
| cli_port | query | Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_port | query | Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| vlan_id | query | VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| l7proto | query | Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_country | query | Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_country | query | Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| probe_ip | query | Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| input_snmp | query | Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| output_snmp | query | Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| snmp_interface | query | SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| cli_host_pool_id | query | Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| srv_host_pool_id | query | Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then | string |
| cli_network | query | Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| srv_network | query | Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| l7_error_id | query | Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| traffic_direction | query | Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) | string |
| format | query | Format of the return data (json or txt) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/geo_map/hosts.lua
Get hosts location
- Description: Get hosts location and other info
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/pro/rest/v2/add/alert/exclusion.lua
Add an alert exclusion
- Description: Add an alert exclusion
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| type | query | Type of the host to exclude (currently available: ‘host’, ‘domain’, ‘certificate’) | string |
| alert_addr | query | Host IP of the address to exclude (with type: ‘host’) | string |
| alert_domain | query | Domain to exclude (with type ‘host’) | string |
| alert_certificate | query | Certificate to exclude (with type ‘certificate’) | string |
| subdir | query | Type of alert to exclude (currently available: ‘flow’ or ‘host’ | string |
| flow_alert_key | query | Flow alert identifier | string |
| host_alert_key | query | Host alert identifier | string |
| delete_alerts | query | Return true to delete the excluded alerts, false otherwise | boolean |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/alert/exclusion.lua
Get the alert exclusions
- Description: Get all the available alert exclusions
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| type | query | Type of the host to exclude (currently available: ‘host’, ‘domain’, ‘certificate’) | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/delete/alert/exclusion.lua
Delete an alert exclusion
- Description: Delete an alert exclusion
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| type | query | Type of the host to exclude (currently available: ‘host’, ‘domain’, ‘certificate’) | string |
| alert_addr | query | Host IP of the address to exclude (with type: ‘host’) | string |
| alert_domain | query | Domain to exclude (with type ‘host’) | string |
| alert_certificate | query | Certificate to exclude (with type ‘certificate’) | string |
| subdir | query | Type of alert to exclude (currently available: ‘flow’ or ‘host’ | string |
| flow_alert_key | query | Flow alert identifier | string |
| host_alert_key | query | Host alert identifier | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/add/device/exclusion.lua
Add a device to exclude
- Description: Add a device to exclude to the MAC tracking (see for more info: Device/MAC Address Tracking)
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| mac_list | query | List of MAC addresses to exclude separated by commas | string |
| trigger_alerts | query | Trigger the Unexpected Device Connected/Disconnected alert if set to true, otherwise not | boolean |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/edit/device/exclusion.lua
Edit a device to exclude
- Description: Edit a device to exclude to the MAC tracking (see for more info: Device/MAC Address Tracking)
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| mac | query | MAC address to edit | string |
| mac_alias | query | Alias used to rename the MAC address | string |
| mac_status | query | MAC address status | string |
| trigger_alerts | query | Trigger the Unexpected Device Connected/Disconnected alert if set to true, otherwise not | boolean |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/delete/device/exclusion.lua
Remove a device to exclude
- Description: Remove a device to exclude to the MAC tracking (see for more info: Device/MAC Address Tracking)
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| device | query | MAC addresses to remove from the exclusions, or ‘all’ to delete all the MAC addresses excluded until now | string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/device/exclusion.lua
List of excluded devices
- Description: Return the list of the excluded devices (see for more info: Device/MAC Address Tracking)
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/add/filters/snapshot.lua
Add a Snapshot
- Description: Add an alert Snapshot, used to save the state of an alerts page
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| snapshot_name | query | Snapshot | string |
| filters | query | Filters separated by & (like the URL parameters) | string |
| page | query | Name of the alert page (flow, host, …) | string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
GET /lua/pro/rest/v2/get/filters/snapshot.lua
Get a Snapshot
- Description: Get an alert Snapshot, used to save the state of an alerts page
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| page | query | Name of the alert page (flow, host, …) | string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
GET /lua/pro/rest/v2/delete/filters/snapshot.lua
Remove a Snapshot
- Description: Remove an alert Snapshot, used to save the state of an alerts page
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| snapshot_name | query | Snapshot | string |
| page | query | Name of the alert page (flow, host, …) | string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
GET /lua/pro/rest/v2/add/interface/host_rules/add_host_rule.lua
Add Host Rule
- Description: Add an host rule to an interface, used to run periodic check on traffic and similar, on the timeseries
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| host | query | Host to apply the check, IP address of the host or * to check for all the hosts | string |
| frequency | query | Frequency of the check to run, every minute, every 5 minutes, every hour or daily (‘min’, ‘5min’, ‘hour’, ‘day’) | string |
| metric | query | Timeseries schema of the metric to analyze | string |
| threshold | query | Threshold that if exceeded, it’s going to trigger an alert | string |
| metric_type | query | metric used to analyze the data, Throughput or Volume? (currently available: ‘throughput’, ‘volume’) | string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
GET /lua/pro/rest/v2/get/interface/host_rules/host_rules_data.lua
Get Host Rule
- Description: Get an host rule to an interface, used to run periodic check on traffic and similar, on the timeseries
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
GET /lua/pro/rest/v2/get/interface/host_rules/host_rules_metric.lua
Get Host Rule available metrics
- Description: Get an host rule available metrics, used to run periodic check on traffic and similar, on the timeseries
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
GET /lua/pro/rest/v2/delete/interface/host_rules/add_host_rule.lua
Remove an Host Rule
- Description: Remove an host rule from an interface, used to run periodic check on traffic and similar, on the timeseries
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
| rule_id | query | Identifier of the rule to delete | string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/set/pool/policy.lua
Set pool policy
- Description: Set pool policy
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
| ifid | query | Interface identifier | integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
GET /lua/pro/rest/v2/set/pool/policy_autoconf.lua
Set a pool policy from autoconfiguration
- Description: Set a pool policy from autoconfiguration
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
Responses
0 - OK
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/export/pool/policy.lua
Export pool policies
- Description: Export pool policies
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
POST /lua/rest/v2/reset/infrastructure/config.lua
Reset all infrastructure configurations
- Description: Reset all infrastructure configurations
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/rest/v2/get/system/configurations/list_availabled_backups.lua
Get system configurations automatic backups
- Description: Get list of automatic system configurations backups
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/system/configurations/download_backup.lua
Get system configuration automatic backup
- Description: Get on of the automatic system configurations backups
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|---|---|---|
Responses
0 - OK
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/system/health/stats.lua
Get system stats
- Description: Get statistics of the system on top of which ntopng is running
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/system/health/interfaces.lua
Get interfaces stats
- Description: Get statistics of every active interfaces
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/system/health/redis.lua
Get Redis Stats
- Description: Get all the available Redis Statistics
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/system/health/influxdb.lua
Get InfluxDB Stats
- Description: Get all the available InfluxDB Statistics
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/system/health/clickhouse.lua
Get Clickhouse Stats
- Description: Get all the available Clickhouse Statistics
- Produces: [‘application/json’]
Parameters
| Name | Position | Description | Type |
|---|
Responses
0 - OK
-6 - INTERNAL_ERROR