Alerts List per License

some ntopng alerts are available with a specific license. Here a list of all the alerts divided by family and their availability depending on the license.

Host Behavioural Checks

	Community	Pro	Enterprise M	Enterprise L	Enterprise XL
Countries Contacts	x	x	x	x	x
Dangerous Host	x	x	x	x	x
DNS Flood		x	x	x	x
DNS Server Contacts	x	x	x	x	x
DNS Traffic	x	x	x	x	x
Domain Names Contacts	x	x	x	x	x
Flow Flood	x	x	x	x	x
Flows Anomaly		x	x	x	x
Host External Check (REST)	x	x	x	x	x
Host Scanner Blackhole Contacts	x	x	x	x	x
Host User Check Script	x	x	x	x	x
ICMP Flood	x	x	x	x	x
NTP Server Contacts	x	x	x	x	x
Remote Connection	x	x	x	x	x
RX-only Host Scan				x	x
RST Scan	x	x	x	x	x
Scan Detection	x	x	x	x	x
Score Anomaly		x	x	x	x
Server Port Detected			x	x	x
Score Threshold Exceeded	x	x	x	x	x
SMTP Server Contacts	x	x	x	x	x
SNMP Flood		x	x	x	x
SYN Flood	x	x	x	x	x
SYN Scan	x	x	x	x	x
Suspicious Domain Scan			x	x	x
TCP FIN Scan	x	x	x	x	x

Interface Behavioural Checks

	Community	Pro	Enterprise M	Enterprise L	Enterprise XL
Device/MAC Address Tracking			x	x	x
DHCP Storm		x	x	x	x
Ghost Networks	x	x	x	x	x
Interface Alerts Drops	x	x	x	x	x
Interface Periodic Activity Not Executed	x	x	x	x	x
Interface Slow Periodic Activity	x	x	x	x	x
No Traffic Activity	x	x	x	x	x
Packet Drops		x	x	x	x
Unexpected Score Behaviour			x	x	x
Unexpected Traffic Behaviour			x	x	x

Local Networks Behavioural Checks

	Community	Pro	Enterprise M	Enterprise L	Enterprise XL
Broadcast Domain Too Large	x	x	x	x	x
Flow Flood Victim	x	x	x	x	x
IP/MAC Reassoc/Spoofing	x	x	x	x	x
Network Discovery	x	x	x	x	x
Network Issues	x	x	x	x	x
Network Score per Host		x	x	x	x
SYN Flood Victim	x	x	x	x	x
SYN Scan Victim	x	x	x	x	x

SNMP Behavioural Checks

	Enterprise M	Enterprise L	Enterprise XL
Duplex Status Change	x	x	x
High Interface Discards/Errors	x	x	x
Interface Errors Exceeded	x	x	x
LLDP/CDP Topology Monitor	x	x	x
MAC Detection	x	x	x
MAC Port Changed	x	x	x
Oper. Status Change	x	x	x
SNMP Device Restart	x	x	x
Threshold Crossed	x	x	x
Too Many MACs on Non-Trunk	x	x	x
Traffic Change Detected		x	x

Flow Behavioural Checks

	Community	Pro	Enterprise M	Enterprise L	Enterprise XL
ALPN/SNI Mismatch	x	x	x	x	x
Anonymous Subscriber	x	x	x	x	x
Binary App/.exe Transfer	x	x	x	x	x
Binary file/data transfer (attempt)	x	x	x	x	x
Blacklisted Client Contact	x	x	x	x	x
Blacklisted Country	x	x	x	x	x
Blacklisted Flow	x	x	x	x	x
Blacklisted Server Contact	x	x	x	x	x
Broadcast Non-UDP Traffic	x	x	x	x	x
Clear-Text Credentials	x	x	x	x	x
Crawler/Bot	x	x	x	x	x
Desktop/File Sharing	x	x	x	x	x
DNS Data Exfiltration			x	x	x
DNS Invalid Characters	x	x	x	x	x
Elephant flow		x	x	x	x
Error Code	x	x	x	x	x
External Alert		x	x	x	x
Flow User Check Script	x	x	x	x	x
Fragmented DNS Message	x	x	x	x	x
Fully encrypted flow	x	x	x	x	x
HTTP Obsolete Server	x	x	x	x	x
HTTP Susp Content	x	x	x	x	x
HTTP Susp Header	x	x	x	x	x
HTTP Susp URL	x	x	x	x	x
HTTP Susp User-Agent	x	x	x	x	x
HTTP/TLS/QUIC Numeric Hostname/SNI	x	x	x	x	x
ICMP Data Exfiltration			x	x	x
IEC Invalid Command Transition	x	x	x	x	x
IEC Invalid Transition	x	x	x	x	x
IEC Unexpected TypeID	x	x	x	x	x
Invalid DNS Query		x	x	x	x
Known Proto on Non-Standard Port	x	x	x	x	x
Large DNS Packet (512+ bytes)	x	x	x	x	x
Long Lived				x	x
Low Goodput	x	x	x	x	x
Malformed packets	x	x	x	x	x
Malicious JA3 Fingerp	x	x	x	x	x
Malicious JA3 SHA1 Cert	x	x	x	x	x
Malware Host Contacted	x	x	x	x	x
Minor Issues	x	x	x	x	x
Missing SNI TLS Extn	x	x	x	x	x
ModbusTCP Invalid Transition				x	x
ModbusTCP Too Many Exceptions				x	x
ModbusTCP Unexpected Function Code				x	x
Not Purged	x	x	x	x	x
Obsolete SSH Client Version or Cipher	x	x	x	x	x
Obsolete SSH Server Version or Cipher	x	x	x	x	x
Old TLS Version	x	x	x	x	x
Periodic Flow	x	x	x	x	x
Periodicity Changed				x	x
Possible Exploit	x	x	x	x	x
Possible RCE	x	x	x	x	x
Possible SQL Inj	x	x	x	x	x
Probing attempt	x	x	x	x	x
Punicody IDN	x	x	x	x	x
Rare Destination	x	x	x	x	x
Remote Access	x	x	x	x	x
Remote to Local Insecure Protocol	x	x	x	x	x
Remote to Remote Flow	x	x	x	x	x
Risky ASN	x	x	x	x	x
Risky Domain	x	x	x	x	x
Service Map Lateral Movement				x	x
SMB insecure Vers	x	x	x	x	x
Susp Device Protocol	x	x	x	x	x
Susp DGA Domain name	x	x	x	x	x
Susp DNS traffic	x	x	x	x	x
Susp Entropy	x	x	x	x	x
TCP Connection Issues		x	x	x	x
TCP Connection Refused			x	x	x
TCP Flow Reset	x	x	x	x	x
TCP No Data Exchanged	x	x	x	x	x
TCP Packets Issues	x	x	x	x	x
TCP With No Answer	x	x	x	x	x
TCP Zero Window	x	x	x	x	x
TLS (probably) Not Carrying HTTPS	x	x	x	x	x
TLS Cert About To Expire	x	x	x	x	x
TLS Cert Expired		x	x	x	x
TLS Cert Issues	x	x	x	x	x
TLS Cert Self-Signed		x	x	x	x
TLS Cert Validity Too Long		x	x	x	x
TLS Fatal Alert		x	x	x	x
TLS Susp ESNI Usage		x	x	x	x
TLS Suspicious Extension		x	x	x	x
TLS Uncommon ALPN		x	x	x	x
TLS Unsafe Ciphers		x	x	x	x
Unexpected DHCP	x	x	x	x	x
Unexpected DNS server	x	x	x	x	x
Unexpected NTP	x	x	x	x	x
Unexpected SMTP	x	x	x	x	x
Unidirectional Flow	x	x	x	x	x
Unsafe protocol	x	x	x	x	x
VLAN Bidirectional Flow	x	x	x	x	x
WEb Mining	x	x	x	x	x
XSS Attack	x	x	x	x	x

System Behavioural Checks

	Community	Pro	Enterprise M	Enterprise L	Enterprise XL
Intrusion Detection and Prevention Log	x	x	x	x	x
Periodic Activity Not Executed	x	x	x	x	x
Slow Periodic Activity	x	x	x	x	x
System Alerts Drops	x	x	x	x	x
System Error	x	x	x	x	x

Active Monitoring Behavioural Checks

	Community	Pro	Enterprise M	Enterprise L	Enterprise XL
Vulnerability Scan				x	x

Syslog Behavioural Checks

	Community	Pro	Enterprise M	Enterprise L	Enterprise XL
Fortinet				x	x
Host Log	x	x	x	x	x
Kerberos/NXLog				x	x
nBox	x	x	x	x	x
OpenVPN				x	x
OPNsense				x	x
SonicWALL				x	x
Sophos				x	x
Suricata	x	x	x	x	x