Sometimes, a critical issue shows up in your network and you’d like to be notified by ntopng on Telegram or by E-Mail. ntopng allows you to filter alerts for each recipient based on a few criteria including alert family, category, severity, or affected hosts. However in some case you want to be notified about a very specific alert, out of all alerts produced with the same family, category, severity.
For example, it’s important to be notified when an Interface has no traffic, or when a new device (MAC) connects or disconnects from your network, or if a SYN scan attack is in progress, however all these alerts have the same severity/category as other critical alerts that you could not be interested in receiving a message directly on your Telegram (for example).
For this reason, we decided to extend the recipients configuration to be able to deliver specific alerts, selected from the user to the endpoint we want. In this way, a user can send a notification (e.g.) on his Telegram, if some interface stops capturing traffic (No Traffic Activity alert).
Doing that today it’s simple!
From the Notification page, it’s possible to handle it, and when adding/editing a Recipient, a tab is available, from which it’s possible to select:
- ‘By Properties’ if the “old” way of filtering alerts is needed, so filter alerts by severity, by category, or by entity;
- ‘By Alerts’ if the “new” filtering is required and here it’s possible to select one or more alerts to deliver.
After selecting ‘By Alerts’ click on the dropdown and select the critical alerts to receive.
An other important point is that, as you wish to receive important alerts on your phone, you do not want to be spammed by ntopng!
So we added a new preference, still when adding/editing a Recipient, to silence the same exact alert if it triggers more than one time per hour, in this way only one alert of the same kind per hour is going to be delivered to the recipient.
We hope you enjoy this new feature!
