Mailing List Archive

Flow alerts rules
Hi,

I see we have an "Alerts dashboard" where, for now, I could only see
that one computer was infected with an app that did some webmining.

What rules does ntop/ndpi uses for those flow alerts? Can I load snort
rules?

Thank you.

Best regards,
Dan Craciun
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Flow alerts rules [ In reply to ]
Hi Dan,

nDPI detects some common mining protocols, please check out
https://github.com/ntop/nDPI/commit/c6b427c2521c0916866f932ea1db43334a01b2f4
.

Moreover, ntopng detects mining hosts by using this list:
https://github.com/ntop/ntopng/blob/dev/httpdocs/other/lists/web_mining.txt
. The list is currently not updated although it will update
automatically in the future. You will probably find the ip address of
the host in the text file above.

Regards,

Emanuele

On 1/18/19 6:23 AM, Dan Craciun wrote:
> Hi,
>
> I see we have an "Alerts dashboard" where, for now, I could only see
> that one computer was infected with an app that did some webmining.
>
> What rules does ntop/ndpi uses for those flow alerts? Can I load snort
> rules?
>
> Thank you.
>
> Best regards,
> Dan Craciun
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop