Contribute
Contribute to the project by sending encrypted, anonymous telemetry data to ntop.org.
Alert and Flow Status Definitions
| Alert Key | |
|---|---|
| 1 | alert_blacklisted_country |
| 2 | alert_broadcast_domain_too_large |
| 3 | alert_device_connection |
| 4 | alert_device_disconnection |
| 5 | alert_device_protocol_not_allowed |
| 6 | alert_dropped_alerts |
| 7 | external_alert |
| 8 | alert_flow_blacklisted |
| 9 | alert_flow_blocked |
| 10 | alert_flow_misbehaviour |
| 11 | alert_flows_flood |
| 12 | alert_ghost_network |
| 13 | alert_host_pool_connection |
| 14 | alert_host_pool_disconnection |
| 16 | alert_influxdb_error |
| 17 | alert_influxdb_export_failure |
| 18 | alert_internals |
| 19 | alert_ip_outsite_dhcp_range |
| 20 | alert_list_download_failed |
| 21 | alert_login_failed |
| 22 | alert_mac_ip_association_change |
| 23 | alert_malicious_signature |
| 25 | alert_misconfigured_app |
| 26 | alert_new_device |
| 27 | alert_nfq_flushed |
| 28 | alert_none |
| 29 | alert_periodic_activity_not_executed |
| 30 | alert_am_threshold_cross |
| 31 | alert_port_duplexstatus_change |
| 32 | alert_port_errors |
| 33 | alert_port_load_threshold_exceeded |
| 34 | alert_port_mac_changed |
| 35 | alert_port_status_change |
| 36 | alert_potentially_dangerous_protocol |
| 37 | alert_process_notification |
| 38 | alert_quota_exceeded |
| 39 | alert_remote_to_remote |
| 40 | alert_request_reply_ratio |
| 41 | alert_slow_periodic_activity |
| 42 | alert_slow_purge |
| 43 | alert_snmp_device_reset |
| 44 | alert_snmp_topology_changed |
| 45 | alert_suspicious_activity |
| 46 | alert_tcp_syn_flood |
| 47 | alert_tcp_syn_scan |
| 49 | alert_threshold_cross |
| 50 | alert_too_many_drops |
| 51 | alert_udp_unidirectional |
| 53 | alert_user_activity |
| 54 | alert_user_script_calls_drops |
| 55 | alert_web_mining |
| 56 | alert_connection_issues |
| 57 | alert_suspicious_file_transfer |
| 58 | alert_known_proto_on_non_std_port |
| 59 | alert_host_log |
| 60 | alert_attack_mitigation_via_snmp |
| 61 | alert_iec104_error |
| 62 | alert_flow_risk |
| 63 | alert_unexpected_dns |
| 64 | alert_unexpected_smtp |
| 65 | alert_unexpected_dhcp |
| 66 | alert_unexpected_ntp |
| 68 | alert_lateral_movement |
| 69 | alert_list_download_succeeded |
| Status Key | |
|---|---|
| 0 | status_normal |
| 1 | status_blacklisted |
| 2 | status_blacklisted_country |
| 3 | status_blocked |
| 4 | status_data_exfiltration |
| 5 | status_device_protocol_not_allowed |
| 6 | status_dns_data_exfiltration |
| 7 | status_dns_invalid_query |
| 8 | status_elephant_local_to_remote |
| 9 | status_elephant_remote_to_local |
| 10 | status_external_alert |
| 11 | status_longlived |
| 12 | status_low_goodput |
| 13 | status_malicious_signature |
| 14 | status_not_purged |
| 15 | status_potentially_dangerous |
| 16 | status_remote_to_remote |
| 17 | status_suspicious_tcp_probing |
| 18 | status_suspicious_tcp_syn_probing |
| 19 | status_tcp_connection_issues |
| 20 | status_tcp_connection_refused |
| 21 | status_tcp_severe_connection_issues |
| 22 | status_tls_certificate_expired |
| 23 | status_tls_certificate_mismatch |
| 24 | status_tls_old_protocol_version |
| 25 | status_tls_unsafe_ciphers |
| 26 | status_udp_unidirectional |
| 27 | status_web_mining_detected |
| 28 | status_tls_certificate_selfsigned |
| 29 | status_suspicious_file_transfer |
| 30 | status_known_proto_on_non_std_port |
| 31 | status_flow_risk |
| 32 | status_unexpected_dhcp |
| 33 | status_unexpected_dns |
| 34 | status_unexpected_smtp |
| 35 | status_unexpected_ntp |