> On 10 Sep 2015, at 15:17, alek markus <[email protected]> wrote: > > Hey , > > but where i can see that ntopng has detected malicious traffic ? i mean i > have entered to alert section in ntopng and i can see only
ntopng will generate an alert > > Alert Function Threshold > bytes > Bytes delta (sent + received) > dns > DNS traffic delta bytes (sent + received) > p2p > Peer-to-peer traffic delta bytes (sent + received) > packets > > 1. btw , my ntopng is sending data to ElasticSearch+Kibana , is there any way > to see if malicious traffic detected ? we can mark this traffic as bad in kibana. Please file an enhancement request > > 2. how can i send more information to elastichSearch ? i want to create > Tile Map , when i select Aggregation i have an error message : > > No Compatible Fields: The "ntopng-*" index pattern does not contain any of > the following field types: geo_point please upgrade ntopng then if the problem persists file a bug on github Luca > > > > Best Regards, > Alek > > > > From: [email protected] > Date: Fri, 4 Sep 2015 07:44:03 +0200 > To: [email protected] > Subject: Re: [Ntop-misc] does someone using ntopng categorizes hosts? > > Alek > when you see an alert like the one you reported it means that ntopng has > detected malicious traffic towards such host. In the alerts section inside > ntopng you can see the list of flows that have been reported as malicious, > otherwise using -F you can dump them to a database for later analysis > > Luca > > > On 03 Sep 2015, at 10:46, alek markus <[email protected] > <mailto:[email protected]>> wrote: > > > hello, > > does someone using ntopng categorizes hosts? > > i have read in ntopng DOCS > > In order to use these categorization services you need to obtain a key from > Google > at https://developers.google.com/safe-browsing/key_signup > <https://developers.google.com/safe-browsing/key_signup> > > Once you have the key available, you can start > ntopng -c KEY ... > > > well i have a google key and ntopng is runing with this configuration : > > 03/Sep/2015 11:42:54 Enabled Host categorization with key > 03/Sep/2015 11:42:54 Working directory: /var/tmp/ntopng.old > 03/Sep/2015 11:42:54 Scripts/HTML pages directory: /usr/share/ntopng > 03/Sep/2015 11:42:54 Welcome to ntopng x86_64 v.2.0.150827 - (C) 1998-15 > ntop.org <http://ntop.org/> > 03/Sep/2015 11:42:54 Built on CentOS release 6.6 (Final) > > > i have entered to this malicious site : anfette.org <http://anfette.org/> > (at your risk) > > but i cant understand where can i see if the host entred to malicious site or > not ? > > Best Regards, > > _______________________________________________ > Ntop-misc mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> > > _______________________________________________ Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > _______________________________________________ > Ntop-misc mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
