Alerts List per License

some ntopng alerts are available with a specific license. Here a list of all the alerts divided by family and their availability depending on the license.

Host Behavioural Checks

  Community Pro Enterprise M Enterprise L Enterprise XL
Countries Contacts x x x x x
Dangerous Host x x x x x
DNS Flood   x x x x
DNS Server Contacts x x x x x
DNS Traffic x x x x x
Domain Names Contacts x x x x x
Flow Flood x x x x x
Flows Anomaly   x x x x
Host External Check (REST) x x x x x
Host Scanner Blackhole Contacts x x x x x
Host User Check Script x x x x x
ICMP Flood x x x x x
NTP Server Contacts x x x x x
Remote Connection x x x x x
RX-only Host Scan       x x
RST Scan x x x x x
Scan Detection x x x x x
Score Anomaly   x x x x
Server Port Detected     x x x
Score Threshold Exceeded x x x x x
SMTP Server Contacts x x x x x
SNMP Flood   x x x x
SYN Flood x x x x x
SYN Scan x x x x x
TCP FIN Scan x x x x x

Interface Behavioural Checks

  Community Pro Enterprise M Enterprise L Enterprise XL
Device/MAC Address Tracking     x x x
DHCP Storm   x x x x
Ghost Networks x x x x x
Interface Alerts Drops x x x x x
Interface Periodic Activity Not Executed x x x x x
Interface Slow Periodic Activity x x x x x
No Traffic Activity x x x x x
Packet Drops   x x x x
Unexpected Score Behaviour     x x x
Unexpected Traffic Behaviour     x x x

Local Networks Behavioural Checks

  Community Pro Enterprise M Enterprise L Enterprise XL
Broadcast Domain Too Large x x x x x
Flow Flood Victim x x x x x
IP/MAC Reassoc/Spoofing x x x x x
Network Discovery x x x x x
Network Issues x x x x x
Network Score per Host   x x x x
SYN Flood Victim x x x x x
SYN Scan Victim x x x x x

SNMP Behavioural Checks

  Community Pro Enterprise M Enterprise L Enterprise XL
Duplex Status Change     x x x
High Interface Discards/Errors     x x x
Interface Errors Exceeded     x x x
LLDP/CDP Topology Monitor     x x x
MAC Detection     x x x
MAC Port Changed     x x x
Oper. Status Change     x x x
SNMP Device Restart     x x x
Threshold Crossed     x x x
Too Many MACs on Non-Trunk     x x x
Traffic Change Detected       x x

Flow Behavioural Checks

  Community Pro Enterprise M Enterprise L Enterprise XL
ALPN/SNI Mismatch x x x x x
Anonymous Subscriber x x x x x
Binary App/.exe Transfer x x x x x
Binary file/data transfer (attempt) x x x x x
Blacklisted Client Contact x x x x x
Blacklisted Country x x x x x
Blacklisted Flow x x x x x
Blacklisted Server Contact x x x x x
Broadcast Non-UDP Traffic x x x x x
Clear-Text Credentials x x x x x
Crawler/Bot x x x x x
Desktop/File Sharing x x x x x
DNS Data Exfiltration     x x x
DNS Invalid Characters x x x x x
Elephant flow   x x x x
Error Code x x x x x
External Alert   x x x x
Flow User Check Script x x x x x
Fragmented DNS Message x x x x x
Fully encrypted flow x x x x x
HTTP Obsolete Server x x x x x
HTTP Susp Content x x x x x
HTTP Susp Header x x x x x
HTTP Susp URL x x x x x
HTTP Susp User-Agent x x x x x
HTTP/TLS/QUIC Numeric Hostname/SNI x x x x x
ICMP Data Exfiltration     x x x
IEC Invalid Command Transition x x x x x
IEC Invalid Transition x x x x x
IEC Unexpected TypeID x x x x x
Invalid DNS Query   x x x x
Known Proto on Non-Standard Port x x x x x
Large DNS Packet (512+ bytes) x x x x x
Long Lived       x x
Low Goodput x x x x x
Malformed packets x x x x x
Malicious JA3 Fingerp x x x x x
Malicious JA3 SHA1 Cert x x x x x
Malware Host Contacted x x x x x
Minor Issues x x x x x
Missing SNI TLS Extn x x x x x
ModbusTCP Invalid Transition       x x
ModbusTCP Too Many Exceptions       x x
ModbusTCP Unexpected Function Code       x x
Not Purged x x x x x
Obsolete SSH Client Version or Cipher x x x x x
Obsolete SSH Server Version or Cipher x x x x x
Old TLS Version x x x x x
Periodic Flow x x x x x
Periodicity Changed       x x
Possible Exploit x x x x x
Possible RCE x x x x x
Possible SQL Inj x x x x x
Probing attempt x x x x x
Punicody IDN x x x x x
Rare Destination x x x x x
Remote Access x x x x x
Remote to Local Insecure Protocol x x x x x
Remote to Remote Flow x x x x x
Risky ASN x x x x x
Risky Domain x x x x x
Service Map Lateral Movement       x x
SMB insecure Vers x x x x x
Susp Device Protocol x x x x x
Susp DGA Domain name x x x x x
Susp DNS traffic x x x x x
Susp Entropy x x x x x
TCP Connection Issues   x x x x
TCP Connection Refused     x x x
TCP Flow Reset x x x x x
TCP No Data Exchanged x x x x x
TCP Packets Issues x x x x x
TCP With No Answer x x x x x
TCP Zero Window x x x x x
TLS (probably) Not Carrying HTTPS x x x x x
TLS Cert About To Expire x x x x x
TLS Cert Expired   x x x x
TLS Cert Issues x x x x x
TLS Cert Self-Signed   x x x x
TLS Cert Validity Too Long   x x x x
TLS Fatal Alert   x x x x
TLS Susp ESNI Usage   x x x x
TLS Suspicious Extension   x x x x
TLS Uncommon ALPN   x x x x
TLS Unsafe Ciphers   x x x x
Unexpected DHCP x x x x x
Unexpected DNS server x x x x x
Unexpected NTP x x x x x
Unexpected SMTP x x x x x
Unidirectional Flow x x x x x
Unsafe protocol x x x x x
VLAN Bidirectional Flow x x x x x
WEb Mining x x x x x
XSS Attack x x x x x

System Behavioural Checks

  Community Pro Enterprise M Enterprise L Enterprise XL
Intrusion Detection and Prevention Log x x x x x
Periodic Activity Not Executed x x x x x
Slow Periodic Activity x x x x x
System Alerts Drops x x x x x
System Error x x x x x

Active Monitoring Behavioural Checks

  Community Pro Enterprise M Enterprise L Enterprise XL
Vulnerability Scan       x x

Syslog Behavioural Checks

  Community Pro Enterprise M Enterprise L Enterprise XL
Fortinet       x x
Host Log x x x x x
Kerberos/NXLog       x x
nBox x x x x x
OpenVPN       x x
OPNsense       x x
SonicWALL       x x
Sophos       x x
Suricata x x x x x