1. RESTful API v2 Specification¶

1.1. Authentication¶

The HTTP/HTTPS authentication should be used, for example with curl it is possible to specify username and password with -u <user>:<password>

Using HTTPS is recommended for security. See this post to enable HTTPS.

1.2. Request Format¶

Parameters can be provided both using GET with a query string or POST using JSON (in this case please make sure the correct Content Type is provided). For example, to download data for a host you can use the below curl command line using GET:

curl -s -u admin:admin "http://192.168.1.1:3000/lua/rest/v2/get/host/data.lua?ifid=1&host=192.168.1.2"

or the below curl command line using POST:

curl -s -u admin:admin -H "Content-Type: application/json" -d '{"ifid": "1", "host": "192.168.1.2"}' "http://192.168.1.1:3000/lua/rest/v2/get/host/data.lua"

Please check the Examples section for more examples.

1.3. Response Format¶

An API response is usually represented by a JSON message matching a standard structure. This JSON message consists of an envelope containing:

a return code rc
a human-readable string rc_str describing the return code
the actual response in rsp

Example:

{
 "rc": 0
 "rc_str": "OK",
 "rsp": {
    ...
 }
}

1.4. API¶

1.4.1. Interfaces¶

GET /lua/rest/v2/delete/host/inactive_host.lua

Get ntopng actively monitored interfaces names and ids

Description: Interface name and integer interface id for each actively monitored ntopng interface
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
serial_key	query	Host identifier	integer

Responses

0 - OK

1.4.2. Hosts¶

GET /lua/pro/rest/v2/get/geo_map/hosts.lua

Get hosts location

Description: Get hosts location and other info
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/pro/rest/v2/get/interface/top/local/talkers.lua

Get Top local talkers

Description: Get the Top 10 local talkers
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface ID	number

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/pro/rest/v2/get/interface/top/remote/talkers.lua

Get Top remote talkers

Description: Get the Top 10 remote talkers
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface ID	number

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/pro/rest/v2/get/interface/top_ts_stats.lua

Get Top Timeseries stats

Description: Get the Top timeseries stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	Start time (epoch)	integer
ts_query	query	data used to get the timeseries; e.g. format: ‘ifid:1,protocol:DNS’ , where ‘ifid:1’ stands for interface ID 1 and ‘protocol:DNS’ stands for DNS protocol information	integer
detail_view	query	Top information requested, currently available: top_protocols -> Top Application data, top_categories -> Top Categories data, top_senders -> Top Local Senders data, top_receivers -> Top Local Receivers data	string

Responses

0 - OK

-2 - INVALID_INTERFACE

POST /lua/rest/v2/add/host/to_scan.lua

Add host to vulnerability scan hosts list

Description: Add Host to Scan
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
host	formData	Host address	string
scan_type	formData	Vulnerability Scan Type	string
scan_ports	formData	Comma separeted ports list	string
scan_frequency	formData	Available only from Pro License. Automatic scanning, one option between: disabled, 1day (scan once per day), 1week (scan once a week)	string
scan_id	formData	Scan ID	string
cidr	formData	Network CIDR	string

Responses

0 - OK

-6 - INTERNAL_ERROR

-8 - BAD_CONTENT

POST /lua/rest/v2/exec/host/schedule_vulnerability_scan.lua

Delete host from vulnerability scan hosts list

Description: Delete Host to Scan
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
host	formData	Host address	string
scan_type	formData	Vulnerability Scan Type	string
scan_ports	formData	Comma separeted ports list	string
scan_single_host	formData	Boolean to a single or all hosts	boolean

Responses

0 - OK

-6 - INTERNAL_ERROR

-8 - BAD_CONTENT

1.4.3. Alerts¶

GET /lua/pro/rest/v2/acknowledge/snmp/device/alerts.lua

Acknowledge SNMP device alerts

Description: Acknowledge SNMP device historical alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
label	query	Describe why the alert was ackowledge, it can be an empty string	string
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
row_id	query	Alert identifier of the exact alert	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
snmp_interface	query	SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/add/alert/exclusion.lua

Add an alert exclusion

Description: Add an alert exclusion
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
type	query	Type of the host to exclude (currently available: ‘host’, ‘domain’, ‘certificate’)	string
alert_addr	query	Host IP of the address to exclude (with type: ‘host’)	string
alert_domain	query	Domain to exclude (with type ‘host’)	string
alert_certificate	query	Certificate to exclude (with type ‘certificate’)	string
subdir	query	Type of alert to exclude (currently available: ‘flow’ or ‘host’	string
flow_alert_key	query	Flow alert identifier	string
host_alert_key	query	Host alert identifier	string
delete_alerts	query	Return true to delete the excluded alerts, false otherwise	boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/add/device/exclusion.lua

Add a device to exclude

Description: Add a device to exclude to the MAC tracking (see for more info: Device/MAC Address Tracking)
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
mac_list	query	List of MAC addresses to exclude separated by commas	string
trigger_alerts	query	Trigger the Unexpected Device Connected/Disconnected alert if set to true, otherwise not	boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/delete/alert/exclusion.lua

Delete an alert exclusion

Description: Delete an alert exclusion
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
type	query	Type of the host to exclude (currently available: ‘host’, ‘domain’, ‘certificate’)	string
alert_addr	query	Host IP of the address to exclude (with type: ‘host’)	string
alert_domain	query	Domain to exclude (with type ‘host’)	string
alert_certificate	query	Certificate to exclude (with type ‘certificate’)	string
subdir	query	Type of alert to exclude (currently available: ‘flow’ or ‘host’	string
flow_alert_key	query	Flow alert identifier	string
host_alert_key	query	Host alert identifier	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/delete/all/alert/exclusions.lua

Delete all alert exclusions

Description: Delete all configured host or flow alert exclusions for a specific host
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
type	query	Either ‘host’ or ‘flow’	string
host	query	The IP address of the host	string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/delete/device/exclusion.lua

Remove a device to exclude

Description: Remove a device to exclude to the MAC tracking (see for more info: Device/MAC Address Tracking)
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
device	query	MAC addresses to remove from the exclusions, or ‘all’ to delete all the MAC addresses excluded until now	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/delete/flow/alert/exclusions.lua

Delete flow alert exclusions

Description: Delete flow alert exclusions
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
alert_addr	query	The host IP address	string
alert_key	query	The flow alert key to exclude from flow alerts	integer

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/delete/host/alert/exclusions.lua

Delete host alert exclusions

Description: Delete host alert exclusions
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
alert_addr	query	The host IP address	string
alert_key	query	The host alert key to exclude from host alerts	integer

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/delete/snmp/device/alerts.lua

Delete SNMP device alerts

Description: Delete SNMP device alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
snmp_interface	query	SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/edit/device/exclusion.lua

Edit a device to exclude

Description: Edit a device to exclude to the MAC tracking (see for more info: Device/MAC Address Tracking)
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
mac	query	MAC address to edit	string
mac_alias	query	Alias used to rename the MAC address	string
mac_status	query	MAC address status	string
trigger_alerts	query	Trigger the Unexpected Device Connected/Disconnected alert if set to true, otherwise not	boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/alert/exclusion.lua

Get the alert exclusions

Description: Get all the available alert exclusions
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
type	query	Type of the host to exclude (currently available: ‘host’, ‘domain’, ‘certificate’)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/all/alert/top.lua

Get all alert stats

Description: Get all alert stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	Start time (epoch)	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/am_host/alert/top.lua

Get Active Monitoring alert stats

Description: Get Active Monitoring alert stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/device/exclusion.lua

List of excluded devices

Description: Return the list of the excluded devices (see for more info: Device/MAC Address Tracking)
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/domain/alert/exclusions.lua

Get domain alert exclusions

Description: Get domain alert exclusions
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/flow/alert/exclusions.lua

Get flow alert exclusions

Description: Get flow alert exclusions
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
host	query	The host IP address	string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/flow/alert/top.lua

Get flow alert stats

Description: Get flow alert stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
ip_version	query	IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_ip	query	Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_ip	query	Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_name	query	Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
srv_name	query	Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
cli_port	query	Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_port	query	Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
vlan_id	query	VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
l7proto	query	Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_country	query	Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_country	query	Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
probe_ip	query	Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
input_snmp	query	Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
output_snmp	query	Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
snmp_interface	query	SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_host_pool_id	query	Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
srv_host_pool_id	query	Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
cli_network	query	Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_network	query	Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
l7_error_id	query	Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
traffic_direction	query	Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
format	query	Format of the return data (json or txt)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/flowdevice/stats.lua

Get flow device stats

Description: get flow device stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
ip	query	The IP address of the device	string
ifIdx	query	The interface index	integer

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/flowdevices/stats.lua

Get flow devices stats

Description: get flow devices stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/host/alert/exclusions.lua

Get host alert exclusions

Description: Get host alert exclusions
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
host	query	The host IP address	string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/host/alert/top.lua

Get host alert stats

Description: Get host alert stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
vlan_id	query	VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
ip_version	query	IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
name	query	Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
host_pool_id	query	Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
network	query	Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/interface/alert/top.lua

Get interface alert stats

Description: Get interface alert stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
subtype	query	Alert subtype	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/mac/alert/top.lua

Get MAC alert stats

Description: Get MAC alert stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/network/alert/top.lua

Get network alert stats

Description: Get network alert stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
network_name	query	Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/observation_points/stats.lua

Get observation points alert stats

Description: Get observation points alert stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/sflowdevice/stats.lua

Get sFlow device stats

Description: get sFlow device stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
ip	query	The IP address of the device	string
ifIdx	query	The interface index	integer

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/sflowdevices/stats.lua

Get sFlow devices stats

Description: get sFlow devices stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/alert/list.lua

Get SNMP device alerts list

Description: Get SNMP device alerts list
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
start	query	Starting record (e.g. start=100, it will start returning records from the 101st)	integer
length	query	Maximum number of records to get	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
snmp_interface	query	SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
format	query	Format of the return data (json or txt)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/alert/top.lua

Get SNMP device alert stats

Description: Get SNMP device alert stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
snmp_interface	query	SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/alert/ts.lua

Get SNMP device alerts timeseries

Description: Get SNMP device alerts timeseries
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
snmp_interface	query	SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/system/alert/top.lua

Get system alert stats

Description: Get system alert stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/user/alert/top.lua

Get user alert stats

Description: Get user alert stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/am_host/alerts.lua

Acknowledge Active Monitoring alerts

Description: Acknowledge Active Monitoring historical alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
label	query	Describe why the alert was ackowledge, it can be an empty string	string
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
row_id	query	Alert identifier of the exact alert	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/flow/alerts.lua

Acknowledge flow alerts

Description: Acknowledge flow historical alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
label	query	Describe why the alert was ackowledge, it can be an empty string	string
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
row_id	query	Alert identifier of the exact alert	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
ip_version	query	IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_ip	query	Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_ip	query	Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_name	query	Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
srv_name	query	Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
cli_port	query	Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_port	query	Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
vlan_id	query	VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
l7proto	query	Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_country	query	Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_country	query	Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
probe_ip	query	Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
input_snmp	query	Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
output_snmp	query	Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
snmp_interface	query	SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_host_pool_id	query	Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
srv_host_pool_id	query	Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
cli_network	query	Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_network	query	Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
l7_error_id	query	Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
traffic_direction	query	Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/host/alerts.lua

Acknowledge host alerts

Description: Acknowledge host historical alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
label	query	Describe why the alert was ackowledge, it can be an empty string	string
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
row_id	query	Alert identifier of the exact alert	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
vlan_id	query	VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
ip_version	query	IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
name	query	Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
host_pool_id	query	Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
network	query	Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/interface/alerts.lua

Acknowledge interface alerts

Description: Acknowledge interface historical alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
label	query	Describe why the alert was ackowledge, it can be an empty string	string
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
row_id	query	Alert identifier of the exact alert	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
subtype	query	Alert subtype	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/mac/alerts.lua

Acknowledge MAC alerts

Description: Acknowledge MAC historical alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
label	query	Describe why the alert was ackowledge, it can be an empty string	string
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
row_id	query	Alert identifier of the exact alert	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/network/alerts.lua

Acknowledge network alerts

Description: Acknowledge network historical alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
label	query	Describe why the alert was ackowledge, it can be an empty string	string
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
row_id	query	Alert identifier of the exact alert	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
network_name	query	Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/system/alerts.lua

Acknowledge system alerts

Description: Acknowledge system historical alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
label	query	Describe why the alert was ackowledge, it can be an empty string	string
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
row_id	query	Alert identifier of the exact alert	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/acknowledge/user/alerts.lua

Acknowledge user alerts

Description: Acknowledge user historical alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
label	query	Describe why the alert was ackowledge, it can be an empty string	string
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
row_id	query	Alert identifier of the exact alert	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/all/alerts.lua

Delete all alerts

Description: Delete all historical alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/am_host/alerts.lua

Delete active monitoring hosts alerts

Description: Delete active monitoring hosts historical alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/flow/alerts.lua

Delete flow alerts

Description: Delete flow historical alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
ip_version	query	IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_ip	query	Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_ip	query	Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_name	query	Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
srv_name	query	Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
cli_port	query	Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_port	query	Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
vlan_id	query	VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
l7proto	query	Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_country	query	Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_country	query	Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
probe_ip	query	Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
input_snmp	query	Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
output_snmp	query	Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
snmp_interface	query	SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_host_pool_id	query	Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
srv_host_pool_id	query	Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
cli_network	query	Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_network	query	Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
l7_error_id	query	Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
traffic_direction	query	Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/host/alerts.lua

Delete host alerts

Description: Delete historical host alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
vlan_id	query	VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
ip_version	query	IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
name	query	Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
host_pool_id	query	Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
network	query	Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/host/new_devices.lua

Delete all new devices

Description: Delete all new devices learned by ntopng
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

GET /lua/rest/v2/delete/interface/alerts.lua

Delete interface alerts

Description: Delete historical interface alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
subtype	query	Alert subtype	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/mac/alerts.lua

Delete MAC alerts

Description: Delete MAC historical alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/network/alerts.lua

Delete network alerts

Description: Delete historical network alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
network_name	query	Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/system/alerts.lua

Delete system alerts

Description: Delete system historical alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/delete/user/alerts.lua

Delete user alerts

Description: Delete user historical alerts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

1.4.4. Flows¶

GET /lua/pro/rest/v2/get/db/columns_info.lua

Get Clickhouse available columns

Description: Executes a query to the flows database and return all the available columns the DB has
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/db/flows.lua

Get flows data. Columns include (but are not limited to) IP_PROTOCOL_VERSION, FLOW_TIME, FIRST_SEEN, LAST_SEEN, VLAN_ID, PACKETS, TOTAL_BYTES, SRC2DST_BYTES, DST2SRC_BYTES, IPV4_SRC_ADDR, IPV4_DST_ADDR, IPV6_SRC_ADDR, IPV6_DST_ADDR, PROTOCOL, L7_PROTO.

Description: Executes a query to the flows database
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
begin_time_clause	query	Start time (epoch)	integer
end_time_clause	query	Start time (epoch)	integer
select_clause	query	Select clause (default: *)	string
where_clause	query	Where clause (default: none). IP values should be double-quoted and between parenthesis (e.g. IPV4_SRC_ADDR = (“192.168.1.1”)).	string
maxhits_clause	query	Max hits (default: 10)	integer
order_by_clause	query	Order by clause (default: no order)	string
group_by_clause	query	Group by clause (default: no group)	string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/db/topk_flows.lua

Get Top-K flows data. Columns include (but are not limited to) IP_PROTOCOL_VERSION, FLOW_TIME, FIRST_SEEN, LAST_SEEN, VLAN_ID, PACKETS, TOTAL_BYTES, SRC2DST_BYTES, DST2SRC_BYTES, IPV4_SRC_ADDR, IPV4_DST_ADDR, IPV6_SRC_ADDR, IPV6_DST_ADDR, PROTOCOL, L7_PROTO

Description: Executes a top-k query to the flows database
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
begin_time_clause	query	Start time (epoch)	integer
end_time_clause	query	End time (epoch)	integer
select_keys_clause	query	Select comma-separated keys list (default: IPV4_SRC_ADDR,IPV4_DST_ADDR,L7_PROTO)	string
select_values_clause	query	Select value (default: BYTES)	string
where_clause	query	Where clause (default: none)	string
topk_clause	query	Top-K clause (default: SUM)	string
approx_search	query	Approximate search (default: true)	string
maxhits_clause	query	Max hits (default: 10)	integer

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

1.4.5. PCAP¶

GET /lua/pro/rest/v2/get/db/filter/bpf.lua

BPF filter generation

Description: Convert tags used to extract data from the database into the equivalent BPF filter, suitable for traffic extraction
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
l7proto	query	Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
l7proto_master	query	Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
l7cat	query	Application category identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
flow_risk	query	Flow risk identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
l4proto	query	Transport protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip_version	query	IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_ip	query	Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_ip	query	Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
traffic_direction	query	Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
name	query	Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
cli_name	query	Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
srv_name	query	Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
network_name	query	Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
src2dst_dscp	query	Client to Server DSCP identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_port	query	Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_port	query	Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
country	query	Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_country	query	Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_country	query	Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_asn	query	Client ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_asn	query	Server ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_nw_latency	query	Client network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
srv_nw_latency	query	Server network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
observation_point_id	query	Observation point identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
probe_ip	query	Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
vlan_id	query	VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
snmp_interface	query	SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
input_snmp	query	Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
output_snmp	query	Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
src2dst_tcp_flags	query	Client to Server TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
dst2src_tcp_flags	query	Server to Client TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
mac	query	MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_mac	query	Client MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_mac	query	Server MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
network	query	Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_network	query	Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_network	query	Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
info	query	Info field (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
bytes	query	Total Bytes (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
packets	query	Total Packets (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
host_pool_id	query	Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
cli_host_pool_id	query	Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
srv_host_pool_id	query	Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
l7_error_id	query	Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_proc_name	query	Client process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_proc_name	query	Server process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_user_name	query	Client user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_user_name	query	Server user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

FILE - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

1.4.6. Users¶

POST /lua/rest/v2/add/ntopng/user.lua

Add ntopng user

Description: Add a ntopng user
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
username	formData	Username	string
full_name	formData	Full name	string
password	formData	Password	string
confirm_password	formData	Confirmed password	string
user_role	formData	User role (unprivileged / administrator)	string
allowed_networks	formData	Allowed networks (e.g. 0.0.0.0/0,::/0)	string
allowed_interface	formData	Allowed interfaces (empty for all)	string
user_language	formData	Language (en, it, de, jp, pt, cz)	string
allow_pcap_download	formData	Allow PCAPs download (1 to allow)	string
allow_historical_flows	formData	Allow Historical Flows page (1 to allow, 0 to deny)	string
allow_alerts	formData	Allow Alerts page (1 to allow, 0 to deny)	string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-19 - PASSWORD_MISMATCH

-20 - ADD_USER_FAILED

-23 - USER_ALREADY_EXISTING

POST /lua/rest/v2/create/ntopng/session.lua

Create a new ntopng user session Cookie

Description: Generate a new user session to be used as session Cookie
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
username	formData	Username	string
auth_session_duration	formData	Session duration (seconds). Default: 0 (no expiration).	integer

Responses

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/delete/ntopng/user.lua

Delete ntopng user

Description: Delete a ntopng user
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
username	formData	Username	string

Responses

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-21 - DELETE_USER_FAILED

POST /lua/rest/v2/edit/ntopng/user.lua

Edit a ntopng user

Description: Edit an existing ntopng user
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
username	formData	Username	string
full_name	formData	Full name	string
password	formData	Password	string
confirm_password	formData	Confirmed password	string
user_role	formData	User role (unprivileged / administrator)	string
allowed_networks	formData	Allowed networks (e.g. 0.0.0.0/0,::/0)	string
allowed_interface	formData	Allowed interfaces (empty for all)	string
user_language	formData	Language (en, it, de, jp, pt, cz)	string
allow_pcap_download	formData	Allow PCAPs download (1 to allow)	string
allow_historical_flows	formData	Allow Historical Flows page (1 to allow, 0 to deny)	string
allow_alerts	formData	Allow Alerts page (1 to allow, 0 to deny)	string

Responses

-5 - INVALID_ARGUMENTS

-21 - DELETE_USER_FAILED

-23 - USER_DOES_NOT_EXIST

-24 - EDIT_USER_FAILED

1.4.7. Infrastructures¶

POST /lua/pro/rest/v2/add/infrastructure/instance.lua

Add a new infrastructure configuration

Description: Add a new infrastructure configuration
Produces: [‘application/json’]

Parameters

Name	Description	Type
url	The URL of the ntopng in the infrastructure	string
alias	An alias for the infrastructure	string
token	The REST API Token for the authentication	string
rtt_threshold	RTT threshold used by the active monitoring	int32
bandwidth_threshold	Bandwidth threshold used by the active monitoring	int32

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-34 - INFRASTRUCTURE_INSTANCE_EMPTY_ALIAS

-35 - INFRASTRUCTURE_INSTANCE_EMPTY_URL

-36 - INFRASTRUCTURE_INSTANCE_EMPTY_TOKEN

-37 - INFRASTRUCTURE_INSTANCE_EMPTY_RTT_THRESHOLD

-39 - INFRASTRUCTURE_INSTANCE_SAME_ALIAS

-40 - INFRASTRUCTURE_INSTANCE_SAME_URL

-41 - INFRASTRUCTURE_INSTANCE_SAME_TOKEN

-42 - INFRASTRUCTURE_INSTANCE_ALREADY_EXISTING

-47 - INFRASTRUCTURE_INSTANCE_EMPTY_BANDWIDTH_THRESHOLD

POST /lua/pro/rest/v2/delete/infrastructure/instance.lua

Delete an existing infrastructure configuration

Description: Delete an existing infrastructure configuration
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
instance_id		The ID of the infrastructure to delete	string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-32 - INFRASTRUCTURE_INSTANCE_NOT_FOUND

-33 - INFRASTRUCTURE_INSTANCE_EMPTY_ID

POST /lua/pro/rest/v2/edit/infrastructure/instance.lua

Edit an existing infrastructure configuration

Description: Edit an existing infrastructure configuration
Produces: [‘application/json’]

Parameters

Name	Description	Type
instance_id	The ID of the infrastructure configuration to edit	string
url	The URL of the ntopng in the infrastructure	string
alias	An alias for the infrastructure	string
token	The REST API Token for the authentication	string
rtt_threshold	RTT threshold used by the active monitoring	int32
bandwidth_threshold	Bandwidth threshold used by the active monitoring	int32

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-32 - INFRASTRUCTURE_INSTANCE_NOT_FOUND

-33 - INFRASTRUCTURE_INSTANCE_EMPTY_ID

-34 - INFRASTRUCTURE_INSTANCE_EMPTY_ALIAS

-35 - INFRASTRUCTURE_INSTANCE_EMPTY_URL

-36 - INFRASTRUCTURE_INSTANCE_EMPTY_TOKEN

-37 - INFRASTRUCTURE_INSTANCE_EMPTY_RTT_THRESHOLD

-39 - INFRASTRUCTURE_INSTANCE_SAME_ALIAS

-40 - INFRASTRUCTURE_INSTANCE_SAME_URL

-41 - INFRASTRUCTURE_INSTANCE_SAME_TOKEN

-47 - INFRASTRUCTURE_INSTANCE_EMPTY_BANDWIDTH_THRESHOLD

GET /lua/pro/rest/v2/get/infrastructure/instance.lua

Get one or all infrastructure configs

Description: Get one or all infrastructure configs
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

		Add statistics collected by the active monitoring module

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-32 - INFRASTRUCTURE_INSTANCE_NOT_FOUND

GET /lua/rest/v2/export/infrastructure/config.lua

Export the Infrastructure configurations as a JSON file

Description: Export the configuration for the infrastructure configurations
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
download	query	Download as file (no REST envelope)	boolean

Responses

0 - OK

-3 - NOT_GRANTED

1.4.8. Health¶

GET /lua/pro/rest/v2/get/system/health/clickhouse.lua

Get Clickhouse Stats

Description: Get all the available Clickhouse Statistics
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-6 - INTERNAL_ERROR

1.4.9. Configurations¶

1.4.10. Vulnerability Scan¶

GET /lua/pro/rest/v2/delete/vs/report.lua

Delete a vulnerability scan report

Description: Delete a vulnerability scan report
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
epoch_end	query	Epoch of vulnerability scan report to delete	integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/edit/vs/report.lua

Edit a Vulnerability Scan report

Description: Edit an existing Vulnerability Scan report
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
epoch_end	query	Epoch of vulnerability scan report to edit	integer
report_title	query	The new report name	string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/vs/report_list.lua

Get all vulnerability scan reports

Description: Get VS reports
Produces: [‘application/json’]

Responses

0 - OK

GET /lua/rest/v2/edit/host/update_va_scan_period.lua

Update Vulnerability Scan

Description: Update Vulnerability Scan Frequency
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
scan_frequency	query	Auto scan frequency, can be: disabled, 1day, 1week	string

Responses

0 - OK

-3 - NOT_GRANTED

1.4.11. Host¶

GET /lua/pro/rest/v2/add/interface/host_rules/add_host_rule.lua

Add Host Rule

Description: Add an host rule to an interface, used to run periodic check on traffic and similar, on the timeseries
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
host	query	Host to apply the check, IP address of the host or * to check for all the hosts	string
frequency	query	Frequency of the check to run, every minute, every 5 minutes, every hour or daily (‘min’, ‘5min’, ‘hour’, ‘day’)	string
metric	query	Timeseries schema of the metric to analyze	string
threshold	query	Threshold that if exceeded, it’s going to trigger an alert	string
metric_type	query	metric used to analyze the data, Throughput or Volume? (currently available: ‘throughput’, ‘volume’)	string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/pro/rest/v2/delete/interface/host_rules/add_host_rule.lua

Remove an Host Rule

Description: Remove an host rule from an interface, used to run periodic check on traffic and similar, on the timeseries
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
rule_id	query	Identifier of the rule to delete	string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/host/flows/data.lua

Get host flows data

Description: Given an host return the information used to create the sankey chart with all the flows information regarding that hosts (protocols, traffic, ecc.)
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
host	formData	Host address	string
hosts_type	query	Currently available: local_only -> return only flows between local hosts, remote_only -> return only flows between remote hosts, local_origin_remote_target -> return only flows between local clients and remote servers, remote_origin_local_target -> return only flows between local servers and remote clients, all_hosts -> return all flows	string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/interface/host_rules/host_rules_data.lua

Get Host Rule

Description: Get an host rule to an interface, used to run periodic check on traffic and similar, on the timeseries
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/pro/rest/v2/get/interface/host_rules/host_rules_metric.lua

Get Host Rule available metrics

Description: Get an host rule available metrics, used to run periodic check on traffic and similar, on the timeseries
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

1.4.12. SNMP¶

GET /lua/pro/rest/v2/add/snmp/device.lua

Add SNMP devices

Description: Add devices to the monitored SNMP devices
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
snmp_host	query	IP address or symbolic name of and an SNMP device	string
snmp_read_community	query	The SNMP read community to use (SNMP v1/v2c only)	string
snmp_write_community	query	The SNMP write community to use (SNMP v1/v2c only)	string
snmp_version	query	The SNMP version to use: 2 (SNMP v3), 1 (v2c) or 0 (v1)	string
snmp_level	query	Used only with SNMP v3: noAuthNoPriv, authNoPriv, or authPriv)	string
snmp_auth_protocol	query	Used only with SNMP v3 and level not set to noAuthNoPriv: MD5 or SHA	string
snmp_auth_passphrase	query	Used only with SNMP v3 and level not set to noAuthNoPriv: 8 chars+ passphrase	string
snmp_privacy_protocol	query	Used only with SNMP v3 and level set to autPriv: DES or AES	string
snmp_privacy_passphrase	query	Used only with SNMP v3 and level set to autPriv: 8 chars+ passphrase	string
cidr	query	Either 24 or 32. If 32, snmp_host is treated as single host. If 24 snmp_host is treated as as CIDR address	string

Responses

-3 - NOT_GRANTED

-4 - INVALID_HOST

-5 - INVALID_ARGUMENTS

-9 - NAME_RESOLUTION_FAILED

-10 - SNMP_DEVICE_ALREADY_ADDED

-11 - SNMP_DEVICE_UNREACHABLE

-12 - NO_SNMP_DEVICE_DISCOVERED

GET /lua/pro/rest/v2/change/snmp/device/interface/status.lua

Change SNMP device interface status

Description: Change the status of an SNMP device in terface to up or down
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
host	query	IP address of an SNMP device	string
snmp_admin_status	query	The new admin status, either ‘up’ or ‘down’	string
snmp_port_idx	query	The index of the SNMP device interface	string

Responses

0 - OK

-3 - NOT_GRANTED

-4 - INVALID_HOST

-5 - INVALID_ARGUMENTS

-26 - SNMP_DEVICE_INTERFACE_STATUS_CHANGE_FAILED

GET /lua/pro/rest/v2/delete/snmp/device.lua

Delete an SNMP device

Description: Delete an SNMP device from the monitored SNMP devices
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
host	query	IP address of an SNMP device	string

Responses

0 - SNMP_DEVICE_DELETED_SUCCESSFULLY

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/edit/snmp/device/device.lua

Edit a SNMP device

Description: Edit an existing monitored SNMP device
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
snmp_host	query	IP address or symbolic name of and an SNMP device	string
snmp_read_community	query	The SNMP read community to use (SNMP v1/v2c only)	string
snmp_write_community	query	The SNMP write community to use (SNMP v1/v2c only)	string
snmp_version	query	The SNMP version to use: 2 (SNMP v3), 1 (v2c) or 0 (v1)	string
snmp_level	query	Used only with SNMP v3: noAuthNoPriv, authNoPriv, or authPriv)	string
snmp_auth_protocol	query	Used only with SNMP v3 and level not set to noAuthNoPriv: MD5 or SHA	string
snmp_auth_passphrase	query	Used only with SNMP v3 and level not set to noAuthNoPriv: 8 chars+ passphrase	string
snmp_privacy_protocol	query	Used only with SNMP v3 and level set to autPriv: DES or AES	string
snmp_privacy_passphrase	query	Used only with SNMP v3 and level set to autPriv: 8 chars+ passphrase	string

Responses

-3 - NOT_GRANTED

-4 - INVALID_HOST

-5 - INVALID_ARGUMENTS

-9 - NAME_RESOLUTION_FAILED

-10 - SNMP_DEVICE_ALREADY_ADDED

-11 - SNMP_DEVICE_UNREACHABLE

-12 - NO_SNMP_DEVICE_DISCOVERED

-22 - SNMP_UNKNOWN_DEVICE

GET /lua/pro/rest/v2/get/snmp/device/bridge.lua

Get bridge MIB information

Description: Get bridge MIB information for a single or all SNMP devices
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
host	query	The IP address of the SNMP device (optional, all devices are returned if empty)	string

Responses

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/interfaces.lua

Get interfaces information

Description: Get interfaces information for a single or all SNMP devices
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
host	query	The IP address of the SNMP device (optional, all devices are returned if empty)	string

Responses

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/lldp.lua

Get LLDP adjacency information

Description: Get LLDP adjacencies for a single or all SNMP devices
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
host	query	The IP address of the SNMP device (optional, all devices are returned if empty)	string

Responses

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/list.lua

Get all SNMP devices

Description: Retrieve all configured SNMP devices.
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/snmp/device/system.lua

Get system information

Description: Get system information for a single or all SNMP devices
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
host	query	The IP address of the SNMP device (optional, all devices are returned if empty)	string

Responses

-3 - NOT_GRANTED

1.4.13. All¶

POST /lua/pro/rest/v2/check/infrastructure/config.lua

Test an infrastructure configuration

Description: Uses an url and token to connect to the REST API of an ntopng in the infrastructure
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
url	query	The URL of the ntopng in the infrastructure	string
token	query	The REST API Token for the authentication	string

Responses

0 - OK

-42 - INFRASTRUCTURE_INSTANCE_ALREADY_EXISTING

-43 - INFRASTRUCTURE_INSTANCE_CHECK_FAILED

-44 - INFRASTRUCTURE_INSTANCE_CHECK_NOT_FOUND

-45 - INFRASTRUCTURE_INSTANCE_CHECK_INVALID_RESPONSE

-46 - INFRASTRUCTURE_INSTANCE_CHECK_AUTH_FAILED

GET /lua/rest/v2/export/all/config.lua

Export all configurations as a JSON file

Description: Export all configurations including Pools, Active Monitoring, Notifications (Endpoints and Recipients), Checks, SNMP devices
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
download	query	Download as file (no REST envelope)	boolean

Responses

0 - OK

-3 - NOT_GRANTED

1.4.14. Observation Point¶

GET /lua/pro/rest/v2/delete/observation_point/stats.lua

Remove an Observation Point stats

Description: Remove Observation Point stats stored until now. If the Observation Point is no more seen on the network, even the entry is going to be deleted
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
observation_point	query	Identifier of the rule to delete	integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/delete/observation_points/stats.lua

Delete an Observation Point

Description: Given an Observation Point ID, it is going to delete it and all the information related to it
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
observation_point_id	query	Observation Point ID	integer
ifid	query	Interface identifier	integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/pro/rest/v2/get/observation_points/alias.lua

Get the alias of an Observation Point

Description: The alias of an Observation Point is returned
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
observation_point_id	query	Observation Point ID	integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

POST /lua/pro/rest/v2/set/observation_points/alias.lua

Set the alias of an Observation Point

Description: Set the alias of an Observation Point is returned
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
alias	formData	New Observation Point Alias	string
observation_point_id	formData	Observation Point ID	integer

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

1.4.15. Pools¶

GET /lua/pro/rest/v2/export/pool/policy.lua

Export pool policies

Description: Export pool policies
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/set/pool/policy.lua

Set pool policy

Description: Set pool policy
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/pro/rest/v2/set/pool/policy_autoconf.lua

Set a pool policy from autoconfiguration

Description: Set a pool policy from autoconfiguration
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

POST /lua/rest/v2/add/host/pool.lua

Add an host pool

Description: Add an host pool with members and configuration
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
pool_name	formData	Host Pool Name	string
pool_members	formData	List of IPs separated by commas	string
confset_id	formData	Configuration ID	integer

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-13 - ADD_POOL_FAILED

GET /lua/rest/v2/bind/host/pool/member.lua

Bind a member to an host pool

Description: Bind a member to an host pool
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
pool	query	Host Pool ID	integer
member	query	IP/MAC/Network CIDR to add to the Host Pool ID	string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-17 - BIND_POOL_MEMBER_FAILED

POST /lua/rest/v2/delete/host/pool.lua

Delete an host pool

Description: Delete an host pool
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
pool	query	Host Pool ID, required to delete the given pool	number

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-16 - POOL_NOT_FOUND

POST /lua/rest/v2/delete/pools.lua

Delete all pools for any available pool type

Description: Delete all pools for any available pool type
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

POST /lua/rest/v2/edit/host/pool.lua

Edit an host pool

Description: Edit an host pool with members and configuration
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
pool	formData	Pool ID	integer
pool_name	formData	Pool Name	string
pool_members	formData	Comma separated list of IPs/MACs/Networks cidr	string
confset_id	formData	Configuration ID	integer

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-14 - EDIT_POOL_FAILED

POST /lua/rest/v2/edit/host_pool/pool.lua

Edit an host pool pool

Description: Edit an host pool pool (only recipients edit is allowed)
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-14 - EDIT_POOL_FAILED

GET /lua/rest/v2/export/pool/config.lua

Export the pools configuration as a JSON file

Description: Export the configuration of all pools and dependencies (notifications, SNMP, active monitoring, checks
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
download	query	Download as file (no REST envelope)	boolean

Responses

0 - OK

-3 - NOT_GRANTED

1.4.16. Traffic¶

GET /lua/pro/rest/v2/get/db/historical_db_search.lua

Get historical flows info

Description: Get historical flows info
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
start	query	Starting record (e.g. start=100, it will start returning records from the 101st)	integer
length	query	Maximum number of records to get	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
l7proto	query	Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
l7proto_master	query	Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
l7cat	query	Application category identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
flow_risk	query	Flow risk identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
l4proto	query	Transport protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip_version	query	IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_ip	query	Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_ip	query	Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
traffic_direction	query	Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
name	query	Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
cli_name	query	Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
srv_name	query	Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
network_name	query	Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
src2dst_dscp	query	Client to Server DSCP identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_port	query	Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_port	query	Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
country	query	Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_country	query	Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_country	query	Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_asn	query	Client ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_asn	query	Server ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_nw_latency	query	Client network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
srv_nw_latency	query	Server network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
observation_point_id	query	Observation point identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
probe_ip	query	Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
vlan_id	query	VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
snmp_interface	query	SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
input_snmp	query	Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
output_snmp	query	Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
src2dst_tcp_flags	query	Client to Server TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
dst2src_tcp_flags	query	Server to Client TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
mac	query	MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_mac	query	Client MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_mac	query	Server MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
network	query	Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_network	query	Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_network	query	Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
info	query	Info field (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
bytes	query	Total Bytes (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
packets	query	Total Packets (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
host_pool_id	query	Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
cli_host_pool_id	query	Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
srv_host_pool_id	query	Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
l7_error_id	query	Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_proc_name	query	Client process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_proc_name	query	Server process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_user_name	query	Client user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_user_name	query	Server user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/connect/test.lua

Test ntopng

Description: Test ntopng reachability and authentication
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

1.4.17. Timeseries¶

GET /lua/pro/rest/v2/get/db/ts.lua

Return the number of flows in a period of time

Description: Return the timeseries of number of flows in a period of time
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
l7proto	query	Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
l7proto_master	query	Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
l7cat	query	Application category identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
flow_risk	query	Flow risk identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
l4proto	query	Transport protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip_version	query	IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_ip	query	Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_ip	query	Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
traffic_direction	query	Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
name	query	Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
cli_name	query	Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
srv_name	query	Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
network_name	query	Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
src2dst_dscp	query	Client to Server DSCP identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_port	query	Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_port	query	Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
country	query	Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_country	query	Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_country	query	Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_asn	query	Client ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_asn	query	Server ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_nw_latency	query	Client network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
srv_nw_latency	query	Server network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
observation_point_id	query	Observation point identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
probe_ip	query	Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
vlan_id	query	VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
snmp_interface	query	SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
input_snmp	query	Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
output_snmp	query	Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
src2dst_tcp_flags	query	Client to Server TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
dst2src_tcp_flags	query	Server to Client TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
mac	query	MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_mac	query	Client MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_mac	query	Server MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
network	query	Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_network	query	Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_network	query	Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
info	query	Info field (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
bytes	query	Total Bytes (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
packets	query	Total Packets (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
host_pool_id	query	Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
cli_host_pool_id	query	Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
srv_host_pool_id	query	Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
l7_error_id	query	Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_proc_name	query	Client process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_proc_name	query	Server process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_user_name	query	Client user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_user_name	query	Server user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

FILE - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

POST /lua/pro/rest/v2/get/timeseries/ts_multi.lua

Return timeseries

Description: Return the requested timeseries in the requested timeframe
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
limit	query	Maximum number of timeseries points	number
ts_compare	query	Choices available: ‘30m’, ‘1h’, ‘1d’. A string reporting the timeframe of the timeseries to be compared to (e.g. ‘30m’, means to return other then the timeserie requested, the 30 minutes before)	string
ts_requests	query	An array of timeseries to be returned, containing ts_query, ts_schema and tskey (e.g. [{ts_query: ‘ifid:1,asn:199524’, ts_schema: ‘asn:traffic’, tskey: ‘199524’}]; the explaination of these three parameters can be found into ‘/lua/rest/v2/get/timeseries/ts.lua’ REST)	array

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

1.4.18. Peers¶

GET /lua/pro/rest/v2/get/host/no_tx_peers.lua

Get RX-only host peers

Description: Get list of host with RX-only traffic (i.e. no TX traffic sent)
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

1.4.19. Top¶

GET /lua/pro/rest/v2/get/host/top/local/sites.lua

Get host top local sites

Description: Get host top local sites
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
host	query	The IP address of the host	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/interface/top/l7_stats.lua

Get interface top Layer-7 stats

Description: Get interface top Layer-7 stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/pro/rest/v2/get/interface/top/realtime_traffic.lua

Get interface top traffic stats

Description: Get interface top traffic stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/pro/rest/v2/get/interface/top/score.lua

Get interface top score stats

Description: Get interface top score stats
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

1.4.20. System¶

GET /lua/pro/rest/v2/get/infrastructure/data.lua

Get infrastructure data

Description: Get infrastructure data
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/pro/rest/v2/get/system/data.lua

Get system data

Description: Get system data
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

1.4.21. Sites¶

GET /lua/pro/rest/v2/get/interface/top/sites.lua

Get interface top sites

Description: Get the top sites for an interface
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

1.4.22. Maps¶

GET /lua/pro/rest/v2/get/maps/periodicity_map.lua

Get the periodicity map of an interface

Description: Get the periodicity map of an interface
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/pro/rest/v2/get/maps/service_map.lua

Get the service map of an interface

Description: Get the service map of an interface
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

1.4.23. User¶

POST /lua/rest/v2/create/ntopng/api_token.lua

Create an API token

Description: Create an API token
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
username	formData	An existing ntopng username	string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

1.4.24. Checks¶

GET /lua/rest/v2/delete/application/application.lua

Remove a custom protocol

Description: If run ntopng using -p option, delete a custom protocol if it exists
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
protocol_alias	form	Application Name	string

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/disable/check.lua

Disables a check

Description: Disables a check
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
check_subdir	form	The check subdir	string
script_key	form	The key of the script	string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/edit/application/application.lua

Edit a custom protocol

Description: If run ntopng using -p option, edit a custom protocol if it exists
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
protocol_alias	form	Application Name	string
category	form	Category ID	integer
l7_proto_id	form	Application ID	integer
custom_rules	form	List of custom rules separated by commas	string

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/enable/check.lua

Enables a check

Description: Enables a check
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
check_subdir	form	The check subdir	string
script_key	form	The key of the script	string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/export/checks/config.lua

Export Checks configuration

Description: Export Checks configuration
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

1.4.25. Notification Endpoints¶

POST /lua/rest/v2/delete/endpoints.lua

Delete all defined notification endpoints and reset them to factory-defaults

Description: Delete all defined notification endpoints and reset them to factory-defaults
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

1.4.26. Notification Recipients¶

POST /lua/rest/v2/delete/recipients.lua

Delete all defined recipients and reset them to factory-defaults

Description: Delete all defined recipients and reset them to factory-defaults
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

1.4.27. L7 Application Categories¶

GET /lua/rest/v2/edit/category/category.lua

Change the custom hosts for a specific category

Description: Given a category, an alias for the category and a list of hosts, networks or domain names, separated by comma, it is going to change the alias of the category and aggregate the traffic done by those hosts into the category
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
category	query	Category, formatted as cat_{id}, where ID is the ID of the category	string
custom_hosts	query	List of Hosts, Networks, Domain Names, separated by comma	string
alias	query	Alias of the Category	string

Responses

0 - OK

1.4.28. Configuration¶

POST /lua/rest/v2/edit/ntopng/incr_flows.lua

Double the maximum number of flows managed by ntopng

Description: Double the maximum number of flows managed by ntopng
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

-7 - BAD_FORMAT

POST /lua/rest/v2/edit/ntopng/incr_hosts.lua

Double the maximum number of hosts managed by ntopng

Description: Double the maximum number of hosts managed by ntopng
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

-7 - BAD_FORMAT

1.4.29. Active Monitoring¶

GET /lua/rest/v2/export/active_monitoring/config.lua

Export the active monitoring configuration as a JSON file

Description: Export the active monitoring configuration
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
download	query	Download as file (no REST envelope)	boolean

Responses

0 - OK

-3 - NOT_GRANTED

1.4.30. Notifications¶

GET /lua/rest/v2/export/notifications/config.lua

Export the notifications configuration as a JSON file

Description: Export the configuration for endpoints and recipients
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
download	query	Download as file (no REST envelope)	boolean

Responses

0 - OK

-3 - NOT_GRANTED

1.4.31. ¶

GET /lua/rest/v2/export/scripts/config.lua

Export the Checks configuration as a JSON file

Description: Export the configuration for all checks
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
download	query	Download as file (no REST envelope)	boolean

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/export/snmp/config.lua

Export the SNMP configuration as a JSON file

Description: Export the configuration for the SNMP devices
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
download	query	Download as file (no REST envelope)	boolean

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/get/alert/filter/consts.lua

Get available alert filters

Description: Given a specific alert type (flow, host, …) return the available filters
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
page	query	Alert Page (interface, flow, host, network, snmp_device, mac, user, am_host, system)	string

Responses

0 - OK

GET /lua/rest/v2/get/alert/list/alerts.lua

List stored interface alerts

Description: List alerts stored in the ntopng alert database
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
alert_family	query	Alert family. Possible values: active_monitoring, flow, host, interface, mac , network , snmp , system , user	string
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
select_clause	query	Select clause (default: *)	string
where_clause	query	Where clause (default: none). IP values should be double-quoted and between parenthesis (e.g. IPV4_SRC_ADDR = (“192.168.1.1”)).	string
maxhits_clause	query	Max hits (default: 10)	integer
order_by	query	Order by clause (default: no order)	string
group_by	query	Group by clause (default: no group)	string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/alert/severity/consts.lua

Get alert severity constants

Description: Alert severity string and integer severity id for each defined severity
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

GET /lua/rest/v2/get/alert/severity/counters.lua

Get alert counters by severity

Description: Alert severity counters in descending order
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
status	query	Status filter (historical, historical-flows)	string
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	Start time (epoch)	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/alert/type/consts.lua

Get alert type constants

Description: Alert type string and integer alert key for each defined alert
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

GET /lua/rest/v2/get/alert/type/counters.lua

Get alert counters by type

Description: Alert type counters indescending order
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
status	query	Status filter (historical, historical-flows)	string
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/all/alert/list.lua

Get all alerts list

Description: Get all alerts list
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
start	query	Starting record (e.g. start=100, it will start returning records from the 101st)	integer
length	query	Maximum number of records to get	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
format	query	Format of the return data (json or txt)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/all/alert/ts.lua

Get all alerts timeseries

Description: Get all alerts timeseries
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	Start time (epoch)	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/am_host/alert/list.lua

Get Active Monitoring alerts list

Description: Get Active Monitoring alerts list
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
start	query	Starting record (e.g. start=100, it will start returning records from the 101st)	integer
length	query	Maximum number of records to get	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
format	query	Format of the return data (json or txt)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/am_host/alert/ts.lua

Get Active Monitoring alerts timeseries

Description: Get Active Monitoring alerts timeseries
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

POST /lua/rest/v2/get/asn/asn_info.lua

Get Autonomous systems data

Description: Return the ASN data ntopng collected from analyzing the network. If an ASN is given, then return the data regarding the requested ASN
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
asn	formData	Autonomous System ID	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/get/asn/asn_name.lua

Get Autonomous systems name

Description: Return the ASN name given an IP
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ip	query	IP Address	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/get/category/list.lua

Get category information

Description: Get all the category information available
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/checks/config.lua

Get Checks configuration

Description: Get checks configuration
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
download	query	Download the data or not	boolean

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/get/country/country_name.lua

Get Country Name

Description: Return the Country name given a country code
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
country_id	query	Country Code	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/get/dns/resolve.lua

Resolve an host name into an IP address

Description: Resolve an host name into an IP address
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
hostname	query	The host name to be resolved	string

Responses

0 - OK

-9 - NAME_RESOLUTION_FAILED

GET /lua/rest/v2/get/flow/active.lua

Get active flows

Description: List of active flows
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
currentPage	query	Pagination: page (optional)	integer
perPage	query	Pagination: items per page (optional)	integer
sortColumn	query	Pagination: column for sorting (e.g. ‘score’) (optional)	string
sortOrder	query	Pagination: sorting order: ‘asc’ or ‘desc’ (optional)	string
host	query	Host address filter (optional)	string
vlan	query	VLAN ID filter (optional)	integer
l4proto	query	L4 protocol filter (optional)	string
application	query	Application protocol filter (optional)	string
verbose	query	Add more details including TCP stats (optional)	boolean

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/flow/alert/list.lua

Get flow alerts list

Description: Get flow alerts list
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
start	query	Starting record (e.g. start=100, it will start returning records from the 101st)	integer
length	query	Maximum number of records to get	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
ip_version	query	IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_ip	query	Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_ip	query	Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_name	query	Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
srv_name	query	Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
cli_port	query	Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_port	query	Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
vlan_id	query	VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
l7proto	query	Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_country	query	Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_country	query	Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
probe_ip	query	Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
input_snmp	query	Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
output_snmp	query	Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
snmp_interface	query	SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_host_pool_id	query	Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
srv_host_pool_id	query	Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
cli_network	query	Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_network	query	Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
l7_error_id	query	Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
traffic_direction	query	Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
format	query	Format of the return data (json or txt)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/flow/alert/ts.lua

Get flow alerts timeseries

Description: Get flow alerts timeseries
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
ip_version	query	IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_ip	query	Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_ip	query	Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_name	query	Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
srv_name	query	Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
cli_port	query	Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_port	query	Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
vlan_id	query	VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
l7proto	query	Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_country	query	Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_country	query	Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
probe_ip	query	Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
input_snmp	query	Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
output_snmp	query	Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
snmp_interface	query	SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
cli_host_pool_id	query	Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
srv_host_pool_id	query	Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
cli_network	query	Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
srv_network	query	Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
l7_error_id	query	Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
traffic_direction	query	Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/flow/l4/counters.lua

Get flow counters for L4 protocols

Description: Number of active flows per L4 protocol
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/flow/l7/counters.lua

Get flow counters for L7 protocols

Description: Number of active flows per L7 application protocol
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/flow/traffic_stats.lua

Get traffic stats for active flows

Description: Get traffic stats for active flows
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/host/active.lua

Get active hosts

Description: List of active hosts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
currentPage	query	Pagination: page (optional)	integer
perPage	query	Pagination: items per page (optional)	integer
sortColumn	query	Pagination: column for sorting (e.g. ip, name, since, last, alerts, country, vlan, num_flows, traffic, thpt) (optional)	string
sortOrder	query	Pagination: sorting order: ‘asc’ or ‘desc’ (optional)	string
all	query	Get all hosts (optional)	boolean
mode	query	Mode filter: all, local, remote, broadcast_domain, filtered, blacklisted, dhcp (optional)	string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/host/alert/list.lua

Get host alerts list

Description: Get host alerts list
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
start	query	Starting record (e.g. start=100, it will start returning records from the 101st)	integer
length	query	Maximum number of records to get	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
vlan_id	query	VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
ip_version	query	IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
name	query	Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
host_pool_id	query	Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
network	query	Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
format	query	Format of the return data (json or txt)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/host/alert/ts.lua

Get host alerts timeseries

Description: Get host alerts timeseries
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
vlan_id	query	VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
ip_version	query	IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
ip	query	IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
name	query	Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains)	string
host_pool_id	query	Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	string
network	query	Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/host/custom_data.lua

Get host custom data

Description: Custom data is returned for one or all hosts
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
host	query	Host address	string
field_alias	query	Field alias	string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-4 - INVALID_HOST

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

-8 - BAD_CONTENT

GET /lua/rest/v2/get/host/data.lua

Get host data

Description: Host data is returned
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
host	query	Host address (IP or IP@VLAN if traffic is tagged)	string

Responses

0 - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-4 - INVALID_HOST

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

-8 - BAD_CONTENT

GET /lua/rest/v2/get/host/dscp/stats.lua

Get IP DSCP statistics for a host

Description: DSCP statistics
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
host	query	Host address	string
vlan	query	VLAN ID	integer
direction	query	Select direction: ‘sent’ or ‘recvd’ (default)	boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/host/fingerprint/data.lua

Get counters per type

Description: Number of alerts per alert type
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
host	query	Host address	string
fingerprint_type	query	The fingerprint type, either ja3 or hassh	string

Responses

0 - OK

GET /lua/rest/v2/get/host/interfaces.lua

Get host interfaces

Description: All interface ids of a given host are returned
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	formData	Interface identifier	integer
host	formData	Host address	string
vlan	formData	VLAN ID	integer

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/get/host/l4/data.lua

Get the host information about transport protocols

Description: Given an host, return the transport protocols information (bytes sent, received, …) of an host
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
host	query	Host address	string
vlan	query	VLAN ID	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/host/l7/stats.lua

Get L7 statistics for a host

Description: nDPI statistics
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
host	query	Host address	string
vlan	query	VLAN ID	integer
breed	query	Show breed	boolean
ndpi_category	query	Show nDPI category	boolean
collapse_stats	query	Collapse the returned stats into ‘Other’ stats if bytes/flows are too low (< 3%)	boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/host/pool/members.lua

Get all host pool members

Description: Get all the members of a given host pool
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
pool	query	Host Pool ID	integer
member	query	IP/MAC/Network CIDR to add to the Host Pool ID	string

Responses

0 - OK

-16 - POOL_NOT_FOUND

GET /lua/rest/v2/get/host/pool/pools.lua

Get one or all host pools

Description: Get one or all host pools
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
pool	query	Host Pool ID	integer

Responses

0 - OK

-16 - POOL_NOT_FOUND

GET /lua/rest/v2/get/host/pool_by_member.lua

Get an host pool given a member

Description: Get an host pool given a member
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
member	query	IP/MAC/Network CIDR	string
pool_name_only	query	Return only the pool name (do not return pool details including members)	boolean

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/get/host/processes/listening_ports.lua

Get the host information about listening ports

Description: Given an host, return the information about listening ports (transport level protocol, package and process that’s currently running on that port)
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
host	query	Host address	string
vlan	query	VLAN ID	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/host/to_scan_list.lua

Retrieves vulnerability scan hosts list

Description: Get Hosts to Scan
Produces: [‘application/json’]

Responses

0 - OK

-6 - INTERNAL_ERROR

-8 - BAD_CONTENT

GET /lua/rest/v2/get/host/vulnerability_scan_type_list.lua

Retrieves vulnerability scan types list

Description: Get Scan Types List
Produces: [‘application/json’]

Responses

0 - OK

GET /lua/rest/v2/get/interface/address.lua

Get interface IP addresses

Description: List of interface IP addresses is returned
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/interface/alert/list.lua

Get interface alerts list

Description: Get interface alerts list
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
start	query	Starting record (e.g. start=100, it will start returning records from the 101st)	integer
length	query	Maximum number of records to get	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
subtype	query	Alert subtype	string
format	query	Format of the return data (json or txt)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/interface/alert/ts.lua

Get interface alerts timeseries

Description: Get interface alerts timeseries
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
subtype	query	Alert subtype	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/interface/arp.lua

Get interface ARP info

Description: Get interface ARP info
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
host	query	Host address	string

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/interface/bcast_domains.lua

Get interface broadcast domains

Description: Interface broadcast domains as detected from ARP traffic and broadcast traffic are returned
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/interface/data.lua

Get interface data

Description: Interface data is returned
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/interface/dscp/stats.lua

Get IP DSCP statistics for an interface

Description: DSCP statistics
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/interface/l7/stats.lua

Get L7 statistics for an interface

Description: nDPI statistics
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
ndpistats_mode	query	Stats mode: ‘sinceStartup’ or ‘count’	string
breed	query	Show breed	boolean
ndpi_category	query	Show nDPI category	boolean
all_values	query	Return all the values available	boolean
max_values	query	Get at most max_values, by default 5	int16
collapse_stats	query	Collapse the returned stats into ‘Other’ stats if bytes/flows are too low (< 3%)	boolean

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/interface/nprobes/data.lua

Get interface nProbe data

Description: Get data for nProbe instances connected to an ntopng interface
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/l4/protocol/consts.lua

Get L4 protocol constants

Description: L4 protocol names and integer identifiers
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

GET /lua/rest/v2/get/l7/application/consts.lua

Get L7 application protocol constants

Description: L7 application protocol names and integer identifiers
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

GET /lua/rest/v2/get/l7/category/consts.lua

Get L7 application category constants

Description: L7 application category names and integer identifiers
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

GET /lua/rest/v2/get/mac/alert/list.lua

Get MAC alerts list

Description: Get MAC alerts list
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
start	query	Starting record (e.g. start=100, it will start returning records from the 101st)	integer
length	query	Maximum number of records to get	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
format	query	Format of the return data (json or txt)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/mac/alert/ts.lua

Get MAC alerts timeseries

Description: Get MAC alerts timeseries
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/network/alert/list.lua

Get network alerts list

Description: Get network alerts list
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
start	query	Starting record (e.g. start=100, it will start returning records from the 101st)	integer
length	query	Maximum number of records to get	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
network_name	query	Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string
format	query	Format of the return data (json or txt)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/network/alert/ts.lua

Get network alerts timeseries

Description: Get network alerts timeseries
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
network_name	query	Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/network/discovery/discover.lua

Get interface network discovery data

Description: Get data regarding the network discovery done by an ntopng interface
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
operating_system	query	Operating System identifier	integer
device_type	query	Device type identifier	integer
manufacturer	query	Manufacturer of the device	string

Responses

0 - OK

-2 - INVALID_INTERFACE

GET /lua/rest/v2/get/network/networks.lua

Return list of networks

Description: Return the list of all networks
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

GET /lua/rest/v2/get/ntopng/interfaces.lua

Get ntopng actively monitored interfaces names and ids

Description: Interface name and integer interface id for each actively monitored ntopng interface
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

GET /lua/rest/v2/get/ntopng/users.lua

Read all configured ntopng users

Description: Read all configured ntopng users
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/get/pcap/live_extraction.lua

Extract (live download) PCAP data from the traffic recorded with the continuous recording (n2disk)

Description: Raw PCAP data is returned
Produces: [‘application/vnd.tcpdump.pcap’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
bpf_filter	query	BPF filter	string

Responses

FILE - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/rest/v2/create/pcap/extraction/task.lua

Schedule PCAP data extraction from traffic recorded with the continuous recording (n2disk). A job ID is returned to check the extraction status (see /lua/rest/v2/get/pcap/extraction/tasks.lua)

Description: Job info is returned
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
bpf_filter	query	BPF filter	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/pcap/extraction/tasks.lua

Read PCAP extraction jobs (scheduled with /lua/rest/v2/create/pcap/extraction/task.lua) information

Description: All jobs status is returned
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/pcap/extraction/data.lua

Download PCAP data extracted by a scheduled extraction task (scheduled with /lua/rest/v2/create/pcap/extraction/task.lua)

Description: Raw PCAP data is returned
Produces: [‘application/vnd.tcpdump.pcap’]

Parameters

Name	Position	Description	Type
job_id	query	Job ID	integer
file_id	query	File ID (default 1)	integer

Responses

FILE - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/rest/v2/get/pcap/live_traffic.lua

Live traffic capture

Description: Raw PCAP data is returned
Produces: [‘application/vnd.tcpdump.pcap’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
bpf_filter	query	BPF filter	string

Responses

FILE - OK

-1 - NOT_FOUND

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

-7 - BAD_FORMAT

GET /lua/rest/v2/get/pools.lua

Get all pools of any type

Description: Get all pools defined for any available pool type
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

GET /lua/rest/v2/get/recipient/pools.lua

Get recipient pools

Description: Get all pools bound to a recipient
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
recipient_id	query	Recipient identifier	integer

Responses

0 - OK

GET /lua/rest/v2/get/system/alert/list.lua

Get system alerts list

Description: Get system alerts list
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
start	query	Starting record (e.g. start=100, it will start returning records from the 101st)	integer
length	query	Maximum number of records to get	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
format	query	Format of the return data (json or txt)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/system/alert/ts.lua

Get system alerts timeseries

Description: Get system alerts timeseries
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/system/configurations/download_backup.lua

Get system configuration automatic backup

Description: Get on of the automatic system configurations backups
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
epoch	query	The epoch of the backup	integer
download	query	Download the backup or just retrive info	boolean

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/configurations/list_availabled_backups.lua

Get system configurations automatic backups

Description: Get list of automatic system configurations backups
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/health/influxdb.lua

Get InfluxDB Stats

Description: Get all the available InfluxDB Statistics
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/health/interfaces.lua

Get interfaces stats

Description: Get statistics of every active interfaces
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/health/redis.lua

Get Redis Stats

Description: Get all the available Redis Statistics
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/health/stats.lua

Get system stats

Description: Get statistics of the system on top of which ntopng is running
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/system/status.lua

Get system status info

Description: Get license information and resources used data
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

GET /lua/rest/v2/get/timeseries/ts.lua

Get timeseries data

Description: Get timeseries data
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
limit	query	Maximum number of timeseries points	number
initial_point	query	A boolean used to return the first point of the timeseries or not	boolean
ts_compare	query	Choices available: ‘30m’, ‘1h’, ‘1d’. A string reporting the timeframe of the timeseries to be compared to (e.g. ‘30m’, means to return other then the timeserie requested, the 30 minutes before)	string
ts_query	query	Containing the parameters used to find the timeserie in the following format, parameter:value;parameter:value;… (e.g. ‘ifid:1;host:192.168.1.1’)	string
tskey	query	Containing the timeseries key, whom the timeseries is referred to (e.g. if the timeserie is regarding the interface ‘7’ or the host ‘192.168.1.1’, then tskey is going to be ‘7’ or ‘192.168.1.1’)	string
ts_schema	query	Contains the timeserie schema (e.g. ‘iface:traffic’)	string

Responses

0 - OK

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/timeseries/type/consts.lua

Get available timeseries

Description: Get all the available timeseries given a tag
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
query	query	Tag used to retrieve the timeseries; currently available: iface, host, mac, subnet, asn, country, os, vlan, host_pool, pod, container, ht, system, profile, redis, influxdb, am, snmp_interface, snmp_device, obs_point, sflowdev_port, flowdev, flowdev_port	string
host	query	Host IP@VLAN, REQUIRED in case of timeseries regarding Host, SNMP or Flow devices	string
asn	query	ASN identifier, REQUIRED in case of timeseries regarding Autonomous Systems	integer
pool	query	Host Pool identifier, REQUIRED in case of timeseries regarding Host Pools	integer
vlan	query	VLAN identifier, REQUIRED in case of timeseries regarding VLANs	integer
mac	query	MAC address, REQUIRED in case of timeseries regarding MACs	string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/v2/get/user/alert/list.lua

Get user alerts list

Description: Get user alerts list
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
start	query	Starting record (e.g. start=100, it will start returning records from the 101st)	integer
length	query	Maximum number of records to get	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
format	query	Format of the return data (json or txt)	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

GET /lua/rest/v2/get/user/alert/ts.lua

Get user alerts timeseries

Description: Get user alerts timeseries
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	End time (epoch)	integer
alert_id	query	Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’)	integer
severity	query	Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer
score	query	Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then	integer

Responses

0 - OK

-2 - INVALID_INTERFACE

-3 - NOT_GRANTED

POST /lua/rest/v2/import/active_monitoring/config.lua

Import the active monitoring configuration providing a JSON file

Description: Import the active monitoring configuration
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

POST /lua/rest/v2/import/all/config.lua

Import all configurations providing a JSON file

Description: Import all configurations including Pools, Active Monitoring, Notifications (Endpoints and Recipients), Checks, SNMP devices
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

POST /lua/rest/v2/import/checks/config.lua

Import Checks configuration

Description: Import Checks configuration
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
JSON	form	The Checks configuration in JSON	string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

POST /lua/rest/v2/import/infrastructure/config.lua

Import the Infrastructure configuration providing a JSON file

Description: Import the configuration for all infrastructure configurations
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

POST /lua/rest/v2/import/notifications/config.lua

Import the notifications configuration providing a JSON file

Description: Import the configuration for endpoints and recipients
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

POST /lua/rest/v2/import/pool/config.lua

Import the pools configuration providing a JSON file

Description: Import the configuration of all pools and dependencies (notifications, SNMP, active monitoring, checks
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

GET /lua/rest/v2/import/pool/host_pool/members.lua

Import host pool members

Description: Import host pool members
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
pool	form	Pool identifier	integer
host_pool_members	form	A newline-separated list of host pool members	string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/import/scripts/config.lua

Import the Checks configuration providing a JSON file

Description: Import the configuration for all checks
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

POST /lua/rest/v2/import/snmp/config.lua

Import the SNMP configuration providing a JSON file

Description: Import the configuration for the SNMP devices
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

-27 - CONFIGURATION_FILE_MISMATCH

-28 - PARTIAL_IMPORT

GET /lua/rest/v2/reset/active_monitoring/config.lua

Reset Active Monitoring configuration

Description: Reset active monitoring configuration
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/reset/all/config.lua

Reset all configurations

Description: Reset all configurations
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/reset/checks/config.lua

Reset Checks configuration

Description: Reset checks configuration
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/reset/infrastructure/config.lua

Reset all infrastructure configurations

Description: Reset all infrastructure configurations
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/reset/notifications/config.lua

Reset Notifications configuration

Description: Reset notifications configuration
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

GET /lua/rest/v2/reset/snmp/config.lua

Reset SNMP configuration

Description: Reset SNMP configuration including all configured devices
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK

-3 - NOT_GRANTED

POST /lua/rest/v2/set/checks/config.lua

Set Checks configuration

Description: Set Checks configuration
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
JSON	form	Check configuration in JSON	string

Responses

0 - OK

-3 - NOT_GRANTED

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/set/host/alias.lua

Set host alias

Description: Set host custom name
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
host	formData	Host address	string
custom_name	formData	Custom name	string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/set/device/alias.lua

Set device alias

Description: Set device custom name
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
device	formData	Device MAC Address	string
custom_name	formData	Custom name	string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/set/network/alias.lua

Set network alias

Description: Set network custom name
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
network_cidr	formData	Network CIDR	string
custom_name	formData	Custom name	string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/set/interface/alias.lua

Set interface alias

Description: Set interface custom name
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	formData	Interface ID	string
custom_name	formData	Custom name	string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

POST /lua/rest/v2/set/host/notes.lua

Set host custom notes

Description: Given an host and a note, it is going to set that Note to the host
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
custom_notes	form	Custom Host Note	string

Responses

0 - OK

-5 - INVALID_ARGUMENTS

GET /lua/rest/v2/trigger/host/alert.lua

Trigger an external alert on a host

Description: Trigger alert
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	formData	Interface identifier	integer
host	formData	Host address	string
vlan	formData	VLAN ID	integer
score	formData	Set the alert score	boolean
info	formData	Set the alert description	string

Responses

0 - OK

-2 - INVALID_INTERFACE

-5 - INVALID_ARGUMENTS

-6 - INTERNAL_ERROR

GET /lua/rest/version.lua

Get supported and current REST API versions

Description: Return all the supported REST API versions and the current REST API version used
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type

Responses

0 - OK