Checks
| Script | Type | Activity | Hooks | Filters | Filtered | Tot Exec Time | Action |
|---|---|---|---|---|---|---|---|
| countries_contacts | Hosts | Community | min | 0 | |||
| custom_host_lua_script | Hosts | Community | min | 0 | |||
| dangerous_host | Hosts | Community | min | 0 | |||
| dns_contacts | Hosts | Community | min | 0 | |||
| domain_names_contacts | Hosts | Community | min | 0 | |||
| external_host_script | Hosts | Community | min | 0 | |||
| flow_flood | Hosts | Community | min | 0 | |||
| icmp_flood | Hosts | Community | min | 0 | |||
| ntp_contacts | Hosts | Community | min | 0 | |||
| remote_connection | Hosts | Community | min | 0 | |||
| scan | Hosts | Enterprise M | 5mins | 0 | |||
| smtp_contacts | Hosts | Community | min | 0 | |||
| suspicious_domain_scan | Hosts | Enterprise M | hour | 0 | |||
| unexpected_gateway | Hosts | Community | min | 0 | |||
| dropped_alerts | Interfaces | Community | min | 0 | |||
| ghost_networks | Interfaces | Community | min | 0 | |||
| no_if_activity | Interfaces | Community | min | 0 | |||
| no_probe_or_exporter_activity | Interfaces | Community | min | 0 | |||
| periodic_activity_not_executed | Interfaces | Community | min | 0 | |||
| slow_periodic_activity | Interfaces | Community | min | 0 | |||
| too_many_drops | Interfaces | Community | min | 0 | |||
| broadcast_domain_too_large | Networks | Community | min | 0 | |||
| flow_flood_victim | Networks | Community | min | 0 | |||
| ip_reassignment | Networks | Community | min | 0 | |||
| network_discovery | Networks | Community | min | 0 | |||
| network_issues | Networks | Community | min | 0 | |||
| syn_scan_victim | Networks | Community | min | packet_interface | 0 | ||
| binary_application_transfer | Flows | Community | 0 | 312.8 ms | |||
| blacklisted | Flows | Community | 0 | 222.73 ms | |||
| blacklisted_client_contact | Flows | Community | 0 | 798.15 ms | |||
| blacklisted_server_contact | Flows | Community | 0 | 92.59 ms | |||
| broadcast_non_udp_traffic | Flows | Community | 0 | 517.24 ms | |||
| country_check | Flows | Community | 0 | < 1 ms | |||
| custom_lua_script | Flows | Community | 0 | < 1 ms | |||
| device_protocol_not_allowed | Flows | Community | 0 | 429.42 ms | |||
| external_alert_check | Flows | Community | 0 | 433.3 ms | |||
| iec_invalid_command_transition | Flows | Community | packet_interface | 0 | < 1 ms | ||
| iec_invalid_transition | Flows | Community | packet_interface | 0 | < 1 ms | ||
| iec_unexpected_type_id | Flows | Community | packet_interface | 0 | < 1 ms | ||
| known_proto_on_non_std_port | Flows | Community | 0 | 131.28 ms | |||
| low_goodput | Flows | Community | packet_interface, nedge=false | 0 | 286.82 ms | ||
| ndpi_anonymous_subscriber | Flows | Community | 0 | 70.07 ms | |||
| ndpi_binary_data_transfer | Flows | Community | 0 | 43.08 ms | |||
| ndpi_clear_text_credentials | Flows | Community | 0 | 88.37 ms | |||
| ndpi_desktop_or_file_sharing_session | Flows | Community | 0 | 66.45 ms | |||
| ndpi_dns_fragmented | Flows | Community | 0 | 82.04 ms | |||
| ndpi_dns_large_packet | Flows | Community | 0 | 63.35 ms | |||
| ndpi_dns_suspicious_traffic | Flows | Community | 0 | 70.18 ms | |||
| ndpi_error_code_detected | Flows | Community | 0 | 101.07 ms | |||
| ndpi_http_crawler_bot | Flows | Community | 0 | 46.2 ms | |||
| ndpi_http_obsolete_server | Flows | Community | 0 | 79.9 ms | |||
| ndpi_http_suspicious_content | Flows | Community | 0 | 69.91 ms | |||
| ndpi_http_suspicious_header | Flows | Community | 0 | 43.13 ms | |||
| ndpi_http_suspicious_url | Flows | Community | 0 | 93.52 ms | |||
| ndpi_http_suspicious_user_agent | Flows | Community | 0 | 60.62 ms | |||
| ndpi_invalid_characters | Flows | Community | 0 | 81.83 ms | |||
| ndpi_malformed_packet | Flows | Community | 0 | 99.53 ms | |||
| ndpi_malicious_fingerprint | Flows | Community | 0 | 453.47 ms | |||
| ndpi_malicious_sha1_certificate | Flows | Community | 0 | 58.15 ms | |||
| ndpi_malware_host_contacted | Flows | Community | 0 | 58.36 ms | |||
| ndpi_minor_issues | Flows | Community | 0 | 62.97 ms | |||
| ndpi_mismatching_protocol_with_ip | Flows | Community | 0 | 16.33 ms | |||
| ndpi_numeric_ip_host | Flows | Community | 0 | 93.1 ms | |||
| ndpi_obfuscated_traffic | Flows | Community | 0 | 55.96 ms | |||
| ndpi_periodic_flow | Flows | Community | 0 | < 1 ms | |||
| ndpi_possible_exploit | Flows | Community | 0 | 45.64 ms | |||
| ndpi_probing_attempt | Flows | Community | 0 | 137.44 ms | |||
| ndpi_punicody_idn | Flows | Community | 0 | 46.38 ms | |||
| ndpi_risky_asn | Flows | Community | 0 | 66.44 ms | |||
| ndpi_risky_domain | Flows | Community | 0 | 46.92 ms | |||
| ndpi_smb_insecure_version | Flows | Community | 0 | 49.68 ms | |||
| ndpi_ssh_obsolete_client | Flows | Community | 0 | 58.19 ms | |||
| ndpi_ssh_obsolete_server | Flows | Community | 0 | 48.53 ms | |||
| ndpi_suspicious_dga_domain | Flows | Community | 0 | 57.83 ms | |||
| ndpi_suspicious_entropy | Flows | Community | 0 | 152.25 ms | |||
| ndpi_tcp_issues | Flows | Community | 0 | 93.74 ms | |||
| ndpi_tls_alpn_sni_mismatch | Flows | Community | 0 | 28.71 ms | |||
| ndpi_tls_certificate_about_to_expire | Flows | Community | 0 | 26.69 ms | |||
| ndpi_tls_fatal_alert | Flows | Community | 0 | 71.6 ms | |||
| ndpi_tls_missing_sni | Flows | Community | 0 | 75.91 ms | |||
| ndpi_tls_not_carrying_https | Flows | Community | 0 | 61.03 ms | |||
| ndpi_tls_suspicious_extension | Flows | Community | 0 | 85.58 ms | |||
| ndpi_tls_uncommon_alpn | Flows | Community | 0 | 54.46 ms | |||
| ndpi_unidirectional_traffic | Flows | Community | 0 | 764.27 ms | |||
| ndpi_unsafe_protocol | Flows | Community | 0 | 63.25 ms | |||
| ndpi_url_possible_rce_injection | Flows | Community | 0 | 64.2 ms | |||
| ndpi_url_possible_sql_injection | Flows | Community | 0 | 69.25 ms | |||
| ndpi_url_possible_xss | Flows | Community | 0 | 46.12 ms | |||
| not_purged | Flows | Community | 0 | 143.65 ms | |||
| rare_destination | Flows | Community | packet_interface, nedge=false | 0 | 101.17 ms | ||
| remote_access | Flows | Community | 0 | 202.49 ms | |||
| remote_to_local_insecure_flow | Flows | Community | 0 | 140.87 ms | |||
| remote_to_remote | Flows | Community | 0 | < 1 ms | |||
| tcp_flow_reset | Flows | Community | 0 | < 1 ms | |||
| tcp_no_data_exchanged | Flows | Community | packet_interface | 0 | 985.95 ms | ||
| unexpected_dhcp | Flows | Community | 0 | < 1 ms | |||
| unexpected_dns | Flows | Community | 0 | < 1 ms | |||
| unexpected_ntp | Flows | Community | 0 | < 1 ms | |||
| unexpected_smtp | Flows | Community | 0 | < 1 ms | |||
| vlan_bidirectional_traffic | Flows | Community | 0 | < 1 ms | |||
| web_mining | Flows | Community | 0 | 112.19 ms | |||
| zero_tcp_window | Flows | Community | packet_interface | 0 | 137.63 ms | ||
| dropped_alerts | System | Community | min | 0 | |||
| exporters_limit_exceeded | System | Community | min | 0 | |||
| ids_ips_log | System | Community | min | 0 | |||
| periodic_activity_not_executed | System | Community | min | 0 | |||
| redis_reads_writes_exceeded | System | Community | day | 0 | |||
| slow_periodic_activity | System | Community | min | 0 | |||
| system_error | System | Community | min | 0 | |||
| host_log | Syslog | Community | handleEvent | 0 | |||
| nbox | Syslog | Community | handleEvent | 0 | |||
| suricata | Syslog | Community | handleEvent | nedge=false | 0 |