| 1 |
alert_flow_blacklisted |
Blacklisted Flow
|
✓
|
✓
|
|
| 2 |
alert_blacklisted_country |
Blacklisted Country
|
✓
|
✓
|
|
| 3 |
alert_flow_blocked |
Flow blocked due to configured policies
|
|
|
|
| 4 |
alert_data_exfiltration |
ICMP Data Exfiltration
|
✓
|
|
|
| 5 |
alert_device_protocol_not_allowed |
Susp. Device Protocol
|
✓
|
|
|
| 6 |
alert_dns_data_exfiltration |
Too many packets exchanged in this flow
|
✓
|
|
|
| 7 |
alert_dns_invalid_query |
Invalid DNS query
|
✓
|
|
|
| 8 |
alert_elephant_flow |
Elephant Flow
|
|
|
|
| 9 |
alert_blacklisted_client_contact |
Blacklisted Client Contact
|
✓
|
✓
|
|
| 10 |
alert_external |
External Alert
|
|
|
|
| 11 |
alert_longlived |
Long-Lived Flow
|
|
|
|
| 12 |
alert_flow_low_goodput |
Low Goodput Ratio
|
|
|
|
| 13 |
alert_blacklisted_server_contact |
Blacklisted Server Contact
|
✓
|
✓
|
|
| 14 |
alert_internals |
Not Purged
|
|
|
|
| 15 |
host_alert_scan_realtime |
Scan (Realtime)
|
✓
|
|
|
| 16 |
alert_remote_to_remote |
Remote to Remote Flow
|
|
|
|
| 18 |
host_alert_icmp_flood |
ICMP Flood
|
✓
|
|
|
| 19 |
alert_packets_issues |
TCP Packets Issues
|
|
|
|
| 22 |
alert_tls_certificate_expired |
TLS Cert Expired
|
|
|
|
| 23 |
alert_tls_certificate_mismatch |
TLS Cert Mismatch
|
|
|
|
| 24 |
alert_ndpi_tls_old_protocol_version |
Obsolete TLS Version
|
|
|
|
| 25 |
alert_tls_unsafe_ciphers |
Weak TLS Ciphers
|
|
|
|
| 26 |
alert_ndpi_unidirectional_traffic |
Unidirectional Traffic
|
|
|
|
| 27 |
alert_web_mining |
Web Mining
|
|
|
|
| 28 |
alert_tls_certificate_selfsigned |
TLS Cert Self-signed
|
|
|
|
| 29 |
alert_binary_application_transfer |
Binary App/.exe Transfer
|
✓
|
✓
|
|
| 30 |
alert_known_proto_on_non_std_port |
Known Proto on Non Std Port
|
✓
|
|
|
| 31 |
host_alert_scan |
Scan
|
✓
|
|
|
| 32 |
alert_unexpected_dhcp_server |
Unexpected DHCP server found
|
✓
|
|
|
| 33 |
alert_unexpected_dns_server |
Unexpected DNS server
|
✓
|
|
|
| 34 |
alert_unexpected_smtp_server |
Unexpected SMTP server found
|
✓
|
|
|
| 35 |
alert_unexpected_ntp_server |
Unexpected NTP server found
|
✓
|
|
|
| 36 |
alert_zero_tcp_window |
TCP Zero Window
|
|
|
|
| 37 |
alert_iec_invalid_transition |
IEC Invalid Transition
|
|
|
|
| 38 |
alert_remote_to_local_insecure_flow |
Remote to Local Insecure Flow
|
✓
|
✓
|
|
| 39 |
alert_ndpi_url_possible_xss |
Possible XSS
|
✓
|
✓
|
|
| 40 |
alert_ndpi_url_possible_sql_injection |
Possible SQL Inj
|
✓
|
✓
|
|
| 41 |
alert_ndpi_url_possible_rce_injection |
Possible RCE
|
✓
|
✓
|
|
| 42 |
alert_ndpi_http_suspicious_user_agent |
HTTP Susp. User-Agent
|
✓
|
✓
|
|
| 43 |
alert_ndpi_numeric_ip_host |
HTTP/TLS/QUIC Numeric Hostname/SNI
|
✓
|
✓
|
|
| 44 |
alert_ndpi_http_suspicious_url |
HTTP Susp. URL
|
✓
|
✓
|
|
| 45 |
alert_ndpi_http_suspicious_header |
HTTP Susp. Header
|
✓
|
✓
|
|
| 46 |
alert_ndpi_tls_not_carrying_https |
TLS (probably) Not Carrying HTTPS
|
|
|
|
| 47 |
alert_ndpi_suspicious_dga_domain |
Susp. DGA Domain
|
✓
|
|
|
| 48 |
alert_ndpi_malformed_packet |
Malformed packet
|
|
|
|
| 49 |
alert_ndpi_ssh_obsolete_server |
SSH Obsolete Ser Vers/Cipher
|
|
|
|
| 50 |
alert_ndpi_smb_insecure_version |
SMB Insecure Vers
|
|
|
|
| 52 |
alert_ndpi_unsafe_protocol |
Unsafe Protocol
|
✓
|
|
|
| 53 |
alert_ndpi_dns_suspicious_traffic |
Susp. DNS Traffic
|
✓
|
✓
|
|
| 54 |
alert_ndpi_tls_missing_sni |
Missing SNI TLS Extn
|
|
|
|
| 55 |
alert_iec_unexpected_type_id |
IEC Unexpected TypeID
|
|
|
|
| 56 |
alert_flow_tcp_no_data_exchanged |
TCP No Data Exchanged
|
|
|
|
| 57 |
alert_remote_access |
Remote Access
|
|
|
|
| 58 |
alert_lateral_movement |
Lateral Movement on Service Map
|
|
|
|
| 59 |
alert_periodicity_changed |
Periodicity Changed
|
|
|
|
| 60 |
alert_ndpi_tls_cert_validity_too_long |
Too Long TLS Cert Validity
|
|
|
|
| 61 |
alert_ndpi_ssh_obsolete_client |
Obsolete SSH Client Version or Cipher
|
|
|
|
| 62 |
alert_ndpi_clear_text_credentials |
Clear-Text Credentials
|
|
|
|
| 63 |
alert_ndpi_http_suspicious_content |
HTTP Susp. Content
|
|
|
|
| 64 |
alert_ndpi_dns_large_packet |
Large DNS Packet (512+ bytes)
|
|
|
|
| 65 |
alert_ndpi_dns_fragmented |
Fragmented DNS Message
|
|
|
|
| 66 |
alert_ndpi_dns_invalid_characters |
Invalid Characters
|
|
|
|
| 67 |
alert_broadcast_non_udp_traffic |
Broadcast Non-UDP Traffic
|
✓
|
|
|
| 68 |
alert_ndpi_possible_exploit |
Possible Exploit
|
|
|
|
| 69 |
alert_ndpi_tls_certificate_about_to_expire |
TLS Cert About To Expire
|
|
|
|
| 70 |
alert_ndpi_punicody_idn |
Punicody IDN
|
|
|
|
| 71 |
alert_ndpi_error_code |
Error Code
|
|
|
|
| 72 |
alert_ndpi_http_crawler_bot |
Crawler/Bot
|
|
|
|
| 73 |
alert_ndpi_suspicious_entropy |
Susp. Entropy
|
✓
|
✓
|
|
| 74 |
alert_iec_invalid_command_transition |
IEC Invalid Command Transition
|
|
|
|
| 75 |
alert_tcp_connection_no_answer |
No Answer
|
|
|
|
| 76 |
alert_ndpi_anonymous_subscriber |
Anonymous Subscriber
|
|
|
|
| 78 |
alert_ndpi_desktop_or_file_sharing_session |
Desktop/File Sharing
|
|
|
|
| 79 |
alert_ndpi_malicious_fingerprint |
Malicious Fingerprint
|
|
|
|
| 80 |
alert_ndpi_malicious_sha1_certificate |
Malicious SHA1 TLS Cert.
|
|
|
|
| 81 |
alert_ndpi_tls_uncommon_alpn |
TLS Uncommon ALPN
|
|
|
|
| 82 |
alert_ndpi_tls_suspicious_extension |
TLS Susp. Extension
|
|
|
|
| 83 |
alert_ndpi_tls_fatal_alert |
TLS Fatal Alert
|
|
|
|
| 84 |
alert_ndpi_http_obsolete_server |
HTTP Obsolete Server
|
|
|
|
| 85 |
alert_ndpi_risky_asn |
Risky ASN
|
|
|
|
| 86 |
alert_ndpi_risky_domain |
Risky Domain
|
|
|
|
| 87 |
alert_custom_lua_script |
Custom Script
|
|
|
|
| 88 |
alert_ndpi_periodic_flow |
Periodic Flow
|
|
|
|
| 89 |
ndpi_minor_issues |
Minor Issues
|
|
|
|
| 90 |
ndpi_tcp_issues |
TCP Connection Issues
|
|
|
|
| 91 |
alert_vlan_bidirectional_traffic |
VLAN Bidirectional Traffic
|
|
|
|
| 92 |
alert_rare_destination |
Rare Destination
|
|
|
|
| 93 |
alert_modbus_unexpected_function_code |
ModbusTCP Invalid Function Code
|
|
|
|
| 94 |
alert_modbus_too_many_exceptions |
ModbusTCP Too Many Exceptions
|
|
|
|
| 95 |
alert_modbus_invalid_transition |
ModbusTCP Invalid Transition
|
|
|
|
| 96 |
alert_ndpi_unresolved_hostname |
Unresolved DNS hostname
|
✓
|
|
|
| 97 |
ndpi_tls_alpn_sni_mismatch |
ALPN/SNI Mismatch
|
|
|
|
| 98 |
alert_ndpi_malware_host_contacted |
Malware Host Contacted
|
|
|
|
| 99 |
ndpi_binary_data_transfer |
Binary File/Data Transfer (Attempt)
|
|
|
|
| 100 |
alert_tcp_flow_reset |
TCP Flow Reset
|
|
|
|
| 101 |
ndpi_probing_attempt |
Probing Attempt
|
|
|
|
| 102 |
alert_access_control_list |
ACL Violation (ICMP/TCP/UDP)
|
|
|
|
| 103 |
alert_host_policy |
Host Policy
|
|
|
|
| 104 |
alert_qoe_degraded |
QoE Issues
|
|
|
|
| 105 |
ndpi_obfuscated_traffic |
Obfuscated Traffic
|
|
|
|
| 106 |
alert_nedge_policy_violation |
Policy Violation
|
|
|
|
| 107 |
alert_ndpi_mismatching_protocol_with_ip |
Mismatching protocol with IP address
|
✓
|
|
|
| 108 |
alert_s7comm_unexpected_function_code |
S7Comm Invalid Function Code
|
|
|
|
| 109 |
alert_s7comm_too_many_errors |
S7Comm Too Many Errors
|
|
|
|
| 110 |
alert_s7comm_invalid_transition |
S7Comm Invalid Transition
|
|
|
|
| 4099 |
alert_dropped_alerts |
Dropped Alerts
|
|
|
|
| 4100 |
alert_gateway_unreachable |
Gateway Unreachable
|
|
|
|
| 4102 |
alert_ghost_network |
Ghost Networks
|
|
|
|
| 4103 |
alert_no_exporter_activity |
No Exporter Activity
|
|
|
|
| 4104 |
alert_host_pool_disconnection |
Host Pool Disconnection
|
|
|
|
| 4106 |
alert_influxdb_error |
InfluxDB Error
|
|
|
|
| 4107 |
alert_influxdb_export_failure |
InfluxDB Export Failure
|
|
|
|
| 4109 |
alert_ip_outsite_dhcp_range |
Misconfigured DHCP Range
|
|
|
|
| 4110 |
alert_list_download_failed |
List Download Failed
|
|
|
|
| 4111 |
alert_login_failed |
Login Failed
|
|
|
|
| 4112 |
alert_mac_ip_association_change |
IP/MAC Reassoc/Spoofing
|
|
|
|
| 4114 |
alert_misconfigured_app |
Misconfigured App
|
|
|
|
| 4115 |
alert_cloud_disconnected |
Cloud Disconnection
|
|
|
|
| 4116 |
alert_nfq_flushed |
Packets Queue Flushed
|
|
|
|
| 4117 |
alert_cloud_reconnected |
Cloud Reconnected
|
|
|
|
| 4118 |
alert_periodic_activity_not_executed |
Periodic Activity Not Executed
|
|
|
|
| 4119 |
alert_am_threshold_cross |
Active Monitoring
|
|
|
|
| 4120 |
alert_port_duplexstatus_change |
Duplex Status Change
|
|
|
|
| 4121 |
alert_port_errors |
High Interface Discards/Errors
|
|
|
|
| 4122 |
alert_no_probe_activity |
No Probe Activity
|
|
|
|
| 4123 |
alert_port_mac_changed |
MAC Port Changed
|
|
|
|
| 4124 |
alert_port_status_change |
Oper. Status Change
|
|
|
|
| 4125 |
alert_process_notification |
Process
|
|
|
|
| 4126 |
alert_quota_exceeded |
Quota Exceeded
|
|
|
|
| 4128 |
alert_slow_periodic_activity |
Slow Periodic Activity
|
|
|
|
| 4130 |
alert_snmp_device_reset |
SNMP Device Restart
|
|
|
|
| 4131 |
alert_snmp_topology_changed |
LLDP/CDP Topology changed
|
|
|
|
| 4132 |
alert_snmp_trap |
SNMP Trap
|
|
|
|
| 4136 |
alert_threshold_cross |
Threshold Cross
|
|
|
|
| 4137 |
alert_too_many_drops |
Packet Drops
|
|
|
|
| 4139 |
alert_user_activity |
User Activity
|
|
|
|
| 4142 |
alert_attack_mitigation_via_snmp |
Attack Mitigation via SNMP
|
|
|
|
| 4145 |
alert_list_download_succeeded |
List Download Succeeded
|
|
|
|
| 4146 |
alert_no_if_activity |
No Traffic Activity
|
|
|
|
| 4147 |
alert_device_connection_disconnection |
Unexpected MAC Conn./Disc.
|
|
|
|
| 4148 |
alert_shell_script_executed |
Endpoint Shell Script Executed
|
|
|
|
| 4151 |
alert_fail2ban_executed |
Fail2Ban command executed
|
|
|
|
| 4153 |
alert_flow_flood_victim |
Flows Flood Victim
|
|
✓
|
|
| 4157 |
alert_tcp_syn_scan_victim |
TCP SYN Scan Victim
|
|
✓
|
|
| 4159 |
alert_contacts_anomaly |
Unexpected Host Contacts Behaviour
|
|
|
|
| 4164 |
alert_broadcast_domain_too_large |
Broadcast Domain Too Large
|
|
|
|
| 4165 |
alert_ngi_trust_event |
NGI Trust Event
|
|
|
|
| 4168 |
alert_ids_ips_jail_add |
Jailed Host Added
|
|
|
|
| 4169 |
alert_ids_ips_jail_remove |
Jailed Host Removed
|
|
|
|
| 4170 |
alert_port_too_many_macs |
Many MACs on Non-Trunk
|
|
|
|
| 4171 |
alert_network_discovery_executed |
Network Discovery
|
|
|
|
| 4172 |
alert_port_mac_appeared |
MAC Appeared
|
|
|
|
| 4173 |
alert_port_mac_disappeared |
MAC Disappeared
|
|
|
|
| 4174 |
alert_network_score_per_host |
Network Score Per Host
|
|
|
|
| 4175 |
alert_dhcp_storm |
DHCP Storm
|
|
|
|
| 4176 |
alert_snmp_interface_errors |
SNMP High Error Counter
|
|
|
|
| 4177 |
alert_snmp_device_traffic_change |
Traffic Change Detected
|
|
|
|
| 4178 |
alert_local_host_blacklisted |
Local Host Blacklisted
|
|
|
|
| 4179 |
alert_network_issues |
Network issues
|
|
|
|
| 4180 |
alert_network_rule_threshold_cross |
Threshold Crossed
|
|
|
|
| 4181 |
alert_snmp_interface_threshold_crossed |
Threshold Crossed
|
|
|
|
| 4182 |
alert_score_behavior_anomaly |
Unexpected Score Behavior
|
|
|
|
| 4183 |
alert_traffic_behavior_anomaly |
Unexpected Traffic Behavior
|
|
|
|
| 4184 |
alert_vulnerability_scan |
Active Scan
|
|
|
|
| 4185 |
alert_host_pool_rule_threshold_crossed |
Threshold Crossed
|
|
|
|
| 4186 |
alert_cidr_rule_threshold_crossed |
Threshold Crossed
|
|
|
|
| 4187 |
alert_system_error |
System Error
|
|
|
|
| 4189 |
alert_vlan_rule_threshold_crossed |
Threshold Crossed
|
|
|
|
| 4190 |
alert_profile_rule_threshold_crossed |
Threshold Crossed
|
|
|
|
| 4191 |
alert_snmp_device_polling_error |
SNMP Polling Error
|
|
|
|
| 4192 |
alert_exporters_limit_exceeded |
Exporters Limit Exceeded
|
|
|
|
| 4193 |
alert_acl_violation_arp |
ACL Violation (ARP)
|
|
|
|
| 4194 |
alert_redis_reads_writes_exceeded |
Redis Reads Writes Exceeded
|
|
|
|
| 4195 |
alert_asn_rule_threshold_crossed |
Threshold Crossed
|
|
|
|
| 4196 |
alert_as_ranking_changed |
AS Exporter Ranking Changed
|
|
|
|