| Script | Type | Activity | Hooks | Filters | Filtered | Tot Exec Time | Action |
|---|---|---|---|---|---|---|---|
| countries_contacts | Hosts | Community | min | 0 | |||
| custom_host_lua_script | Hosts | Community | min | 0 | |||
| dangerous_host | Hosts | Community | min | 0 | |||
| dns_contacts | Hosts | Community | min | 0 | |||
| domain_names_contacts | Hosts | Community | min | 0 | |||
| external_host_script | Hosts | Community | min | 0 | |||
| flow_flood | Hosts | Community | min | 0 | |||
| icmp_flood | Hosts | Community | min | 0 | |||
| ntp_contacts | Hosts | Community | min | 0 | |||
| remote_connection | Hosts | Community | min | 0 | |||
| scan | Hosts | Enterprise M | 5mins | 0 | |||
| smtp_contacts | Hosts | Community | min | 0 | |||
| suspicious_domain_scan | Hosts | Enterprise M | hour | 0 | |||
| unexpected_gateway | Hosts | Community | min | 0 | |||
| dropped_alerts | Interfaces | Community | min | 0 | |||
| ghost_networks | Interfaces | Community | min | 0 | |||
| no_if_activity | Interfaces | Community | min | 0 | |||
| no_probe_or_exporter_activity | Interfaces | Community | min | 0 | |||
| periodic_activity_not_executed | Interfaces | Community | min | 0 | |||
| slow_periodic_activity | Interfaces | Community | min | 0 | |||
| too_many_drops | Interfaces | Community | min | 0 | |||
| broadcast_domain_too_large | Networks | Community | min | 0 | |||
| flow_flood_victim | Networks | Community | min | 0 | |||
| ip_reassignment | Networks | Community | min | 0 | |||
| network_discovery | Networks | Community | min | 0 | |||
| network_issues | Networks | Community | min | 0 | |||
| syn_scan_victim | Networks | Community | min | packet_interface | 0 | ||
| binary_application_transfer | Flows | Community | 0 | 318.8 ms | |||
| blacklisted | Flows | Community | 0 | 228.17 ms | |||
| blacklisted_client_contact | Flows | Community | 0 | 820.69 ms | |||
| blacklisted_server_contact | Flows | Community | 0 | 94.33 ms | |||
| broadcast_non_udp_traffic | Flows | Community | 0 | 525.75 ms | |||
| country_check | Flows | Community | 0 | < 1 ms | |||
| custom_lua_script | Flows | Community | 0 | < 1 ms | |||
| device_protocol_not_allowed | Flows | Community | 0 | 437.92 ms | |||
| external_alert_check | Flows | Community | 0 | 441.11 ms | |||
| iec_invalid_command_transition | Flows | Community | packet_interface | 0 | < 1 ms | ||
| iec_invalid_transition | Flows | Community | packet_interface | 0 | < 1 ms | ||
| iec_unexpected_type_id | Flows | Community | packet_interface | 0 | < 1 ms | ||
| known_proto_on_non_std_port | Flows | Community | 0 | 133.43 ms | |||
| low_goodput | Flows | Community | packet_interface, nedge=false | 0 | 292.85 ms | ||
| ndpi_anonymous_subscriber | Flows | Community | 0 | 71.22 ms | |||
| ndpi_binary_data_transfer | Flows | Community | 0 | 43.76 ms | |||
| ndpi_clear_text_credentials | Flows | Community | 0 | 89.63 ms | |||
| ndpi_desktop_or_file_sharing_session | Flows | Community | 0 | 67.61 ms | |||
| ndpi_dns_fragmented | Flows | Community | 0 | 83.43 ms | |||
| ndpi_dns_large_packet | Flows | Community | 0 | 64.46 ms | |||
| ndpi_dns_suspicious_traffic | Flows | Community | 0 | 71.26 ms | |||
| ndpi_error_code_detected | Flows | Community | 0 | 102.59 ms | |||
| ndpi_http_crawler_bot | Flows | Community | 0 | 47.02 ms | |||
| ndpi_http_obsolete_server | Flows | Community | 0 | 81.06 ms | |||
| ndpi_http_suspicious_content | Flows | Community | 0 | 70.79 ms | |||
| ndpi_http_suspicious_header | Flows | Community | 0 | 43.77 ms | |||
| ndpi_http_suspicious_url | Flows | Community | 0 | 94.88 ms | |||
| ndpi_http_suspicious_user_agent | Flows | Community | 0 | 61.69 ms | |||
| ndpi_invalid_characters | Flows | Community | 0 | 83.33 ms | |||
| ndpi_malformed_packet | Flows | Community | 0 | 101.34 ms | |||
| ndpi_malicious_fingerprint | Flows | Community | 0 | 467.67 ms | |||
| ndpi_malicious_sha1_certificate | Flows | Community | 0 | 59.06 ms | |||
| ndpi_malware_host_contacted | Flows | Community | 0 | 59.26 ms | |||
| ndpi_minor_issues | Flows | Community | 0 | 64.1 ms | |||
| ndpi_mismatching_protocol_with_ip | Flows | Community | 0 | 16.54 ms | |||
| ndpi_numeric_ip_host | Flows | Community | 0 | 94.67 ms | |||
| ndpi_obfuscated_traffic | Flows | Community | 0 | 72.08 ms | |||
| ndpi_periodic_flow | Flows | Community | 0 | < 1 ms | |||
| ndpi_possible_exploit | Flows | Community | 0 | 46.39 ms | |||
| ndpi_probing_attempt | Flows | Community | 0 | 138.53 ms | |||
| ndpi_punicody_idn | Flows | Community | 0 | 47.14 ms | |||
| ndpi_risky_asn | Flows | Community | 0 | 67.57 ms | |||
| ndpi_risky_domain | Flows | Community | 0 | 47.61 ms | |||
| ndpi_smb_insecure_version | Flows | Community | 0 | 50.46 ms | |||
| ndpi_ssh_obsolete_client | Flows | Community | 0 | 59.12 ms | |||
| ndpi_ssh_obsolete_server | Flows | Community | 0 | 49.26 ms | |||
| ndpi_suspicious_dga_domain | Flows | Community | 0 | 58.88 ms | |||
| ndpi_suspicious_entropy | Flows | Community | 0 | 157.18 ms | |||
| ndpi_tcp_issues | Flows | Community | 0 | 95.05 ms | |||
| ndpi_tls_alpn_sni_mismatch | Flows | Community | 0 | 29.13 ms | |||
| ndpi_tls_certificate_about_to_expire | Flows | Community | 0 | 26.89 ms | |||
| ndpi_tls_fatal_alert | Flows | Community | 0 | 73.0 ms | |||
| ndpi_tls_missing_sni | Flows | Community | 0 | 77.18 ms | |||
| ndpi_tls_not_carrying_https | Flows | Community | 0 | 62.17 ms | |||
| ndpi_tls_suspicious_extension | Flows | Community | 0 | 89.18 ms | |||
| ndpi_tls_uncommon_alpn | Flows | Community | 0 | 55.33 ms | |||
| ndpi_unidirectional_traffic | Flows | Community | 0 | 783.75 ms | |||
| ndpi_unsafe_protocol | Flows | Community | 0 | 64.35 ms | |||
| ndpi_url_possible_rce_injection | Flows | Community | 0 | 65.14 ms | |||
| ndpi_url_possible_sql_injection | Flows | Community | 0 | 70.13 ms | |||
| ndpi_url_possible_xss | Flows | Community | 0 | 46.87 ms | |||
| not_purged | Flows | Community | 0 | 146.27 ms | |||
| rare_destination | Flows | Community | packet_interface, nedge=false | 0 | 102.92 ms | ||
| remote_access | Flows | Community | 0 | 205.58 ms | |||
| remote_to_local_insecure_flow | Flows | Community | 0 | 143.69 ms | |||
| remote_to_remote | Flows | Community | 0 | < 1 ms | |||
| tcp_flow_reset | Flows | Community | 0 | < 1 ms | |||
| tcp_no_data_exchanged | Flows | Community | packet_interface | 0 | 992.11 ms | ||
| unexpected_dhcp | Flows | Community | 0 | < 1 ms | |||
| unexpected_dns | Flows | Community | 0 | < 1 ms | |||
| unexpected_ntp | Flows | Community | 0 | < 1 ms | |||
| unexpected_smtp | Flows | Community | 0 | < 1 ms | |||
| vlan_bidirectional_traffic | Flows | Community | 0 | < 1 ms | |||
| web_mining | Flows | Community | 0 | 114.15 ms | |||
| zero_tcp_window | Flows | Community | packet_interface | 0 | 140.44 ms | ||
| dropped_alerts | System | Community | min | 0 | |||
| exporters_limit_exceeded | System | Community | min | 0 | |||
| ids_ips_log | System | Community | min | 0 | |||
| periodic_activity_not_executed | System | Community | min | 0 | |||
| redis_reads_writes_exceeded | System | Community | day | 0 | |||
| slow_periodic_activity | System | Community | min | 0 | |||
| system_error | System | Community | min | 0 | |||
| host_log | Syslog | Community | handleEvent | 0 | |||
| nbox | Syslog | Community | handleEvent | 0 | |||
| suricata | Syslog | Community | handleEvent | nedge=false | 0 |