Due to the uniqueness in infrastructure (e.g. ICS vs corporate network), protocols, and cybersecurity threats, network administrators need to have a simple yet effective way to define rules for accounting, detecting and alerting users when specific conditions are met.
In this talk, we want to show how ntopng can be used as a scriptable system capable of reacting to network events, by autonomously triggering actions or emitting notifications thanks to its scriptable detection engine based on checks, scriptable actions and notifications.
With the ongoing growth of the Internet and corporate traffic, links speed and number of connected devices and users, monitoring and controlling the infrastructure to ensure reliable and safe communications becomes more and more a hard task. Due to the uniqueness in infrastructure (e.g. ICS vs corporate network), protocols, and cybersecurity threats, network administrators need to have a simple yet effective way to define rules for accounting, detecting and alerting users when specific conditions are met.
In this talk, we want to show how ntopng can be used as a scriptable system capable of reacting to network events, by autonomously triggering actions or emitting notifications thanks to its scriptable detection engine based on checks, scriptable actions and notifications. ntopng performs network traffic analysis through checks that are executed on various entities including flows (network communications), hosts and networks and can be used to:
The scripting API is currently available for Lua and Python in addition to C++, and it has been designed not to reduce the application performance during traffic processing.
Speakers: Luca Deri Alfredo Cardigliano