It would be desirable to have an %NTOPNG_ENTERPRISE_INFO IE containing information which is similar to the wireshark INFO column or the ntopng INFO column. Such IE would contain nDPI-provided data:
The host name for HTTP flows
The DNS query for DNS flows
the SNI for TLS flows
etc.
This can be used to populate ntopng fields without the need to enable nProbe plugins and having independent IEs now listed in @NTOPNG@ template.
To cleanup, it would be nice to have nDPI generating this column, so that it can be unified with method Flow::getFlowInfo of ntopng.
lucaderi
commented
3 years ago
It would be desirable to have an
%NTOPNG_ENTERPRISE_INFOIE containing information which is similar to the wireshark INFO column or the ntopng INFO column. Such IE would contain nDPI-provided data:etc.
This can be used to populate ntopng fields without the need to enable nProbe plugins and having independent IEs now listed in @NTOPNG@ template.
To cleanup, it would be nice to have nDPI generating this column, so that it can be unified with method Flow::getFlowInfo of ntopng.