giorgiozoppi
commented
2 years ago Would be nice if might be configured to send to a public cloud using a data lake there, so an external tool could fetch data and do analytics, also an external app could send the alarm via twilio to the network owner if the severity is high. i.e https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/storage/azure-storage-files-datalake/samples/datalake_getting_started.cpp
In case an alert where an attacker is defined, it is requested to send this data to a central collector. Example if you have 5 ntopng instances, it would be nice to collapse into a single place all attackers information limited to attackers with public IP address.
It is requested to implement this functionality by defining a packet format containing
The format should be JSON for future extension, and data delivered via UDP