Timeseries for blacklists is not working

ntop / ntopng

Web-based Traffic and Security Network Traffic Monitoring

http://www.ntop.org

GNU General Public License v3.0

6.3k stars 656 forks source link

Timeseries for blacklists is not working #8817

Open DGabri opened 1 week ago

DGabri commented 1 week ago

I have alerts regarding blacklisted client and server contact made by an IP from IPsum Threat Intelligence Feed but in the timeseries I do not see any hit.

MatteoBiscosi commented 1 week ago

The blacklists timeseries works, the only problem is that it's an hits per second metric, so if you do not have enough blacklisted flows, you are not going to see nothing due to the low hit rate

lucaderi commented 1 day ago

Healthy networks have very few blacklist hits, hence you need to multiply the hits so that they are non-zero. Possible workarounds include hits/min