Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Local traffic rules - add options to fine tune the alerts #7754

Open
FedmahnK opened this issue Aug 11, 2023 · 2 comments
Open

Local traffic rules - add options to fine tune the alerts #7754

FedmahnK opened this issue Aug 11, 2023 · 2 comments
Assignees
@manuelceroni @MatteoBiscosi
Labels
Enhancement

Comments

@FedmahnK
Copy link

What would you like to add or change?:

  • Have more option to target IP, like using host pool or network
  • add option to select RX or TX traffic
  • add option to trigger alert only at some hours of the days

Why do you and others need this?:

I think it will be interesting to create alerts for a pool of host (say like clients, servers etc ...), or if possible a local network.
For example, if I create a global volume traffic rule, a file server will always trigger it.

On the contrary, I want to be alerted if unusual TX traffic occur in non working hours (a host with TX night traffic other than plan backup may be problematic).
@NicoMaio
Copy link
Contributor

Hi @FedmahnK,
Could you please describe a specific use case for the third bullet (add option to trigger alert only at some hours of the days)?

@FedmahnK
Copy link
Author

Hi,

A PC used by a normal user generate legitimate traffic usually during the working hours. If a PC is consuming bandwith at night (upload to Internet, download from a file server, etc ...), the PC may be compromised.

In my case, I am using ntop as a pure sflow collector, so I mainly have metrics. But I have a lot of them. For example, sflow collector is enough to mesure onedrive bandwith for a host, network, host pool ...

Thanks for your time

@NicoMaio NicoMaio self-assigned this Aug 14, 2023
NicoMaio added a commit that referenced this issue Aug 17, 2023
@NicoMaio
Add host pools and networks in Local Traffic Rules. (#7754)
7d3696c
NicoMaio added a commit that referenced this issue Aug 29, 2023
@NicoMaio
Add traffic RX and TX (#7754)
08620ec
@NicoMaio NicoMaio assigned MatteoBiscosi and unassigned NicoMaio May 14, 2024
@DGabri DGabri removed the In Progress label Jul 5, 2024
@lucaderi lucaderi assigned manuelceroni and unassigned DGabri Mar 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@manuelceroni manuelceroni

@MatteoBiscosi MatteoBiscosi

Labels
Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@DGabri @manuelceroni @MatteoBiscosi @NicoMaio @FedmahnK