Glama
Sign In

mcp-ntopng

by marcoeg
Verified
GitHub
Python
MIT License
  • Apple
RedditDiscord
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
NTOPNG_SCHEMA = { "database": "ntopng", "tables": [ { "table": "host_alerts_view", "columns": [ { "name": "rowid", "type": "UUID", "description": "Unique identifier for each row in the table" }, { "name": "alert_id", "type": "UInt32", "description": "Identifier for each alert" }, { "name": "alert_status", "type": "UInt8", "description": "Current status of the alert" }, { "name": "interface_id", "type": "UInt16", "description": "Identifier of the network interface associated with the alert (nullable)" }, { "name": "ip_version", "type": "UInt8", "description": "Version of IP protocol used (4 or 6)" }, { "name": "ip", "type": "String", "description": "IP address of the alerted host" }, { "name": "vlan_id", "type": "UInt16", "description": "VLAN identifier" }, { "name": "name", "type": "String", "description": "Name or hostname of the host" }, { "name": "is_attacker", "type": "UInt8", "description": "Flag indicating if the host is classified as an attacker" }, { "name": "is_victim", "type": "UInt8", "description": "Flag indicating if the host is classified as a victim" }, { "name": "is_client", "type": "UInt8", "description": "Flag indicating if the host is acting as a client" }, { "name": "is_server", "type": "UInt8", "description": "Flag indicating if the host is acting as a server" }, { "name": "tstamp", "type": "DateTime", "description": "Time when the alert was created" }, { "name": "tstamp_end", "type": "DateTime", "description": "Time when the alert has ended" }, { "name": "severity", "type": "UInt8", "description": "Severity level of the alert" }, { "name": "score", "type": "UInt16", "description": "Numerical score associated with the alert" }, { "name": "granularity", "type": "UInt8", "description": "Frequency of alert check execution" }, { "name": "counter", "type": "UInt32", "description": "Counter value, possibly indicating the number of times this alert has occurred" }, { "name": "description", "type": "String", "description": "Textual description of the alert" }, { "name": "json", "type": "String", "description": "JSON-formatted additional data or full representation of the alert" }, { "name": "user_label", "type": "String", "description": "Custom label assigned by a user when silencing the alert" }, { "name": "user_label_tstamp", "type": "DateTime", "description": "Timestamp when the user label was last modified" }, { "name": "host_pool_id", "type": "UInt16", "description": "Identifier for the pool of hosts this host belongs to" }, { "name": "network", "type": "UInt16", "description": "Identifier for the network this host belongs to" }, { "name": "country", "type": "String", "description": "Country associated with the host’s IP address" }, { "name": "alert_category", "type": "UInt8", "description": "Category of the alert" } ] }, { "table": "flow_alerts_view", "columns": [ { "name": "rowid", "type": "UUID", "description": "Unique identifier for each row in the table" }, { "name": "alert_id", "type": "UInt32", "description": "Unique identifier for each alert" }, { "name": "alert_status", "type": "UInt8", "description": "Current status of the alert" }, { "name": "interface_id", "type": "UInt16", "description": "Identifier of the network interface associated with the alert (nullable)" }, { "name": "tstamp", "type": "DateTime", "description": "Time when the alert was created" }, { "name": "tstamp_end", "type": "DateTime", "description": "Time when the alert has ended" }, { "name": "severity", "type": "UInt8", "description": "Severity level of the alert" }, { "name": "score", "type": "UInt16", "description": "Numerical score associated with the alert" }, { "name": "counter", "type": "UInt32", "description": "Counter value, indicating the number of times this alert has occurred" }, { "name": "json", "type": "String", "description": "JSON-formatted additional data or full representation of the alert" }, { "name": "ip_version", "type": "UInt8", "description": "Version of IP protocol used (4 or 6)" }, { "name": "cli_ip", "type": "String", "description": "IP address of the client" }, { "name": "srv_ip", "type": "String", "description": "IP address of the server" }, { "name": "cli_port", "type": "UInt16", "description": "Port number used by the client" }, { "name": "srv_port", "type": "UInt16", "description": "Port number used by the server" }, { "name": "vlan_id", "type": "UInt16", "description": "VLAN identifier" }, { "name": "is_cli_attacker", "type": "UInt8", "description": "Flag indicating if the client is classified as an attacker" }, { "name": "is_cli_victim", "type": "UInt8", "description": "Flag indicating if the client is classified as a victim" }, { "name": "is_srv_attacker", "type": "UInt8", "description": "Flag indicating if the server is classified as an attacker" }, { "name": "is_srv_victim", "type": "UInt8", "description": "Flag indicating if the server is classified as a victim" }, { "name": "proto", "type": "UInt8", "description": "IP protocol number" }, { "name": "l7_proto", "type": "UInt16", "description": "Layer 7 protocol identifier" }, { "name": "l7_master_proto", "type": "UInt16", "description": "Master Layer 7 protocol identifier" }, { "name": "l7_cat", "type": "UInt16", "description": "Category of Layer 7 protocol" }, { "name": "cli_name", "type": "String", "description": "Name or hostname of the client" }, { "name": "srv_name", "type": "String", "description": "Name or hostname of the server" }, { "name": "cli_country", "type": "String", "description": "Country of the client" }, { "name": "srv_country", "type": "String", "description": "Country of the server" }, { "name": "cli_blacklisted", "type": "UInt8", "description": "Flag indicating if the client is blacklisted" }, { "name": "srv_blacklisted", "type": "UInt8", "description": "Flag indicating if the server is blacklisted" }, { "name": "cli2srv_bytes", "type": "UInt8", "description": "Number of bytes transferred from client to server" }, { "name": "srv2cli_bytes", "type": "UInt8", "description": "Number of bytes transferred from server to client" }, { "name": "cli2srv_pkts", "type": "UInt8", "description": "Number of packets transferred from client to server" }, { "name": "srv2cli_pkts", "type": "UInt8", "description": "Number of packets transferred from server to client" }, { "name": "first_seen", "type": "DateTime", "description": "Timestamp when the flow was first observed" }, { "name": "community_id", "type": "String", "description": "Community identifier for the flow" }, { "name": "alerts_map", "type": "String", "description": "HEX bitmap of all flow statuses" }, { "name": "flow_risk_bitmap", "type": "UInt64", "description": "Bitmap representing risk factors associated with the flow" }, { "name": "user_label", "type": "String", "description": "Custom label assigned by a user when silencing the alert" }, { "name": "user_label_tstamp", "type": "DateTime", "description": "Timestamp when the user label was last modified" }, { "name": "cli_host_pool_id", "type": "UInt16", "description": "Host pool identifier for the client" }, { "name": "srv_host_pool_id", "type": "UInt16", "description": "Host pool identifier for the server" }, { "name": "cli_network", "type": "UInt16", "description": "Network identifier for the client" }, { "name": "srv_network", "type": "UInt16", "description": "Network identifier for the server" }, { "name": "info", "type": "String", "description": "Additional information about the flow alert" }, { "name": "cli_location", "type": "UInt8", "description": "Location identifier for the client" }, { "name": "srv_location", "type": "UInt8", "description": "Location identifier for the server" }, { "name": "probe_ip", "type": "String", "description": "IP address of the probe that detected the flow" }, { "name": "input_snmp", "type": "UInt32", "description": "SNMP interface index for input" }, { "name": "output_snmp", "type": "UInt32", "description": "SNMP interface index for output" }, { "name": "alert_category", "type": "UInt8", "description": "Category of the alert" } ] }, { "table": "flows", "columns": [ { "name": "FLOW_ID", "type": "UInt64", "description": "Unique Identifier of the flow, each flow has a different Flow ID" }, { "name": "IP_PROTOCOL_VERSION", "type": "UInt8", "description": "IP protocol version, 0 for IPv6, 1 for IPv4" }, { "name": "FIRST_SEEN", "type": "DateTime", "description": "Timestamp of the first time the flow was seen on the network (milliseconds precision)" }, { "name": "LAST_SEEN", "type": "DateTime", "description": "Timestamp of the last time the flow was seen on the network (milliseconds precision)" }, { "name": "VLAN_ID", "type": "UInt16", "description": "VLAN on which the flow was seen" }, { "name": "PACKETS", "type": "UInt32", "description": "Total number of packets exchanged during the communication" }, { "name": "TOTAL_BYTES", "type": "UInt64", "description": "Total number of bytes exchanged during the communication" }, { "name": "SRC2DST_BYTES", "type": "UInt64", "description": "Bytes sent from the source to the destination" }, { "name": "DST2SRC_BYTES", "type": "UInt64", "description": "Bytes sent from the destination to the source" }, { "name": "SRC2DST_DSCP", "type": "UInt8", "description": "DSCP from the source to the destination" }, { "name": "DST2SRC_DSCP", "type": "UInt8", "description": "DSCP from the destination to the source" }, { "name": "PROTOCOL", "type": "UInt8", "description": "Layer 4 protocol used during the communication" }, { "name": "IPV4_SRC_ADDR", "type": "UInt32", "description": "IPv4 address of the source" }, { "name": "IPV6_SRC_ADDR", "type": "UInt32", "description": "IPv6 address of the source" }, { "name": "IP_SRC_PORT", "type": "UInt16", "description": "Port used by the source" }, { "name": "IPV4_DST_ADDR", "type": "UInt32", "description": "IPv4 address of the destination" }, { "name": "IPV6_DST_ADDR", "type": "UInt32", "description": "IPv6 address of the destination" }, { "name": "IP_DST_PORT", "type": "UInt16", "description": "Port used by the destination" }, { "name": "L7_PROTO", "type": "UInt16", "description": "Application protocol used in the communication (Layer 7)" }, { "name": "L7_PROTO_MASTER", "type": "UInt16", "description": "Master protocol of the Layer 7 application" }, { "name": "L7_CATEGORY", "type": "UInt16", "description": "Category of the Layer 7 application" }, { "name": "FLOW_RISK", "type": "UInt64", "description": "Bitmap representing flow risk flags set during the communication" }, { "name": "INFO", "type": "String", "description": "Extra information about the communication (e.g. requested URL)" }, { "name": "PROFILE", "type": "String", "description": "Profile name associated with the flow" }, { "name": "NTOPNG_INSTANCE_NAME", "type": "String", "description": "Name of the ntopng instance" }, { "name": "INTERFACE_ID", "type": "UInt16", "description": "Identifier of the interface where the flow was observed" }, { "name": "STATUS", "type": "UInt8", "description": "ID of the most important alert triggered by the flow" }, { "name": "SRC_COUNTRY_CODE", "type": "UInt16", "description": "Country code of the source" }, { "name": "DST_COUNTRY_CODE", "type": "UInt16", "description": "Country code of the destination" }, { "name": "SRC_LABEL", "type": "String", "description": "Host name of the source" }, { "name": "DST_LABEL", "type": "String", "description": "Host name of the destination" }, { "name": "SRC_MAC", "type": "UInt64", "description": "MAC address of the source" }, { "name": "DST_MAC", "type": "UInt64", "description": "MAC address of the destination" }, { "name": "COMMUNITY_ID", "type": "String", "description": "Community ID of the communication" }, { "name": "SRC_ASN", "type": "UInt32", "description": "Autonomous System Number (ASN) of the source" }, { "name": "DST_ASN", "type": "UInt32", "description": "Autonomous System Number (ASN) of the destination" }, { "name": "PROBE_IP", "type": "UInt32", "description": "IP address of the probe that sent the flow to ntopng" }, { "name": "OBSERVATION_POINT_ID", "type": "UInt16", "description": "Observation point ID where the flow was seen" }, { "name": "SRC2DST_TCP_FLAGS", "type": "UInt8", "description": "Bitmap of TCP flags sent from source to destination" }, { "name": "DST2SRC_TCP_FLAGS", "type": "UInt8", "description": "Bitmap of TCP flags sent from destination to source" }, { "name": "SCORE", "type": "UInt16", "description": "Score assigned to the flow" }, { "name": "CLIENT_NW_LATENCY_US", "type": "UInt32", "description": "Network latency for the source client in microseconds" }, { "name": "SERVER_NW_LATENCY_US", "type": "UInt32", "description": "Network latency for the destination server in microseconds" }, { "name": "CLIENT_LOCATION", "type": "UInt8", "description": "Source location (0 = remote, 1 = local, 2 = multicast)" }, { "name": "SERVER_LOCATION", "type": "UInt8", "description": "Destination location (0 = remote, 1 = local, 2 = multicast)" }, { "name": "SRC_NETWORK_ID", "type": "UInt32", "description": "Network ID of the source address" }, { "name": "DST_NETWORK_ID", "type": "UInt32", "description": "Network ID of the destination address" }, { "name": "INPUT_SNMP", "type": "UInt32", "description": "SNMP input interface ID (if enabled)" }, { "name": "OUTPUT_SNMP", "type": "UInt32", "description": "SNMP output interface ID (if enabled)" }, { "name": "SRC_HOST_POOL_ID", "type": "UInt16", "description": "Host pool ID of the source" }, { "name": "DST_HOST_POOL_ID", "type": "UInt16", "description": "Host pool ID of the destination" }, { "name": "SRC_PROC_NAME", "type": "String", "description": "Name of the source process that generated the flow (if available)" }, { "name": "DST_PROC_NAME", "type": "String", "description": "Name of the destination process of the flow (if available)" }, { "name": "SRC_PROC_USER_NAME", "type": "String", "description": "Username of the source process (if available)" }, { "name": "DST_PROC_USER_NAME", "type": "String", "description": "Username of the destination process (if available)" }, { "name": "ALERTS_MAP", "type": "String", "description": "Bitmap of all alerts triggered by the flow" }, { "name": "SEVERITY", "type": "String", "description": "Severity of the communication" }, { "name": "IS_CLI_ATTACKER", "type": "UInt8", "description": "1 if source is flagged as attacker, 0 otherwise" }, { "name": "IS_CLI_VICTIM", "type": "UInt8", "description": "1 if source is flagged as victim, 0 otherwise" }, { "name": "IS_CLI_BLACKLISTED", "type": "UInt8", "description": "1 if source is blacklisted, 0 otherwise" }, { "name": "IS_SRV_ATTACKER", "type": "UInt8", "description": "1 if destination is flagged as attacker, 0 otherwise" }, { "name": "IS_SRV_VICTIM", "type": "UInt8", "description": "1 if destination is flagged as victim, 0 otherwise" }, { "name": "IS_SRV_BLACKLISTED", "type": "UInt8", "description": "1 if destination is blacklisted, 0 otherwise" }, { "name": "ALERT_STATUS", "type": "UInt8", "description": "1 if the alert was acknowledged, 0 otherwise" }, { "name": "USER_LABEL", "type": "String", "description": "User-defined label for acknowledged alerts" }, { "name": "USER_LABEL_TSTAMP", "type": "DateTime", "description": "Timestamp when user label was added or modified" }, { "name": "ALERT_JSON", "type": "String", "description": "JSON with extra protocol information (e.g. HTTP URL)" }, { "name": "IS_ALERT_DELETED", "type": "UInt8", "description": "1 if the alert was deleted, 0 otherwise" }, { "name": "SRC2DST_PACKETS", "type": "UInt32", "description": "Number of packets from source to destination" }, { "name": "DST2SRC_PACKETS", "type": "UInt32", "description": "Number of packets from destination to source" }, { "name": "ALERT_CATEGORY", "type": "UInt8", "description": "Category of the alert (e.g. flow, host)" } ] } ] }