Version : Ntopng v4.2 and later

Ntopng is the next-generation version of the original ntop. It is a passive network monitoring tool, focused on flows and statistics that can be obtained from the traffic captured by the server.

Ntopng log integration with Netsurion's Open XDR platform can be achieved via syslog. Ntopng sends events information like alerts and web traffic activities. Netsurion's Open XDR platform generates detail reports for suspicious traffic activities. Its graphical representation shows web traffic activities, source IP address, destination IP address, top accessed URL, etc.

Netsurion triggers alerts in the event when suspicious traffic is detected by Ntopng.

  • Security: All the events that are detected as suspicious activity.
  • Operations: Web traffic activities

Once Ntopng is configured to deliver events to Netsurion's Open XDR platform, then alerts, dashboards, and reports can be configured into Netsurion's Open XDR platform.

Some of the Data Source Integrations available in Netsurion are listed below. 


Type Name Description
Security Ntopng - Alert This alert is generated whenever suspicious traffic activities are detected by Ntopng.


Type Name Description
Security Ntopng - Alerts details This report provides information related to suspicious traffic detected on hosts. It contains the field information like, attack type, alert type, action, entity value, alert severity, etc.
Operations Ntopng - Web traffic activities This report provides information related to user accessed web traffic activities. It contains the field information like, source IP, source port, destination IP, destination port, URL, total bytes count bidirectional client and server, etc.


The configuration details are consistent with Netsurion version 9.2 and later, Ntopng v4.2 and later.

Download Integration Guide and How-to Guide for more information and to configuration instructions.