Version : Ntopng v4.2 and later

Ntopng is the next-generation version of the original ntop. It is a passive network monitoring tool, focused on flows and statistics that can be obtained from the traffic captured by the server.

Ntopng log integration with Netsurion Open XDR can be achieved via syslog. Ntopng sends events information like alerts and web traffic activities. Netsurion Open XDR generates detail reports for suspicious traffic activities. Its graphical representation shows web traffic activities, source IP address, destination IP address, top accessed URL, etc.

Netsurion Open XDR triggers alerts in the event when suspicious traffic is detected by Ntopng.

  • Security: All the events that are detected as suspicious activity.
  • Operations: Web traffic activities

Once Ntopng is configured to deliver events to Netsurion Open XDR, then alerts, dashboards, and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.


Type Name Description
Security Ntopng – Alert This alert is generated whenever suspicious traffic activities are detected by Ntopng.


Type Name Description
Security Ntopng – Alerts details This report provides information related to suspicious traffic detected on hosts. It contains the field information like, attack type, alert type, action, entity value, alert severity, etc.
Operations Ntopng – Web traffic activities This report provides information related to user accessed web traffic activities. It contains the field information like, source IP, source port, destination IP, destination port, URL, total bytes count bidirectional client and server, etc.


The configuration details are consistent with Netsurion Open XDR 9.2 and later, Ntopng.

Download Integration Guide and How-to Guide for configuration instructions and more information.