Due to the uniqueness in infrastructure (e.g. ICS vs corporate network), protocols, and cybersecurity threats, network administrators need to have a simple yet effective way to define rules for accounting, detecting and alerting users when specific conditions are met. In this talk, we want to show how ntopng can be used as a scriptable system capable of reacting to network events, by autonomously triggering actions or emitting notifications thanks to its scriptable detection engine based on checks, scriptable actions and notifications. With the ongoing growth of the Internet and corporate traffic, links speed and number of connected devices and users, monitoring and controlling the infrastructure to ensure reliable and safe communications becomes more and more a hard task. Due to the uniqueness in infrastructure (e.g. ICS vs corporate network), protocols, and cybersecurity threats, network administrators need to have a simple yet effective way to define rules for accounting, detecting and alerting users when specific conditions are met. In this talk, we want to show how ntopng can be used as a scriptable system capable of reacting to network events, by autonomously triggering actions or emitting notifications thanks to its scriptable detection engine based on checks, scriptable actions and notifications. ntopng performs network traffic analysis through checks that are executed on various entities including flows (network communications), hosts and networks and can be used to: - save man time by automating manual operations - inform management about critical events, including network performance - implement cybersecurity threat detection and response create custom traffic reports - emit alerts when specific traffic patterns are observed The scripting API is currently available for Lua and Python in addition to C++, and it has been designed not to reduce the application performance during traffic processing.