Added NDPI_MALICIOUS_JA3 flow risk

Added ndpi_load_malicious_ja3_file() API call
author: Luca Deri <deri@ntop.org> 2021-02-22 23:19:23 +0100
committer: Luca Deri <deri@ntop.org> 2021-02-22 23:19:23 +0100
commit: f1b22b199f08469407c55dcd98ec24af85da0fd3 (patch)
tree: 9311e4920c5fe876624f6ca2b0185456fd14c8cf /src/include/ndpi_typedefs.h
parent: fc3db8f1691e913b03ca88a47770c5abf3104ef8 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index dce9c34d8..dd6e83e2b 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -91,6 +91,7 @@ typedef enum {
   NDPI_HTTP_SUSPICIOUS_CONTENT,
   NDPI_RISKY_ASN,
   NDPI_RISKY_DOMAIN,
+  NDPI_MALICIOUS_JA3,
 
   
   /* Leave this as last member */
@@ -1099,7 +1100,8 @@ struct ndpi_detection_module_struct {
     content_automa,                            /* Used for HTTP subprotocol_detection */
     subprotocol_automa,                        /* Used for HTTP subprotocol_detection */
     bigrams_automa, impossible_bigrams_automa, /* TOR */
-    risky_domain_automa, tls_cert_subject_automa;
+    risky_domain_automa, tls_cert_subject_automa,
+    malicious_ja3_automa;
   /* IMPORTANT: please update ndpi_finalize_initialization() whenever you add a new automa */
   
   struct {
author	Luca Deri <deri@ntop.org>	2021-02-22 23:19:23 +0100
committer	Luca Deri <deri@ntop.org>	2021-02-22 23:19:23 +0100
commit	f1b22b199f08469407c55dcd98ec24af85da0fd3 (patch)
tree	9311e4920c5fe876624f6ca2b0185456fd14c8cf /src/include/ndpi_typedefs.h
parent	fc3db8f1691e913b03ca88a47770c5abf3104ef8 (diff)