diff options
| author | Luca Deri <deri@ntop.org> | 2022-02-14 23:38:21 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2022-02-14 23:38:21 +0100 |
| commit | 8a2a47e62a0d7b1bc8815dc4f09c35b73393454e (patch) | |
| tree | 23dca6dbaa8168b0b1ee63c95a715b17a8af1d76 /src/lib | |
| parent | 92da30f01750a2d10a1db697cefe33e6efed1fd7 (diff) | |
Silenced
NDPI_SUSPICIOUS_DGA_DOMAIN,
NDPI_BINARY_APPLICATION_TRANSFER,
NDPI_HTTP_NUMERIC_IP_HOST,
NDPI_MALICIOUS_JA3,
for predefined connectivity check and cybersec categories
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 20 |
2 files changed, 14 insertions, 7 deletions
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index cb59883ce..2c4781e82 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -1911,6 +1911,7 @@ static ndpi_protocol_match host_match[] = { "malwarebytes.com", "Cybersec", NDPI_PROTOCOL_CYBERSECURITY, NDPI_PROTOCOL_CATEGORY_CYBERSECURITY, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "trendmicro.com", "Cybersec", NDPI_PROTOCOL_CYBERSECURITY, NDPI_PROTOCOL_CATEGORY_CYBERSECURITY, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { ".eset.com", "Cybersec", NDPI_PROTOCOL_CYBERSECURITY, NDPI_PROTOCOL_CATEGORY_CYBERSECURITY, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { ".e5.sk", "Cybersec", NDPI_PROTOCOL_CYBERSECURITY, NDPI_PROTOCOL_CATEGORY_CYBERSECURITY, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "bullguard.com", "Cybersec", NDPI_PROTOCOL_CYBERSECURITY, NDPI_PROTOCOL_CATEGORY_CYBERSECURITY, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "paloaltonetworks.com", "Cybersec", NDPI_PROTOCOL_CYBERSECURITY, NDPI_PROTOCOL_CATEGORY_CYBERSECURITY, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "crowdstrike.com", "Cybersec", NDPI_PROTOCOL_CYBERSECURITY, NDPI_PROTOCOL_CATEGORY_CYBERSECURITY, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 87a9bff87..7c0e8f3b1 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2519,13 +2519,6 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs static void ndpi_add_domain_risk_exceptions(struct ndpi_detection_module_struct *ndpi_str) { const char *domains[] = { ".local", - ".msftconnecttest.com", - "amupdatedl.microsoft.com", - "update.microsoft.com.akadns.net", - ".windowsupdate.com", - ".ras.microsoft.com", - "e5.sk", - "sophosxl.net", NULL /* End */ }; const ndpi_risk risks_to_mask[] = { @@ -2543,6 +2536,19 @@ static void ndpi_add_domain_risk_exceptions(struct ndpi_detection_module_struct for(i=0; domains[i] != NULL; i++) ndpi_add_host_risk_mask(ndpi_str, (char*)domains[i], mask); + + for(i=0; host_match[i].string_to_match != NULL; i++) { + switch(host_match[i].protocol_category) { + case NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK: + case NDPI_PROTOCOL_CATEGORY_CYBERSECURITY: + ndpi_add_host_risk_mask(ndpi_str, (char*)host_match[i].string_to_match, mask); + break; + + default: + /* Nothing to do */ + break; + } + } } /* *********************************************** */ |