From fb0a73c0c7725fbeafda18b816d72f0d2fd6bd02 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Sat, 17 Dec 2022 19:36:00 +0100
Subject: Updated decription

---
 doc/flow_risks.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'doc/flow_risks.rst')

diff --git a/doc/flow_risks.rst b/doc/flow_risks.rst
index 936fb2550..541b6d045 100644
--- a/doc/flow_risks.rst
+++ b/doc/flow_risks.rst
@@ -213,7 +213,7 @@ This risk is triggered when a TLS fatal alert is detected in the TLS flow. See `
 
 NDPI_SUSPICIOUS_ENTROPY
 =======================
-This risk is used to detect suspicious data carried in ICMP packets whose entropy (used to measure how data is distributed, hence to indirectly guess the type of data carried on) is suspicious and thus that it can indicate a data leak.
+This risk is used to detect suspicious data carried in ICMP packets whose entropy (used to measure how data is distributed, hence to indirectly guess the type of data carried on) is suspicious and thus that it can indicate a data leak. Suspicious values indicate random entropy or entropy that is similar to encrypted traffic. In the latter case, this can be a suspicious data exfiltration symptom.
 
 .. _Risk 036:
 
-- 
cgit v1.2.3