From f1b22b199f08469407c55dcd98ec24af85da0fd3 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Mon, 22 Feb 2021 23:19:23 +0100
Subject: Added NDPI_MALICIOUS_JA3 flow risk Added
 ndpi_load_malicious_ja3_file() API call

---
 src/include/ndpi_typedefs.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/include/ndpi_typedefs.h')

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index dce9c34d8..dd6e83e2b 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -91,6 +91,7 @@ typedef enum {
   NDPI_HTTP_SUSPICIOUS_CONTENT,
   NDPI_RISKY_ASN,
   NDPI_RISKY_DOMAIN,
+  NDPI_MALICIOUS_JA3,
 
   
   /* Leave this as last member */
@@ -1099,7 +1100,8 @@ struct ndpi_detection_module_struct {
     content_automa,                            /* Used for HTTP subprotocol_detection */
     subprotocol_automa,                        /* Used for HTTP subprotocol_detection */
     bigrams_automa, impossible_bigrams_automa, /* TOR */
-    risky_domain_automa, tls_cert_subject_automa;
+    risky_domain_automa, tls_cert_subject_automa,
+    malicious_ja3_automa;
   /* IMPORTANT: please update ndpi_finalize_initialization() whenever you add a new automa */
   
   struct {
-- 
cgit v1.2.3