From 58a9aff17cec2842b5d232eee5a39c0d58a01a75 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 26 Jan 2022 09:23:23 +0100 Subject: Added NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE flow risk Added ndpi_set_tls_cert_expire_days() API call to modify the number of days for triggering the above alert that by default is set to 30 days --- wireshark/ndpi.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'wireshark/ndpi.lua') diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 28e4fce8e..d7cebb969 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -79,6 +79,7 @@ flow_risks[37] = ProtoField.bool("ndpi.flow_risk.dns_large_packet", "DNS large p flow_risks[38] = ProtoField.bool("ndpi.flow_risk.dns_fragmented", "DNS fragmented", num_bits_flow_risks, nil, bit(6), "nDPI Flow Risk: DNS message is fragmented") flow_risks[39] = ProtoField.bool("ndpi.flow_risk.invalid_characters", "Invalid characters", num_bits_flow_risks, nil, bit(7), "nDPI Flow Risk: Text contains non-printable characters") flow_risks[40] = ProtoField.bool("ndpi.flow_risk.possible_exploit", "Possible Exploit", num_bits_flow_risks, nil, bit(8), "nDPI Flow Risk: Possible exploit detected") +flow_risks[41] = ProtoField.bool("ndpi.flow_risk.cert_about_to_expire", "TLS cert about to expire", num_bits_flow_risks, nil, bit(9), "nDPI Flow Risk: TLS certificate about to expire") -- Last one: keep in sync the bitmask when adding new risks!! flow_risks[64] = ProtoField.new("Unused", "ndpi.flow_risk.unused", ftypes.UINT32, nil, base.HEX, bit(32) - bit(8)) -- cgit v1.2.3