Project

General

Profile

Actions

Bug #2191

closed

JA3 TLS client fingerprinting

Added by Jeff A over 7 years ago. Updated over 7 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

Comment: I'm not sure where the correct place to start is but would
like to request a feature. Bro and Moloch are adopting a JA3 TLS/SSL
client fingerprinting technique. I'd like to know if we can get Suricata
to build the capability also. Will make for a great method to share a
new IOC. It's a bit early but seems to be working well.

Here's the public information from Salesforce's Github repo.

https://github.com/salesforce/ja3/

JA3 - A new way to profile SSL Clients

JA3 is a new technique for creating SSL client fingerprints that are
easy to produce and can be easily shared for threat intelligence.

Actions

Also available in: Atom PDF