Feature #2754
closed
- Related to Task #2685: SuriCon 2018 brainstorm added
- Blocked by Feature #2318: matching on large amounts of data with dynamic updates added
- Tracker changed from Bug to Feature
- Target version changed from TBD to 5.0rc1
TLS JA3/JA3S:
Blacklist:
alert tls any any -> any any (ja3.hash; dataset:isset,bad_ja3_hash, load bad_ja3_hash.rep, type string; sid:3;)
Reputation:
alert tls any any -> any any (ja3s.hash; datarep:ja3s_rep, >, 200, load ja3s_rep.rep, type string; sid:4;)
alert tls any any -> any any (ja3s.string; datarep:ja3s_str_rep, >, 200, load ja3s_str_rep.rep, type md5; sid:5;)
https://github.com/OISF/suricata/pull/4166
https://suricata.readthedocs.io/en/latest/rules/datasets.html
- Status changed from Assigned to Closed
Also available in: Atom
PDF