Project

General

Profile

Actions

Feature #2192

closed

JA3 TLS client fingerprinting

Added by Jeff A over 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

Description

Comment: I'm not sure where the correct place to start is but would
like to request a feature. Bro and Moloch are adopting a JA3 TLS/SSL
client fingerprinting technique. I'd like to know if we can get Suricata
to build the capability also. Will make for a great method to share a
new IOC. It's a bit early but seems to be working well.

Here's the public information from Salesforce's Github repo.

https://github.com/salesforce/ja3/

JA3 - A new way to profile SSL Clients

JA3 is a new technique for creating SSL client fingerprints that are
easy to produce and can be easily shared for threat intelligence.


Related issues 1 (1 open0 closed)

Related to Suricata - Task #2309: SuriCon 2017 brainstormAssignedVictor JulienActions
Actions

Also available in: Atom PDF