Support #2905: empty JA3 field - Suricata - Open Information Security Foundation

Actions

Copy link

Support #2905

closed

empty JA3 field

Added by Darren pierre over 5 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Affected Versions:

4.1.2

Label:

Description

So I've been using Suricata version 4.1.2 and setup my suricata.yaml file so that it will log tls connections.When I tried test it using pcaps that I know have tls connections most of the time it doesn't log any sort of tls connection and when it does the ja3 is empty .I was wondering if there's some kind of bug ?

Files

Download all files

Capture.PNG (10.7 KB) Capture.PNG	tls config	Darren pierre, 03/25/2019 07:35 PM
Capturme.PNG (617 Bytes) Capturme.PNG	ja3 empty	Darren pierre, 03/25/2019 07:38 PM

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Support #2905

empty JA3 field

Updated by Darren pierre over 5 years ago

Updated by Peter Manev over 5 years ago