Project

General

Profile

Actions
Copy link

Bug #3215

closed

Disable ja3_hash rules if Suricata does not have ja3 support, or ja3 support is disabled.

Added by Jason Ish about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
1.1.0
Affected Versions:
1.1.0rc1
Effort:
Difficulty:
Label:

Description

When loading rules, check if the associated Suricata application has the ability to use ja3 (check for HAVE_NSS), and then check if ja3 is enabled.

If it is determined that the Suricata instance does not have ja3 enabled, emit a warning and automatically disable ja3 rules.

Actions
Copy link

Also available in: Atom PDF