Re: [PATCH] suricata: Automatically enable JA3 fingerprinting.

27 Oct 2020

Good morning Stefan,
Thanks for submitting this patch.
Is this tested and peer-reviewed and should this be merged into c152 with suricata 5.0.4, or is this to be merged with suricata 6?
Best,
-Michael
...
On 27 Oct 2020, at 09:49, Stefan Schantl stefan.schantl@ipfire.org wrote:
Enable JA3 fingerprinting if any rules are enabled which are using this
kind of feature.
Fixes #12507.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
config/suricata/suricata.yaml | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 743a4716c..4e9e39967 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -387,9 +387,7 @@ app-layer:
  # Generate JA3 fingerprint from client hello. If not specified it
  # will be disabled by default, but enabled if rules require it.


 #ja3-fingerprints: auto


 # Generate JA3 fingerprint from client hello


 ja3-fingerprints: no




 ja3-fingerprints: auto

# Completely stop processing TLS/SSL session after the handshake
# completed. If bypass is enabled this will also trigger flow



-- 
2.20.1

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [PATCH] suricata: Automatically enable JA3 fingerprinting.

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org