Any Plans to Support JARM fingerprints with Suricata

tito · January 13, 2021, 3:17am

Hi Suricata Team,

Any plans to add JARM to be supported by suricata like Ja3 and Ja3s fingerprints.

Regards,
Tito

syoc · January 13, 2021, 9:13am

My understanding of JARM is that it requires active scanning (sending of TLS client hello packages) to generate the hash. That means it cannot be generated from an IDS/IPS that is just listening in on the connection.

https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a

Topic		Replies	Views
Suricata as a NSM Help	12	1073	July 21, 2023
Hands-On Session: Match on millions of IoCs in Suricata (Thanks to Datasets)! Announcements	1	1050	April 14, 2022
Criticism on the site Site Feedback	4	324	October 27, 2023
Impulse XDR: the easiest way to use Suricata Community Announcements ips , community , suricata	11	145	April 3, 2024
TLS mirroring for Suricata Community Announcements	0	358	April 14, 2021

Any Plans to Support JARM fingerprints with Suricata

Related Topics