JA3 Zeek Intel Rules

2020-12-11 19:27:27 -06:00 · 2020-12-11 19:27:27 -06:00 · 0c4f196289
parent d25025d664
commit 0c4f196289
1 changed files with 4 additions and 0 deletions
--- a/app/Lib/Export/BroExport.php
+++ b/app/Lib/Export/BroExport.php
@ -27,6 +27,7 @@ class BroExport
        'domain|ip' => array('brotype' => 'DOMAIN', 'composite' => 'ADDR'),
        'url' => array('brotype' => 'URL', 'replace' => array('#^https?://#', '')),
        'user-agent' => array('brotype' => 'SOFTWARE'),
+        'ja3-fingerprint-md5' => array('brotype' => 'JA3'),
        'md5' => array('brotype' => 'FILE_HASH'),
        'malware-sample' => array('brotype' => 'FILE_NAME', 'composite' => 'FILE_HASH'),
        'filename|md5' => array('brotype' => 'FILE_NAME', 'composite' => 'FILE_HASH'),
@ -79,6 +80,9 @@ class BroExport
            array('domain', 1),
            array('domain|ip', 1)
        ),
+        'ja3-fingerprint-md5' => array(
+            array('ja3-fingerprint-md5', 1)
+        ),
        'email' => array(
            array('email', 1),
            array('email-src', 1),