Merge pull request #6747 from legoguy1000/ja3_zeek_intel_rules

Create JA3 Hash Zeek Intel Rules
2020-12-25 23:28:43 +01:00 · 2020-12-25 23:28:43 +01:00 · 71dddf0485
parent b48d9f93fc 0c4f196289
commit 71dddf0485
1 changed files with 4 additions and 0 deletions
--- a/app/Lib/Export/BroExport.php
+++ b/app/Lib/Export/BroExport.php
@ -27,6 +27,7 @@ class BroExport
        'domain|ip' => array('brotype' => 'DOMAIN', 'composite' => 'ADDR'),
        'url' => array('brotype' => 'URL', 'replace' => array('#^https?://#', '')),
        'user-agent' => array('brotype' => 'SOFTWARE'),
+        'ja3-fingerprint-md5' => array('brotype' => 'JA3'),
        'md5' => array('brotype' => 'FILE_HASH'),
        'malware-sample' => array('brotype' => 'FILE_NAME', 'composite' => 'FILE_HASH'),
        'filename|md5' => array('brotype' => 'FILE_NAME', 'composite' => 'FILE_HASH'),
@ -79,6 +80,9 @@ class BroExport
            array('domain', 1),
            array('domain|ip', 1)
        ),
+        'ja3-fingerprint-md5' => array(
+            array('ja3-fingerprint-md5', 1)
+        ),
        'email' => array(
            array('email', 1),
            array('email-src', 1),