2017-09-24 20:10:59 +02:00
{
"attributes" : {
"description" : {
"description" : "Type of detected software ie software, malware" ,
"misp-attribute" : "text" ,
2018-08-28 14:30:29 +02:00
"ui-priority" : 1
2017-09-24 20:10:59 +02:00
} ,
2020-04-26 02:10:02 +02:00
"first-seen" : {
"description" : "First seen of the SSL/TLS handshake" ,
"disable_correlation" : true ,
"misp-attribute" : "datetime" ,
"ui-priority" : 0
2017-09-24 20:10:59 +02:00
} ,
"ip-dst" : {
"description" : "Destination IP address" ,
"misp-attribute" : "ip-dst" ,
"ui-priority" : 1
} ,
2020-04-26 02:10:02 +02:00
"ip-src" : {
"description" : "Source IP Address" ,
"misp-attribute" : "ip-src" ,
"ui-priority" : 1
} ,
"ja3-fingerprint-md5" : {
"description" : "Hash identifying source" ,
"misp-attribute" : "ja3-fingerprint-md5" ,
"ui-priority" : 1
2017-09-24 20:10:59 +02:00
} ,
"last-seen" : {
"description" : "Last seen of the SSL/TLS handshake" ,
2020-04-26 02:10:02 +02:00
"disable_correlation" : true ,
"misp-attribute" : "datetime" ,
2017-09-24 20:10:59 +02:00
"ui-priority" : 0
}
} ,
2020-04-26 02:10:02 +02:00
"description" : "JA3 is a new technique for creating SSL client fingerprints that are easy to produce and can be easily shared for threat intelligence. Fingerprints are composed of Client Hello packet; SSL Version, Accepted Ciphers, List of Extensions, Elliptic Curves, and Elliptic Curve Formats. https://github.com/salesforce/ja3" ,
"meta-category" : "network" ,
"name" : "ja3" ,
2017-09-24 20:10:59 +02:00
"required" : [
"ja3-fingerprint-md5"
2020-04-26 02:10:02 +02:00
] ,
"uuid" : "09b45449-5d6e-492c-a68a-cb2e188cbfac" ,
"version" : 4
}