Ja4+ and Zeek Parsing #13880
Ja4+ and Zeek Parsing
#13880
Replies: 2 comments
-
|
After reviewing the zeek.ssl pipeline configuration I was able to figure out how to parse ja4 and ja4s from the message field. I'm using zeek ja4 configurations from this github link below if anyone else is interested. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Noticed there wasn't an issue to keep this from being lost. Created #14465 to investigate including this into a future release. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello everyone!
I'm looking to incorporate ja4+ fingerprinting and need a little advice on how to parse those specific fields. What would be the best way to extract ja4 fields from message much like how ja3 is being parsed as hash.ja3? Thanks in advance!
Beta Was this translation helpful? Give feedback.
All reactions