provide configuration option in local.zeek to set number of packets for ja4ssh.log

idaholab / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

https://idaholab.github.io/Malcolm/

Other

327 stars 53 forks source link

provide configuration option in local.zeek to set number of packets for ja4ssh.log #508

Open mmguero opened 6 days ago

mmguero commented 6 days ago

See JA4SSH: SSH Traffic Fingerprinting. We should allow the packet count to be configurable.