tomchop
commented
4 years ago Yes, definitely! It would be nice to add it as an observable type. Where would you say we would get the "source data" from?
Closed dumprop closed 10 months ago
tomchop
commented
4 years ago Yes, definitely! It would be nice to add it as an observable type. Where would you say we would get the "source data" from?
dumprop
commented
4 years ago Abuse have a ja3 feed: https://sslbl.abuse.ch/blacklist/ja3_fingerprints.csv
JA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence
More info: https://github.com/salesforce/ja3
Can it be helpful for yeti?