aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

userguide: add documentation for ja3s.hash keyword

Browse Source
pull/3874/head
Mats Klepsland 7 years ago
parent 80cee50916
commit 76b94c7073
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File

15
doc/userguide/rules/ja3-keywords.rst
Unescape Escape View File

@ -42,3 +42,18 @@ Example::
``ja3.string`` replaces the previous keyword name: ``ja3_string``. You may continue ``ja3.string`` replaces the previous keyword name: ``ja3_string``. You may continue
to use the previous name, but it's recommended that rules be converted to use to use the previous name, but it's recommended that rules be converted to use
the new name. the new name.
ja3s.hash
---------
Match on JA3S hash (md5).
Example::
alert tls any any -> any any (msg:"match JA3S hash"; \
ja3s.hash; content:"b26c652e0a402a24b5ca2a660e84f9d5"; \
sid:100003;)
``ja3s.hash`` is a 'sticky buffer'.
``ja3s.hash`` can be used as ``fast_pattern``.

Write Preview
Loading…
Cancel
Save