Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for SSL JA3 signatures + feed #1068

Merged
merged 7 commits into from
Apr 30, 2024
Merged

Add support for SSL JA3 signatures + feed #1068

merged 7 commits into from
Apr 30, 2024

Conversation

sebdraven
Copy link
Collaborator

fixes #1064

tomchop
tomchop requested changes Apr 30, 2024
View reviewed changes
Copy link
Collaborator

@tomchop tomchop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some small nits, otherwise this looks good! Thanks

core/schemas/observable.py Show resolved Hide resolved
plugins/feeds/public/sslblacklist_ja3.py Outdated Show resolved Hide resolved
plugins/feeds/public/sslblacklist_ja3.py Outdated Show resolved Hide resolved
plugins/feeds/public/sslblacklist_ja3.py Outdated Show resolved Hide resolved
plugins/feeds/public/sslblacklist_ja3.py
Comment on lines +53 to +54
if threat:
ja3_obs.tag([threat])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that one of the lines has something like

7a29c223fb122ec64d10f0a159e07996,2019-06-09 22:55:29,2020-10-27 09:50:26,None

Will threat here be None in this case? or the STRING None? If it's the latter, then this will tag the observable with None which is not desireable.

Copy link
Collaborator Author

@sebdraven sebdraven Apr 30, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pandas changes None to None python , I've done the test :)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image

sebdraven and others added 3 commits April 30, 2024 19:16
@sebdraven @tomchop
Update plugins/feeds/public/sslblacklist_ja3.py
f9ee10a 
Co-authored-by: Thomas Chopitea <tomchop@gmail.com>
@sebdraven @tomchop
Update plugins/feeds/public/sslblacklist_ja3.py
de219f4 
Co-authored-by: Thomas Chopitea <tomchop@gmail.com>
@sebdraven
fixes issues
b0b44e8
@sebdraven sebdraven requested a review from tomchop April 30, 2024 17:36
@tomchop tomchop merged commit 48d6f1f into main Apr 30, 2024
3 checks passed
@tomchop tomchop deleted the ssl_ja3_c2 branch April 30, 2024 17:53
@tomchop tomchop changed the title Ssl ja3 c2 Add usupport for SSL JA3 signatures + feed Apr 30, 2024
@tomchop tomchop changed the title Add usupport for SSL JA3 signatures + feed Add support for SSL JA3 signatures + feed Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomchop tomchop tomchop approved these changes

@udgover udgover Awaiting requested review from udgover

Assignees
No one assigned
Labels
enhancement tasks:feed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ingest SSL abusech feed
2 participants
@sebdraven @tomchop