[Bro] Mapping TLS scanners JA3 => User-Agent
Neslog
neslog at gmail.com
Tue Dec 4 08:41:44 PST 2018
Morning everyone!
I've been working with a colleague mapping scanning activity. We are able
to capture JA3 fingerprint and match it up with the cleartext User-Agent
strings.
I'm considering throwing together a database with this information and
wanted to get insight from others to see if it's worth it. User-Agent
strings can obviously change so the mapping may be a bit weak.
Please let me know what the list thinks. Worth it or not?
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181204/3411d33b/attachment.html
More information about the Bro
mailing list