Bug 12507 - Suricata: Enable JA3 support
Summary: Suricata: Enable JA3 support
Status: MODIFIED
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: all All
: Will affect most users Minor Usability
Assignee: Stefan Schantl
QA Contact: Peter Müller
URL:
Keywords: 5MinuteJob, Security
Depends on:
Blocks: SURICATA2.0
  Show dependency treegraph
 
Reported: 2020-10-21 11:18 UTC by Peter Müller
Modified: 2020-11-19 11:53 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Müller 2020-10-21 11:18:07 UTC
I have stumbled across this a while ago and it slipped my mind.

Since some people in our community noticed missing JA3 support as well - which is required for some rather new rulesets, particularly those provided by abuse.ch - I create this ticket as a reminder for myself.

See also: https://community.ipfire.org/t/suricata-service-fails-errcode-sc-warn-ja3-disabled-309/3470
Comment 1 Stefan Schantl 2020-10-27 09:50:16 UTC
Patch has been sent to the development mailing list:

https://patchwork.ipfire.org/patch/3612/
Comment 2 Peter Müller 2020-10-27 14:36:02 UTC
@Stefan: Thanks for taking care of this. :-)
Comment 4 Michael Tremer 2020-11-19 11:53:39 UTC
Does not work, see bug 12536.