suricata: Automatically enable JA3 fingerprinting.

author Stefan Schantl <stefan.schantl@ipfire.org>

Tue, 27 Oct 2020 09:49:31 +0000 (10:49 +0100)

committer Michael Tremer <michael.tremer@ipfire.org>

Tue, 27 Oct 2020 11:51:00 +0000 (11:51 +0000)
author Stefan Schantl <stefan.schantl@ipfire.org>
Tue, 27 Oct 2020 09:49:31 +0000 (10:49 +0100)
committer Michael Tremer <michael.tremer@ipfire.org>
Tue, 27 Oct 2020 11:51:00 +0000 (11:51 +0000)
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml

index 743a4716cd89bada64f645e9c36a49944aafdb88..4e9e399675551c8a5bfd81568da622b2f3767576 100644 (file)
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -387,9 +387,7 @@ app-layer:
  
        # Generate JA3 fingerprint from client hello. If not specified it
        # will be disabled by default, but enabled if rules require it.
-      #ja3-fingerprints: auto
-      # Generate JA3 fingerprint from client hello
-      ja3-fingerprints: no
+      ja3-fingerprints: auto
  
        # Completely stop processing TLS/SSL session after the handshake
        # completed. If bypass is enabled this will also trigger flow
author	Stefan Schantl <stefan.schantl@ipfire.org>
	Tue, 27 Oct 2020 09:49:31 +0000 (10:49 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 27 Oct 2020 11:51:00 +0000 (11:51 +0000)