From 0ede5a73137c51a7a6757e283dedb10cdf9a2be2 Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 26 Oct 2022 10:24:25 -0400 Subject: [PATCH] Remove JA3er references --- salt/sensoroni/files/analyzers/README.md | 30 ++++++++++-------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/salt/sensoroni/files/analyzers/README.md b/salt/sensoroni/files/analyzers/README.md index a86730734..e87a95638 100644 --- a/salt/sensoroni/files/analyzers/README.md +++ b/salt/sensoroni/files/analyzers/README.md @@ -5,20 +5,19 @@ Security Onion provides a means for performing data analysis on varying inputs. ## Supported Observable Types The built-in analyzers support the following observable types: -| Name | Domain | Hash | IP | JA3 | Mail | Other | URI | URL | User Agent | -| ------------------------|--------|-------|-------|-------|-------|-------|-------|-------|------------ -| Alienvault OTX |✓ |✓|✓|✗|✗|✗|✗|✓|✗| -| EmailRep |✗ |✗|✗|✗|✓|✗|✗|✗|✗| -| Greynoise |✗ |✗|✓|✗|✗|✗|✗|✗|✗| -| JA3er |✗ |✗|✗|✓|✗|✗|✗|✗|✗| -| LocalFile |✓ |✓|✓|✓|✗|✓|✗|✓|✗| -| Malware Hash Registry |✗ |✓|✗|✗|✗|✗|✗|✓|✗| -| Pulsedive |✓ |✓|✓|✗|✗|✗|✓|✓|✓| -| Spamhaus |✗ |✗|✓|✗|✗|✗|✗|✗|✗| -| Urlhaus |✗ |✗|✗|✗|✗|✗|✗|✓|✗| -| Urlscan |✗ |✗|✗|✗|✗|✗|✗|✓|✗| -| Virustotal |✓ |✓|✓|✗|✗|✗|✗|✓|✗| -| WhoisLookup |✓ |✗|✗|✗|✗|✗|✓|✗|✗| +| Name | Domain | Hash | IP | Mail | Other | URI | URL | User Agent | +| ------------------------|--------|-------|-------|-------|-------|-------|-------|-------| +| Alienvault OTX |✓ |✓|✓|✗|✗|✗|✓|✗| +| EmailRep |✗ |✗|✗|✓|✗|✗|✗|✗| +| Greynoise |✗ |✗|✓|✗|✗|✗|✗|✗| +| LocalFile |✓ |✓|✓|✗|✓|✗|✓|✗| +| Malware Hash Registry |✗ |✓|✗|✗|✗|✗|✓|✗| +| Pulsedive |✓ |✓|✓|✗|✗|✓|✓|✓| +| Spamhaus |✗ |✗|✓|✗|✗|✗|✗|✗| +| Urlhaus |✗ |✗|✗|✗|✗|✗|✓|✗| +| Urlscan |✗ |✗|✗|✗|✗|✗|✓|✗| +| Virustotal |✓ |✓|✓|✗|✗|✗|✓|✗| +| WhoisLookup |✓ |✗|✗|✗|✗|✓|✗|✗| ## Authentication Many analyzers require authentication, via an API key or similar. The table below illustrates which analyzers require authentication. @@ -28,7 +27,6 @@ Many analyzers require authentication, via an API key or similar. The table belo [AlienVault OTX](https://otx.alienvault.com/api) |✓| [EmailRep](https://emailrep.io/key) |✓| [GreyNoise](https://www.greynoise.io/plans/community) |✓| -[JA3er](https://ja3er.com/) |✗| LocalFile |✗| [Malware Hash Registry](https://hash.cymru.com/docs_whois) |✗| [Pulsedive](https://pulsedive.com/api/) |✓| @@ -265,5 +263,3 @@ The following requirements must be satisfied in order for analyzer pull requests - All source code must include accompanying unit test coverage. The Security Onion project will automatically run the unit tests after each push to a `securityonion` repository fork, and again when submitting a pull request. Failed unit tests, or insufficient unit test coverage, will result in the submitter being sent an automated email message. - Documentation of the analyzer, its input requirements, conditions for operation, and other relevant information must be clearly written in an accompanying analyzer metadata file. This file is described in more detail earlier in this document. - Source code must be well-written and be free of security defects that can put users or their data at unnecessary risk. - -