CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 05:57:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15648 from Security-Onion-Solutions/quickfixes

Browse Source 
Hyperlink to JA4+ license
This commit is contained in:
Mike Reeves
2026-03-19 12:50:52 -04:00
committed by GitHub
parent 020b9db610 d3938b61d2
commit 7aded184b3
4 changed files with 17 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/zeek/config.sls
+1 -1
View File
@@ -167,7 +167,7 @@ zeekja4cfg:
- group: 939 - group: 939
- template: jinja - template: jinja
- defaults: - defaults:
JA4PLUS_ENABLED: {{ ZEEKMERGED.ja4plus_enabled }} JA4PLUS: {{ ZEEKMERGED.ja4plus.enabled }}
# BPF compilation failed # BPF compilation failed
{% if ZEEKBPF and not ZEEK_BPF_STATUS %} {% if ZEEKBPF and not ZEEK_BPF_STATUS %}
salt/zeek/defaults.yaml
+2 -1
View File
@@ -1,6 +1,7 @@
zeek: zeek:
enabled: False enabled: False
ja4plus_enabled: False ja4plus:
enabled: False
config: config:
node: node:
lb_procs: 0 lb_procs: 0
salt/zeek/files/config.zeek.ja4
+8 -8
View File
@@ -8,20 +8,20 @@ export {
option JA4_raw: bool = F; option JA4_raw: bool = F;
# FoxIO license required for JA4+ # FoxIO license required for JA4+
option JA4S_enabled: bool = {{ 'T' if JA4PLUS_ENABLED else 'F' }}; option JA4S_enabled: bool = {{ 'T' if JA4PLUS else 'F' }};
option JA4S_raw: bool = F; option JA4S_raw: bool = F;
option JA4D_enabled: bool = {{ 'T' if JA4PLUS_ENABLED else 'F' }}; option JA4D_enabled: bool = {{ 'T' if JA4PLUS else 'F' }};
option JA4H_enabled: bool = {{ 'T' if JA4PLUS_ENABLED else 'F' }}; option JA4H_enabled: bool = {{ 'T' if JA4PLUS else 'F' }};
option JA4H_raw: bool = F; option JA4H_raw: bool = F;
option JA4L_enabled: bool = {{ 'T' if JA4PLUS_ENABLED else 'F' }}; option JA4L_enabled: bool = {{ 'T' if JA4PLUS else 'F' }};
option JA4SSH_enabled: bool = {{ 'T' if JA4PLUS_ENABLED else 'F' }}; option JA4SSH_enabled: bool = {{ 'T' if JA4PLUS else 'F' }};
option JA4T_enabled: bool = {{ 'T' if JA4PLUS_ENABLED else 'F' }}; option JA4T_enabled: bool = {{ 'T' if JA4PLUS else 'F' }};
option JA4TS_enabled: bool = {{ 'T' if JA4PLUS_ENABLED else 'F' }}; option JA4TS_enabled: bool = {{ 'T' if JA4PLUS else 'F' }};
option JA4X_enabled: bool = {{ 'T' if JA4PLUS_ENABLED else 'F' }}; option JA4X_enabled: bool = {{ 'T' if JA4PLUS else 'F' }};
} }
salt/zeek/soc_zeek.yaml
+6 -4
View File
@@ -2,10 +2,12 @@ zeek:
enabled: enabled:
description: Controls whether the Zeek (network packet inspection) process runs. Disabling this process could result in loss of network protocol metadata. If Suricata was selected as the protocol metadata engine during setup then this will already be disabled. description: Controls whether the Zeek (network packet inspection) process runs. Disabling this process could result in loss of network protocol metadata. If Suricata was selected as the protocol metadata engine during setup then this will already be disabled.
helpLink: zeek helpLink: zeek
ja4plus_enabled: ja4plus:
description: "Enables JA4+ fingerprinting (JA4S, JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X). By enabling this, you agree to the terms of the JA4+ license (https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE-JA4)." enabled:
forcedType: bool description: "Enables JA4+ fingerprinting (JA4S, JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X). By enabling this, you agree to the terms of the JA4+ license [https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE-JA4](https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE-JA4)."
helpLink: zeek forcedType: bool
helpLink: zeek
advanced: False
config: config:
local: local:
load: load: