CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9003 from Security-Onion-Solutions/fix/remove_ja3er_references

Browse Source 
Remove JA3er references
This commit is contained in:
weslambert
2022-10-26 10:37:45 -04:00
committed by GitHub
parent 409b8c276e 0ede5a7313
commit 8b0ea7104f
1 changed files with 13 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
salt/sensoroni/files/analyzers/README.md
View File

@@ -5,20 +5,19 @@ Security Onion provides a means for performing data analysis on varying inputs.
## Supported Observable Types ## Supported Observable Types
The built-in analyzers support the following observable types: The built-in analyzers support the following observable types:
| Name | Domain | Hash | IP | JA3 | Mail | Other | URI | URL | User Agent | | Name | Domain | Hash | IP | Mail | Other | URI | URL | User Agent |
| ------------------------|--------|-------|-------|-------|-------|-------|-------|-------|------------ | ------------------------|--------|-------|-------|-------|-------|-------|-------|-------|
| Alienvault OTX |✓ |✓|✓|✗|✗|✗|✗|✓|✗| | Alienvault OTX |✓ |✓|✓|✗|✗|✗|✓|✗|
| EmailRep |✗ |✗|✗|✗|✓|✗|✗|✗|✗| | EmailRep |✗ |✗|✗|✓|✗|✗|✗|✗|
| Greynoise |✗ |✗|✓|✗|✗|✗|✗|✗|✗| | Greynoise |✗ |✗|✓|✗|✗|✗|✗|✗|
| JA3er |✗ |✗|✗|✓|✗|✗|✗|✗|✗| | LocalFile |✓ |✓|✓|✗|✓|✗|✓|✗|
| LocalFile |✓ |✓|✓|✓|✗|✓|✗|✓|✗| | Malware Hash Registry |✗ |✓|✗|✗|✗|✗|✓|✗|
| Malware Hash Registry |✗ |✓|✗|✗|✗|✗|✗|✓|✗| | Pulsedive |✓ |✓|✓|✗|✗|✓|✓|✓|
| Pulsedive |✓ |✓|✓|✗|✗|✗|✓|✓|✓| | Spamhaus |✗ |✗|✓|✗|✗|✗|✗|✗|
| Spamhaus |✗ |✗|✓|✗|✗|✗|✗|✗|✗| | Urlhaus |✗ |✗|✗|✗|✗|✗|✓|✗|
| Urlhaus |✗ |✗|✗|✗|✗|✗|✗|✓|✗| | Urlscan |✗ |✗|✗|✗|✗|✗|✓|✗|
| Urlscan |✗ |✗|✗|✗|✗|✗|✗|✓|✗| | Virustotal |✓ |✓|✓|✗|✗|✗|✓|✗|
| Virustotal |✓ |✓|✓|✗|✗|✗|✗|✓|✗| | WhoisLookup |✓ |✗|✗|✗|✗|✓|✗|✗|
| WhoisLookup |✓ |✗|✗|✗|✗|✗|✓|✗|✗|
## Authentication ## Authentication
Many analyzers require authentication, via an API key or similar. The table below illustrates which analyzers require authentication. Many analyzers require authentication, via an API key or similar. The table below illustrates which analyzers require authentication.
@@ -28,7 +27,6 @@ Many analyzers require authentication, via an API key or similar. The table belo
[AlienVault OTX](https://otx.alienvault.com/api) |✓| [AlienVault OTX](https://otx.alienvault.com/api) |✓|
[EmailRep](https://emailrep.io/key) |✓| [EmailRep](https://emailrep.io/key) |✓|
[GreyNoise](https://www.greynoise.io/plans/community) |✓| [GreyNoise](https://www.greynoise.io/plans/community) |✓|
[JA3er](https://ja3er.com/) |✗|
LocalFile |✗| LocalFile |✗|
[Malware Hash Registry](https://hash.cymru.com/docs_whois) |✗| [Malware Hash Registry](https://hash.cymru.com/docs_whois) |✗|
[Pulsedive](https://pulsedive.com/api/) |✓| [Pulsedive](https://pulsedive.com/api/) |✓|
@@ -265,5 +263,3 @@ The following requirements must be satisfied in order for analyzer pull requests
- All source code must include accompanying unit test coverage. The Security Onion project will automatically run the unit tests after each push to a `securityonion` repository fork, and again when submitting a pull request. Failed unit tests, or insufficient unit test coverage, will result in the submitter being sent an automated email message. - All source code must include accompanying unit test coverage. The Security Onion project will automatically run the unit tests after each push to a `securityonion` repository fork, and again when submitting a pull request. Failed unit tests, or insufficient unit test coverage, will result in the submitter being sent an automated email message.
- Documentation of the analyzer, its input requirements, conditions for operation, and other relevant information must be clearly written in an accompanying analyzer metadata file. This file is described in more detail earlier in this document. - Documentation of the analyzer, its input requirements, conditions for operation, and other relevant information must be clearly written in an accompanying analyzer metadata file. This file is described in more detail earlier in this document.
- Source code must be well-written and be free of security defects that can put users or their data at unnecessary risk. - Source code must be well-written and be free of security defects that can put users or their data at unnecessary risk.