CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 01:02:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9002 from Security-Onion-Solutions/fix/remove_ja3er_references

Browse Source 
Remove JA3er references
This commit is contained in:
weslambert
2022-10-26 10:21:54 -04:00
committed by GitHub
parent 0d71006f40 a170c194c8
commit 8e4d0db738
1 changed files with 13 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
salt/sensoroni/files/analyzers/README.md
View File

@@ -5,20 +5,19 @@ Security Onion provides a means for performing data analysis on varying inputs.
## Supported Observable Types
The built-in analyzers support the following observable types:
| Name | Domain | Hash | IP | JA3 | Mail | Other | URI | URL | User Agent |
| ------------------------|--------|-------|-------|-------|-------|-------|-------|-------|------------
| Alienvault OTX |✓ |✓|✓|✗|✗|✗|✗|✓|✗|
| EmailRep |✗ |✗|✗|✗|✓|✗|✗|✗|✗|
| Greynoise |✗ |✗|✓|✗|✗|✗|✗|✗|✗|
| JA3er |✗ |✗|✗|✓|✗|✗|✗|✗|✗|
| LocalFile |✓ |✓|✓|✓|✗|✓|✗|✓|✗|
| Malware Hash Registry |✗ |✓|✗|✗|✗|✗|✗|✓|✗|
| Pulsedive |✓ |✓|✓|✗|✗|✗|✓|✓|✓|
| Spamhaus |✗ |✗|✓|✗|✗|✗|✗|✗|✗|
| Urlhaus |✗ |✗|✗|✗|✗|✗|✗|✓|✗|
| Urlscan |✗ |✗|✗|✗|✗|✗|✗|✓|✗|
| Virustotal |✓ |✓|✓|✗|✗|✗|✗|✓|✗|
| WhoisLookup |✓ |✗|✗|✗|✗|✗|✓|✗|✗|
| Name | Domain | Hash | IP | Mail | Other | URI | URL | User Agent |
| ------------------------|--------|-------|-------|-------|-------|-------|-------|-------|
| Alienvault OTX |✓ |✓|✓|✗|✗|✗|✓|✗|
| EmailRep |✗ |✗|✗|✓|✗|✗|✗|✗|
| Greynoise |✗ |✗|✓|✗|✗|✗|✗|✗|
| LocalFile |✓ |✓|✓|✗|✓|✗|✓|✗|
| Malware Hash Registry |✗ |✓|✗|✗|✗|✗|✓|✗|
| Pulsedive |✓ |✓|✓|✗|✗|✓|✓|✓|
| Spamhaus |✗ |✗|✓|✗|✗|✗|✗|✗|
| Urlhaus |✗ |✗|✗|✗|✗|✗|✓|✗|
| Urlscan |✗ |✗|✗|✗|✗|✗|✓|✗|
| Virustotal |✓ |✓|✓|✗|✗|✗|✓|✗|
| WhoisLookup |✓ |✗|✗|✗|✗|✓|✗|✗|
## Authentication
Many analyzers require authentication, via an API key or similar. The table below illustrates which analyzers require authentication.
@@ -28,7 +27,6 @@ Many analyzers require authentication, via an API key or similar. The table belo
[AlienVault OTX](https://otx.alienvault.com/api) |✓|
[EmailRep](https://emailrep.io/key) |✓|
[GreyNoise](https://www.greynoise.io/plans/community) |✓|
[JA3er](https://ja3er.com/) |✗|
LocalFile |✗|
[Malware Hash Registry](https://hash.cymru.com/docs_whois) |✗|
[Pulsedive](https://pulsedive.com/api/) |✓|