CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9002 from Security-Onion-Solutions/fix/remove_ja3er_references

Browse Source 
Remove JA3er references
This commit is contained in:
weslambert
2022-10-26 10:21:54 -04:00
committed by GitHub
parent 0d71006f40 a170c194c8
commit 8e4d0db738
1 changed files with 13 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
salt/sensoroni/files/analyzers/README.md
View File

@@ -5,20 +5,19 @@ Security Onion provides a means for performing data analysis on varying inputs.
## Supported Observable Types ## Supported Observable Types
The built-in analyzers support the following observable types: The built-in analyzers support the following observable types:
| Name | Domain | Hash | IP | JA3 | Mail | Other | URI | URL | User Agent | | Name | Domain | Hash | IP | Mail | Other | URI | URL | User Agent |
| ------------------------|--------|-------|-------|-------|-------|-------|-------|-------|------------ | ------------------------|--------|-------|-------|-------|-------|-------|-------|-------|
| Alienvault OTX |✓ |✓|✓|✗|✗|✗|✗|✓|✗| | Alienvault OTX |✓ |✓|✓|✗|✗|✗|✓|✗|
| EmailRep |✗ |✗|✗|✗|✓|✗|✗|✗|✗| | EmailRep |✗ |✗|✗|✓|✗|✗|✗|✗|
| Greynoise |✗ |✗|✓|✗|✗|✗|✗|✗|✗| | Greynoise |✗ |✗|✓|✗|✗|✗|✗|✗|
| JA3er |✗ |✗|✗|✓|✗|✗|✗|✗|✗| | LocalFile |✓ |✓|✓|✗|✓|✗|✓|✗|
| LocalFile |✓ |✓|✓|✓|✗|✓|✗|✓|✗| | Malware Hash Registry |✗ |✓|✗|✗|✗|✗|✓|✗|
| Malware Hash Registry |✗ |✓|✗|✗|✗|✗|✗|✓|✗| | Pulsedive |✓ |✓|✓|✗|✗|✓|✓|✓|
| Pulsedive |✓ |✓|✓|✗|✗|✗|✓|✓|✓| | Spamhaus |✗ |✗|✓|✗|✗|✗|✗|✗|
| Spamhaus |✗ |✗|✓|✗|✗|✗|✗|✗|✗| | Urlhaus |✗ |✗|✗|✗|✗|✗|✓|✗|
| Urlhaus |✗ |✗|✗|✗|✗|✗|✗|✓|✗| | Urlscan |✗ |✗|✗|✗|✗|✗|✓|✗|
| Urlscan |✗ |✗|✗|✗|✗|✗|✗|✓|✗| | Virustotal |✓ |✓|✓|✗|✗|✗|✓|✗|
| Virustotal |✓ |✓|✓|✗|✗|✗|✗|✓|✗| | WhoisLookup |✓ |✗|✗|✗|✗|✓|✗|✗|
| WhoisLookup |✓ |✗|✗|✗|✗|✗|✓|✗|✗|
## Authentication ## Authentication
Many analyzers require authentication, via an API key or similar. The table below illustrates which analyzers require authentication. Many analyzers require authentication, via an API key or similar. The table below illustrates which analyzers require authentication.
@@ -28,7 +27,6 @@ Many analyzers require authentication, via an API key or similar. The table belo
[AlienVault OTX](https://otx.alienvault.com/api) |✓| [AlienVault OTX](https://otx.alienvault.com/api) |✓|
[EmailRep](https://emailrep.io/key) |✓| [EmailRep](https://emailrep.io/key) |✓|
[GreyNoise](https://www.greynoise.io/plans/community) |✓| [GreyNoise](https://www.greynoise.io/plans/community) |✓|
[JA3er](https://ja3er.com/) |✗|
LocalFile |✗| LocalFile |✗|
[Malware Hash Registry](https://hash.cymru.com/docs_whois) |✗| [Malware Hash Registry](https://hash.cymru.com/docs_whois) |✗|
[Pulsedive](https://pulsedive.com/api/) |✓| [Pulsedive](https://pulsedive.com/api/) |✓|