From b1535ce9f50205aff24ac707e77a97038b2b7b5d Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Thu, 20 Sep 2018 13:53:24 -0400
Subject: [PATCH] Bro Module - disable some policies and enable JA3

---
 salt/bro/files/local.bro | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/salt/bro/files/local.bro b/salt/bro/files/local.bro
index 08bcc2ef2..74404e704 100644
--- a/salt/bro/files/local.bro
+++ b/salt/bro/files/local.bro
@@ -107,13 +107,13 @@
 ######################################
 
 # Add the interface to the log event
-@load securityonion/add-interface-to-logs.bro
+#@load securityonion/add-interface-to-logs.bro
 
 # Add Sensor Name to the conn.log
-@load securityonion/conn-add-sensorname.bro
+#@load securityonion/conn-add-sensorname.bro
 
 # File Extraction
-@load securityonion/file-extraction
+#@load securityonion/file-extraction
 
 # Intel from Mandiant APT1 Report
 #@load securityonion/apt1
@@ -121,6 +121,9 @@
 # ShellShock - detects successful exploitation of Bash vulnerability CVE-2014-6271
 #@load securityonion/shellshock
 
+# JA3 - SSL Detection Goodness
+@load policy/ja3
+
 #############################
 ##  End SO Scripts Section  ##
 #############################