Chris McNab
Chris McNab
I'd like to save `JA3` signatures when NFR encounters TLS sessions on TCP port 443. [Here's a simple way](https://twitter.com/Andrew___Morris/status/956989815890890753) that we can load `tcpdump` output into `ja3.py` and get the...
This is important as it ties in with our strategy to pick up DHCP events and provide better alerting (in particular host MAC addresses, hostnames, and user details for sources,...
As per email let's get this together and submitting JA3 hashes from `tls.json` and HTTP requests from `http.json` material. NFR currently only supports DNS scoring for Suricata and we need...
@tg easy to do? It would likely help with being able to run NFR as a service quickly..
[Please let's take a look at this](https://www.knowbe4.com/ransomware-simulator) and see what we can do to generate ransomware patterns.