diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-02-10 09:16:13 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-10 09:16:13 +0100 |
| commit | 31f0608b9aef16b8036c0509b63a3fe5efd6d17c (patch) | |
| tree | 0df1e987eafa80cdabf7f093d22db1ed7ac26d57 /doc | |
| parent | 03ecb026ff4d0e545cf21d463807b40265441bb3 (diff) | |
TLS: add configuration of JA* fingerprints (#2313)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/configuration_parameters.md | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/configuration_parameters.md b/doc/configuration_parameters.md index 5b7ca257e..5870e1956 100644 --- a/doc/configuration_parameters.md +++ b/doc/configuration_parameters.md @@ -24,6 +24,9 @@ TODO | "tls" | "certificate_expiration_threshold" | 30 | 0 | 365 | The threshold (in days) used to trigger the `NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE` flow risk | | "tls" | "application_blocks_tracking" | disable | NULL | NULL | Enable/disable processing of TLS Application Blocks (post handshake) to extract statistical information about the flow | | "tls" | "metadata.sha1_fingerprint" | enable | NULL | NULL | Enable/disable computation and export of SHA1 fingerprint for TLS flows. Note that if it is disable, the flow risk `NDPI_MALICIOUS_SHA1_CERTIFICATE` is not checked | +| "tls" | "metadata.ja3c_fingerprint" | enable | NULL | NULL | Enable/disable computation and export of JA3C fingerprint for TLS flows. Note that if it is disable, the flow risk `NDPI_MALICIOUS_JA3` is not checked | +| "tls" | "metadata.ja3s_fingerprint" | enable | NULL | NULL | Enable/disable computation and export of JA3S fingerprint for TLS flows | +| "tls" | "metadata.ja4c_fingerprint" | enable | NULL | NULL | Enable/disable computation and export of JA4C fingerprint for TLS flows | | "smtp" | "tls_dissection" | enable | NULL | NULL | Enable/disable dissection of TLS packets in cleartext SMTP flows (because of opportunistic TLS, via STARTTLS msg) | | "imap" | "tls_dissection" | enable | NULL | NULL | Enable/disable dissection of TLS packets in cleartext IMAP flows (because of opportunistic TLS, via STARTTLS msg) | | "pop" | "tls_dissection" | enable | NULL | NULL | Enable/disable dissection of TLS packets in cleartext POP flows (because of opportunistic TLS, via STARTTLS msg) | |