Similar to #71.
Reading the documentation, Bro doesn't have JA3 values in their ssl.log officially. I need to ask Corelight about this and get the data format and details so we can implement this. I primarily want to pick up JA3 (client) and JA3S (server) fingerprints for now. We can extend support later to other fields and look at the certificate chain, etc.
Similar to #71.
Reading the documentation, Bro doesn't have JA3 values in their
ssl.logofficially. I need to ask Corelight about this and get the data format and details so we can implement this. I primarily want to pick up JA3 (client) and JA3S (server) fingerprints for now. We can extend support later to other fields and look at the certificate chain, etc.