JA4+ Fingerprint

ja4_fingerprint

The JA4+ fingerprint object provides detailed fingerprint information about various aspects of network traffic which is both machine and human readable.

Attributes
References
Graph
JSON

Attributes

Caption	Name	Type	Description
Raw Data	raw_data	JSON	The event data as received from the event source.
Record ID	record_id	String	Unique identifier for the object
JA4 Section A	section_a	String	The 'a' section of the JA4 fingerprint.
JA4 Section B	section_b	String	The 'b' section of the JA4 fingerprint.
JA4 Section C	section_c	String	The 'c' section of the JA4 fingerprint.
JA4 Section D	section_d	String	The 'd' section of the JA4 fingerprint.
Type	type	String	The JA4+ fingerprint type as defined by FoxIO, normalized to the caption of 'type_id'. In the case of 'Other', it is defined by the event source.
Type ID	type_id	Integer	The identifier of the JA4+ fingerprint type. 0 Unknown 1 JA4 2 JA4Server 3 JA4HTTP 4 JA4Latency 5 JA4X509 6 JA4SSH 7 JA4TCP 8 JA4TCPServer 9 JA4TCPScan 99 Other
Unmapped Data	unmapped	Unmapped	The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.
Value	value	String	The JA4+ fingerprint value.

References

Unmapped

Referenced By

Context

JSON

            
{
  "caption": "JA4+ Fingerprint",
  "description": "The JA4+ fingerprint object provides detailed fingerprint information about various aspects of network traffic which is both machine and human readable.",
  "extends": "object",
  "name": "ja4_fingerprint",
  "attributes": {
    "section_a": {
      "requirement": "optional",
      "caption": "JA4 Section A",
      "description": "The 'a' section of the JA4 fingerprint.",
      "type": "string_t"
    },
    "section_b": {
      "requirement": "optional",
      "caption": "JA4 Section B",
      "description": "The 'b' section of the JA4 fingerprint.",
      "type": "string_t"
    },
    "section_c": {
      "requirement": "optional",
      "caption": "JA4 Section C",
      "description": "The 'c' section of the JA4 fingerprint.",
      "type": "string_t"
    },
    "section_d": {
      "requirement": "optional",
      "caption": "JA4 Section D",
      "description": "The 'd' section of the JA4 fingerprint.",
      "type": "string_t"
    },
    "type": {
      "description": "The JA4+ fingerprint type as defined by <a href='https://blog.foxio.io/ja4+-network-fingerprinting target='_blank'>FoxIO</a>, normalized to the caption of 'type_id'. In the case of 'Other', it is defined by the event source.",
      "requirement": "optional",
      "caption": "Type",
      "type": "string_t"
    },
    "type_id": {
      "description": "The identifier of the JA4+ fingerprint type.",
      "enum": {
        "0": {
          "caption": "Unknown",
          "description": "The type is unknown."
        },
        "1": {
          "caption": "JA4",
          "description": "TLS Client Fingerprint."
        },
        "2": {
          "caption": "JA4Server",
          "description": "TLS Server Response/Session Fingerprint."
        },
        "3": {
          "caption": "JA4HTTP",
          "description": "HTTP Client Fingerprint."
        },
        "4": {
          "caption": "JA4Latency",
          "description": "Latency Measurement/Light Distance Fingerprint."
        },
        "5": {
          "caption": "JA4X509",
          "description": "X509 TLS Certificate Fingerprint."
        },
        "6": {
          "caption": "JA4SSH",
          "description": "SSH Traffic Fingerprint."
        },
        "7": {
          "caption": "JA4TCP",
          "description": "Passive TCP Client Fingerprint."
        },
        "8": {
          "caption": "JA4TCPServer",
          "description": "Passive TCP Server Fingerprint."
        },
        "9": {
          "caption": "JA4TCPScan",
          "description": "Active TCP Server Fingerprint."
        },
        "99": {
          "caption": "Other",
          "description": "The type is not mapped. See the <code>type</code> attribute, which contains a data source specific value."
        }
      },
      "requirement": "required",
      "caption": "Type ID",
      "sibling": "type",
      "type": "integer_t"
    },
    "value": {
      "description": "The JA4+ fingerprint value.",
      "requirement": "required",
      "type": "string_t",
      "caption": "Value"
    },
    "raw_data": {
      "group": "context",
      "caption": "Raw Data",
      "description": "The event data as received from the event source.",
      "type": "json_t"
    },
    "record_id": {
      "description": "Unique identifier for the object",
      "group": "primary",
      "requirement": "required",
      "caption": "Record ID",
      "type": "string_t"
    },
    "unmapped": {
      "caption": "Unmapped Data",
      "description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
      "type": "unmapped",
      "is_array": true
    }
  }
}

JA4+ Fingerprint

Contents

Attributes

References

Referenced By

Context

JSON