JA4+ Fingerprint

ja4_fingerprint

The JA4+ fingerprint object provides detailed fingerprint information about various aspects of network traffic which is both machine and human readable.

Attributes

Caption	Name	Type	Description
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
JA4 Section A	`section_a`	String	The 'a' section of the JA4 fingerprint.
JA4 Section B	`section_b`	String	The 'b' section of the JA4 fingerprint.
JA4 Section C	`section_c`	String	The 'c' section of the JA4 fingerprint.
JA4 Section D	`section_d`	String	The 'd' section of the JA4 fingerprint.
Type	`type`	String	The JA4+ fingerprint type as defined by FoxIO, normalized to the caption of 'type_id'. In the case of 'Other', it is defined by the event source.
Type ID	`type_id`	Integer	The identifier of the JA4+ fingerprint type. `0`: Unknown (`UNKNOWN`) `1`: JA4 (`JA4`) `2`: JA4Server (`JA4SERVER`) `3`: JA4HTTP (`JA4HTTP`) `4`: JA4Latency (`JA4LATENCY`) `5`: JA4X509 (`JA4X509`) `6`: JA4SSH (`JA4SSH`) `7`: JA4TCP (`JA4TCP`) `8`: JA4TCPServer (`JA4TCPSERVER`) `9`: JA4TCPScan (`JA4TCPSCAN`) `99`: Other (`OTHER`)
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.
Value	`value`	String	The JA4+ fingerprint value.

Relationships

Inbound Relationships

These objects and events reference JA4+ Fingerprint in their attributes:

Outbound Relationships

JA4+ Fingerprint references the following objects and events in its attributes:

Unmapped

This page describes qdm-1.5.1+ocsf-1.6.0

Updated 5 days ago