Add ja3 to search. (#6813)

2026-04-30 07:59:35 +00:00 · 2023-03-21 11:36:40 +00:00 · 2023-03-21 11:36:40 +00:00 · 33cd58af41
commit 33cd58af41
parent 00e25ccd46
4 changed files with 22 additions and 1 deletions
--- a/scripts/lua/rest/v2/get/host/find.lua
+++ b/scripts/lua/rest/v2/get/host/find.lua
@ -602,6 +602,15 @@ if not is_system_interface then
            what = "community_id"
            label = i18n("db_search.find_in_historical", {what=what, query=query})
            query = query .. tag_utils.SEPARATOR .. "eq"
+         elseif isJA3(query) then
+         --tprint("HERE")
+            what = "ja3_client"
+            label = i18n("db_search.find_in_historical", {what=what, query=query})
+            query = query .. tag_utils.SEPARATOR .. "eq"
+            results[#results + 1] = build_result(label, query, what, nil, nil, "historical")
+            what = "ja3_server"
+            label = i18n("db_search.find_in_historical", {what=what, query=query})
+            query = query .. tag_utils.SEPARATOR .. "eq"
         else
            what = "hostname"
            label = i18n("db_search.find_in_historical", {what=what, query=query})