Remove JA3 leftovers. Update alert keys. Rename malivious JA3 to malicious Fingerprint.

2026-05-01 00:19:33 +00:00 · 2024-09-02 18:34:09 +02:00 · 2024-09-02 18:34:09 +02:00 · 3b0b60c422
commit 3b0b60c422
parent 3b5217c583
16 changed files with 27 additions and 115 deletions
--- a/scripts/lua/modules/alert_definitions/flow/alert_ndpi_malicious_fingerprint.lua
+++ b/scripts/lua/modules/alert_definitions/flow/alert_ndpi_malicious_fingerprint.lua
@ -15,13 +15,13 @@ local mitre = require "mitre_utils"

 -- ##############################################

-local alert_ndpi_malicious_ja3 = classes.class(alert)
+local alert_ndpi_malicious_fingerprint = classes.class(alert)

 -- ##############################################

-alert_ndpi_malicious_ja3.meta = {
-  alert_key = flow_alert_keys.flow_alert_ndpi_malicious_ja3,
-  i18n_title = "flow_checks_config.malicious_ja3",
+alert_ndpi_malicious_fingerprint.meta = {
+  alert_key = flow_alert_keys.flow_alert_ndpi_malicious_fingerprint,
+  i18n_title = "flow_checks_config.malicious_fingerprint",
  icon = "fas fa-fw fa-info-circle",

   -- Mitre Att&ck Matrix values
@ -36,12 +36,12 @@ alert_ndpi_malicious_ja3.meta = {

 -- @brief Prepare an alert table used to generate the alert
 -- @return A table with the alert built
-function alert_ndpi_malicious_ja3:init()
+function alert_ndpi_malicious_fingerprint:init()
   -- Call the parent constructor
   self.super:init()
 end

 -- #######################################################

-return alert_ndpi_malicious_ja3
+return alert_ndpi_malicious_fingerprint