Skip to main content


This Integration is part of the JARM Pack.#

Active TLS fingerprinting using JARM

Configure JARM on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for JARM.

  3. Click Add instance to create and configure a new integration instance.

    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Calculate JARM fingerprint by scanning host with multiple TLS packets.

Base Command#



Argument NameDescriptionRequired
hostFQDN or IP address to fingerprint. Also supports [https://fqdn:port] format.Required
portPort to fingerprint. If provided overrides the port specified in the host parameter. Default is 443.Optional

Context Output#

JARM.FQDNStringFQDN of the host.
JARM.IPStringIP Address of the host.
JARM.PortNumberTCP port
JARM.TargetStringThe host in the format [IP or FQDN]:Port
JARM.FingerprintStringJARM fingerprint of the host.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

Command Example#

!jarm-fingerprint host="" port=443

Context Example#

"DBotScore": [
"Indicator": "27d40d40d29d40d1dc42d43d00041d4689ee210389f4f6b4b5b1b93f92252d",
"Score": 0,
"Type": "jarm",
"Vendor": "JARM"
"JARM": {
"FQDN": "",
"Fingerprint": "27d40d40d29d40d1dc42d43d00041d4689ee210389f4f6b4b5b1b93f92252d",
"Port": 443,
"Target": ""

Human Readable Output#