JARM
JARM Pack.#
This Integration is part of theActive TLS fingerprinting using JARM
#
Configure JARM in CortexParameter | Required |
---|---|
Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
jarm-fingerprintCalculate JARM fingerprint by scanning host with multiple TLS packets.
#
Base Commandjarm-fingerprint
#
InputArgument Name | Description | Required |
---|---|---|
host | FQDN or IP address to fingerprint. Also supports [https://fqdn:port] format. | Required |
port | Port to fingerprint. If provided overrides the port specified in the host parameter. Default is 443. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
JARM.FQDN | String | FQDN of the host. |
JARM.IP | String | IP Address of the host. |
JARM.Port | Number | TCP port |
JARM.Target | String | The host in the format [IP or FQDN]:Port |
JARM.Fingerprint | String | JARM fingerprint of the host. |
DBotScore.Indicator | String | The indicator that was tested. |
DBotScore.Type | String | The indicator type. |
DBotScore.Vendor | String | The vendor used to calculate the score. |
DBotScore.Score | Number | The actual score. |
#
Command Example!jarm-fingerprint host="google.com" port=443
#
Context Example#
Human Readable Output#
Results
FQDN Fingerprint Port Target google.com 27d40d40d29d40d1dc42d43d00041d4689ee210389f4f6b4b5b1b93f92252d 443 google.com:443