EDR: How Is JA3 Support Enabled In The EDR Console?
search cancel

EDR: How Is JA3 Support Enabled In The EDR Console?

book

Article ID: 287157

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How is JA3 support enabled in the EDR console?

Environment

  • EDR Server: Version 7.1.0 and Higher
  • EDR Windows Sensor: Version 7.0 and Higher
  • Microsoft Windows: All Supported Versions

Resolution

JA3 support automatically begins when both the server and Windows sensor are upgraded to versions that support JA3: EDR Server 7.1.0 and Higher, and EDR Windows Sensor 7.0 and Higher.

Additional Information

If JA3 fingerprints seem to be absent in netconn data, do a process search for ja3:* over a period of a couple of weeks to confirm JA3 data is being captured in the EDR console.
Powered by Wolken Software