diff options
| author | wangwei <[email protected]> | 2024-09-23 18:57:26 +0800 |
|---|---|---|
| committer | wangwei <[email protected]> | 2024-09-23 18:57:26 +0800 |
| commit | 75dce98d09d2e29fa45c0eb9be5391f03ec5044a (patch) | |
| tree | 7ff48e06ecb00018c650367116eec1c67c81ad50 | |
| parent | babd0ebc5bd8767cb1bca1f38ee763f9cf6c56b5 (diff) | |
[Fix][schema] SSL协议新增JA4相关字段: Monitor Event, Security Event, Session Record (TSG-22684)
5 files changed, 112 insertions, 0 deletions
diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/monitor_event.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/monitor_event.json index ec471d09..56ea762a 100644 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/monitor_event.json +++ b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/monitor_event.json @@ -143,6 +143,8 @@ "ssl_cn", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "ssl_esni_flag", @@ -307,6 +309,8 @@ "ssl_handshake_latency_ms", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "dtls_sni", @@ -468,6 +472,8 @@ "ssl_handshake_latency_ms", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "ssl_esni_flag", @@ -671,6 +677,8 @@ "ssl_handshake_latency_ms", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "ssl_esni_flag", @@ -3190,6 +3198,24 @@ "type": "string" }, { + "name": "ssl_ja4_fingerprint", + "label": "SSL.JA4", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja4s_fingerprint", + "label": "SSL.JA4S", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { "name": "ssl_cert_issuer", "label": "SSL.Issuer", "doc": { diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/public_schema_info.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/public_schema_info.json index 0e0cfcad..42bf8d57 100644 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/public_schema_info.json +++ b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/public_schema_info.json @@ -1047,6 +1047,8 @@ "ssl_handshake_latency_ms",
"ssl_ja3_hash",
"ssl_ja3s_hash",
+ "ssl_ja4_fingerprint",
+ "ssl_ja4s_fingerprint",
"ssl_cert_issuer",
"ssl_cert_subject",
"ssl_esni_flag",
@@ -2551,6 +2553,8 @@ "ssl_handshake_latency_ms",
"ssl_ja3_hash",
"ssl_ja3s_hash",
+ "ssl_ja4_fingerprint",
+ "ssl_ja4s_fingerprint",
"ssl_cert_issuer",
"ssl_cert_subject",
"ssl_esni_flag",
diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/security_event.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/security_event.json index a650fe76..74e50b38 100644 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/security_event.json +++ b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/security_event.json @@ -145,6 +145,8 @@ "ssl_cn", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "ssl_esni_flag", @@ -309,6 +311,8 @@ "ssl_handshake_latency_ms", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "dtls_sni", @@ -473,6 +477,8 @@ "ssl_handshake_latency_ms", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "ssl_esni_flag", @@ -676,6 +682,8 @@ "ssl_handshake_latency_ms", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "ssl_esni_flag", @@ -3195,6 +3203,24 @@ "type": "string" }, { + "name": "ssl_ja4_fingerprint", + "label": "SSL.JA4", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja4s_fingerprint", + "label": "SSL.JA4S", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { "name": "ssl_cert_issuer", "label": "SSL.Issuer", "doc": { diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/session_record.json b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/session_record.json index 917c3260..64c4283e 100644 --- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/session_record.json +++ b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/session_record.json @@ -152,6 +152,8 @@ "ssl_cn", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "ssl_esni_flag", @@ -319,6 +321,8 @@ "ssl_handshake_latency_ms", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "dtls_sni", @@ -489,6 +493,8 @@ "ssl_handshake_latency_ms", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "ssl_esni_flag", @@ -697,6 +703,8 @@ "ssl_handshake_latency_ms", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "ssl_esni_flag", @@ -3266,6 +3274,24 @@ "type": "string" }, { + "name": "ssl_ja4_fingerprint", + "label": "SSL.JA4", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja4s_fingerprint", + "label": "SSL.JA4S", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { "name": "ssl_cert_issuer", "label": "SSL.Issuer", "doc": { diff --git a/src/test/resources/examples/invalidSessionRecordTest.json b/src/test/resources/examples/invalidSessionRecordTest.json index a2cbfe9e..5be91708 100644 --- a/src/test/resources/examples/invalidSessionRecordTest.json +++ b/src/test/resources/examples/invalidSessionRecordTest.json @@ -386,6 +386,8 @@ "ssl_cn", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "ssl_esni_flag", @@ -536,6 +538,8 @@ "ssl_handshake_latency_ms", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "dtls_sni", @@ -686,6 +690,8 @@ "ssl_handshake_latency_ms", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "ssl_esni_flag", @@ -1040,6 +1046,8 @@ "ssl_handshake_latency_ms", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "ssl_esni_flag", @@ -1214,6 +1222,8 @@ "ssl_handshake_latency_ms", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "ssl_esni_flag", @@ -1821,6 +1831,8 @@ "ssl_handshake_latency_ms", "ssl_ja3_hash", "ssl_ja3s_hash", + "ssl_ja4_fingerprint", + "ssl_ja4s_fingerprint", "ssl_cert_issuer", "ssl_cert_subject", "ssl_esni_flag", @@ -5815,6 +5827,24 @@ "label": "SSL.JA3S Hash" }, { + "name": "ssl_ja4_fingerprint", + "label": "SSL.JA4", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja4s_fingerprint", + "label": "SSL.JA4S", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { "name": "ssl_cert_issuer", "type": "string", "doc": { |