JA3 Fingerprint
A JA3 Fingerprint helps you profile specific SSL/TLS clients across different destination IPs, Ports, and X509 certificates. Analytics
To get more information about potential bot requests, use these JA3 Fingerprints in:
- Bot Analytics
- Security Events and Security Analytics
- Analytics GraphQL API, specifically the HTTP Requests dataset
- Logs
Actions
To adjust how your application responds to specific fingerprints, use them with:
Use cases
Block or allow certain traffic
A group of similar requests may share the same JA3 fingerprint. For this reason, JA3 may be useful in blocking an incoming threat. For example, if you notice that a bot attack is not caught by existing defenses, create a custom rule that blocks/challenges the JA3 used for the attack.
Alternatively, if existing defenses are blocking traffic that is actually legitimate, create a custom rule with the Skip action allowing the JA3 seen across good requests.
JA3 may also be useful if you want to immediately remedy false positives or false negatives with Bot Management.
Allow mobile traffic
Often, mobile application traffic will produce the same JA3 fingerprint across devices and users. This means you can identify your mobile application traffic by its JA3 fingerprint.
Use the JA3 fingerprint to allow traffic from your mobile application, but block or challenge remaining traffic.