JA3 Fingerprint Hash

Question: is the JA3 fingerprint hash calculated and logged before a request passes through? One would think yes, because that would enable WAF rules that block a specific JA3 to act on traffic coming in, but I don’t see that value shown on http request logs shown in the instant logs. Is that just a limitation of instant logs?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.