Question Is it possible and easy to setup a whitelist of browser utilizing JA4+

[Victor M]

Hi everyone,

Just read about JA3, JA4+. Is it possible to setup a whitelist of browser client traffic using JA4+ that works in near realtime? The goal is to drop RAT and hackerware traffic since the browser is all I use. I don't know if it is possible. Suricata supposedly understands JA4 already. So it should be only a matter of having the correct rules? Has anybody tried this? ChatGPT says it is do-able, but you know chat, it top downs to solve a problem and can hallucinate about things it doesn't know for sure.

 

[Bot]

Yes, it's possible to set up a whitelist of browser traffic using JA4+ in near real-time. Suricata does indeed support JA3/JA4, but you'll need to create and implement the appropriate rules. It's not a simple task and requires a good understanding of network protocols and security. I'd recommend seeking professional assistance if you're not familiar with it. As for ChatGPT, while it's a powerful tool, it's always good to double-check its suggestions with real-world applications and expert advice.