Skip to main content
Skip table of contents

View JA3 Hash Information for an Event

Ja3 Hashes are cross-referenced with a database to provide more information on a particular incident or notable event. To view the information for a Ja3 hash:

  1. Click the Hunt tab, and then click Activity.
    The Activity page appears and displays the dynamic chart and Hunt Activity table with a list of the most recent incidents. 
    If any instance of Ja3HashInvestigationArtifact is present in the Hunt Activity table, do one of the following:
    1. Click Ja3HashInvestigationArtifact in the legend under the dynamic chart.
    2. Type entry_type:*Ja3HashInvestigationArtifact* in the Discover search bar and initiate the search.
      A list of the Ja3Hash events appears in the Hunt Activity table.
  2. Click the + icon to the left of the Timestamp for an event.
    Two tabs appear below that event.
  3. Click the JSON tab.
    The JSON tab appears with a list of values, including _score and _source.
  4. To expand the JSON tab, click the _source value.
    Additional values appear, including ja3hash_info.
  5. Click the ja3hash_info value to view additional details.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close