A
ApexAegis
OverviewLogs & EventsEndpoint Events
Attack Paths & SegmentsAttack ComparisonAPT SimulationAI/ML & UEBA
SD-WAN OptimizerNetwork Events
Ghosted Apps & Services
Security PoliciesAddressesServicesURL CategoriesCloud ApplicationsCloud App Tenants
ATP ProfilesSSL InspectionDNS FilterWeb FilterDevice Posture
Users & GroupsDevicesIdentity ProvidersPasskey ManagerABAC ControlOAuth 2.0 & API KeysIdP Configuration
Test My DefenceSecurity PreviewAttack Path AnalysisSSL/TLS Scanner
Compliance ReportCertification ReportITSM Automation
Audit & Config MgmtFeature LicensingClient ConfigRoute Policies
Gateway NodesSCION Partner GatewaySDN SwitchesPort Configuration802.1X Auth ServerWireless ManagementDynamic SGTGuest AccessAPI IntegrationsCA CertificatesPolicy MigrationSettings
K

SSL Inspection

TLS/SSL decryption profiles for deep packet inspection

Full SSL Inspection requires a CA certificate

Full Inspection (Inline Proxy) mode decrypts TLS traffic using your organization's CA certificate. Ensure your CA bundle is uploaded under CA Certificates and distributed to all managed endpoints. Financial and healthcare categories are exempt by default for compliance.

JA3 / JA3S TLS Fingerprinting

Detect malicious TLS clients & servers by their handshake fingerprint — no decryption required

ENABLED
1,247
Unique JA3 Hashes Seen
Last 24h
14
Known-Bad Matches
Auto-blocked
892
JA3S Server Hashes
Catalogued
7
TLS Anomalies Flagged
Unusual cipher suites

Known-Bad JA3 Hash Database

JA3 HashThreatCategoryActionHits (24h)
e7d705a3286e19ea…Cobalt Strike BeaconC2 FrameworkBlock3
72a589da586844d7…Emotet LoaderMalware DropperBlock7
a0e9f5d64349fb13…Metasploit MeterpreterExploitation ToolBlock1
51c64c77e60f3980…TrickBot Banking TrojanBanking MalwareBlock0
d44c5d7b9a370d84…AsyncRATRATBlock2
6734f37431670b3a…Sliver C2 (Go)C2 FrameworkBlock + Alert1

JA3S Server-Side Anomalies

185.220.101.34:443critical
JA3S: 15af977ce25de1c2bg78…

Non-standard cipher negotiation (TLS_NULL_WITH_NULL_NULL offered)

91.234.99.100:8443critical
JA3S: f4e9cb89b95aebf3cd1e…

JA3S matches known Cobalt Strike TeamServer response

203.0.113.55:443warning
JA3S: a732f3204e5b6f3b412c…

TLS 1.0 only — deprecated protocol, possible downgrade attack

Auto-block known-bad JA3Enabled
Feed update frequencyEvery 15 min
Log all JA3 hashesEnabled
Alert on unknown JA3SWarning only
TI feed sourcesabuse.ch, JA3er.com, internal
SIEM forwardingCEF to Splunk