- 16 May 2023
- 1 Minute to read
- Print
- DarkLight
Scan for JARM data
- Updated on 16 May 2023
- 1 Minute to read
- Print
- DarkLight
Silent Push allows you to search through data from our daily scans of the Internet's IPv4 range to obtain JARM data.
JARM (Just Another Ruby Mod) is a tool used to identify TLS servers based on their behavior and configuration, allowing security teams to identify servers that are using outdated or insecure TLS configurations.
JARM works by sending a series of TLS messages to a server and analyzing the server's response. The tool then generates a unique fingerprint based on the response, which can be used to identify the server even if it is using a different IP address or domain nam
By comparing the JARM fingerprint of a server against a database of known malicious fingerprints, security teams can quickly identify potential threats and malicious servers engaged in phishing and/or malware operations, and take appropriate action.
JARM fingerprints also allow threat analysts to identify traffic patterns and connections across different attack vectors, and pinpoint infrastructure and resources used by specific threat actors.
Navigate to
Advanced Query Builder > IPv4 Queries > Scan Data - JARM
Specify an IPv4 address
(Optional) Specify a
netmask
to search across a range of IP addresses(Optional) Specify a
jarm_hash
(Optional) Enter a value in
window
to include scan results with a "last_seen" date within the specified number of days(Optional) Choose a number of results to
skip
Saving queries
Organizational users are able to save individual queries ran from Advanced Query Builder
, and store them in the Private Queries
menu for future analysis, or to share with their organization.
Specify the query parameters
Click
Save Query
Give your query a
Name
Specify a
Description
to add more contextClick
Save