Scan for JARM data

  • Updated on May 16, 2023
  • Published on Apr 11, 2023
  • 1 minute(s) read

Silent Push allows you to search through data from our daily scans of the Internet's IPv4 range to obtain JARM data.

JARM (Just Another Ruby Mod) is a tool used to identify TLS servers based on their behavior and configuration, allowing security teams to identify servers that are using outdated or insecure TLS configurations.

JARM works by sending a series of TLS messages to a server and analyzing the server's response. The tool then generates a unique fingerprint based on the response, which can be used to identify the server even if it is using a different IP address or domain nam

By comparing the JARM fingerprint of a server against a database of known malicious fingerprints, security teams can quickly identify potential threats and malicious servers engaged in phishing and/or malware operations, and take appropriate action.

JARM fingerprints also allow threat analysts to identify traffic patterns and connections across different attack vectors, and pinpoint infrastructure and resources used by specific threat actors.

  1. Navigate to Advanced Query Builder > IPv4 Queries > Scan Data - JARM

  2. Specify an IPv4 address

  3. (Optional) Specify a netmask to search across a range of IP addresses

  4. (Optional) Specify a jarm_hash

  5. (Optional) Enter a value in window to include scan results with a "last_seen" date within the specified number of days

  6. (Optional) Choose a number of results to skip

Saving queries

Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.

  1. Specify the query parameters

  2. Click Save Query

  3. Give your query a Name

  4. Specify a Description to add more context

  5. Click Save