Filter only pre-labelled traffic

previsou
psantus · Jan 4, 2025 · 86fa564 · 86fa564
1 parent 662f03c
commit 86fa564
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/ja3RuleGroupUpdater.py b/ja3RuleGroupUpdater.py
@@ -26,7 +26,7 @@ def lambda_handler(event, context):
 
     rules = rule_group['RuleGroup']['Rules']
     existing_priorities = [rule['Priority'] for rule in rules]
-    existing_ja3_fingerprints = [rule['Statement']['ByteMatchStatement']['SearchString'].decode() for rule in rules]
+    existing_ja3_fingerprints = [rule['Statement']['AndStatement']['Statements'][0]['ByteMatchStatement']['SearchString'].decode() for rule in rules]
     added_fingerprints = []
     removed_rules = []
 
@@ -93,12 +93,12 @@ def lambda_handler(event, context):
                 rules.append(new_rule)
 
         # Keep only the last RULE_GROUP_MAXSIZE rules
-        removed_rules = [rule['Statement']['ByteMatchStatement']['SearchString'].decode() for rule in rules[:-int(RULE_GROUP_MAXSIZE)]]
+        removed_rules = [rule['Statement']['AndStatement']['Statements'][0]['ByteMatchStatement']['SearchString'].decode() for rule in rules[:-int(RULE_GROUP_MAXSIZE)]]
         rules = rules[-int(RULE_GROUP_MAXSIZE):]
 
     if action == 'REMOVE_FROM_BLACKLIST':
         removed_rules = ja3_fingerprints
-        rules = [rule for rule in rules if rule['Statement']['ByteMatchStatement']['SearchString'].decode() not in ja3_fingerprints]
+        rules = [rule for rule in rules if rule['Statement']['AndStatement']['Statements'][0]['ByteMatchStatement']['SearchString'].decode() not in ja3_fingerprints]
 
     # Reindex rules from 1
     for index, rule in enumerate(rules):