Does ZIA leverage JA3 or JA3S signatures in the ATP aspect of the service, particularly for situations where SSL isn’t being inspected? If not, is there any plan for this? I see that several of the Network Threat Analysis (NTA) vendors are doing this, and think it would be a good capability for ZIA to have.
No we dont support ja3 today. It is being evaluated. We recommend customers turn on ssl inspection and we are investing in providing customers ssl granular inspection policies to help further customize ssl decryption and inspection policies by groups/uers/locarion/device(zapp)/tls versions/categories etc.