We have expanded our security telemetry to include JA3 and JA4 TLS fingerprints. TLS fingerprinting is a proven technique for identifying client software based on the TLS handshake.
These signals help customers detect and respond to malicious traffic faster, identify suspicious client behavior, and correlate related activity across changing IPs and sessions.
Tenant Logs
JA3 and JA4 fingerprints are now logged in applicable authentication and security events such as Success Login, Failed Login, and Anomaly Detection.
Actions Integration
JA3 and JA4 fingerprints are now available in Actions for real-time, custom security responses, but only in the following triggers:
pre-user-registrationpost-user-registrationpost-loginTenant Access Control List (ACL) Support
You can also use the Tenant Access Control List to block specific TLS fingerprints directly by adding a rule. Alternatively, you can combine JA3 and JA4 signals with Actions to apply custom business logic, such as requiring MFA or conditionally denying access.
JA3 and JA4 provide a stable, high-entropy signal that is hard to spoof, helping you correlate malicious activity even across changing IPs and sessions.
Available for all Enterprise customers. Start using these signals today.
Fetched April 15, 2026