Getting a False Positive alert on the following rule.
alert tls $HOME_NET any → $EXTERNAL_NET any (msg:“ET JA3 Hash - [Abuse.ch] Possible Adwind”; ja3_hash; content:“d2935c58fe676744fecc8614ee5356c7”; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028763; rev:2; metadata:created_at 2019_10_14, former_category JA3, updated_at 2019_10_29;)
Have checked all of the hits and it’s my smart home controller going to api.amazon.com and api.amazonalexa.com