JA3 support

[chrisforce1]

I'd like to save JA3 signatures when NFR encounters TLS sessions on TCP port 443.

Here's a simple way that we can load tcpdump output into ja3.py and get the signatures. The code is over at https://github.com/salesforce/ja3/ and a large list of signatures at https://github.com/salesforce/ja3/tree/master/lists. We can then use the signatures on the backend to flag infections within riswiz.

[chrisforce1]

A bigger list of JA3 signatures (including some malware) is over here.