I think it would be helpful to add a boolean for GREASE support in the MongoDB since it's not in the JA3 hash. GREASE is helpful in identifying bots or malicious requests spoofing user_agents.

EX: Reported user_agent is a current version of Safari on any OS. But, there is no grease support in the TLS negotiation. Therefore the conclusion is the user_agent is being faked.

Hey, thanks for your Issue. I want to rework the logging system completely, to enable better statistics. The Idea is good, although I never encountered a client spoofing a ja3 but not sending GREASE values

The thought is to be able to identify spoofed user_agents. Most spoofed user_agents aren't going anything good :-)

I am working on my own fingerprint and will have it in there

The new fingerprint "PeetPrint" now contains grease values (actual values replaced with "GREASE")