diff --git a/tests/ja4-cl-handshake/input.pcap b/tests/ja4-cl-handshake/input.pcap
new file mode 100644
index 000000000..77c4aa27a
Binary files /dev/null and b/tests/ja4-cl-handshake/input.pcap differ
diff --git a/tests/ja4-cl-handshake/suricata.yaml b/tests/ja4-cl-handshake/suricata.yaml
new file mode 100644
index 000000000..1322a818d
--- /dev/null
+++ b/tests/ja4-cl-handshake/suricata.yaml
@@ -0,0 +1,12 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - tls:
+            enabled: yes
+            custom: [ja4, client_handshake]
diff --git a/tests/ja4-cl-handshake/test.yaml b/tests/ja4-cl-handshake/test.yaml
new file mode 100644
index 000000000..efa84c446
--- /dev/null
+++ b/tests/ja4-cl-handshake/test.yaml
@@ -0,0 +1,15 @@
+requires:
+  min-version: 8
+  features:
+    - HAVE_JA4
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: tls
+        tls.ja4: t12d280700_d943125447b4_3c5a66c06c35
+        tls.client_handshake.version: TLS 1.2
+        tls.client_handshake.ciphers: [49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255]
+        tls.client_handshake.exts: [0,11,10,35,22,23,13]
+        tls.client_handshake.sig_algs: [1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,515,769,513,770,514,1026,1282,1538]
diff --git a/tests/ja4-sv-handshake/input.pcap b/tests/ja4-sv-handshake/input.pcap
new file mode 100644
index 000000000..77c4aa27a
Binary files /dev/null and b/tests/ja4-sv-handshake/input.pcap differ
diff --git a/tests/ja4-sv-handshake/suricata.yaml b/tests/ja4-sv-handshake/suricata.yaml
new file mode 100644
index 000000000..ad17d408d
--- /dev/null
+++ b/tests/ja4-sv-handshake/suricata.yaml
@@ -0,0 +1,13 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - tls:
+            enabled: yes
+            custom: [ja4s, server_handshake]
+
diff --git a/tests/ja4-sv-handshake/test.yaml b/tests/ja4-sv-handshake/test.yaml
new file mode 100644
index 000000000..793abfb83
--- /dev/null
+++ b/tests/ja4-sv-handshake/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 8
+  features:
+    - HAVE_JA4
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: tls
+        tls.ja4s: t120400_c030_12a20535f9be
+        tls.server_handshake.version: TLS 1.2
+        tls.server_handshake.cipher: 49200
+        tls.server_handshake.exts: [65281,11,35,23]