Highlighted
Absent Member.
Absent Member.
383 views

Which field contains Hashes in Arcsight ?

Hi Everyone ,

we are having some hashes to check in ESM. can anyone pls let me know Which field contains Hashes in Arcsight ?

or, any other solution for this.

Labels (3)
0 Likes
2 Replies
Highlighted
Fleet Admiral Fleet Admiral
Fleet Admiral

fileHash & oldFileHash would be the most likely candidates.

0 Likes
Highlighted
Absent Member.
Absent Member.

Hi Shaun,

Thanks for the reply , generally fileHash /old file hash field should capture the hashes

but we are having symentic device which capturing hashes in name field .

so i think it is device specific . however fireeye capture hashes in filehash field itself.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.