This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
deepakroy1841
Absent Member.
Absent Member.
‎2016-09-06 04:23
416 views

Which field contains Hashes in Arcsight ?

Hi Everyone ,

we are having some hashes to check in ESM. can anyone pls let me know Which field contains Hashes in Arcsight ?

or, any other solution for this.

Labels (3)
Labels
0 Likes
Reply
Report Inappropriate Content
2 Replies
Shaun
Fleet Admiral Fleet Admiral
Fleet Admiral
‎2016-09-06 15:28

fileHash & oldFileHash would be the most likely candidates.

0 Likes
Reply
Report Inappropriate Content
deepakroy1841
Absent Member.
Absent Member.
‎2016-09-07 06:42

Hi Shaun,

Thanks for the reply , generally fileHash /old file hash field should capture the hashes

but we are having symentic device which capturing hashes in name field .

so i think it is device specific . however fireeye capture hashes in filehash field itself.

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.