.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
How to get the MD5 and SHA file hash values seen in the investigator modules into meta keys.When investigating packet traffic in Security Analytics it is possible to see MD5 and SHA1 hashes for files generated as below:
Resolution
These hash values are calculated on the fly by the investigator component in Security Analytics and are not available in metakeys.If you want to generate Hash values then a Security Analytics Malware appliance is necessary. This can be configured to send CEF formatted syslog messages containing the hash values of files that have been analyzed.
Product Details
RSA Product Set: NetWitness Logs & PacketsRSA Product/Service Type: Security Analytics Appliance / Security Analytics UI / Malware Analysis
RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x
Platform: CentOS
O/S Version: EL6
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue