|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Security Analytics Appliance / Security Analytics UI / Malware Analysis
RSA Version/Condition: 10.X
|Issue||How to get the MD5 and SHA file hash values seen in the investigator modules into meta keys.|
When investigating packet traffic in Security Analytics it is possible to see MD5 and SHA1 hashes for files generated as below:
|Resolution||These hash values are calculated on the fly by the investigator component in Security Analytics and are not available in metakeys.|
If you want to generate Hash values then a Security Analytics Malware appliance is necessary. This can be configured to send CEF formatted syslog messages containing the hash values of files that have been analysed.
See the article https://sadocs.emc.com/0_en-us/088_SA106/120_AppSerCon/MaCon/20_AddProc/CrtAlertCEFFor that explains how to create such a CEF formatted syslog message.