|Applies To||RSA Product Set: NetWitness Logs & Packets|
RSA Product/Service Type: Security Analytics Appliance / Security Analytics UI / Malware Analysis
RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x
O/S Version: EL6
|Issue||How to get the MD5 and SHA file hash values seen in the investigator modules into meta keys.|
When investigating packet traffic in Security Analytics it is possible to see MD5 and SHA1 hashes for files generated as below:
|Resolution||These hash values are calculated on the fly by the investigator component in Security Analytics and are not available in metakeys.|
If you want to generate Hash values then a Security Analytics Malware appliance is necessary. This can be configured to send CEF formatted syslog messages containing the hash values of files that have been analyzed.