Loading…

File Hash Analytics

ArcSight
Register   or Login

Description:

File Hash Analytics uses SIEM as a baseline tool to track hashes reported by Sysmon, Anti-virus or similar security products. This case tracks the hashes to help in the discovery of malware executables and processes along with baseline deviations and pinpoint them to the assets where they were found. Additionally use case helps you to track the rare hashes, whether the same file names with different hashes or the same hash for different files and displays their directory / path. Integration command to check particular hash at the VirusTotal directly from the Active channel is included.

Other integrations: