File Hash Analytics case works by tracking hashes of potentially harmful software, files and processes their start across the Company hosts. Also, use case allows you to track rare hashes, whether the same file names with different hashes or the same hash for different files and displays their directory. Also package include integration command to check particular hash at the VirusTotal directly from the Active channel.
SIEM: HPE ArcSight ESM 6.9 or higher version.
File Hash Analytics comes with a Sysmon parser for the WINC connector, built for Sysinternals Sysmon v6.00 by Mark Russinovich and Thomas Garnier.
✓ Initial version.
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox