Thank you in advance.Sca
--
IRC: Let's talk about SELKS on Freenode IRC on the #SELKS channel
Wiki: https://github.com/StamusNetworks/SELKS/wiki
GitHub: https://github.com/StamusNetworks/SELKS
Blog: https://www.stamus-networks.com/theblog/
Twitter: @StamusN
g+: Stamus Networks
---
You received this message because you are subscribed to the Google Groups "SELKS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to selks+un...@googlegroups.com.
To post to this group, send email to se...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/selks/92bb9349-6ee9-4100-aaa6-5291222c8be2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Hi,it's me again...I am looking to the the hash sha256 of each alert where my file is stored.i have the file-store section with sha256 and the files section with force-hash to with sha256.I don't find on the documentation https://suricata.readthedocs.io/en/suricata-4.1.0/file-extraction/file-extraction.html#file-store-and-eve-fileinfowhere to have it. is have find a file-log section, but i really want it in the eve.json file.I have miss something in the documentation?You should gave it im eve.json - you should have all sorts of hashes.Now - if there is the hash you are looking for it may be a diff story :)Do you see any sha256 hashes at all ?
--Thank you in advance.Sca
IRC: Let's talk about SELKS on Freenode IRC on the #SELKS channel
Wiki: https://github.com/StamusNetworks/SELKS/wiki
GitHub: https://github.com/StamusNetworks/SELKS
Blog: https://www.stamus-networks.com/theblog/
Twitter: @StamusN
g+: Stamus Networks
---
You received this message because you are subscribed to the Google Groups "SELKS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to se...@googlegroups.com.
Ok now it's work, i have repair moloch but i guess this is a different problem.
Well it's works :)
To unsubscribe from this group and stop receiving emails from it, send an email to selks+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/selks/09878dd9-6ede-4c4d-8ddc-2b19c0e023ae%40googlegroups.com.