[Oisf-users] filesha256/filemd5
Peter Manev
petermanev at gmail.com
Thu Feb 9 16:01:42 UTC 2017
On Thu, Feb 9, 2017 at 4:50 PM, erik clark <philosnef at gmail.com> wrote:
> Is it possible to do a filesha256 instead of filemd5? I only see
> documentation on filemd5, but have sha256 sums. How can I alert on files
> with sha256 sums? Thanks!
>
The routine is the same -
alert http any any -> any any (msg:"Black list checksum match and
extract SHA256"; filesha256:fileextraction-chksum.list; filestore;
sid:666; rev:1;)
and then the file - fileextraction-chksum.list in your rules directory
will contain the sha256 sums
Can you please open a doc issue on our redmine for that.
Thank you
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list