[Oisf-users] identifying faulty blacklist sha256 sum

erik clark philosnef at gmail.com
Wed May 24 15:01:33 UTC 2017


So, I have a rule that looks at sha256 sums to see if any match a blacklist
item. However, the alert doesnt tell me what sum fired the alert. How can I
do this? I have several sums that I believe are giving abnormally high
false positives, as the sum(s) are all associated with yahoo ip space... I
need to identify those somehow so I can weed out the faulty sums.

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170524/9ccf9b50/attachment.html>


More information about the Oisf-users mailing list