search

OTRF / OSSEM

Open Source Security Events Metadata (OSSEM)
MIT License
1.22k stars 212 forks source link

suggested additions to file CIM #31

Closed reswob10 closed 5 years ago

reswob10 commented 5 years ago

file_sha1 file_md5 file_sha256

If there are hashes. Remember, sysmon event_id 1 hashes the file executed.

reswob10 commented 5 years ago

NVM, I see hash is listed separately...