Open securitiz opened 2 years ago
@SamuelHassine I'm curious to get an update on this issue, just because when I export file observables from the platform, I see that there is a column in the resulting CSV for SSDEEP hashes, yet the parameter isn't represented in the GUI.
2 major evolutions here:
Use case
Implementing an ssdeep / fuzzy hashes parameter for the File object would allow analysts to link File observables that are not exactly the same , but extremely similar.
Current Workaround
N/a
Proposed Solution
Implement a parameter for the File observable to record a file's ssdeep hash.
File observables that share ssdeep hashes should be linked in some way, whether by direct relationship or inference. Additionally, it would be useful to view all File observables that share an ssdeep hash at once.
Additional Information
https://ssdeep-project.github.io/ssdeep/index.html
If the feature request is approved, would you be willing to submit a PR?
Yes / No (Help can be provided if you need assistance submitting a PR)