Hash detection issue

PMarchand · February 15, 2021, 3:08pm

Hello,

I got an issue implementing file hash detection in suricata.

I’ve created a rule based on md5 hash. Unfortunately, the rule never pop off.
After verification, I find out that the hash generated by md5checksum is different than the hash generated by Suricata in file-store.

Does anyone has any clue on how to solve this?

Thank you,

Jeff_Lucovsky · February 15, 2021, 4:25pm

Hi,
Could you post your rule?

Could you post a pcap with the file?

Topic		Replies	Views
Help please! File Hash detection issues Help	4	1897	January 5, 2021
Suricata 5.0.2 File Extraction Help file-extraction	10	1986	February 3, 2021
Seem to be getting wrong hashes for JA3 Help	6	503	April 20, 2021
File-store creates empty files Help file-extraction	4	1262	July 1, 2020
File store of suricata Help	12	866	December 12, 2023

Hash detection issue

Related Topics