Hash detection issue

PMarchand · February 15, 2021, 3:08pm

Hello,

I got an issue implementing file hash detection in suricata.

I’ve created a rule based on md5 hash. Unfortunately, the rule never pop off.
After verification, I find out that the hash generated by md5checksum is different than the hash generated by Suricata in file-store.

Does anyone has any clue on how to solve this?

Thank you,

Jeff_Lucovsky · February 15, 2021, 4:25pm

Hi,
Could you post your rule?

Could you post a pcap with the file?

Topic		Replies	Views
Help please! File Hash detection issues Help	4	2128	January 5, 2021
Suricata 5.0.2 File Extraction Help file-extraction	10	2173	February 3, 2021
Md5file not alerting Help ips , community , rules , suricata	3	405	July 13, 2022
MD5file question Help ips , community , rules , suricata	5	526	July 25, 2022
Detect against sha256 hashes Help rules , suricata	9	454	October 31, 2023

Hash detection issue

Related topics