Skip to content

Instantly share code, notes, and snippets.

View ebeahan's full-sized avatar

Eric Beahan ebeahan

15 followers · 14 following
  • Elastic
View GitHub Profile
@ebeahan
ebeahan / readme.md
Created April 27, 2022 15:32
`related.hash` usage example

The following event captures three seperate hash values for the same file.

Each hash is populated under file.hash.* based on the algorithm, and the value is also duplicated in related.hash.

{
  "@timestamp": 1651072073705,
  "file": {
    "hash": {
      "md5": "44d88612fea8a8f36de82e1278abb02f",
@ebeahan
ebeahan / ecs-8.0.0.json
Last active April 19, 2022 15:46
{
"agent": {
"name": "test",
"id": "a0e86cd2-d38b-4801-8d54-db5f2fb7f7e1",
"ephemeral_id": "8568c102-6c2d-495d-800b-bc5b89cde1b6",
"type": "filebeat",
"version": "8.1.2"
},
"log": {
"file": {
@ebeahan
ebeahan / README.md
Last active November 18, 2020 23:43

The file ecs-detections.ndjson contains example rules to detect ECS-compliance issues with your events.

The file can be imported into the Elastic detection engine's Import rule feature.

@ebeahan
ebeahan / keybase.md
Created April 7, 2015 15:12

Keybase proof

I hereby claim:

  • I am ebeahan on github.
  • I am ebeahan (https://keybase.io/ebeahan) on keybase.
  • I have a public key whose fingerprint is 59FB 2BED 380A F3DA 839F FFF4 B2CA B027 BF73 9F45

To claim this, I am signing this object: