I hereby claim:
- I am ebeahan on github.
- I am ebeahan (https://keybase.io/ebeahan) on keybase.
- I have a public key whose fingerprint is 59FB 2BED 380A F3DA 839F FFF4 B2CA B027 BF73 9F45
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
The file ecs-detections.ndjson
contains example rules to detect ECS-compliance issues with your events.
The file can be imported into the Elastic detection engine's Import rule
feature.
{ | |
"agent": { | |
"name": "test", | |
"id": "a0e86cd2-d38b-4801-8d54-db5f2fb7f7e1", | |
"ephemeral_id": "8568c102-6c2d-495d-800b-bc5b89cde1b6", | |
"type": "filebeat", | |
"version": "8.1.2" | |
}, | |
"log": { | |
"file": { |
The following event captures three seperate hash values for the same file.
Each hash is populated under file.hash.*
based on the algorithm, and the value is also duplicated in related.hash
.
{
"@timestamp": 1651072073705,
"file": {
"hash": {
"md5": "44d88612fea8a8f36de82e1278abb02f",