# Licensed to Elasticsearch B.V. under one or more contributor # license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright # ownership. Elasticsearch B.V. licenses this file to you under # the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. --- - name: hash title: Hash group: 2 type: group short: Hashes, usually file hashes. description: > The hash fields represent different bitwise hash algorithms and their values. Field names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for other hashes by lowercasing the hash algorithm name and using underscore separators as appropriate (snake case, e.g. sha3_512). Note that this fieldset is used for common hashes that may be computed over a range of generic bytes. Entity-specific hashes such as ja3 or imphash are placed in the fieldsets to which they relate (tls and pe, respectively). reusable: top_level: false order: 1 expected: - file - process - dll - email.attachments.file fields: - name: md5 level: extended type: keyword description: MD5 hash. - name: sha1 level: extended type: keyword description: SHA1 hash. - name: sha256 level: extended type: keyword description: SHA256 hash. - name: sha384 level: extended type: keyword description: SHA384 hash. - name: sha512 level: extended type: keyword description: SHA512 hash. - name: ssdeep level: extended type: keyword description: SSDEEP hash. - name: tlsh level: extended type: keyword description: TLSH hash.