Can Security Analytics allow searching for files via their calculated hash? Can it generate alerts based on file hashes?

book

Article ID: 168385

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

By default, the Security Analytics Platform does not extract and calculate hashes on files within capture traffic. This can be set up, however, using Data Enrichment Actions. Due to the complexity of this configuration and to minimize the effects on the performance of the appliance, please contact Blue Coat support for full instructions and tuning assistance.

Because alerts configured within Security Analytics are processed before files in a flow are extracted and their hash calculated, it is not possible to generate alerts based on file hashes. However, if the system is configured to calculate file hashes, scheduled reports can email the hash information for analysis by external systems. Please search the online help on the appliance for "Scheduled Reports" or visit the following link:
https://bto.bluecoat.com/webguides/security_analytics/7.1/platform_webguide//desktop/ENG/Analytics/reports.htm