cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

SHA256 and MD5 hash information not sent with CEF Output

L1 Bithead

Hi Team,

 

I am seeing strange behaviour the Minemeld instance onsite is seeing Hash values that have been generated from Autofocus custom query using AF+MM instance. 

 

Setup: 

 

AF+MM - 1 Miner --> 1 x MD5 / 1 x SHA256 Processors --> 1 x Output MD5 / 1 x Output SHA256

 

On-Prem - 1 x Miner MD5 /  1 x Miner SHA256 -->  1 x Output MD5 / 1 x Output SHA256

 

when checking the logs through out the flow i can see the hashes but when i check the arcsight receiver in the raw logs i do not see any hash values . 

 

 

any ideas why this might be ?

Who Me Too'd this topic