I write SIEM content (Mostly Arcsight and Q1), I have found PAN to be very effective in identifying adverse traffic. One thing that would be great, that in addition to recognizing the file type such as "file Microsoft PE File(52060)" which is useful as a poor mans DLP, with which I can track whats coming and going, it's only so effective by just having the file name. It would be much more effective if the md5 hash value of the file was written to the log file. Then I can correlate the log file md5 hash with my known bad hash database....Can this be done, is it there and I have missed it? Thanks
... View more