Forum Discussion

Silver I

3 months ago

Solved

Elastic Data Ingest: Ep.1 – Auditbeat

Hello, I'm stuck on Q11 of this lab and would greatly appreciate some help, please. I'm a little confused as to how to go about answering the question? If I use the filter for - Processhash.sha1 IS ...

help & support

neeemu
3 months ago
You're provided the Process PID in the tasks so searching for that returns event for that process. Expanding that event will show further details, one of which is the SHA1 hash.

Dark_Knight666

Silver I

3 months ago

neeemu - Thank you for commenting. But I guess my question now is how did you identify the first 4 characters of the process sha1 hash? A little stuck on this part.

neeemu

Bronze III

3 months ago

You're provided the Process PID in the tasks so searching for that returns event for that process. Expanding that event will show further details, one of which is the SHA1 hash.

Forum Discussion

Elastic Data Ingest: Ep.1 – Auditbeat

Featured Places

Help

Related Content

Elastic Data Ingest: Ep.2 – Filebeat

Elastic Data Ingest: Ep.5 – Packetbeat

Microsoft Sentinel Deployment & Log Ingestion: Ingesting Platform Logs via Diagnostic Settings

Elastic Data Ingest: Demonstrate Your Skills

Elastic Data Ingest: Ep.6 – Winlogbeat

Recent Discussions

IoT & Embedded Devices: Certificate Underpinning

Trick or Treat on Specter Street: Morphy's Mansion Challenge

Trick or Treat on Specter Street: Morphy’s Mansion

Credential Access: Password Hashing Algorithms

Trick or Treat on Specter Street: Ghost of the SOC