Forum Discussion

Bronze III

25 days ago

Solved

Elastic Data Ingest: Ep.1 – Auditbeat

Hello, I'm stuck on Q11 of this lab and would greatly appreciate some help, please. I'm a little confused as to how to go about answering the question? If I use the filter for - Processhash.sha1 IS ...

help & support

neeemu
22 days ago
You're provided the Process PID in the tasks so searching for that returns event for that process. Expanding that event will show further details, one of which is the SHA1 hash.

Dark_Knight666

Bronze III

22 days ago

neeemu - Thank you for commenting. But I guess my question now is how did you identify the first 4 characters of the process sha1 hash? A little stuck on this part.

neeemu

Bronze III

22 days ago

You're provided the Process PID in the tasks so searching for that returns event for that process. Expanding that event will show further details, one of which is the SHA1 hash.

Forum Discussion

Elastic Data Ingest: Ep.1 – Auditbeat

Featured Places

Help & Support Forum

Related Content

Elastic Data Ingest: Ep.2 – Filebeat

Elastic Data Ingest: Ep.5 – Packetbeat

Introduction To Elastic: Ep.9 – ES|QL

Need help: Endace: Ep.3 – Elastic Integration Scenario

Microsoft Sentinel Deployment & Log Ingestion: Ingesting Platform Logs via Diagnostic Settings

Recent Discussions

Immersive GUI

Help with Cross Site Request Forgery (Twooter)

Privilege Escalation: Windows – Unquoted Service Paths

TLS Fundamentals: Ep.8 – Final Challenge

Elastic Data Ingest: Ep.5 – Packetbeat