Fingerprint

fingerprint

The Fingerprint object provides detailed information about a digital fingerprint, which is a compact representation of data used to identify a longer piece of information, such as a public key or file content. It contains the algorithm and value of the fingerprint, enabling efficient and reliable identification of the associated data.

Contents

Attributes

Caption Name Type Is Array Default Description
Algorithm algorithm String The hash algorithm used to create the digital fingerprint, normalized to the caption of 'algorithm_id'. In the case of 'Other', it is defined by the event source.
Algorithm ID algorithm_id Integer The identifier of the normalized hash algorithm, which was used to create the digital fingerprint.
0
Unknown
1
MD5
2
SHA-1
3
SHA-256
4
SHA-512
5
CTPH
6
TLSH
7
quickXorHash
99
Other
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Unmapped Data unmapped Unmapped The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.
Value value String The digital fingerprint value.

Context

Fingerprint

JSON

            
{
  "caption": "Fingerprint",
  "description": "The Fingerprint object provides detailed information about a digital fingerprint, which is a compact representation of data used to identify a longer piece of information, such as a public key or file content. It contains the algorithm and value of the fingerprint, enabling efficient and reliable identification of the associated data.",
  "extends": "object",
  "name": "fingerprint",
  "observable": 30,
  "attributes": {
    "algorithm": {
      "description": "The hash algorithm used to create the digital fingerprint, normalized to the caption of 'algorithm_id'. In the case of 'Other', it is defined by the event source.",
      "requirement": "optional",
      "caption": "Algorithm",
      "type": "string_t"
    },
    "algorithm_id": {
      "description": "The identifier of the normalized hash algorithm, which was used to create the digital fingerprint.",
      "enum": {
        "0": {
          "caption": "Unknown",
          "description": "The algorithm is unknown."
        },
        "1": {
          "caption": "MD5",
          "description": "MD5 message-digest algorithm producing a 128-bit (16-byte) hash value."
        },
        "2": {
          "caption": "SHA-1",
          "description": "Secure Hash Algorithm 1 producing a 160-bit (20-byte) hash value."
        },
        "3": {
          "caption": "SHA-256",
          "description": "Secure Hash Algorithm 2 producing a 256-bit (32-byte) hash value."
        },
        "4": {
          "caption": "SHA-512",
          "description": "Secure Hash Algorithm 2 producing a 512-bit (64-byte) hash value."
        },
        "5": {
          "caption": "CTPH",
          "description": "The ssdeep generated fuzzy checksum. Also known as Context Triggered Piecewise Hash (CTPH)."
        },
        "6": {
          "caption": "TLSH",
          "description": "The TLSH fuzzy hashing algorithm."
        },
        "7": {
          "caption": "quickXorHash",
          "description": "Microsoft simple non-cryptographic hash algorithm that works by XORing the bytes in a circular-shifting fashion."
        },
        "99": {
          "caption": "Other",
          "description": "The algorithm is not mapped. See the <code>algorithm</code> attribute, which contains a data source specific value."
        }
      },
      "requirement": "required",
      "caption": "Algorithm ID",
      "sibling": "algorithm",
      "type": "integer_t"
    },
    "value": {
      "description": "The digital fingerprint value.",
      "requirement": "required",
      "type": "string_t",
      "caption": "Value"
    },
    "raw_data": {
      "group": "context",
      "caption": "Raw Data",
      "description": "The event data as received from the event source.",
      "type": "json_t"
    },
    "record_id": {
      "description": "Unique identifier for the object",
      "group": "primary",
      "requirement": "required",
      "caption": "Record ID",
      "type": "string_t"
    },
    "unmapped": {
      "caption": "Unmapped Data",
      "description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
      "type": "unmapped",
      "is_array": true
    }
  }
}