HASSH
hassh
The HASSH object contains SSH network fingerprinting values for specific client/server implementations. It provides a standardized way of identifying and categorizing SSH connections based on their unique characteristics and behavior.
Contents
Attributes
Caption | Name | Type | Is Array | Default | Description |
---|---|---|---|---|---|
Algorithm | algorithm | String | The concatenation of key exchange, encryption, authentication and compression algorithms (separated by ';'). NOTE: This is not the underlying algorithm for the hash implementation. | ||
Fingerprint | fingerprint | Fingerprint | The hash of the key exchange, encryption, authentication and compression algorithms. | ||
Raw Data | raw_data | JSON | The event data as received from the event source. | ||
Record ID | record_id | String | Unique identifier for the object | ||
Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
References
Referenced By
Context
JSON
{
"caption": "HASSH",
"description": "The HASSH object contains SSH network fingerprinting values for specific client/server implementations. It provides a standardized way of identifying and categorizing SSH connections based on their unique characteristics and behavior.",
"name": "hassh",
"extends": "object",
"attributes": {
"algorithm": {
"description": "The concatenation of key exchange, encryption, authentication and compression algorithms (separated by ';'). NOTE: This is not the underlying algorithm for the hash implementation.",
"requirement": "recommended",
"caption": "Algorithm",
"type": "string_t"
},
"fingerprint": {
"description": "The hash of the key exchange, encryption, authentication and compression algorithms.",
"requirement": "required",
"caption": "Fingerprint",
"type": "fingerprint"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
}
}
}