HASSH

JSON

            
{
  "caption": "HASSH",
  "description": "The HASSH object contains SSH network fingerprinting values for specific client/server implementations. It provides a standardized way of identifying and categorizing SSH connections based on their unique characteristics and behavior.",
  "name": "hassh",
  "extends": "object",
  "attributes": {
    "algorithm": {
      "description": "The concatenation of key exchange, encryption, authentication and compression algorithms (separated by ';'). NOTE: This is not the underlying algorithm for the hash implementation.",
      "requirement": "recommended",
      "caption": "Algorithm",
      "type": "string_t"
    },
    "fingerprint": {
      "description": "The hash of the key exchange, encryption, authentication and compression algorithms.",
      "requirement": "required",
      "caption": "Fingerprint",
      "type": "fingerprint"
    },
    "raw_data": {
      "group": "context",
      "caption": "Raw Data",
      "description": "The event data as received from the event source.",
      "type": "json_t"
    },
    "record_id": {
      "description": "Unique identifier for the object",
      "group": "primary",
      "requirement": "required",
      "caption": "Record ID",
      "type": "string_t"
    },
    "unmapped": {
      "caption": "Unmapped Data",
      "description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
      "type": "unmapped",
      "is_array": true
    }
  }
}