Hash
This filter is used to search or extract hashes from a Message.
Supported types of hashes are:
- MD5
- SHA1
- SHA256
- SHA512
Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
| target | STRING | “main” | the field of the Message that should be used for the filter (it could be main or an extra field) |
| extract | BOOL | “false” | if "true" the main field of the output Message will be the extracted hash |
| md5 | BOOL | “true” | if "false" md5 hashes will be ignored |
| sha1 | BOOL | “true” | if "false" sha1 hashes will be ignored |
| sha256 | BOOL | “true” | if "false" sha256 hashes will be ignored |
| sha512 | BOOL | “true” | if "false" sha512 hashes will be ignored |
... | hash(target="description", extract="true") | ...Output
If the extract parameter is “false”, the received Message will be propagated only if at least one hash is found in it.
Otherwise, if extract is “true” and the Message contains one or more hashes, the main field of the propagated Message will contain only the extracted hash.
If the extract parameter is “true” and the message is propagated, a new extra field is created: fulltext will contain the original target string.
If the targeted field contains multiple hashes, the filter will create and propagate multiple messages, one for each hash.
Examples
Soon…