In Active Response search and I have a specific file hash that I want to search for to see if it is actively running on systems. I found the hash in another search which showed it existed on 58 systems. I took that hash to see it's running on systems with a different file name. I used processes as the collector expecting around the same number of hits. Problem is I had about 6300 results and I don't actually see the hash I searched for in the list. My search was Processes where Files md5 equals "themd5hash".
My original file search was Files name, created_at, md5, create_user_name and HostInfo hostname, ip_address and LoggedInUsers where Files name equals "filename.exe"
If anyone could point me to what I may be doing wrong, please let me know. Appreciate the help.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.