This property requires exactly one file to be provided..
- ssdeep
- tlsh
- single
- multi-match
Compares an attribute containing a Fuzzy Hash against a file containing a list of fuzzy hashes, appending an attribute to the FlowFile in case of a successful match.
hashing, fuzzy-hashing, cyber-security
In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values.
| Name | Default Value | Allowable Values | Description |
|---|---|---|---|
| Hash List Source File | Path to the file containing hashes to be validated against This property requires exactly one file to be provided.. | ||
| Hashing Algorithm |
| The hashing algorithm utilised | |
| Hash Attribute Name | fuzzyhash.value | The name of the FlowFile Attribute that should hold the Fuzzy Hash Value | |
| Match Threshold | The similarity score must exceed or be equal to in order formatch to be considered true. Refer to Additional Information for differences between TLSH and SSDEEP scores and how they relate to this property. | ||
| Matching Mode | single |
| Defines if the Processor should try to match as many entries as possible (multi-match) or if it should stop after the first match (single) |
| Name | Description |
|---|---|
| failure | Any FlowFile that cannot be matched, e.g. (lacks the attribute) will be sent to this Relationship. |
| not-found | Any FlowFile that cannot be matched to an existing hash will be sent to this Relationship. |
| found | Any FlowFile that is successfully matched to an existing hash will be sent to this Relationship. |
| Name | Description |
|---|---|
| XXXX.N.match | The match that resembles the attribute specified by the <Hash Attribute Name> property. Note that: 'XXX' gets replaced with the <Hash Attribute Name> |
| XXXX.N.similarity | The similarity score between this flowfileand its match of the same number N. Note that: 'XXX' gets replaced with the <Hash Attribute Name> |