Filter data in Hash view

Supported in:

Hash view lets you search and investigate files based on their hash value.

Open Hash view

You can open Hash view the following ways:

  • Search for the file hash directly
  • Pivot to Hash view when viewing a process- or file-based event in Asset view

Search for the file hash directly

To open Hash view directly:

  1. Enter the hash value in the Google Security Operations search field. Click Search.

  2. Select the hash value from the Hashes menu. Hash view is displayed.

You can also navigate to Hash view while investigating an asset in Asset view.

  1. Search for an asset and view it in Asset view. Asset view is displayed.

  2. From the Timeline tab to the left, scroll to any event tied to a process or file modification, such as PROCESS_LAUNCH.

  3. Expand the file to view details and investigate.

  4. You can open Hash view for the file by clicking the hash value in Asset view. Hash view is displayed.

Filter options in Hash view

The following Procedural Filtering options are available in Hash view:

  • ASSETS
  • EVENT TYPE
  • LOG SOURCE
  • PID
  • PROCESS NAME