| <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"></meta><title>CompareFuzzyHash</title><link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css"></link></head><script type="text/javascript">window.onload = function(){if(self==top) { document.getElementById('nameHeader').style.display = "inherit"; } }</script><body><h1 id="nameHeader" style="display: none;">CompareFuzzyHash</h1><h2>Description: </h2><p>Compares an attribute containing a Fuzzy Hash against a file containing a list of fuzzy hashes, appending an attribute to the FlowFile in case of a successful match.</p><h3>Tags: </h3><p>hashing, fuzzy-hashing, cyber-security</p><h3>Properties: </h3><p>In the list below, the names of required properties appear in <strong>bold</strong>. Any other properties (not in bold) are considered optional. The table also indicates any default values.</p><table id="properties"><tr><th>Display Name</th><th>API Name</th><th>Default Value</th><th>Allowable Values</th><th>Description</th></tr><tr><td id="name"><strong>Hash List Source File</strong></td><td>HASH_LIST_FILE</td><td></td><td id="allowable-values"></td><td id="description">Path to the file containing hashes to be validated against<br/><br/><strong>This property requires exactly one file to be provided..</strong><br/></td></tr><tr><td id="name"><strong>Hashing Algorithm</strong></td><td>HASH_ALGORITHM</td><td></td><td id="allowable-values"><ul><li>ssdeep <img src="../../../../../html/images/iconInfo.png" alt="Uses ssdeep / SpamSum 'context triggered piecewise hash'." title="Uses ssdeep / SpamSum 'context triggered piecewise hash'."></img></li><li>tlsh <img src="../../../../../html/images/iconInfo.png" alt="Uses TLSH (Trend 'Locality Sensitive Hash'). Note: FlowFile Content must be at least 512 characters long" title="Uses TLSH (Trend 'Locality Sensitive Hash'). Note: FlowFile Content must be at least 512 characters long"></img></li></ul></td><td id="description">The hashing algorithm utilised</td></tr><tr><td id="name"><strong>Hash Attribute Name</strong></td><td>ATTRIBUTE_NAME</td><td id="default-value">fuzzyhash.value</td><td id="allowable-values"></td><td id="description">The name of the FlowFile Attribute that should hold the Fuzzy Hash Value</td></tr><tr><td id="name"><strong>Match Threshold</strong></td><td>MATCH_THRESHOLD</td><td></td><td id="allowable-values"></td><td id="description">The similarity score must exceed or be equal to in order formatch to be considered true. Refer to Additional Information for differences between TLSH and SSDEEP scores and how they relate to this property.</td></tr><tr><td id="name"><strong>Matching Mode</strong></td><td>MATCHING_MODE</td><td id="default-value">single</td><td id="allowable-values"><ul><li>single <img src="../../../../../html/images/iconInfo.png" alt="Send FlowFile to matched after the first match above threshold" title="Send FlowFile to matched after the first match above threshold"></img></li><li>multi-match <img src="../../../../../html/images/iconInfo.png" alt="Iterate full list of hashes before deciding to send FlowFile to matched or unmatched" title="Iterate full list of hashes before deciding to send FlowFile to matched or unmatched"></img></li></ul></td><td id="description">Defines if the Processor should try to match as many entries as possible (multi-match) or if it should stop after the first match (single)</td></tr></table><h3>Relationships: </h3><table id="relationships"><tr><th>Name</th><th>Description</th></tr><tr><td>failure</td><td>Any FlowFile that cannot be matched, e.g. (lacks the attribute) will be sent to this Relationship.</td></tr><tr><td>not-found</td><td>Any FlowFile that cannot be matched to an existing hash will be sent to this Relationship.</td></tr><tr><td>found</td><td>Any FlowFile that is successfully matched to an existing hash will be sent to this Relationship.</td></tr></table><h3>Reads Attributes: </h3>None specified.<h3>Writes Attributes: </h3><table id="writes-attributes"><tr><th>Name</th><th>Description</th></tr><tr><td>XXXX.N.match</td><td>The match that resembles the attribute specified by the <Hash Attribute Name> property. Note that: 'XXX' gets replaced with the <Hash Attribute Name></td></tr><tr><td>XXXX.N.similarity</td><td>The similarity score between this flowfileand its match of the same number N. Note that: 'XXX' gets replaced with the <Hash Attribute Name></td></tr></table><h3>State management: </h3>This component does not store state.<h3>Restricted: </h3>This component is not restricted.<h3>Input requirement: </h3>This component requires an incoming relationship.<h3>System Resource Considerations:</h3>None specified.<h3>See Also:</h3><p><a href="../org.apache.nifi.processors.cybersecurity.FuzzyHashContent/index.html">FuzzyHashContent</a></p></body></html> |