Add checksum to default alert "New file added to the file system"

[mmohylko]

It would be nice if the message about the new file immediately recorded with check-sum of the file on the file system (for example, the emergence of malware). When using the standard rule <alert_new_files> you are notified only about the name of the file and its path. In order to analyze this file, you need to go to the server, see the check-sum of the file and then analyze this file. But if these files will be a lot (in proportion to the number of agents), the work becomes more complicated.

[mstarks01]

This would be tremendously valuable. The logical extensions of this are active response scripts designed to query the VirusTotal API and CDB lookups to write rules based on whitelist/blacklist hashes. Both of these provide context around the file and allow for more specific and actionable alerts.

[Astaruf]

Did you find a solution or workaround to this issue?

[swindmill]

@mmogilko @mstarks01 @Astaruf this is now implemented in cb10d7f

[swindmill]

@ddpbsd should this issue now be closed as resolved?

[atomicturtle]

Yup, closed by #1940