Skip to content

[Website]: Missing MD5 hash field in Harmony Email integration documentation #2244

New issue
New issue
Open
Open
[Website]: Missing MD5 hash field in Harmony Email integration documentation#2244
Labels
Team:IngestIssues owned by the Ingest Docs Teamcommunitysource:webIssues originating from the elastic.co docs
@Jares95

Description

@Jares95
Jares95
opened on Jul 23, 2025

Type of issue

Missing information

What documentation page is affected

https://www.elastic.co/docs/reference/integrations/checkpoint_email

What happened?

The documentation for the Check Point Harmony Email & Collaboration integration does not mention that the MD5 hash of malicious attachments (attachmentMd5), available from Harmony’s API, is not mapped to any ECS field or extracted during ingestion.

This is misleading, especially since the MD5 hash is a critical field for malware detection and incident correlation. In actual raw events, the field exists when a malware alert is generated, but it is not visible in Kibana or mapped as file.hash.md5 or similar.

This omission causes confusion and may mislead users into thinking the integration captures all relevant malware data, which it currently does not.

Additional info

The field attachmentMd5 is present in Harmony's raw JSON for malware-type alerts and should ideally be mapped into the ECS schema. Without this, analysts must manually parse event.original or modify ingest pipelines.

Request: Please confirm if this field can be included or document that it is not currently supported.

Example field:
"attachmentMd5": "4437981ad343f816a65030504bed0e7d"

Metadata

Metadata

Assignees

No one assigned

    Labels

    Team:IngestIssues owned by the Ingest Docs Teamcommunitysource:webIssues originating from the elastic.co docs

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions