Provide SHA256 hash for binaries identified through software inventory collection

[ddribeiro]

Slack thread from 11/7/24: https://fleetdm.slack.com/archives/C01QH02FV1N/p1731026899274149
Slack thread from 11/26/24:https://fleetdm.slack.com/archives/C01QH02FV1N/p1732631506010559

Problem

customer-ufa uses an EDR that allows for certain binaries to be blocked from executing based on the SHA256 hash of that binary. Since Fleet is already being used to collect the file path for software titles with vulnerabilities, the customer would like Fleet to also provide the SHA256 hash for the binary so it can be entered into the EDR and blocked on the endpoint.

What have you tried?

The customer checked the Fleet UI, API, and the vulnerability webhook payload for a file hash of the vulnerable software, but this information is not currently collected by Fleet and thus not available.

Potential solutions

Fleet should provide the SHA256 hash of software versions that are identified to be vulnerable. The hash should be made available in the Fleet UI, API, and vulnerability webhook payload.

What is the expected workflow as a result of your proposal?

As a result of this workflow, customer-ufa would receive a webhook event when Fleet detects a new vulnerability in their environment. The payload for this vulnerability would include the SHA256 hash for the affected software versions. The customer would enter the hash into their EDR, which would handle the blocking of that binary from execution on their endpoints.