Is it possible for a detection policy to record specific changes within an ear, war, zip, rar file and then send those results to the console?
example:
within our infrastructure, we use WAR files to distribute content to some of our web servers.
The WAR files (which can be unpacked and viewed with winrar, 7zip etc) contain *.config, *.htm type files.
UserA unpacks a WAR file to make changes to a config file.
UserA saves the WAR file to the webserver where a detection policy is watching *.war to replace the current war file.
Hashing is turned on, so the new hash value shows, but there is no "old" hash value to compare against.
I am seeing that (with a custom template watching specifically *.war) that the file is "deleted" and then "created".
cheers.