ssdeep hashes are calculated using an algorithm that generates a fingerprint or hash value based on the content of a file.

Unlike traditional cryptographic hashes, which generate a fixed-length hash value based on the entire file, ssdeep hashes generate a variable-length hash value based on subsets of the file's content. This allows ssdeep hashes to identify files that are similar or identical, even if they have been modified or manipulated in some way.

Malicious actors often use techniques such as file obfuscation or packing to make it difficult to detect and analyze their malware. However, ssdeep hashes can be used to pinpoint similar or identical versions of the same malware, even if the file has been disguised in some way.

Security teams can use ssdeep hashes to identify and track different versions of the same malware, as well as identifying similar or related malware strains, and use comparitive datasets to better understand the tactics and infrastructure used by malicious actors.

Saving queries

Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.