topic Malicious Hash detected as Adminstrative Hash exception in Cortex XDR Discussions https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/malicious-hash-detected-as-adminstrative-hash-exception/m-p/600210#M7338 <P>Hi Team,&nbsp;</P> <P>&nbsp;</P> <P>On analysing an ransomware incident, i have block the hash of malicious file and added the file path of malicious file into IOCs. However i can see the alerts for malicious hash in the Critical alert (IOCs based) and Low alert - Administrative Hash Exception.&nbsp;</P> <P>I have check allow list of IOCs and global exeception, but there was no exception for the malicious Hash.</P> Fri, 11 Oct 2024 07:07:35 GMT dasarath_s 2024-10-11T07:07:35Z Malicious Hash detected as Adminstrative Hash exception https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/malicious-hash-detected-as-adminstrative-hash-exception/m-p/600210#M7338 <P>Hi Team,&nbsp;</P> <P>&nbsp;</P> <P>On analysing an ransomware incident, i have block the hash of malicious file and added the file path of malicious file into IOCs. However i can see the alerts for malicious hash in the Critical alert (IOCs based) and Low alert - Administrative Hash Exception.&nbsp;</P> <P>I have check allow list of IOCs and global exeception, but there was no exception for the malicious Hash.</P> Fri, 11 Oct 2024 07:07:35 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/malicious-hash-detected-as-adminstrative-hash-exception/m-p/600210#M7338 dasarath_s 2024-10-11T07:07:35Z Re: Malicious Hash detected as Adminstrative Hash exception https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/malicious-hash-detected-as-adminstrative-hash-exception/m-p/610050#M7358 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1370684981">@dasarath_s</a>, thanks for reaching us using the Live Community.</P> <P>&nbsp;</P> <P>Please in the console go to <STRONG>Incident Response - Response - Block List</STRONG> and look there for the hash.</P> <P>&nbsp;</P> <P>The hashes added to the "Block List" will be blocked, the ones added to the IOC list will be detected only.</P> <P>&nbsp;</P> <P>If this post answers your question, please mark it as the solution.</P> Mon, 21 Oct 2024 14:55:59 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/malicious-hash-detected-as-adminstrative-hash-exception/m-p/610050#M7358 jmazzeo 2024-10-21T14:55:59Z