04-24-2024 12:21 AM
Hi Everyone,
Is there any possibility within Cortex XSOAR to pull updated hash values of unwanted software from unit42?
Scenario: If we have a list of hash values of unwanted software (like Team viewer for eg) and we enrich the hash indicators using unit42. Now, in future if the software is updated, could we possible fetch the updated hash value of it through SOAR?
Any suggestions or insights would be helpful.
Thanks & Regards,
Nidhi Khandelwal
06-05-2024 03:56 AM - edited 06-05-2024 03:57 AM
You can do this by importing the hash values as indicators. Depending on the type of resource you want to import/fetch, you can install and configure the necessary integrations from the marketplace:
CSV Feed
JSON Feed
Plain Text Feed
RSS Feed
TAXII Feed,
etc.
Depending on your license(TIM Module license), there is a limit on fetching. But you can control the fetching, extraction and enrichment operations using a Feed-based Job.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
