cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

Hi Oriavs,

I imagine these hashes came from some type of threat intel feed? If that is the case and you want to leverage them in Cortex XDR I recommend creating IOC rules by navigating to Detection Rules > IOC > + Add IOC, then you can select to create these rules individually for each hash, or upload via a file. When these rules are created, Cortex XDR will alert anytime these hashes are seen in your logs. Now to be clear, this will not block anything, but will alert you if one of these hashes is seen so you can investigate the traffic. If you are just wanting to search for and remove files based on hash, you can use the File Search and Destroy feature if you have the "Host Insights" add-on license.

 

Who rated this post