- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-23-2022 10:03 AM
Hi Oriavs,
I imagine these hashes came from some type of threat intel feed? If that is the case and you want to leverage them in Cortex XDR I recommend creating IOC rules by navigating to Detection Rules > IOC > + Add IOC, then you can select to create these rules individually for each hash, or upload via a file. When these rules are created, Cortex XDR will alert anytime these hashes are seen in your logs. Now to be clear, this will not block anything, but will alert you if one of these hashes is seen so you can investigate the traffic. If you are just wanting to search for and remove files based on hash, you can use the File Search and Destroy feature if you have the "Host Insights" add-on license.