AnsweredAssumed Answered

Hash/MD5 IOC population

Question asked by Jay Watson on May 16, 2018
Latest reply on May 23, 2018 by Jay Watson

If I have Malware appliance that is already calculating the hash of a file, would there be a way to populate the system on a continual basis similar to a feed and set it as a blacklist, therefore alerting when a particular hash/md5 is identified?

 

I understand that MD5/Hash is not part of the traffic flow, but if the Malware appliance is calculating this upon file discovery, my question is can we leverage this in a way that is custom to our own environment and IOCs? Similar to way that an AV product can.

Outcomes