If I have Malware appliance that is already calculating the hash of a file, would there be a way to populate the system on a continual basis similar to a feed and set it as a blacklist, therefore alerting when a particular hash/md5 is identified?
I understand that MD5/Hash is not part of the traffic flow, but if the Malware appliance is calculating this upon file discovery, my question is can we leverage this in a way that is custom to our own environment and IOCs? Similar to way that an AV product can.
You want to import hashes to the MA appliance and flag on hash match? Or you want to take the hash of files that end up in MA and use that somewhere else?