This playbook extracts IOCs from the incident details and attached files using regular expressions and then hunts for hashes on endpoints in the organization using available tools.
The playbook supports multiple types of attachments. For the full supported attachments list, refer to "Extract Indicators From File - Generic v2".
Hunting
- Details
- Content
- Dependencies
- Version History
Extracts IOCs from the incident details and attached files using regular expressions, and then hunts for hashes on endpoints using available tools.
Playbooks
| Name | Description |
|---|---|
| Hunt Extracted Hashes V2 |
Playbooks
| Name | Description |
|---|---|
| Hunt Extracted Hashes V2 | This playbook extracts IOCs from the alert details and attached files using regular expressions and then hunts for hashes on endpoints in the organization using available tools. |
Required Content Packs (2)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
| Common Playbooks | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (6)
| Pack Name | Pack By |
|---|---|
| Common Playbooks | By: Cortex XSOAR |
| Rasterize | By: Cortex XSOAR |
| Common Scripts | By: Cortex XSOAR |
| Cortex REST API | By: Cortex XSOAR |
| Filters And Transformers | By: Cortex XSOAR |
| Base | By: Cortex XSOAR |
1.0.0 - 6910634 (November 9, 2020)
Extracts IOCs from the incident details and attached files using regular expressions, and then hunts for hashes on endpoints using available tools.
1.0.0 - 1900707 (November 9, 2020)
Extracts IOCs from the incident details and attached files using regular expressions, and then hunts for hashes on endpoints using available tools.
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | November 9, 2020 | |
| Last Release | November 9, 2020 |