Skip to main content
All CollectionsTemplatesBasic
Enrich New Cybereason MalOps File Hash Detail - Workflow Template
Enrich New Cybereason MalOps File Hash Detail - Workflow Template

For each new MalOp that is detected, attempt to enrich the file hash intelligence from VirusTotal and Recorded Future in the MalOp Comments

Updated over a week ago

The "Enrich New Cybereason MalOps File Hash Detail" workflow template serves as an automated response to threats detected via Cybereason MalOps. Its core function is to routinely check for and identify new MalOps, extract file hashes associated with them, and then enrich the hash intelligence using threat intelligence platforms VirusTotal and Recorded Future. Should hash-related threats be verified, the workflow posts detailed comments back into the Cybereason MalOp for further analysis and action, thus enhancing the endpoint detection and response capabilities of the security team.

Use Cases

Endpoint Detection and Response (EDR) , Threat Intelligence Enrichment

Workflow Breakdown

  1. On a schedule look for new MalOps in Cybereason

  2. Check if file hashes are part of the MalOp

  3. If file hashes are included in the MalOp, enrich in VirusTotal and Recorded Future

  4. If results are found in VirusTotal or Recorded Future, add a comment to the MalOp in Cybereason

Vendors

Utils, VirusTotal, HTTP, Cybereason, Recorded Future

Workflow Output

New comments with enrichment detail in Cybereason

Did this answer your question?