Skip to main content
All CollectionsTemplatesBasic
Enrich New Cybereason MalOps File Hash Detail - Workflow Template
Enrich New Cybereason MalOps File Hash Detail - Workflow Template

For each new MalOp that is detected, attempt to enrich the file hash intelligence from VirusTotal and Recorded Future in the MalOp Comments

Updated over 6 months ago

The "Enrich New Cybereason MalOps File Hash Detail" workflow template serves as an automated response to threats detected via Cybereason MalOps. Its core function is to routinely check for and identify new MalOps, extract file hashes associated with them, and then enrich the hash intelligence using threat intelligence platforms VirusTotal and Recorded Future. Should hash-related threats be verified, the workflow posts detailed comments back into the Cybereason MalOp for further analysis and action, thus enhancing the endpoint detection and response capabilities of the security team.

Take Me to the Template

Use Cases

Endpoint Detection and Response (EDR) , Threat Intelligence Enrichment

Workflow Breakdown

  1. On a schedule look for new MalOps in Cybereason

  2. Check if file hashes are part of the MalOp

  3. If file hashes are included in the MalOp, enrich in VirusTotal and Recorded Future

  4. If results are found in VirusTotal or Recorded Future, add a comment to the MalOp in Cybereason

Vendors

Utils, VirusTotal, HTTP, Cybereason, Recorded Future

Workflow Output

New comments with enrichment detail in Cybereason

Related Articles
Jira Enrichment for Hashes Found in Issue Description - Workflow Template
Upload Latest Recorded Future IOCs to Cybereason - Workflow Template
Retrieve and Normalize data on a File Hash - Workflow Template
VirusTotal File Hash Enrichment with Cache - Workflow Template
Enrich SentinelOne Threat Finding and Run Singularity XDR Search - Workflow Template
Did this answer your question?