Skip to main content
All CollectionsTemplatesIntermediate
Whitelist SHA1 Hashes on Multiple SentinelOne Sites - Workflow Template
Whitelist SHA1 Hashes on Multiple SentinelOne Sites - Workflow Template

Whitelist a list of Hashes in one or multiple sites, if no Site list is provided, Hashes are added to all active sites.

Updated over 6 months ago

This workflow template enables users to efficiently manage their cybersecurity by whitelisting SHA1 file hashes across multiple SentinelOne sites. It ensures only valid, active sites receive updates and strictly checks for SHA1 hash format to maintain compatibility with the exclusion lists. If a hash already exists on the whitelist, the system bypasses it to prevent duplicates, enhancing the security infrastructure without manual overhead.

Take Me to the Template

Optional Triggers

"This workflow is intended to be used as a nested function."

Use Cases

Example

Workflow Breakdown

  1. Verifies each Site ID to be from valid and active Site.

  2. Checks that file hash is SHA1. Only SHA1 hash is supported in the Exclusion list.

  3. Creates an exclusion with type white_hash if it is not already excluded.

Vendors

Utils, SentinelOne

Workflow Output

Valid SHA1 hashes are whitelisted in active valid sites. Errors are collected when Hash and Sites IDs are not valid, or when there is already an exclusion entry.

Tips

Automate Whitelisting of know local applications components or false positives

Related Articles
Create Exclusions on Multiple SentinelOne Sites - Workflow Template
Blacklist SHA1 Hashes on Multiple SentinelOne Sites - Workflow Template
Download a File from a SentinelOne Endpoint - Workflow Template
Download a File from a SentinelOne Threat ID - Workflow Template
Create Torq Cases from SentinelOne Threats Reported in Chronicle - Workflow Template
Did this answer your question?