Skip to main content
All CollectionsTemplatesBasic
Fetch File Information by Hash from Microsoft Defender - Workflow Template
Fetch File Information by Hash from Microsoft Defender - Workflow Template

Collects threat information about a file by fileId (SHA1 Hash) in a time frame.

Updated over 6 months ago

This workflow template facilitates the collection and analysis of critical security information related to a specific file identified by its SHA1 hash, within a designated timeframe. By interfacing with Microsoft Defender, it gathers file metadata, devices associated with the file, and any related alerts, filtering the data for a concise summary. This tool is essential for Endpoint Detection and Response (EDR) tasks, providing valuable insights into potential threats and aiding in the proactive defense of IT ecosystems.

Take Me to the Template

Optional Triggers

"This workflows is intended to be used as a function."

Use Cases

Endpoint Detection and Response (EDR) ,Function

Workflow Breakdown

  1. Takes as an input fileId (SHA1 Hash) value and a time frame.

  2. Collects File Metadata, related devices and related alerts.

  3. Filters and Summarize collected data.

Vendors

Utils, Microsoft Defender for Endpoint

Workflow Output

Summary on file'e metadata, MITRE TTPs, related devices, related threats, malware family and verdict.

Related Articles
Enrich New Cybereason MalOps File Hash Detail - Workflow Template
Retrieve and Normalize data on a File Hash - Workflow Template
Isolate or Unisolate device on Microsoft Defender for Endpoint - Workflow Template
Run LiveResponses on Microsoft Defender for Endpoint - Workflow Template
Create Torq Cases from SentinelOne Threats Reported in Chronicle - Workflow Template
Did this answer your question?