This workflow template facilitates the collection and analysis of critical security information related to a specific file identified by its SHA1 hash, within a designated timeframe. By interfacing with Microsoft Defender, it gathers file metadata, devices associated with the file, and any related alerts, filtering the data for a concise summary. This tool is essential for Endpoint Detection and Response (EDR) tasks, providing valuable insights into potential threats and aiding in the proactive defense of IT ecosystems.
Optional Triggers
"This workflows is intended to be used as a function."
Use Cases
Endpoint Detection and Response (EDR) ,Function
Workflow Breakdown
Takes as an input fileId (SHA1 Hash) value and a time frame.
Collects File Metadata, related devices and related alerts.
Filters and Summarize collected data.
Vendors
Utils, Microsoft Defender for Endpoint
Workflow Output
Summary on file'e metadata, MITRE TTPs, related devices, related threats, malware family and verdict.