Skip to main content
All CollectionsTemplatesBasic
Fetch File Information by Hash from Microsoft Defender - Workflow Template
Fetch File Information by Hash from Microsoft Defender - Workflow Template

Collects threat information about a file by fileId (SHA1 Hash) in a time frame.

Updated over 6 months ago

This workflow template facilitates the collection and analysis of critical security information related to a specific file identified by its SHA1 hash, within a designated timeframe. By interfacing with Microsoft Defender, it gathers file metadata, devices associated with the file, and any related alerts, filtering the data for a concise summary. This tool is essential for Endpoint Detection and Response (EDR) tasks, providing valuable insights into potential threats and aiding in the proactive defense of IT ecosystems.

Optional Triggers

"This workflows is intended to be used as a function."

Use Cases

Endpoint Detection and Response (EDR) ,Function

Workflow Breakdown

  1. Takes as an input fileId (SHA1 Hash) value and a time frame.

  2. Collects File Metadata, related devices and related alerts.

  3. Filters and Summarize collected data.

Vendors

Utils, Microsoft Defender for Endpoint

Workflow Output

Summary on file'e metadata, MITRE TTPs, related devices, related threats, malware family and verdict.

Did this answer your question?