Skip to main content

Workflow Template: Fetch File Information by Hash from Microsoft Defender

Collects threat information about a file by fileId (SHA1 Hash) in a time frame.

The "Fetch File Information by Hash from Microsoft Defender" workflow template is designed for businesses utilizing Endpoint Detection and Response (EDR) solutions. It enables users to gather comprehensive threat intelligence on a specific file by its SHA1 hash within a defined timeframe. The workflow collects and summarizes file metadata, related devices, and alerts, providing insights into potential threats, malware families, and security verdicts, enhancing incident response capabilities.

Take Me to the Template

Optional Triggers

["This workflow is intended to be used as a function."]

Use Cases

Endpoint Detection and Response (EDR) , Function

Workflow Breakdown

  1. Takes as an input fileId (SHA1 Hash) value and a time frame.

  2. Collects File Metadata, related devices and related alerts.

  3. Filters and Summarize collected data.

Vendors

Utils, Microsoft Defender for Endpoint

Workflow Output

Summary on file metadata, MITRE TTPs, related devices, related threats, malware family and verdict.

Related Articles
Workflow Template: Enrich New Cybereason MalOps File Hash Detail
Workflow Template: Enrich SentinelOne Threat Finding and Run Singularity XDR Search
Workflow Template: Create Torq Cases from SentinelOne Threats Reported in Chronicle
Workflow Template: File Prevalence Check on MS Defender for Endpoint
Workflow Template: Microsoft Defender for Endpoint Triage HyperAgent
Did this answer your question?