Supported Cortex XSOAR versions: 6.6.0 and later.
This playbook checks the file reputation and sets the verdict as a new context key.
The verdict is composed by 3 main components:
- VirusTotal detection rate
- Digital certificate signers
- NSRL DB
Note: a user can provide a list of trusted signers of his own using the playbook inputs
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
This playbook does not use any integrations.
|The minimum number of positive engines needed to mark file as malicious.
|A list of trusted publishers
|Microsoft Root Authority,Microsoft Timestamping Service,
Microsoft Code Signing PCA, Microsoft Corporation
|The file SHA256.
|VirusTotal file verdict.
|NSRL file verdict.
|VirusTotal file signers.
|XDR file signers.
|WildFire report details.