Skip to main content

MDE - Block File

This Playbook is part of the Microsoft Defender for Endpoint Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.10.0 and later.

This playbook receives an MD5 or a SHA256 hash and adds it to the block list in Microsoft Defender for Endpoint. The playbook uses the integration "Microsoft Defender for Endpoint".


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.







Playbook Inputs#

NameDescriptionDefault ValueRequired
SeverityThe severity of the malicious behavior identified by the data within the indicator, where High is the most severe and Informational is not severe at all.Optional
IndicatorDescriptionBrief description (100 characters or less) of the threat represented by the indicator.Added by Cortex XSOARRequired
IndicatorTitleThe indicator alert title in Defender.Added by Cortex XSOARRequired
GenerateAlertWhether to generate an alert or not. The default is true.trueOptional
HashIn this input you can insert either MD5 or SHA256 to block.Optional

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

MDE - Block File