TIE - IOC Hunt
McAfee Threat Intelligence Exchange Pack.#
This Playbook is part of theHunts for sightings of MD5 hash, SHA1 hash and/or SHA256 hashes on endpoints, using McAfee TIE (requires ePO as well).
Input:
- Hash (default, takes all deferent hashes from context)
Output:
- All agents that files with "Hash" has been executed on (TIE)
- Enrich Agents info from ePO
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooksThis playbook does not use any sub-playbooks.
#
Integrations- McAfee Threat Intelligence Exchange
- McAfee ePO v2
#
Scripts- EPOFindSystem
- Exists
#
Commands- tie-file-references
- epo-find-system
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
Hash | The hash to hunt. Can be, "MD5", "SHA1", or "SHA256". The default is set to all hashes | ${.=val.File.map(function(f) {return [f.MD5, f.SHA1, f.SHA256];}).reduce(function(a, b){return a.concat(b);}, []).filter(function (val1) {return val1;})} | Optional |
#
Playbook OutputsThere are no outputs for this playbook.