TIE - IOC Hunt
McAfee Threat Intelligence Exchange Pack.#
This Playbook is part of theHunt for sightings of MD5, SHA1 and/or SHA256 hashes on endpoints, using McAfee TIE (requires ePO as well).
Input:
- Hash (default, takes all deferent hashes from context)
Output:
- All agents that files with "Hash" has been executed on (TIE)
- Enrich Agents info from ePO
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooksThis playbook does not use any sub-playbooks.
#
Integrations- McAfeeTIEV2
- McAfee-TIE
#
Scripts- Exists
#
Commands- epo-find-system
- tie-file-references
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
Hash | The Hash to hunt (Could be MD5,SHA1,SHA256). Default is set to all hashes | ${.=val.File.map(function(f) {return [f.MD5, f.SHA1, f.SHA256];}).reduce(function(a, b){return a.concat(b);}, []).filter(function (val1) {return val1;})} | Optional |
#
Playbook OutputsPath | Description | Type |
---|---|---|
McAfee.ePO.Endpoint | Endpoint information for agents has been executed on. | unknown |