TIM - Process Indicators Against Approved Hash List

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This playbook checks if file hash indicators exist in a Cortex XSOAR list. If the indicators exist in the list, they are tagged as approved_hash.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

This playbook does not use any integrations.

Scripts

FilterByList
SetAndHandleEmpty

Commands

appendIndicatorField

Playbook Inputs

Name	Description	Default Value	Required
ApprovedHashList	A Cortex XSOAR list containing approved hash values. Hash indicators that appear in the list are tagged as approved.		Optional
Indicator Query	Indicators matching the indicator query will be used as playbook input		Optional

Playbook Outputs

Path	Description	Type
HashesInApprovedList	File hashes that are found in the approved_hash list.	string
HashesNotInApprovedList	File hashes that are not found in the approved_hash list.	string

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

TIM - Process Indicators Against Approved Hash List

Supported versions

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

Supported versions

Dependencies#

Sub-playbooks#

Integrations#

Scripts#

Commands#

Playbook Inputs#

Playbook Outputs#

Playbook Image#

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image