This workflow consumes one or more SHA-256 file hashes and attempts to block them in all supported products. Currently supported products include: Cisco Secure Endpoint, CrowdStrike, Microsoft Defender for Endpoint (Commercial or GCC), Trend Vision One, and Palo Alto Cortex.

Targets: Automation APIs, Cisco Secure Endpoint, CrowdStrike, Microsoft Defender for Endpoint (Commercial or GCC), Trend Vision One, Palo Alto Cortex

Steps:
- Check how the workflow was started (if not a playbook task, end the workflow)
- Get a list of XDR automation targets and extract the supported integrations
- Check if there are supported integrations available (if not, end the workflow)
- For each file hash:
  - For each integration:
    - Attempt to block the hash in the given integration
  - Check if the hash was blocked in at least one product (if not, update the workflow results)

XDR - Contain Incident: File Hashes