XDR - Restore File Hashes
Details
This workflow consumes one or more SHA-256 file hashes and attempts to restore them. Note that the file hash will be restored even if it was not contained by Cisco XDR originally. Currently supported products include: Cisco Secure Endpoint, CrowdStrike, Microsoft Defender for Endpoint (Commercial or GCC), Palo Alto Cortex, and Trend Vision One.
Targets: Automation APIs, Cisco Secure Endpoint, CrowdStrike, Microsoft Defender for Endpoint (Commercial or GCC), Palo Alto Cortex, Trend Vision One
Steps:
- Check how the workflow was started (if not a playbook task, end the workflow)
- Get a list of targets and extract the supported integrations
- Check if there are supported integrations (if not, end the workflow)
- For each file hash:
- For each integration:
- Attempt to unblock the hash in the given integration
- Check if the hash was unblocked in at least one product (if not, update the workflow results)
- For each integration:
About
Authorship
Cisco Managed