Import File Hash Exceptions - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-10-14
Category
Administrator Guide
Abstract

You can import file hash exceptions from the Endpoint Security Manager or from external feeds.

The Action Center page displays information on files quarantined and included in the allow list and block list. To import hashes from the Endpoint Security Manager or from external feeds, you can initiate an action.

  1. From Cortex XSIAM , select Incident ResponseResponseAction Center+ New Action.

  2. Select Import Hash Exceptions.

  3. Drag your Verdict_Override_Exports.csv file to the drop area.

    If necessary, resolve any conflicts encountered during the upload and retry.

  4. Click Next twice.

  5. Review the action summary, and click Done.

    Cortex XSIAM imports and then distributes your hashes to the allow list and block list based on the assigned verdict.