You can import file hash exceptions from the Endpoint Security Manager or from external feeds.
The Action Center displays information on files that are quarantined, or included in the allow list and block list. To import hashes from the Endpoint Security Manager or from external feeds, take the following steps:
From Cortex XSIAM , select → → → .
Select Import Hash Exceptions.
Drag your file to the drop area.
Files must be in csv format, for example
Verdict_Override_Exports.csv
. If necessary, resolve any conflicts encountered during the upload and retry.Click Next.
Review the action summary, and click Done.
Cortex XSIAM imports your hashes. Depending on the assigned verdict, Cortex XSIAM then distributes them to the allow list or block list.