Import file hash exceptions - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide
Abstract

You can import file hash exceptions from the Endpoint Security Manager or from external feeds.

The Action Center displays information on files that are quarantined, or included in the allow list and block list. To import hashes from the Endpoint Security Manager or from external feeds, take the following steps:

  1. From Cortex XSIAM , select Incident ResponseResponseAction CenterNew Action.

  2. Select Import Hash Exceptions.

  3. Drag your file to the drop area.

    Files must be in csv format, for example Verdict_Override_Exports.csv. If necessary, resolve any conflicts encountered during the upload and retry.

  4. Click Next.

  5. Review the action summary, and click Done.

    Cortex XSIAM imports your hashes. Depending on the assigned verdict, Cortex XSIAM then distributes them to the allow list or block list.