Supported Cortex XSOAR versions: 5.5.0 and later.
This playbook checks if file hash indicators exist in a Cortex XSOAR list. If the indicators exist in the list, they are tagged as approved_hash.
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
This playbook does not use any integrations.
|ApprovedHashList||A Cortex XSOAR list containing approved hash values. Hash indicators that appear in the list are tagged as approved.||Optional|
|Indicator Query||Indicators matching the indicator query will be used as playbook input||Optional|
|HashesInApprovedList||File hashes that are found in the approved_hash list.||string|
|HashesNotInApprovedList||File hashes that are not found in the approved_hash list.||string|