Add malicious file indicator Identified by SentinelOne to IOC feed

This automation adds the SHA1 hash of files flagged as malicious by SentinelOne as an indicator to an IOC feed and their source URL, updating threat intelligence and enhancing security response. It could potentially help other products prevent the file from being downloaded or executed on all your machines if IOC Enforcement is enabled.

Supported Product

• SentinelOne

• Infinity IoC Management

Parameters

Expiration in days (0 means no expiration)

Set the expiration period for the automation.

Trigger

Infected SentinelOne devices.

To view the example of this log, click Run.

Flow