Network Forensics & Security Analytics

 View Only

Create Rules Based on Custom Hash List

  • 1.  Create Rules Based on Custom Hash List

    Posted Dec 11, 2018 02:36 AM

    hi everyone,

    I've been doing it all day and still can't find a solution..

    I'm working with SA 7.3.4.

    configured custom hash list via this guide -> https://origin-symwisedownload.symantec.com/resources/webguides/security_analytics/7.2/platform_webguide/desktop/ENG/Data_Enrichment/Providers/custom_hash_list.htm

    now after I send a test file that I have entered to this list I can see in the reputation that custom hash list VERDICT=10 

    I have tried to create a rule (with syslog and mail alerts) that will catch all this "black" files..

     

    hope you guys can help :)