2
votes
Hash Set Manager - Functionality for Automation/Integrations
Working in DFIR the ability to import hashes from other products would prove quite useful, as we need to very regularly update hashsets from various sources to keep our database relevant for current threats. e.g. An API endpoint for updating a hashset would allow us to automate this process.
dc shared this idea
I like the sound of this. Are you thinking an automated workflow to maintain and update hashsets. For example a new version of the NRSL Hashset is download and stored on network storage, then a Magnet Automate workflow picks this up and updates Magnet Has Set Manager and Griffeye Intelligence Database (Until Magnet decided their longterm strategy over merging or retiring one of these?)
Yes exactly, or even just a way to update hash sets programatically so it can be automated easily, rather than manual uploads through the GUI. We like to maintain lists of ‘known bad’ hashes that we like to use for our investigations, which we’re pulling from various open source databases.
The current workflow is before we start an investigation, we’d have to make sure all our hash sets are updated, which requires pulling diffs for the different types of hashes from our threat intelligence platform and uploading them all again to Hash Set Manager. Would be really nice to have these lists update themselves say nightly or weekly.