Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 9330 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Add IOCs

Laura milena Duran Jimenez

Hello,

We have been asked to add the IOCs of BlackByte Ransomware into Sophos threat detections, how can we accomplish that?, we found the option of blocking applications, but does´t let us add an MD5. 

Or how can we be sure that this suspicious files are not being present in any device protectec by Sophos.



This thread was automatically locked due to age.
  • +1

    This post is in the on-premise endpoint.  Do you have Intercept X with XDR?  Do you have the ability to run Live Queries for example?

  • FormerMember
    0 FormerMember

    In general you don't. If you want us to detect something that is malicious - but it isn't being detected then submit it to https://intelix.sophos.com 
    If it is just a specific file (non-malicious) that you want us to scan for - we can't do that. 

    However, if you have Central Endpoint with XDR you can use the data lake to query you computers and get an output of where the file is in your environment. Basically, we scan everything and report it to the data lake but we won't trigger on it.

Unfiltered HTML