Add IOCs

Question

Hello, 
 We have been asked to add the IOCs of BlackByte Ransomware into Sophos threat detections, how can we accomplish that?, we found the option of blocking applications, but does&acute;t let us add an MD5. 
 Or how can we be sure that this suspicious files are not being present in any device protectec by Sophos.

Sophos User930 · Accepted Answer

This post is in the on-premise endpoint. Do you have Intercept X with XDR? Do you have the ability to run Live Queries for example?

RichardP · Answer

In general you don't. If you want us to detect something that is malicious - but it isn't being detected then submit it to https://intelix.sophos.com If it is just a specific file (non-malicious) that you want us to scan for - we can't do that. 
 However, if you have Central Endpoint with XDR you can use the data lake to query you computers and get an output of where the file is in your environment. Basically, we scan everything and report it to the data lake but we won't trigger on it.

Add IOCs

Top Replies