I need a solution
We have multiple Application & Device Control (ADC) Policies. Against any threat advisory we generally get multiple file fingerprints (MD5/SHA256).Thus, its cumbersome to one by one block all file fingerprints one by one in all ADC Policies.
1.IS this the best practice to block hash values one by one??
2. do we need to block these hashes?
Eg: Threat Advisory: 180709.1 - Hide 'N Seek (HNS) Botnet
Recommendations
- Please block the below Hashes in your IPS, and use your Endpoint monitor tool to monitor the below IOCs:
- d69ff15cff8bd25698d8bb33de044c34353d74ef801338ee3e67e7d7524f8078
- 24b89e36e12166f613edb61909d1192dbd918c2eac45d3a75a588ec24a4e2a36
Also,
kindly find the hard coded P2P peer address list (attached.)
What action should be done in such cases?
0