Re: Adding malicious hash values in TIE File overrides.
Bulk adding malicious hashes to the TIE DB often just results in excessive information being available in the TIE database. As GTI often contains the same list of malicious hashes, the manual import efforts are duplicated. Any manual import also exists in the database forever...even if your environment never shows any evidence of those hashes. Over time this can inflate thee database with local override information that would have been available in GTI anyway. For that reason we typically recommend customizing a workflow with OpenDXL that first queries TIE for the hashes in your data source, and then only imports the ones that it finds are NOT AVAILABLE. More information about Open DXL can be found at www.openDXL.com.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.