Issue
When automate bans a file hash, how many machines are affected?
Environment
Red Canary
Microsoft Defender for Endpoint
Resolution
When Red Canary bans a file hash via automate, the scope is automatically set to all endpoints on the Microsoft Defender XDR side.
You can view any file hash bans by logging into your Microsoft Defender XDR console and going to Settings | Endpoints | Indicators. The title column will notate "Red Canary Automate" to indicate this was created via automation.
Comments
0 comments
Please sign in to leave a comment.