Forum Discussion

YN2023's avatar
YN2023
Copper Contributor
Jul 08, 2024

Analyse a File/Document

Hello guys,

 

i am looking for a method to analyze files like Virustotal. I have a .exe &.msi File also the SHA1 & SHa256 hashes. I want check the files how can i do it? We have Defender for Business enrolled.

  • YN2023 hi,

     

    so, I see three pathways here. One reflects sandboxing, and the others reflect IoCs feed check.

     

    First, regarding sandboxing you may check a solution like Intezer it is a very good product which automates both sandboxing for files at the endpoints as well as IoC check. Of course, this service doesn't come for free, you may want to perform a PoC and then decide if it fits your needs.

     

    On the other hand, regarding IoCs check, you can check this repo and enhance your detection capacity and integrate analytics regarding threat intel feeds.

     

    Finally, another option, would be to load from the Content hub relevant connectors but again this requires some sort of subscription from a product like Intel471, or even Microsoft's Defender Threat Intelligence.

     

    If I have answered your question, please mark your post as Solved

    If you like my response, please consider giving it a like

  • cyb3rmik3's avatar
    cyb3rmik3
    Iron Contributor

    YN2023 hi,

     

    so, I see three pathways here. One reflects sandboxing, and the others reflect IoCs feed check.

     

    First, regarding sandboxing you may check a solution like Intezer it is a very good product which automates both sandboxing for files at the endpoints as well as IoC check. Of course, this service doesn't come for free, you may want to perform a PoC and then decide if it fits your needs.

     

    On the other hand, regarding IoCs check, you can check this repo and enhance your detection capacity and integrate analytics regarding threat intel feeds.

     

    Finally, another option, would be to load from the Content hub relevant connectors but again this requires some sort of subscription from a product like Intel471, or even Microsoft's Defender Threat Intelligence.

     

    If I have answered your question, please mark your post as Solved

    If you like my response, please consider giving it a like

Resources