Forum Discussion
Hash types & watchlists
Hi, when creating watchlists, up to this point, if I have an IOC filename & the MD5, SHA1 & SHA256 hashes, I would add all entries onto the watchlist.
I recently discovered that in 365 defender, there is no need to add all 3 as only the longest will be obeyed.
Therefore what's the best practice for Sentinel? Should I\do I need to add all 3 hash versions?
1 Reply
- Just bumping this as I was about to raise this very question and however I already did last year!!
Any takers?
