Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
SOLVED

Analyse a File/Document

Copper Contributor

Hello guys,

 

i am looking for a method to analyze files like Virustotal. I have a .exe &.msi File also the SHA1 & SHa256 hashes. I want check the files how can i do it? We have Defender for Business enrolled.

1 Reply
best response confirmed by YN2023 (Copper Contributor)
Solution

@YN2023 hi,

 

so, I see three pathways here. One reflects sandboxing, and the others reflect IoCs feed check.

 

First, regarding sandboxing you may check a solution like Intezer it is a very good product which automates both sandboxing for files at the endpoints as well as IoC check. Of course, this service doesn't come for free, you may want to perform a PoC and then decide if it fits your needs.

 

On the other hand, regarding IoCs check, you can check this repo and enhance your detection capacity and integrate analytics regarding threat intel feeds.

 

Finally, another option, would be to load from the Content hub relevant connectors but again this requires some sort of subscription from a product like Intel471, or even Microsoft's Defender Threat Intelligence.

 

If I have answered your question, please mark your post as Solved

If you like my response, please consider giving it a like

1 best response

Accepted Solutions
best response confirmed by YN2023 (Copper Contributor)
Solution

@YN2023 hi,

 

so, I see three pathways here. One reflects sandboxing, and the others reflect IoCs feed check.

 

First, regarding sandboxing you may check a solution like Intezer it is a very good product which automates both sandboxing for files at the endpoints as well as IoC check. Of course, this service doesn't come for free, you may want to perform a PoC and then decide if it fits your needs.

 

On the other hand, regarding IoCs check, you can check this repo and enhance your detection capacity and integrate analytics regarding threat intel feeds.

 

Finally, another option, would be to load from the Content hub relevant connectors but again this requires some sort of subscription from a product like Intel471, or even Microsoft's Defender Threat Intelligence.

 

If I have answered your question, please mark your post as Solved

If you like my response, please consider giving it a like

View solution in original post