Hash types & watchlists


Hi,  when creating watchlists, up to this point, if I have an IOC filename & the MD5, SHA1 & SHA256 hashes, I would add all entries onto the watchlist.

I recently discovered that in 365 defender, there is no need to add all 3 as only the longest will be obeyed.

Therefore what's the best practice for Sentinel? Should I\do I need to add all 3 hash versions? 

0 Replies