Apr 25 2022
Hi, when creating watchlists, up to this point, if I have an IOC filename & the MD5, SHA1 & SHA256 hashes, I would add all entries onto the watchlist.
I recently discovered that in 365 defender, there is no need to add all 3 as only the longest will be obeyed.
Therefore what's the best practice for Sentinel? Should I\do I need to add all 3 hash versions?