Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Hash types & watchlists

Brass Contributor

Hi,  when creating watchlists, up to this point, if I have an IOC filename & the MD5, SHA1 & SHA256 hashes, I would add all entries onto the watchlist.

I recently discovered that in 365 defender, there is no need to add all 3 as only the longest will be obeyed.

Therefore what's the best practice for Sentinel? Should I\do I need to add all 3 hash versions? 

1 Reply
Just bumping this as I was about to raise this very question and however I already did last year!!
Any takers?