This playbook queries different external sources via MISP modules for a match with the provided hash. The playbook queries the Hashlookup service. The playbook can also query a local instance of MWDBcore for additional details. It then provides a summary of results found and also shares the results via Mattermost or Slack or as an alert in TheHive or DFIR-IRIS (to be discussed for implementation).
The title of the playbook
Query hash information
Purpose of the playbook
This playbook queries different external sources via MISP modules for a match with the provided hash. The playbook queries the Hashlookup service. The playbook can also query a local instance of MWDBcore for additional details. It then provides a summary of results found and also shares the results via Mattermost or Slack or as an alert in TheHive or DFIR-IRIS (to be discussed for implementation).
External resources used by this playbook
MWDBcore, Hashlookup, VirusTotal, Mattermost (or Slack), TheHive (optional), DFIR-IRIS (optional)
Target audience
SOC, CSIRT, CTI
Breefly list the execution steps or workflow
No response