Use this procedure to upload a CSV file with a list of hashes, certificates, or IT tools following the instructions in File Format. Enterprise EDR-only organizations only support the BLACK_LIST and SHA256 values
Prerequisites
Important: Enterprise EDR-only organizations only support hash banning. You cannot upload IT tools, Certs, items to the approval list.
Before uploading, ensure your upload file is in the correct file format:
TIP: Precise formatting instructions are provided on the Upload user interface.
- The file is a plain ascii text file in "CSV" (comma separated values) format.
- Values (such as the description field) that contain commas may be quoted using the double-quote character.
- Each line in the file describes a single indicator - the format for each row is described below:
The required fields must be in the following order: list type, indicator type, indicator value, description, application name
- list type: black_list
- indicator type: indicator SHA-256
- indicator value: actual file hash (SHA-256 format)
- description: text to describe this entry
- application name: optional
Note: MD5 is not supported. The hash must be in SHA-256 format and requires six or more fields. If a field is empty, use the following format where empty fields are denoted by commas: Field1, Field2, Field4, Field6
Procedure
- On the left navigation pane, click Enforce>Reputation.
- Click Upload.
- Navigate to and select the file to upload, and then click Open.
- Verify the correct file is listed and then click Upload.
Results
Example: Upload file
/*** SHA256 Hash ***/ WHITE_LIST,SHA256,154899999adfa4f56ade1c04840a517e86dc5c938fac1ba6906c38339a281f82,This hash is known to be harmless,Safari BLACK_LIST,SHA256,dcab890006eccd887c26a1bd2bcb344e2ce1a80c2e6fc8621ed04489dc1631c8,Unknown untrusted app BLACK_LIST,SHA256,5348cfde0024b9557e57f099e1f3c3e20f389e7822dda376ad06009e43dd700a,Fake malware for testing,fake /*** IT Tool ***/ WHITE_LIST,IT_TOOL,/user1/somefolder/sometool,The IT tool is known to be harmless,true WHITE_LIST,IT_TOOL,/user1/somefolder/sometool,The IT tool is known to be harmless,false /*** Certificate ***/ WHITE_LIST,CERT,Global,The certificate is known to be harmless,Root certificate authority WHITE_LIST,CERT,Global,The certificate is known to be harmless,InCommon RSA Server CA