The Ban Hash Alert Action prevents a SHA-256 hash from being executed in Carbon Black Cloud.

Note:
  • This Alert Action requires Carbon Black Cloud Endpoint Standard.
  • See also Reputation Override.

Configuration:

File Hash Field
The field name in the search results that contains the SHA-256 hash of the object in question.

Search Result Fields:

  • description - Optional. If the description field exists in the search results, then use its value for the description in the Reputation Override. Default: Banned via Splunk Alert Action.
  • threat_cause_actor_name - Optional. If the threat_cause_actor_name field exists in the search results, then use its value for the filename of the Reputation Override. Default: Actor Name not defined.