Banning a Process Hash (SOAR Action in ServiceNow)

You can use the Ban Process Hash SOAR action to ban a process hash for selected alerts.

This action can be run from an alert.
Selecting the Ban Process Hash action displays a popup window that lists three fields:
- Process Name
- Process Hash
- Description
The threat_cause_actor_sha256 field from the alert record is the hash value to be banned.
You can update any of the details in the popup form before initiating the ban.