You can use the Unban Process Hash SOAR action to ban a process hash for selected alerts.
- This action can be run from an alert.
- Selecting the Ban Process Hash action displays a popup window that lists the
Process Hashfield. - The
threat_cause_actor_sha256field from the alert record is the hash value to be unbanned. - You can update any of the details in the popup form before initiating the unban action.
