Threat Intel Quick Analysis - Hash 256: Display total threat count


1 comment

  • Official comment
    Matt Sullivan

    Sorry for the delay responding. If you haven't figured it out already, a likely cause for no aggregate results is that none of the hashes from your logs yielded hits vs. the crowdstrike data lookup. Try replacing the first two lines of your query with this line

    | "6c1bce76f4d2358656132b6b1d471571820688ccdbaca0d86d0ca082b9390536" as hash_256

    and replace the last line with this

    | count by malicious_confidence

    and you should find aggregate results.

    The threat intel FAQ topic  is where I found the above hardcoded hash, and it contains other samples of various IOC types that you may find useful in developing and debugging your threat intel queries

    Comment actions Permalink

Please sign in to leave a comment.