Automated malicious-file triage with threat-intel lookup

On an alert about a suspicious file, the scenario checks its fingerprint against threat intel, builds a clear summary, opens an incident and notifies the team by email and messenger.

  • Checks the file's fingerprint against threat intel automatically
  • Builds a clear summary: what the file is and why it's dangerous
  • Opens an incident and alerts the team right away
  • Filters out the harmless — bothers you only when it's real
Webhook

How it works

To get Gmail notifications in hawk, you don't need a developer: a ready-made scenario watches events and sends messages for you.

  1. Starts when: Wazuh Alert
  2. Then: Extract IOCs
  3. Then: VirusTotal File Hash Validation
  4. Then: Generate File Summary
  5. Then: file summary display
  6. Then: Gmail1
  7. Check: Filter Suspicious Files
  8. If yes: Slack File Alert
  9. If yes: Create File Incident

You can launch this Gmail + hawk integration in Scriptera: describe the task in plain words — the scenario is built, launched and monitored for you.