SHA is the acronym for Secure Hash Algorithm, used for hashing data and certificate files. Every piece of data produces a unique hash that is thoroughly non-duplicable by any other piece of data.
This detection needs validation from our Security Operation Centers to determine whether it is a legitimate attack or not. The status of the validation request will be displayed on this page.
Even though there is no action is required from your end, it is still good to understand to know the true meaning of those terms in the detection verification status:-
|New||New detection was identified as malicious and has been blocked by the sensor/agent/installer. Yet to be verified by our personnel.|
|In progress||Detection verification is being worked on by our personnel and an update will be provided as soon as it is completed, or if more information is required.|
|True_positive||The detection is a verified legitimate attack that triggers and produces an alarm.|
|False_positive||The detection is verified as not a real attack.|
To view SHA-Based Detections, follow these steps:
Step 1 - Open "SHA-Based Detections":
Navigate to: Activity > SHA-Based Detections.
Step 2 - View the list of detections and check the status
If you have any questions regarding any of these detections, submit new SOC ticket.