Hello All,

i have integrated already FireEye HX Application with the SOAR.

I am seeking guidance on a specific playbook design for an integration between FireEye HX and IBM SOAR.

My objective is to create a playbook that allows an analyst to directly block a hash value on FireEye HX from the SOAR platform.

The integration has been successfully set up, and I have access to the following predefined FireEye HX functions within IBM SOAR:

• FireEye HX: Append Conditions

• FireEye HX: Approve Host Containment

• FireEye HX: Create Indicator

• FireEye HX: Create Triage Acquisition

• FireEye HX: Find Host

• FireEye HX: Get Alert

• FireEye HX: Get Alerts

• FireEye HX: Get Host Information

• FireEye HX: Get Indicator

• FireEye HX: Get Indicators

• FireEye HX: Release Host Containment

• FireEye HX: Request Host Containment

• FireEye HX: Suppress Alert

I am trying to determine the correct sequence of functions to achieve the goal of blocking a hash value. It seems that the FireEye HX: Create Indicator function is the most relevant, but I would appreciate any insight or examples on how to correctly sequence the steps within a playbook to ensure the hash is successfully blocked.

Any assistance, suggestions, or examples of a similar playbook would be greatly appreciated.

Thank you in advance for your help.

Regards,

Farrukh Majid.
Infromation Security Consultant.

------------------------------
Farrukh Majid
------------------------------

your best bet is to set a meeting with your fireEye admin and understand more about the solution and how the do the hash blocking manually to be able to replicate that through SOAR action , also you can reach to fireeye support.

------------------------------
Mohamad islam Hamadieh
I post SOAR content and tips on linkedIn , follow me :)
https://linkedin.com/in/mohamadislam
------------------------------

Original Message:
Sent: Thu September 04, 2025 03:59 AM
From: Farrukh Majid
Subject: Assistance with Playbook for FireEye HX and IBM SOAR Hash Blocking

Hello All,

i have integrated already FireEye HX Application with the SOAR.

I am seeking guidance on a specific playbook design for an integration between FireEye HX and IBM SOAR.

My objective is to create a playbook that allows an analyst to directly block a hash value on FireEye HX from the SOAR platform.

The integration has been successfully set up, and I have access to the following predefined FireEye HX functions within IBM SOAR:

• FireEye HX: Append Conditions

• FireEye HX: Approve Host Containment

• FireEye HX: Create Indicator

• FireEye HX: Create Triage Acquisition

• FireEye HX: Find Host

• FireEye HX: Get Alert

• FireEye HX: Get Alerts

• FireEye HX: Get Host Information

• FireEye HX: Get Indicator

• FireEye HX: Get Indicators

• FireEye HX: Release Host Containment

• FireEye HX: Request Host Containment

• FireEye HX: Suppress Alert

I am trying to determine the correct sequence of functions to achieve the goal of blocking a hash value. It seems that the FireEye HX: Create Indicator function is the most relevant, but I would appreciate any insight or examples on how to correctly sequence the steps within a playbook to ensure the hash is successfully blocked.

Any assistance, suggestions, or examples of a similar playbook would be greatly appreciated.

Thank you in advance for your help.

Regards,

Farrukh Majid.
Infromation Security Consultant.

------------------------------
Farrukh Majid
------------------------------