Use cases
Built for every known-file filtering workflow
From solo forensic analysts to enterprise SOC teams running thousands of lookups a day — HashScanner filters NSRL known files out of your data so you focus on the unknown.
SOC Operations
Bulk IOC Triage
Check dozens of file hashes from an alert batch in seconds instead of clicking through each one by one.
- Paste hash lists directly from SIEM exports
- Instantly separate known/cataloged files from the unknown
- Drop the noise and reduce analyst triage time
Malware Triage
Exclude Known Files
Cross-reference hashes extracted from sandbox detonations or static analysis against NSRL to strip out cataloged OS and software files.
- Exclude legitimate OS and application files in one pass
- Cut the catalog noise from large sample sets
- Focus manual analysis on genuinely novel, un-cataloged samples
Digital Forensics
Evidence Verification
Triage disk image artefacts, check file system hashes, and separate operating-system noise from evidence of interest.
- Submit large lists of filesystem hashes in bulk
- Filter known OS and software files in one step
- Export results as CSV for case files
Threat Hunting
Shrink the Hunt Surface
Rule out cataloged files across your environment’s file hashes so the unknown rises to the top for review.
- Automate periodic batch checks via the API
- Correlate the remaining unknowns with endpoint telemetry
- Build hunting workflows on top of known-file data
Incident Response
Rapid Scoping
During active incidents, narrow the blast radius fast by ruling out cataloged files across all collected artefacts — so the unknown stands out.
- Check large batches of collected hashes via the bulk API
- Filter out known OS and software files in one step
- Export the remaining unknowns into IR reports as CSV
MSSP / MDR
Multi-Tenant Operations
Scale hash reputation across all your managed clients without per-lookup pricing eating into margins.
- High API rate limits for high-volume use
- Integrate into your existing managed detection platform
- Priority support and SLA on Business plans
Security Vendors
Product Enrichment
Add NSRL known-file data to your security product without building and maintaining your own copy of the RDS.
- Simple REST API to embed lookups in your product
- Bulk endpoints for high-throughput enrichment
- Higher bulk size limits on Professional and Business plans
Security Research
Dataset Analysis
Researchers analysing large malware corpora or building detection models can cross-reference sets of hashes at scale.
- CSV upload for batch dataset queries
- Export structured results for downstream analysis
- API integration with Jupyter, Python, and notebooks