search cancel

ATP or SEDR reports that a STIX file is invalid when it contains Fuzzy_Hash_Value entries.


Article ID: 171795


Updated On:


Endpoint Detection and Response Advanced Threat Protection Platform


When a STIX file is uploaded for an Entity search, you are told the STIX file is invalid. You may also see a warning stating the file contains invalid objects.

Error in expression: STIX file invalid. Upload a valid STIX file.

Warning in expression: SEDR only supports file hash queries. Unsupported objects were detected in the file and not included in the query.


These errors are due to entries in the STIX file for 'Fuzzy_Hash_Value' which the SEDR software does not support searches for.


Starting with ATP 3.2, the ATP/SEDR software ignores Fuzzy_Hash_Value entries in STIX files. If they are found, you receive the following warning: