We have a poorly coding internal application that keeps triggering the Endpoint ESA rule 'unsigned outbound from temp directory' What would be the best way to whitelist this so it doesn't keep showing up in alerts in the respond module?

Thanks for that. Yeah I think a feed is what I was more thinking about. Right now, we only have one checksum but I'm thinking about if this becomes a bigger thing and we start to maintain a list of whitelisted checksums, rather than editing the ESA rule every time to add the additional checksum it could just be automatically imported using…