Start the investigation by checking if there is any threat intelligence about the file hash in the event. def file_reputation_1(action=None, success=None, container=None, results=None, handle=None, ...