- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Read this short, on-point blog to learn how to retrieve a CSV file!
Today, I am demonstrating the retrieving of a CSV file via the XSOAR !http command for one of my customers. You can download a test spreadsheet here: Untitled-spreadsheet-Sheet1-1. Since you are here, let me tell you a bit more.
The task is to retrieve a CSV file via an HTTP call. The command will look like this:
unset
!http method="GET" url="https://cybernotdienst.de/wp-content/uploads/2023/07/
Untitled-spreadsheet-Sheet1-1.csv" unsecure="true" proxy="false" saveAsFile="yes"
This is the built-in command XSOAR supports from the start. As you can see, the URL points to the file above. We do NOT use the proxy and we want to save the file directly to the system.
With that command you will find a Context Key in XSOAR which describes the file:
Unset
Size:86
SHA1:ece8161f45d8e3f0b16eb2253caea45d0d679076
SHA256:cd00f63027fbb6b2a50b8c2257137749e1548abf9f1c217c8f1c1a42a179566c
SHA512:a5d3d608fb1dd60bdcc9e0937b1f7a47f7af1d27c2058fb9b9fa737c08a8e3627
c2a0e5e5ebec1e90ecf190233de579f9f0e9d5be13a6ee9e52e0a5d6c0d103a
Name:Untitled spreadsheet - Sheet1 (1).csv
SSDeep:3:AUhBx9IWmJGwFvpCFUZUTOhji7T:AS7vsEUoojin
EntryID:4@11288
Info:text/csv; charset=utf-8
Type:CSV text
MD5:ab8c27e05a3d12827ccd0dc671c70ce9
Extension:csv
And that's almost the complete trick, now we can use !ParseCSV on the EntryID above to get the CSV file parsed into the context data:
Unset
!ParseCSV entryID=4@11288
Now you can pack these commands into a Playbook and automate the tasks at hand.
You can add a Conditional with a filter, to avoid the ParseCSV to fail, because the file you wanted to download is not actually a CSV file.
This may be a harder way, as you need to retrieve the file.
Under normal circumstances we would expect that such a file is part of an incident, which makes it way easier, as the attached file will already be there and we just need to check if there is a CSV file and start the parsing.
Please reach out if you have any questions. Thank you for reading!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
2 Likes | |
1 Like | |
1 Like | |
1 Like | |
1 Like |