Dynamic interactive multi select input inside a playbook

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Dynamic interactive multi select input inside a playbook

L2 Linker

Dears, 

 

We are trying to do the following scenario and we want to check if it is doable or not:

 

1- We have a phishing playbook.

2- We are extracting all the attachments that are included inside an email file (.eml file). 

3- the extraction of these files is working properly and we have each file associated with an entry id. 

4- we want to submit those files to  sandboxing tool but not all of them, we only want to submit the files that the analyst want to submit. 

 

My Question: can we pass those entry ids to an interactive input (multi select input).. That ask the analyst to pick which files to be submitted to sandboxing and based on his choices we will submit the chosen files. 

 

So do we have an interactive multi select input inside a playbook? 

 

Your support highly appreciated

 

1 accepted solution

Accepted Solutions

L3 Networker

This is achievable. I have attached the necessary files. The new files will provide:

 

  1. A new custom layout (that is based on the Phishing Incident v3 layout)
    1. This contains a new section called "Sandbox Submission"
      1. There is a new sub-section that contains a new field called "File Submissions" and a new button for submitting the files
      2. It also contains a "logs" section to show previous activities
    2. The new File Submissions field has a field display script that populates file names that are found in the 'File' context value
    3. The File Submission Logs field (which is a grid) populates automatically after clicking the submit button
    4. The submit button uses another custom automation script that:
      1. Gathers the file names selected by the user
      2. Finds their EntryIDs
      3. Submits each file to the sandbox
      4. Populates the logs
    5. After running, it will clear the File Submissions selections
    6. The submit button only appears when there are entries selecting in the File Submission field

 

Installing to test

To make this work (and therefore you can play around with the layouts etc), do the following:

  1. Extract the "Archive.zip" attached.
  2. Import the 2 new automation scripts called "PopulateFileSubmissions.yml" and "SubmitFilesButton.yml".
  3. Import the incidentfields.json (this will create 2 new fields).
  4. Import the layout "layoutscontainer-Phishing_Incident_v3_Custom.json"
  5. Assign the layout to the incident type you want the Sandbox submission for

There is one change you will need to make. In the automation script named "SubmitFilesButton" you will need to edit line 15 to use the command you would like to use with your sandbox. I have an ANYRUN integration setup and have left my line in there in a commented state.

 

Apologies for simply providing the answer as files, but it was infinitely easier to show you how it worked rather than explain in a lengthy paragraph.

 

Regards


Adam

 

View solution in original post

1 REPLY 1

L3 Networker

This is achievable. I have attached the necessary files. The new files will provide:

 

  1. A new custom layout (that is based on the Phishing Incident v3 layout)
    1. This contains a new section called "Sandbox Submission"
      1. There is a new sub-section that contains a new field called "File Submissions" and a new button for submitting the files
      2. It also contains a "logs" section to show previous activities
    2. The new File Submissions field has a field display script that populates file names that are found in the 'File' context value
    3. The File Submission Logs field (which is a grid) populates automatically after clicking the submit button
    4. The submit button uses another custom automation script that:
      1. Gathers the file names selected by the user
      2. Finds their EntryIDs
      3. Submits each file to the sandbox
      4. Populates the logs
    5. After running, it will clear the File Submissions selections
    6. The submit button only appears when there are entries selecting in the File Submission field

 

Installing to test

To make this work (and therefore you can play around with the layouts etc), do the following:

  1. Extract the "Archive.zip" attached.
  2. Import the 2 new automation scripts called "PopulateFileSubmissions.yml" and "SubmitFilesButton.yml".
  3. Import the incidentfields.json (this will create 2 new fields).
  4. Import the layout "layoutscontainer-Phishing_Incident_v3_Custom.json"
  5. Assign the layout to the incident type you want the Sandbox submission for

There is one change you will need to make. In the automation script named "SubmitFilesButton" you will need to edit line 15 to use the command you would like to use with your sandbox. I have an ANYRUN integration setup and have left my line in there in a commented state.

 

Apologies for simply providing the answer as files, but it was infinitely easier to show you how it worked rather than explain in a lengthy paragraph.

 

Regards


Adam

 

  • 1 accepted solution
  • 1352 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!