05-22-2024 05:12 AM - edited 05-22-2024 05:23 AM
05-23-2024 12:21 AM
Hi,
!extractIndicators command can extract the indicator which is given files.
05-23-2024 05:50 PM
Hi @cV V, since your trying to access data store inside a docx file you will need to first convert the file to plain text.
You can use the !ParseWordDoc entryID= command first on the file in your screenshot. The output of this command will add a new file to context in .txt format.
You can then run the !extractIndicators entryID= command with this new file. The output of this command will create the ExtractedIndicators key in your context.
Please note that the ExtractedIndicators key will contain sub-keys for IP, URL, etc. Also, when you run this command multiple times, with 2 different files for example, the ExtractedIndicators with be converted into a list. To create a single list you can use the below command.
!Set append=true value=${ExtractedIndicators.IP} key=ListofIPS
05-23-2024 12:21 AM
Hi,
!extractIndicators command can extract the indicator which is given files.
05-23-2024 05:50 PM
Hi @cV V, since your trying to access data store inside a docx file you will need to first convert the file to plain text.
You can use the !ParseWordDoc entryID= command first on the file in your screenshot. The output of this command will add a new file to context in .txt format.
You can then run the !extractIndicators entryID= command with this new file. The output of this command will create the ExtractedIndicators key in your context.
Please note that the ExtractedIndicators key will contain sub-keys for IP, URL, etc. Also, when you run this command multiple times, with 2 different files for example, the ExtractedIndicators with be converted into a list. To create a single list you can use the below command.
!Set append=true value=${ExtractedIndicators.IP} key=ListofIPS
05-26-2024 10:56 PM
Hi Jfernandes1
Thanks for the response & guide us on below process
1.Step
Uploading the IOC file in word document format below 2 files in xsoar CLI box attachment. (screenshots attached)
2. Extracted the Indicators with thier entry ID. (please find attached screenshot)
3. While appending the two files A and B step, where we get those values for value= and key= not listed anywhere in !extractedindicators results (screenshot attached)
05-27-2024 01:54 AM
Hi @cV V, in your example screenshot I see your using the ExtractIndicatorsFromWordFile automation, unfortunately this automation does not return any data to the context. The objective of the automation is to print the indicators from the docx file in the warroom, our auto-extraction feature will then process all those indicators. You can force the data to be pushed to the context by adding the extend-context option, example below.
!ExtractIndicatorsFromWordFile entryID=${File.[0].EntryID} extend-context=file1data1=
Note: Do not add anything after the equal (=) symbol at the end.
I would still suggest my earlier option of converting the files first since it provides more control.
05-27-2024 04:07 AM
Hi all,
Appended two files eg: File A and File B by below command for CSV file formats.
Indicator values = ip (ip's column in file A and file B)
tags =iocfileA,iocfileB (tags are added while uploading IOC files)
!AppendindicatorFieldWrapper indicators_values="ip" tags="iocfileA,iocfileB"
Regards
kudos
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
