Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Remove file types from the context data

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Remove file types from the context data

L1 Bithead

We have been building a playbook to decrypt all encrypted attachments and detonate in a wildfire and Mimecast sanbox using their integrations. I am struggling currently to remove jpegs and pngs from the context data so they are not being sent to the sandbox for detonation. I have a condition that loops through all the files after pulling them down from mimecast and if there is a file type that is not supported i have a error capture for it which logs a ticket to the service desk. I have built in a task to deletecontext filtering on File.Info including png or jpeg but it is not removing them from the context data? Am i missing something ? 

1 accepted solution

Accepted Solutions

L1 Bithead

I was using jpeg and not jpg......... 

View solution in original post

3 REPLIES 3

L3 Networker

Hello @EStenning

 

Can you please provide more context as to how are you processing the list of files? Are you using a sub-playbook loop? A custom automation? 
If you're using a sub-playbook loop you can specify an input that takes in your files for detonation, and apply a filter when passing in the input, so that only files with extension different than png and jpeg will be passed in.

 

Thanks.

Hey, we are using a sub-playbook to loop over every file and decrypt them using custom automation as xsoar does not support many file types out of the box. I have placed a task after all files are downloaded from mimecast using the mimecast integration to delete context data for file.info that includes png or jpeg. It works and completes and says it cleared the keys successfully but when i look in the context data the files are still there..condition 2.pngcondition.png

L1 Bithead

I was using jpeg and not jpg......... 

  • 1 accepted solution
  • 907 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!