- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-02-2024 08:24 AM - edited 07-02-2024 08:26 AM
We have been building a playbook to decrypt all encrypted attachments and detonate in a wildfire and Mimecast sanbox using their integrations. I am struggling currently to remove jpegs and pngs from the context data so they are not being sent to the sandbox for detonation. I have a condition that loops through all the files after pulling them down from mimecast and if there is a file type that is not supported i have a error capture for it which logs a ticket to the service desk. I have built in a task to deletecontext filtering on File.Info including png or jpeg but it is not removing them from the context data? Am i missing something ?
07-02-2024 10:56 AM
Hello @EStenning,
Can you please provide more context as to how are you processing the list of files? Are you using a sub-playbook loop? A custom automation?
If you're using a sub-playbook loop you can specify an input that takes in your files for detonation, and apply a filter when passing in the input, so that only files with extension different than png and jpeg will be passed in.
Thanks.
07-03-2024 02:40 AM
Hey, we are using a sub-playbook to loop over every file and decrypt them using custom automation as xsoar does not support many file types out of the box. I have placed a task after all files are downloaded from mimecast using the mimecast integration to delete context data for file.info that includes png or jpeg. It works and completes and says it cleared the keys successfully but when i look in the context data the files are still there..
07-03-2024 10:56 AM
I was using jpeg and not jpg.........
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!