Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

[XSOAR] Issue downloading files

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

[XSOAR] Issue downloading files

L1 Bithead

Hello!

 

We want to create an automation which download a file from a given URL (which contains a file. pe: https://www.comunidad.madrid/sites/default/files/doc/sanidad/epid/informe_epidemiologico_semanal_cov...)

The idea is to store the file in the XSOAR incident to analyze it with our tools.

It is easy to do with Python in a local machine, but as XSOAR dockerize and works with files in a different way we don't know how to proceed.

 

Does anyone know the best way to download files and store them in the same incident?

 

Thanks in advance,

Alejandro Bracamonte.

5 REPLIES 5

L3 Networker

Hello

 

I run into the same problem, as I would avoid that XSOAR Playbook scans URLs, which XSOAR already did.

The dockerize hindering me too to store already scanned urls.

So I've build an own Integration which use FTP as a store.

My solution for the FTP: it runs on the demisto machine, with vsfdpd...

 

regards

roger

Hello Roger,

 

The problem here is the same, we want to get the EntryID of the file so we can execute other tasks in XSOAR to analyze the file.

How do you access the file from an incident when it is stored in the FTP server?

 

Reagrds,

Alejandro Bracamonte.

L2 Linker

Hi!  So the easy way to get the EntryID of the file is using the variable ${File.EntryID}

DougCouch_0-1630522462050.png

If you want to get more specific and insure you are getting a certain file you'll need to add a filter into the query, otherwise you'll bring back all of the files.

It sounds like several of you are experimenting with writing your own Automation to do something specific with the contents of a file.  If you want a good example of how we do that take a look at the ReadFile automation.  It simply reads the contents of a file and dumps it into a context value.  

 

Let me know if that helps or you are still missing something on this.

 

Thanks!

-Doug

Doug Couch  |  XSOAR Customer Success Engineer - Manager
Palo Alto Networks  |  3000 Tannery Way  |  Santa Clara, CA 95054  

Hi Doug!

 

Thank you for your response. Our problem here is not to get the EntryID from the context. We are downloading a file using requests library in a automation and we want to store that file in the incident adding the information to the context. We don't know how to do this in the same automation.

 

Regards,

Alejandro.

Hi Alejandro

 

Just found it out.

If you email it with mail-sender-new:

AttachedID is <id>@<ticketnumber> -> 31@1234

attachNames is the name of the attachment, you would like to see in the Mail Attachment -> "picture.png"
attachCIDs is the name in the war room, in the "command"-Part of the entry 31 -> "picture"

You need all three entries. You may put more than one attachment, just put a coma in between -> "31@1234,45@1234" etc

 

Finally I've got it working 🙂

 

greets

roger

  • 4683 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!