This is achievable. I have attached the necessary files. The new files will provide:
- A new custom layout (that is based on the Phishing Incident v3 layout)
- This contains a new section called "Sandbox Submission"
- There is a new sub-section that contains a new field called "File Submissions" and a new button for submitting the files
- It also contains a "logs" section to show previous activities
- The new File Submissions field has a field display script that populates file names that are found in the 'File' context value
- The File Submission Logs field (which is a grid) populates automatically after clicking the submit button
- The submit button uses another custom automation script that:
- Gathers the file names selected by the user
- Finds their EntryIDs
- Submits each file to the sandbox
- Populates the logs
- After running, it will clear the File Submissions selections
- The submit button only appears when there are entries selecting in the File Submission field
Installing to test
To make this work (and therefore you can play around with the layouts etc), do the following:
- Extract the "Archive.zip" attached.
- Import the 2 new automation scripts called "PopulateFileSubmissions.yml" and "SubmitFilesButton.yml".
- Import the incidentfields.json (this will create 2 new fields).
- Import the layout "layoutscontainer-Phishing_Incident_v3_Custom.json"
- Assign the layout to the incident type you want the Sandbox submission for
There is one change you will need to make. In the automation script named "SubmitFilesButton" you will need to edit line 15 to use the command you would like to use with your sandbox. I have an ANYRUN integration setup and have left my line in there in a commented state.
Apologies for simply providing the answer as files, but it was infinitely easier to show you how it worked rather than explain in a lengthy paragraph.
Regards
Adam