Dear community,
Please does anyone has a use case that download files from other solutions into Siemplify for pickup by another integration for analysis? My main question is if yes, are their any precautions in place for putting suspicious files on the platform?
For example downloading a suspicious file from a phishing email to a file path on the platform so that it can be picked up and passed to a content analysis integration.
Download files from other solutions into Siemplify for pickup by another integration
+7
+5
I have that exact scenario.
Users report suspect emails to an inbox.
Siemplify ingests those emails.
Siemplify, on-prem connector, downloads the email to one folder, and any attachments to a different folder. Onto the on-prem connector. Not the cloud platform.
The folder with attachments is locked to only allow the siemplify and admin account to have access.
This directory is cleared out every 2 days.
This connector is on my network, but is locked down to not be able to communicate to anything besides outbound internet. And port 22 when enabled for working.
Thus, I feel reasonably safe with having a server on my network full of potential malware. No services running on that server to open the attachments and no one besides myself can access the server anyway.
+5Oh, and forgot to say my playbook also takes those files and uses them in other actions like submit to our sandbox for analysis
+7
Thanks for the reply
Siemplify, on-prem connector, downloads the email to one folder, and any attachments to a different folder. Onto the on-prem connector. Not the cloud platform.
IN the above line, you mean downloaded to the Siemplify platform itself in the path specified right?
+7
Thus, I feel reasonably safe with having a server on my network full of potential malware. No services running on that server to open the attachments and no one besides myself can access the server anyway.
You mean the Siemplify platform here, right? or which server
+7
The folder with attachments is locked to only allow the siemplify and admin account to have access.
Also can you expatiate how you attained this? When you said only Siemplify and Admin, you mean from the GUI so it can be picked up by the playbook right? Thanks
+5
We use Siemplify in the Cloud where we have no access to the server backend.
So, I use the on-premises Siemplify Agent so that the Cloud Siemplify can communicate with some of our Internal only tools.
The agent is basically just a linux server with a Siemplify program running on it.
On that linux server is where I download to a specified path and this server can only be accessed via the admin or siemplify credentials I created on it.
SSH access only, nothing GUI.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.