Hi,
I am trying to access the files that I download from services like exchange or Virustotal.
Is there a place/file path that I could use to send/upload those files on another system ?
I could see some upload options having parameters to define a linux server credentials and IP. But then it's an external server setup. Is there a way to upload files without downloading to external server. Something like a secure vault within Chronicle ?
Hi Ankitsynx
Some actions (legacy) use file paths.
Some actions (new) use case wall objects in base64 (limited to 5/8MB)
It is possible to interchange these with a few Actions:
Get Attachment - dumps case wall files to base64 output
Save Base64 to File - saves the above output and returns a file path
Also look at
Add attachment - save a raw base64 to case wall
Note - SOAR/SecOps is slowly moving away from file system paths, so I strongly suggest you build as little as possible into your workflow.
Hi Ankitsynx
Some actions (legacy) use file paths.
Some actions (new) use case wall objects in base64 (limited to 5/8MB)
It is possible to interchange these with a few Actions:
Get Attachment - dumps case wall files to base64 output
Save Base64 to File - saves the above output and returns a file path
Also look at
Add attachment - save a raw base64 to case wall
Note - SOAR/SecOps is slowly moving away from file system paths, so I strongly suggest you build as little as possible into your workflow.
Hi Andy,
Thanks for the solution I have implemented it and test it works well and I can now attach/upload files to upstream actions in playbooks.
Over the past few months, I’ve noticed that after downloading files to specific system paths, the files sometimes go missing from those same paths, resulting in a 'file not found' error during upload.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.