+5Hi,
I am trying to access the files that I download from services like exchange or Virustotal.
Is there a place/file path that I could use to send/upload those files on another system ?
I could see some upload options having parameters to define a linux server credentials and IP. But then it's an external server setup. Is there a way to upload files without downloading to external server. Something like a secure vault within Chronicle ?
Best answer by SoarAndy
Hi Ankitsynx
Some actions (legacy) use file paths.
Some actions (new) use case wall objects in base64 (limited to 5/8MB)
It is possible to interchange these with a few Actions:
Get Attachment - dumps case wall files to base64 output
Save Base64 to File - saves the above output and returns a file path
Also look at
Add attachment - save a raw base64 to case wall
Note - SOAR/SecOps is slowly moving away from file system paths, so I strongly suggest you build as little as possible into your workflow.
+12Hi Ankitsynx
Some actions (legacy) use file paths.
Some actions (new) use case wall objects in base64 (limited to 5/8MB)
It is possible to interchange these with a few Actions:
Get Attachment - dumps case wall files to base64 output
Save Base64 to File - saves the above output and returns a file path
Also look at
Add attachment - save a raw base64 to case wall
Note - SOAR/SecOps is slowly moving away from file system paths, so I strongly suggest you build as little as possible into your workflow.
+5Hi Ankitsynx
Some actions (legacy) use file paths.
Some actions (new) use case wall objects in base64 (limited to 5/8MB)
It is possible to interchange these with a few Actions:
Get Attachment - dumps case wall files to base64 output
Save Base64 to File - saves the above output and returns a file path
Also look at
Add attachment - save a raw base64 to case wall
Note - SOAR/SecOps is slowly moving away from file system paths, so I strongly suggest you build as little as possible into your workflow.
Hi Andy,
Thanks for the solution I have implemented it and test it works well and I can now attach/upload files to upstream actions in playbooks.
+5Over the past few months, I’ve noticed that after downloading files to specific system paths, the files sometimes go missing from those same paths, resulting in a 'file not found' error during upload.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
