Skip to main content

XSOAR File Management

This Integration is part of the XSOAR File Management Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

This integration uses the XSOAR API to perform basic but essentials actions on files.

Configure XSOAR File Management in Cortex#

ParameterDescriptionRequired
Server URL (e.g. https://example.net)Make sure XSOAR config 'External Host Name' is set and let this field empty otherwise set the external ip of XSOAR. Using https://127.0.0.1 don't work.False
XSOAR Server API KeyFalse
Trust any certificate (not secure)False
Use system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

file-management-upload-file-to-incident#


Copies a file from this incident to the specified incident. Usefull if you want to manipule file in the preprocessing

Base Command#

file-management-upload-file-to-incident

Input#

Argument NameDescriptionRequired
incidentIDIncident ID to upload the file. If empty, the current incident ID is taken.Optional
fileContentNon binary content of the file (if set let filePath and filePath empty).Optional
entryIDEntry ID of the file to read (if set let filePath and fileContent empty).Optional
filePathPath of the file to read ex: incident.attachment.path (if set let entryID and fileContent empty).Optional
fileNameName of the file. Mandatory if used with filePath and fileContent otherwise the name of the file will not change.Optional
targetWhere to upload the file - Available options are: - 'war room entry': the file will be uploaded as war room entry. - 'incident attachment': the file will be uploaded as incident attachment. - default are 'war room entry'. Possible values are: war room entry, incident attachment. Default is war room entry.Optional

Context Output#

There is no context output for this command.

file-management-delete-file#


Delete the file from the incident and from the XSOAR server

Base Command#

file-management-delete-file

Input#

Argument NameDescriptionRequired
entryIDEntry ID of the file.Required

Context Output#

There is no context output for this command.

file-management-check-file#


Check if entry ID exist

Base Command#

file-management-check-file

Input#

Argument NameDescriptionRequired
entryIDEntry ID of the file.Required

Context Output#

PathTypeDescription
IsFileExistsunknownDictionary with EntryID as key and boolean if the file exists as value

file-management-delete-attachment#


Delete the attachment from the incident and from the XSOAR server

Base Command#

file-management-delete-attachment

Input#

Argument NameDescriptionRequired
filePathFile path of the file.Required
incidentIDID of the incident to delete attachment.Optional
fieldNameName of the field (type attachment) you want to remove the attachment by default it's the incident attachment (incident.attachment) field.Optional

Context Output#

There is no context output for this command.

file-management-rename-file#


Rename a file. Warning: use this only if necessary, it's HEAVY to run, this will delete and recreate the file with another name !

Base Command#

file-management-rename-file

Input#

Argument NameDescriptionRequired
entryIDEntry ID of the file to rename.Required
newFileNameNew name for the file.Required

Context Output#

There is no context output for this command.

file-management-download-file#


Download files from server.

Base Command#

file-management-download-file

Input#

Argument NameDescriptionRequired
fileURIFile URI ex:'/markdown/image/123_60cad1a9-6f90-42c5-8b1b-514d66d74fc0.jpg'.Required
fileNameName of the new downloaded file.Required
incidentIDIncident ID to upload the file. If empty, the current incident ID is taken.Optional
targetWhere to upload the file - Available options are: - 'war room entry': the file will be uploaded as war room entry. - 'incident attachment': the file will be uploaded as incident attachment. - default are 'war room entry'. Possible values are: war room entry, incident attachment. Default is war room entry.Optional

Context Output#

There is no context output for this command.

Command Example#

!file-management-download-file file_uri="/markdown/image/12142_60cad1a9-6f90-42c5-8b1b-514d66d74fc0.jpg"
!file-management-download-file file_uri="/markdown/image/12142_60cad1a9-6f90-42c5-8b1b-514d66d74fc0.jpg" fileName="my_image.jpg"
!file-management-download-file file_uri="/markdown/image/12142_60cad1a9-6f90-42c5-8b1b-514d66d74fc0.jpg" fileName="my_image.jpg" incidentID="1234"

Human Readable Output#

File my_image.jpg uploaded successfully to incident 1234. Entry ID is 1@1234

file-management-get-file-hash#


Get file hash from URI.

Base Command#

file-management-get-file-hash

Input#

Argument NameDescriptionRequired
fileURIFile URI ex:'/markdown/image/123_60cad1a9-6f90-42c5-8b1b-514d66d74fc0.jpg'.Required

Context Output#

PathTypeDescription
File_Hash.ExtensionStringExtension of the file.
File_Hash.MD5StringMD5 of the file.
File_Hash.NameStringName of the file.
File_Hash.SHA1StringSHA1 of the file.
File_Hash.SHA256StringSHA256 of the file.
File_Hash.SHA512StringSHA512 of the file.
File_Hash.SizeStringSize of the file.

Command Example#

!file-management-get-file-hash fileURI="/markdown/image/12142_60cad1a9-6f90-42c5-8b1b-514d66d74fc0.jpg"

Context Example#

{
"File_Hash": {
"Extension": "jpg",
"MD5": "e2f28a722de24003257ded589ac10eee",
"Name": "12142_60cad1a9-6f90-42c5-8b1b-514d66d74fc0.jpg",
"SHA1": "0e5e761a2e6794a4d1c445667d4944db34f78d22",
"SHA256": "877383f34532683580b53d2f5a36e68155de58175524a99d4c25d0da96202e5c",
"SHA512": "5ba5455f0ff3e545f8212b4811d22c66451e1a96a0d886b4550bb287c310f52b4ac37559e90546ef2eae69c1a7942223fb0d2660b9fe273562a96376bc0fdd03",
"Size": "1569787"
}
}

Human Readable Output#

Hash save under the key 'File_Hash'.