XSOAR File Management
XSOAR File Management Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
This integration uses the XSOAR API to perform basic but essentials actions on files.
#
Configure XSOAR File Management in CortexParameter | Description | Required |
---|---|---|
Server URL (e.g. https://example.net) | Make sure XSOAR config 'External Host Name' is set and let this field empty otherwise set the external ip of XSOAR. Using https://127.0.0.1 don't work. | False |
XSOAR Server API Key | False | |
Trust any certificate (not secure) | False | |
Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
file-management-upload-file-to-incidentCopies a file from this incident to the specified incident. Usefull if you want to manipule file in the preprocessing
#
Base Commandfile-management-upload-file-to-incident
#
InputArgument Name | Description | Required |
---|---|---|
incidentID | Incident ID to upload the file. If empty, the current incident ID is taken. | Optional |
fileContent | Non binary content of the file (if set let filePath and filePath empty). | Optional |
entryID | Entry ID of the file to read (if set let filePath and fileContent empty). | Optional |
filePath | Path of the file to read ex: incident.attachment.path (if set let entryID and fileContent empty). | Optional |
fileName | Name of the file. Mandatory if used with filePath and fileContent otherwise the name of the file will not change. | Optional |
target | Where to upload the file - Available options are: - 'war room entry': the file will be uploaded as war room entry. - 'incident attachment': the file will be uploaded as incident attachment. - default are 'war room entry'. Possible values are: war room entry, incident attachment. Default is war room entry. | Optional |
#
Context OutputThere is no context output for this command.
#
file-management-delete-fileDelete the file from the incident and from the XSOAR server
#
Base Commandfile-management-delete-file
#
InputArgument Name | Description | Required |
---|---|---|
entryID | Entry ID of the file. | Required |
#
Context OutputThere is no context output for this command.
#
file-management-check-fileCheck if entry ID exist
#
Base Commandfile-management-check-file
#
InputArgument Name | Description | Required |
---|---|---|
entryID | Entry ID of the file. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
IsFileExists | unknown | Dictionary with EntryID as key and boolean if the file exists as value |
#
file-management-delete-attachmentDelete the attachment from the incident and from the XSOAR server
#
Base Commandfile-management-delete-attachment
#
InputArgument Name | Description | Required |
---|---|---|
filePath | File path of the file. | Required |
incidentID | ID of the incident to delete attachment. | Optional |
fieldName | Name of the field (type attachment) you want to remove the attachment by default it's the incident attachment (incident.attachment) field. | Optional |
#
Context OutputThere is no context output for this command.
#
file-management-rename-fileRename a file. Warning: use this only if necessary, it's HEAVY to run, this will delete and recreate the file with another name !
#
Base Commandfile-management-rename-file
#
InputArgument Name | Description | Required |
---|---|---|
entryID | Entry ID of the file to rename. | Required |
newFileName | New name for the file. | Required |
#
Context OutputThere is no context output for this command.
#
file-management-download-fileDownload files from server.
#
Base Commandfile-management-download-file
#
InputArgument Name | Description | Required |
---|---|---|
fileURI | File URI ex:'/markdown/image/123_60cad1a9-6f90-42c5-8b1b-514d66d74fc0.jpg'. | Required |
fileName | Name of the new downloaded file. | Required |
incidentID | Incident ID to upload the file. If empty, the current incident ID is taken. | Optional |
target | Where to upload the file - Available options are: - 'war room entry': the file will be uploaded as war room entry. - 'incident attachment': the file will be uploaded as incident attachment. - default are 'war room entry'. Possible values are: war room entry, incident attachment. Default is war room entry. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example#
Human Readable OutputFile my_image.jpg uploaded successfully to incident 1234. Entry ID is 1@1234
#
file-management-get-file-hashGet file hash from URI.
#
Base Commandfile-management-get-file-hash
#
InputArgument Name | Description | Required |
---|---|---|
fileURI | File URI ex:'/markdown/image/123_60cad1a9-6f90-42c5-8b1b-514d66d74fc0.jpg'. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
File_Hash.Extension | String | Extension of the file. |
File_Hash.MD5 | String | MD5 of the file. |
File_Hash.Name | String | Name of the file. |
File_Hash.SHA1 | String | SHA1 of the file. |
File_Hash.SHA256 | String | SHA256 of the file. |
File_Hash.SHA512 | String | SHA512 of the file. |
File_Hash.Size | String | Size of the file. |
#
Command Example!file-management-get-file-hash fileURI="/markdown/image/12142_60cad1a9-6f90-42c5-8b1b-514d66d74fc0.jpg"
#
Context Example#
Human Readable OutputHash save under the key 'File_Hash'.