Skip to main content

Extract Indicators From File - Generic v2

This Playbook is part of the Common Playbooks Pack.#

This playbook extracts indicators from a file. Supported file types:

  • CSV
  • PDF
  • TXT
  • HTM, HTML
  • DOC, DOCX
  • PPT
  • PPTX
  • RTF
  • XLS
  • XLSX
  • XML

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

This playbook does not use any integrations.

Scripts#

  • SetAndHandleEmpty
  • Set
  • ConvertFile
  • ReadPDFFileV2
  • ExtractIndicatorsFromTextFile
  • ExtractIndicatorsFromWordFile

Commands#

  • image-ocr-extract-text
  • rasterize-pdf

Playbook Inputs#


NameDescriptionDefault ValueRequired
FileThe file from which to extract indicators.File.NoneOptional

Playbook Outputs#


PathDescriptionType
Domain.NameThe extracted domains.string
Account.Email.AddressThe extracted email addresses.string
File.MD5The extracted MD5 hash.string
File.SHA1The extracted SHA1 hash.string
File.SHA256The extracted SHA256 hash.string
IP.AddressThe extracted IP addresses.string
File.TextThe text or images extracted from the PDF file.string
File.ProducerThe PDF file producer.string
File.TitleThe title of the PDF file.string
File.xapThe XAP of the PDF file.string
File.AuthorThe author of the file.string
File.dcThe DC of the file.string
File.xapmmThe XAPMM of the file.string
File.ModDateThe mod date of the file.string
File.CreationDateThe creation date of the file.string
File.PagesThe number of pages in the file.string
URL.DataA list of URLs that were extracted from the file.string
ExtractedURLsFromFilesThe list of URLs that were extracted from the file. This output is a duplicate of the URL.Data output and it enables parent playbooks to identify the URLs generated by this playbook.String

Playbook Image#


Extract Indicators From File - Generic v2