Skip to main content


This automation extracts all possible files from a PCAP file.

Script Data#

Script Typepython3
Tagspcap, file, Utility
Cortex XSOAR Version5.0.0


Argument NameDescription
entry_idThe EntryID of the PCAP file to extract the files from.


PcapExtractedFiles.FileNameFile name.String
PcapExtractedFiles.FileSizeFile size.Number
PcapExtractedFiles.FileMD5The MD5 hash of the file.String
PcapExtractedFiles.FileSHA1The SHA1 hash of the file.String
PcapExtractedFiles.FileSHA256The SHA256 hash of the file.String
PcapExtractedFiles.FileExtensionThe extension of the file.String
File.SizeThe size of the file in bytes.Number
File.SHA1The SHA1 hash of the file.String
File.SHA256The SHA256 hash of the file.String
File.SHA512The SHA512 hash of the file.String
File.NameThe full file name.String
File.SSDeepThe ssdeep hash of the file.String
File.EntryIDThe ID for locating the file in the War Room.String
File.InfoThe file information.String
File.TypeThe file type.String
File.MD5The MD5 hash of the file.String
File.ExtensionThe file extension, for example: 'txt'.String