File Post App

Last Updated: Jul 02, 2018 03:16PM EDT
Organization Administrator to add the App Profile
An active Playbook with an HTTPLink Trigger; TCM - File Post v1.0 app installed by a System Administrator


The File Post app uploads a file and posts it to an HTTPLink Trigger within a Playbook. It can then receive a response from the Playbook. It is essentially a utility that passes a binary to a Playbook for analysis, the results of which can be passed back to the app.

Playbook Example

To use the File Post app, a Playbook that contains an HTTPLink Trigger must first be created. If desired, output can then be returned to the Trigger, based on the results of the Playbook execution. Figure 1 shows the example Playbook used in this article. This Playbook receives a file, unzips it, and uses ReversingLabs™ Playbook apps to analyze it and determine whether it is a known threat. If it is, the Playbook returns a message stating that the file is malware, and it creates a Document and File Indicator in ThreatConnect. If not, it returns information from ReversingLabs containing an assessment of the file as goodware or unknown.

App Profile and Menu Space

Follow these steps to create an app profile and menu space for the File Post app:

  1. Follow the steps in Adding App Profiles to open the App Profile wizard (Figure 2).
    • Profile Name: Enter a profile name for the app, such as "Analyze Suspicious File." A good profile name provides information about the intended use case for the app. The profile name is what will display in a user's SPACES dropdown menu. (See Figure 8.)
    • Installed App: Select TCM - FilePost v1.0.
    • Click the Next button.
  2. The Setup tab will appear (Figure 3).
    • URL: Paste in the URL endpoint of the HTTPLink Trigger for the Playbook to which the binary is to be posted. To obtain the endpoint, open the Playbook containing the HTTPLink Trigger, change the status of the Playbook to Inactive, hover the cursor over the icon of the Trigger, and copy the endpoint that appears. Then change the status of the Playbook back to Active.
    • Max File Size: Enter the maximum file size that can be passed to the app.
    • Minutes to wait for playbook response: Enter the maximum amount of time for the app to wait for a response before timing out.
    • Click the Next button.
  3. The Defaults tab will appear (Figure 4).
    • Logging Level: Set the logging level for the app.
    • Click the Next button.
  4. The Review tab will appear (Figure 5). Click the SAVE button to save the app profile.
  5. To create a menu space for the app, hover the cursor over SPACES on the top navigation bar (Figure 6) and select ADD MENU SPACE.
  6. The Add App window will appear (Figure 7).
  7. Select the app profile that was just created from the Select App dropdown list, and then click the ADD button. The app profile will now appear when the cursor is hovered over SPACES on the top navigation bar (Figure 8).

Using the App

Follow these steps to use the File Post app:

  1. Hover the cursor over SPACES on the top navigation bar (Figure 6), and click on the app profile created in the previous section (Figure 8). A window for the app will appear (Figure 9). The app window may be opened in a new browser tab by clicking on the pop-out icon next to the app name.
  2. Click the Select file to upload button, and select a file from the window that appears. The file will now show in the app window (Figure 10). Only one file may be selected for upload at a time. To remove the file without uploading it, click the X next to the file or click the Cancel button.
  3. Click the Upload button. There may be a delay while the Playbook runs and analyzes the file. If the upload completes, a green box confirming that the upload was successful will appear in the top right-hand corner of the screen, along with the results of the upload (Figure 11). The green box will then disappear.
  4. In this example, the Playbook's response is that the file was determined to be malicious and was saved in the ThreatConnect malware vault. Click on the Click here text to view the File Indicator in ThreatConnect (Figure 12).

    NOTE: The content and functionality of the response, including the link to the File Indicator that is created in ThreatConnect, is generated by the Playbook, not by the File Post app. The app only passes the file to the Playbook and receives output from the Playbook.

  5. Return to the app window (Figure 11), and click the X in the upper right-hand corner of the window to exit from the application.
  6. Figure 13 shows the results of sending a non-malicious file to the app (Figure 13).

ReversingLabs™ is a trademark of ReversingLabs International GmbH.

20067-01 EN Rev. B

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found