File Post App

Last Updated: Nov 20, 2018 03:56PM EST
Organization Administrator to add the App Profile
An active Playbook with an HTTPLink Trigger; TCM - File Post v1.0 app installed by a System Administrator

Overview

The File Post app uploads a file and posts it to an HTTPLink Trigger within a Playbook. It can then receive a response from the Playbook. It is essentially a utility that passes a binary to a Playbook for analysis, the results of which can be passed back to the app.

Playbook Example

To use the File Post app, a Playbook that contains an HTTPLink Trigger must first be created. If desired, output can then be returned to the Trigger, based on the results of the Playbook execution. Figure 1 shows the example Playbook used in this article. This Playbook receives a file, unzips it, and uses ReversingLabs™ Playbook apps to analyze it and determine whether it is a known threat. If it is, the Playbook returns a message stating that the file is malware, and it creates a Document and File Indicator in ThreatConnect. If not, it returns information from ReversingLabs containing an assessment of the file as goodware or unknown.

App Profile and Menu Space

Follow these steps to create an app profile and menu space for the File Post app:

  1. Copy the URL endpoint of the Playbook to which the binary is to be posted by navigating to the Playbooks screen, hovering the cursor over the row for the Playbook, and clicking on the Copy icon that appears to the right in the Name column.
  2. NOTE: The Playbook must be active for the Copy icon to appear and for the File Post app to function properly.

  3. Follow the steps in Adding App Profiles to open the App Profile wizard (Figure 2).
    • Profile Name: Enter a profile name for the app, such as "Analyze Suspicious File." A good profile name provides information about the intended use case for the app. The profile name is what will display in a user's SPACES dropdown menu. (See Figure 8.)
    • Installed App: Select TCM - FilePost v1.0.
    • Click the Next button.
  4. The Setup tab will appear (Figure 3).
    • URL: Paste in the URL endpoint that was copied in Step 1.
    • Max File Size: Enter the maximum file size that can be passed to the app.
    • Minutes to wait for playbook response: Enter the maximum amount of time for the app to wait for a response before timing out.
    • Click the Next button.
  5. The Defaults tab will appear (Figure 4).
    • Logging Level: Set the logging level for the app.
    • Click the Next button.
  6. The Review tab will appear (Figure 5). Click the SAVE button to save the app profile.
  7. To create a menu space for the app, hover the cursor over SPACES on the top navigation bar (Figure 6) and select ADD MENU SPACE.
  8. The Add App window will appear (Figure 7).
  9. Select the app profile that was just created from the Select App dropdown list, and then click the ADD button. The app profile will now appear when the cursor is hovered over SPACES on the top navigation bar (Figure 8).

Using the App

Follow these steps to use the File Post app:

  1. Hover the cursor over SPACES on the top navigation bar (Figure 6), and click on the app profile created in the previous section (Figure 8). A window for the app will appear (Figure 9). The app window may be opened in a new browser tab by clicking on the pop-out icon next to the app name.
  2. Click the Select file to upload button, and select a file from the window that appears. The file will now show in the app window (Figure 10). Only one file may be selected for upload at a time. To remove the file without uploading it, click the X next to the file or click the Cancel button.
  3. Click the Upload button. There may be a delay while the Playbook runs and analyzes the file. If the upload completes, a green box confirming that the upload was successful will appear in the top right-hand corner of the screen, along with the results of the upload (Figure 11). The green box will then disappear.
  4. In this example, the Playbook's response is that the file was determined to be malicious and was saved in the ThreatConnect malware vault. Click on the Click here text to view the File Indicator in ThreatConnect (Figure 12).

    NOTE: The content and functionality of the response, including the link to the File Indicator that is created in ThreatConnect, is generated by the Playbook, not by the File Post app. The app only passes the file to the Playbook and receives output from the Playbook.

  5. Return to the app window (Figure 11), and click the X in the upper right-hand corner of the window to exit from the application.
  6. Figure 13 shows the results of sending a non-malicious file to the app (Figure 13).

ReversingLabs™ is a trademark of ReversingLabs International GmbH.

20067-02 EN Rev. A

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us



https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete