Well, you can ignore this post, I am just demontrating the fetching of an CSV file via the XSOAR !http command to one of my customers
But as you are here, let me tell you a bit more.
So basically the task is fetching an CSV file via an HTTP call. The command will look like this
!http method="GET" url="https://cybernotdienst.de/wp-content/uploads/2023/07/Untitled-spreadsheet-Sheet1-1.csv" unsecure="true" proxy="false" saveAsFile="yes"This is the built-in command XSOAR supports from the start. As you can see, the URL points to the file above. We do NOT use the proxy and we want to save the file directly to the system.
With that command you will find a Context Key in XSOAR which describes the file
Size:86
SHA1:ece8161f45d8e3f0b16eb2253caea45d0d679076
SHA256:cd00f63027fbb6b2a50b8c2257137749e1548abf9f1c217c8f1c1a42a179566c
SHA512:a5d3d608fb1dd60bdcc9e0937b1f7a47f7af1d27c2058fb9b9fa737c08a8e3627c2a0e5e5ebec1e90ecf190233de579f9f0e9d5be13a6ee9e52e0a5d6c0d103a
Name:Untitled spreadsheet - Sheet1 (1).csv
SSDeep:3:AUhBx9IWmJGwFvpCFUZUTOhji7T:AS7vsEUoojin
EntryID:4@11288
Info:text/csv; charset=utf-8
Type:CSV text
MD5:ab8c27e05a3d12827ccd0dc671c70ce9
Extension:csvAnd thats almost the complete trick, now we can use !ParseCSV on teh EntryID above to get the CSV file parsed into the context data
!ParseCSV entryID=4@11288Now you can pack these commands into a Playbook and automate the tasks at hand.
Maybe you want to add a Conditional with a filter, as you want to avoid the ParseCSV to fail just because the file you wanted to download is not actually a CSV file.
This is maybe even the hardest way, as you need to fetch the file.
Unter normal circumstances we would expect that such a file is part of an incident, which makes it way easier, as the attached file will already be there and we just need to check if there is a CSV file and start the parsing
