- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reporting a probable issue for Utilities connector action: Extract Artifact from string.
Steps to reproduce.
- Use Phishing Email solution pack and enable extract attachment option on.
- Exchange Mailbox defaults to HTML format for emails.
- Create a text file and add a line into it like "https://gumblar.cn"
- Attach above text file and send it to the mailbox, which is configured to read emails through Exchange connector.
- Observer "03 Enrich - Extract Indicators From Attachment" Playbook.
- In "result" key , we will see a value as "https://gumblar.cn/<p>"
- "<p>" is getting wrongly appended to the url.
- Test Playbook is attached with sample string for testing, please unzip it and import into playbook collection.
- Screenshot is attached.
Professional Services Consultant
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As a workaround, in "03 - Enrich > Extract Indicator" playbook, (refer to the attached image for a reference)
- goto 'Extract Indicators from Description' PB Step
- Check "Override Extraction Settings"
- and replace value of 'RegEx Expression For URL Extraction:' field with (?:https?|s?ftp):\/\/[^\s/$.?#].[^\s,\"\'<>]*
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It worked with (?:https?|s?ftp):\/\/[^\s/$.?#].[^\s,\"\'<//>]* .
Thanks
Professional Services Consultant
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As a workaround, in "03 - Enrich > Extract Indicator" playbook, (refer to the attached image for a reference)
- goto 'Extract Indicators from Description' PB Step
- Check "Override Extraction Settings"
- and replace value of 'RegEx Expression For URL Extraction:' field with (?:https?|s?ftp):\/\/[^\s/$.?#].[^\s,\"\'<>]*
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It worked with (?:https?|s?ftp):\/\/[^\s/$.?#].[^\s,\"\'<//>]* .
Thanks
Professional Services Consultant