wideakp.blogg.se - Pcap analysis online

Values can be true or any other value for false. This input specifies whether to run the file carving playbook. This input specifies whether to run the parsing and enrichment playbook. This input specifies the file entry ID for the PCAP file if the user provided the file in the incident.

This playbook does not use any integrations. This playbook uses the following sub-playbooks, integrations, and scripts. In order to demonstrate the entire flow make sure that at least on of the following playbook inputs is configured in order for search results to exist.

The playbooks is meant to be a demonstration of all the PCAP analysis capabilities however it is more likely to use each of the subplaybooks seperatly.

Carve (extract) files found in the http, smb and other protocols and perform enrichment and detonation.

Parse and enrich detected indicators such as IP addresses, URLs, email addresses and domains found by the search.

Search for specific values in a PCAP file.

This playbook leverages all of the PCAP miner and PCAP file extractor sub playbook capabilities, including: This Playbook is part of the PCAP Analysis Pack.