IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Decrypt attachments outside Resilient

1. Decrypt attachments outside Resilient

Like
Irek Romaniuk
Posted Tue February 21, 2023 02:41 PM

Reply
I would like to find out how to decrypt attachments inside OS i.e. two "dat" files in the example below. I believe 369755 is incident number. Please point me into documentation

$ sudo ls -lh /crypt/attachments/org_301/INCIDENT/obj_369755
-rw-rw----. 1 co3 res-attachments 480K Feb 15 17:35 ab8a6c77-37f4-4b4c-9296-13f1e6359a38.dat
-rw-rw----. 1 co3 res-attachments 481K Feb 15 17:35 b51a0699-d6fa-4058-abeb-71037b18f95a.dat

------------------------------
Irek Romaniuk
------------------------------

IBM QRadar SOAR

IBM QRadar SOAR

Decrypt attachments outside Resilient

1. Decrypt attachments outside Resilient

Additional
Resources

Office

Quick Links

IBM QRadar SOAR

IBM QRadar SOAR

Decrypt attachments outside Resilient

1. Decrypt attachments outside Resilient

Related Content

How to read attachment in Resilient function ?

Resilient API log ?

Can't update user email (and can't reset with "resutil")

Update Resilient via CO3 framework error

inbound emails missing occasionally

Additional Resources

Office

Quick Links

Additional
Resources