IBM Security QRadar SOAR

 View Only
  • 1.  Image Attachment Viewer

    IBM Champion
    Posted Mon October 19, 2020 05:01 PM
    I'm not sure if this is new to V38.2, but I just noticed it. I didn't see it as a documented "What's new" feature/enhancement in the Knowledge Center, so I'm going to call it a hidden gem (unless I've somehow been missing it for a long time- maybe someone else can confirm?).

    There is an attachment image viewer for viewing image attachments in-product now. Very cool! Animation of opening it, and ability to switch through several attached images in it is awesome. Much better than downloading images manually to open them.

    Thought I'd share in case anyone else was unaware of it...

    ------------------------------
    Jared Fagel
    Cyber Security Analyst I
    Public Utility
    ------------------------------


  • 2.  RE: Image Attachment Viewer
    Best Answer

    Posted Tue October 20, 2020 08:41 AM
    This was actually added in V38.0.  We somehow missed including this in the What's new section.

    ------------------------------
    Jim Tonra
    Engineering Manager
    IBM Resilient
    Cambridge MA
    ------------------------------



  • 3.  RE: Image Attachment Viewer

    Posted Thu November 12, 2020 10:29 AM
    Just discover it also from Jared message :)
    Just a pity that it works only in the Attachement tab, on not from the Summary tab

    ------------------------------
    BENOIT ROSTAGNI
    ------------------------------



  • 4.  RE: Image Attachment Viewer

    Posted Tue August 17, 2021 09:41 AM
    When can I find more information on this?  I do not see it in any documentation and appears to not be working or we don't have it turned on. Is there certain attachment types that are supported?  We would like to do preview .eml so you don't have to download the attachment.

    ------------------------------
    Jeffrey Foote
    ------------------------------



  • 5.  RE: Image Attachment Viewer

    IBM Champion
    Posted Tue August 17, 2021 10:02 AM
    Unsure on the documentation. Browsing through the Knowledge Center again, it doesn't look like it's documented anywhere. When I posted this originally, I swear it only worked on one file type (I want to say it was JPG), but looking just now I see it's working on at least these: JPG, JPEG, PNG, and GIF files.

    As for previewing .eml files, that's a different topic. That has an idea in the Aha.io ideas portal you could vote on here:
    https://2e4ccba981d63ef83a875dad7396c9a0.ideas.aha.io/ideas/R-I-964

    ------------------------------
    Jared Fagel
    Cyber Security Analyst I
    Public Utility
    ------------------------------



  • 6.  RE: Image Attachment Viewer

    Posted Wed August 18, 2021 08:52 AM
    I'm not sure it would be a good idea to preview .emi files. These elements may be malicious emails that need remediation. Previewing them may allow for attacks on the browser or user. 

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------



  • 7.  RE: Image Attachment Viewer

    Posted Wed August 18, 2021 10:34 AM
    Image rendering @Ben Lurie

    ------------------------------
    BENOIT ROSTAGNI
    ------------------------------



  • 8.  RE: Image Attachment Viewer

    IBM Champion
    Posted Wed August 18, 2021 11:39 AM
    I generally disagree with this. If simply previewing EML files was risky, email would not be in wide-use today. We are performing EML parsing of all our phishing reports via a custom function and presenting the body in a field to assist with reviewing them -- I'd argue this is one of the more popular use-cases of Resilient today from others I've talked with. It'd be less clunky if an email previewer was included. While image loads can pose a different set of risks (i.e. making a request to an external web server), performing HTML or plaintext text rending should be safe, especially if sanitization and back-end sandboxing was occurring for it.

    Different topic entirely though, and definitely much easier said than done, for sure.

    ------------------------------
    Jared Fagel
    Cyber Security Analyst I
    Public Utility
    ------------------------------



  • 9.  RE: Image Attachment Viewer

    Posted Tue November 17, 2020 11:07 AM
    Post a screenshot

    ------------------------------
    Lucian Sipos
    ------------------------------