You can check the file extension prior to submitting the file to Wildfire.
step 1: create a global artifact and put the “acceptable” extensions into it, including the . so .7z
. This global artifact can be used anyplace you need to know what file types wildfire supports.
step 2: extract the file extension from the filename in your workflow (using pattern match - include the dot in your match - something like {{extension:/\.[^.]+/}}$
)
step 3: do a global artifact lookup using the ‘contains’ option. Basically, you’re looking to see if the file extension is in your “approved” list.
step 4: have a decision step - if the global artifact lookup step “found” a match, run the file through wildfire, otherwise skip wildfire.
This is basically the same technique used to “whitelist” urls or domains.
It may not be 100% since I believe wildfire isn’t a simple file extension test - I think it actually looks at the format of the file name - but it gets you close.
I personally think there’s value in submitting an unsupported file to Wildfire simply because it tells you what type of file it isn’t.
You could submit everything to wildfire and use a decision point after the wildfire step to ‘normalize’ everything:
- set the wildfire step to “continue on failure”
- have a decision point checking if wildfire succeeded
- two paths: succeeded, and failed
- join step called “Wildfire Results” - with a single variable called “Verdict”
- if your decision took the “succeeded” path, the verdict is the wildfire.[verdict] variable
- if your decision took the “failed” path, the verdict is “Unsupported File”
Continue on with your workflow using the join-step output instead of the wildfire output, confident that it’ll always have a value!
This pattern is an easy way to set a “default value” in InsightConnect.