Add QR code text extraction to the Phishing workflow (demisto#33235)

* added readqrcode script to phishing workflow * RN * Bump pack from version CommonPlaybooks to 2.6.17. * restored old file * added skip if unavailable * added skip if unavailable * Apply suggestions from code review RN Co-authored-by: rundssoar <[email protected]> * Added `QR` * Apply suggestions from code review * Fix validations --------- Co-authored-by: Content Bot <[email protected]> Co-authored-by: rundssoar <[email protected]>
SEKOIA-IO · Mar 7, 2024 · 86c7f1c · 86c7f1c
1 parent 060dd95
commit 86c7f1c
Show file tree

Hide file tree

Showing 10 changed files with 390 additions and 133 deletions.
diff --git a/Packs/CommonPlaybooks/.pack-ignore b/Packs/CommonPlaybooks/.pack-ignore
@@ -22,6 +22,7 @@ NonFoundHashes
 opswat
 filescan
 Stringify
+QR
 
 [file:playbook-File_Enrichment_-_File_reputation.yml]
 ignore=BA101

diff --git a/Packs/CommonPlaybooks/Playbooks/playbook-Extract_Indicators_From_File_-_Generic_v2_4_5.yml b/Packs/CommonPlaybooks/Playbooks/playbook-Extract_Indicators_From_File_-_Generic_v2_4_5.yml
@@ -116,7 +116,7 @@ tasks:
       {
         "position": {
           "x": 915,
-          "y": 1410
+          "y": 1740
         }
       }
     note: false
@@ -563,6 +563,7 @@ tasks:
     nexttasks:
       '#none#':
       - "19"
+      - "25"
     scriptarguments:
       entryID:
         complex:
@@ -605,7 +606,7 @@ tasks:
       {
         "position": {
           "x": 1320,
-          "y": 720
+          "y": 900
         }
       }
     note: false
@@ -1074,8 +1075,8 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 2150,
-          "y": 720
+          "x": 2190,
+          "y": 900
         }
       }
     note: false
@@ -1151,14 +1152,14 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 2150,
-          "y": 1040
+          "x": 2190,
+          "y": 1310
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
+    skipunavailable: true
     quietmode: 0
     isoversize: false
     isautoswitchedtoquietmode: false
@@ -1483,7 +1484,7 @@ tasks:
       {
         "position": {
           "x": 915,
-          "y": 1230
+          "y": 1550
         }
       }
     note: false
@@ -1537,7 +1538,7 @@ tasks:
     view: |-
       {
         "position": {
-          "x": -290,
+          "x": -330,
           "y": 460
         }
       }
@@ -1566,6 +1567,7 @@ tasks:
       - "10"
       "yes":
       - "13"
+      - "24"
     separatecontext: false
     conditions:
     - label: "yes"
@@ -1621,7 +1623,7 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 2150,
+          "x": 2190,
           "y": 460
         }
       }
@@ -1757,10 +1759,142 @@ tasks:
     quietmode: 0
     isoversize: false
     isautoswitchedtoquietmode: false
+  "24":
+    id: "24"
+    taskid: 4ee7917b-6813-4e61-8612-5f7116bd30eb
+    type: regular
+    task:
+      id: 4ee7917b-6813-4e61-8612-5f7116bd30eb
+      version: -1
+      name: Extract Text from QR Code
+      description: Extracts the text from a QR code. The output of this script includes the output of the script "extractIndicators" run on the text extracted from the QR code.
+      scriptName: ReadQRCode
+      type: regular
+      iscommand: false
+      brand: ""
+    nexttasks:
+      '#none#':
+      - "19"
+    scriptarguments:
+      entry_id:
+        complex:
+          root: inputs.File
+          filters:
+          - - operator: containsGeneral
+              left:
+                value:
+                  simple: inputs.File.Type
+                iscontext: true
+              right:
+                value:
+                  simple: image
+              ignorecase: true
+          accessor: EntryID
+          transformers:
+          - operator: append
+            args:
+              item:
+                value:
+                  simple: InfoFile.EntryID
+                iscontext: true
+          - operator: uniq
+          - operator: RemoveEmpty
+            args:
+              empty_values: {}
+              remove_keys:
+                value:
+                  simple: "true"
+    reputationcalc: 2
+    separatecontext: false
+    continueonerrortype: ""
+    view: |-
+      {
+        "position": {
+          "x": 1530,
+          "y": 1310
+        }
+      }
+    note: false
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: true
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
+  "25":
+    id: "25"
+    taskid: 35ed31ed-41e9-4108-8580-e94786764ae8
+    type: regular
+    task:
+      id: 35ed31ed-41e9-4108-8580-e94786764ae8
+      version: -1
+      name: Convert PDF to Image
+      description: Converts a PDF file to an image file.
+      script: '|||rasterize-pdf'
+      type: regular
+      iscommand: true
+      brand: ""
+    nexttasks:
+      '#none#':
+      - "24"
+    scriptarguments:
+      EntryID:
+        complex:
+          root: inputs.File
+          filters:
+          - - operator: containsGeneral
+              left:
+                value:
+                  simple: inputs.File.Type
+                iscontext: true
+              right:
+                value:
+                  simple: pdf
+              ignorecase: true
+            - operator: containsGeneral
+              left:
+                value:
+                  simple: inputs.File.Info
+                iscontext: true
+              right:
+                value:
+                  simple: pdf
+              ignorecase: true
+          accessor: EntryID
+          transformers:
+          - operator: append
+            args:
+              item:
+                value:
+                  simple: ${File(val.Info=="application/pdf").EntryID}
+                iscontext: true
+          - operator: uniq
+          - operator: RemoveEmpty
+            args:
+              empty_values: {}
+              remove_keys:
+                value:
+                  simple: "true"
+    separatecontext: false
+    continueonerrortype: ""
+    view: |-
+      {
+        "position": {
+          "x": 1320,
+          "y": 1130
+        }
+      }
+    note: false
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: true
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
 view: |-
   {
     "linkLabelsPosition": {
-      "13_19_#default#": 0.14,
+      "13_19_#default#": 0.11,
       "15_10_#default#": 0.11,
       "15_16_yes": 0.38,
       "1_10_#default#": 0.17,
@@ -1769,15 +1903,15 @@ view: |-
       "23_22_yes": 0.43,
       "5_10_#default#": 0.33,
       "5_6_yes": 0.36,
-      "7_10_#default#": 0.15,
-      "7_8_yes": 0.38,
+      "7_10_#default#": 0.1,
+      "7_8_yes": 0.24,
       "9_10_#default#": 0.18,
       "9_11_yes": 0.35
     },
     "paper": {
       "dimensions": {
-        "height": 1485,
-        "width": 3085,
+        "height": 1815,
+        "width": 3125,
         "x": -555,
         "y": -10
       }
@@ -2024,11 +2158,24 @@ outputs:
 - contextPath: DBotScore.Score
   description: The actual score.
   type: number
+- contextPath: QRCodeReader
+  description: The QR code reader primary key object.
+  type: unknown
+- contextPath: QRCodeReader.Text
+  description: The raw text extracted from the QR code image.
+  type: String
+- contextPath: QRCodeReader.Domain
+  description: The domains extracted from the QR code image if they are present.
+  type: String
+- contextPath: QRCodeReader.URL
+  description: The URLs extracted from the QR code image if they are present.
+  type: String
+- contextPath: QRCodeReader.IP
+  description: The IPs extracted from the QR code image if they are present.
+  type: String
 tests:
 - Extract Indicators From File - Generic v2 - Test
 fromversion: 5.0.0
-marketplaces:
-- xsoar
-- marketplacev2
 contentitemexportablefields:
   contentitemfields: {}
+system: true
diff --git a/Packs/CommonPlaybooks/ReleaseNotes/2_6_17.md b/Packs/CommonPlaybooks/ReleaseNotes/2_6_17.md
@@ -0,0 +1,6 @@
+
+#### Playbooks
+
+##### Extract Indicators From File - Generic v2
+
+- Added the ability to extract text from QR code images.
diff --git a/Packs/CommonPlaybooks/doc_files/Extract_Indicators_From_File_-_Generic_v2.png b/Packs/CommonPlaybooks/doc_files/Extract_Indicators_From_File_-_Generic_v2.png
diff --git a/Packs/CommonPlaybooks/pack_metadata.json b/Packs/CommonPlaybooks/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Common Playbooks",
     "description": "Frequently used playbooks pack.",
     "support": "xsoar",
-    "currentVersion": "2.6.16",
+    "currentVersion": "2.6.17",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/Phishing/.pack-ignore b/Packs/Phishing/.pack-ignore
@@ -58,6 +58,7 @@ DeleteReportedEmail
 GetBrandDeleteReportedEmail
 CommonTypes
 UseOldHTMLFields
+QR
 
 [file:LinkToPhishingCampaign.yml]
 ignore=BA124