This article describes that while extracting artifacts, the Utility connector 3.3.0 parses HTML tags as file indicators.
This typically occurs when records contain formatted HTML tables in the description, aimed at enhancing the SOC analyst’s understanding.
Scope
FortiSOAR v7.4.x, v7.x.
Solution
Step 1: Take a backup of the patterns.ini file:
# cp /opt/cyops/configs/integrations/connectors/cyops_utilities_3_3_0/patterns.ini /opt/cyops/configs/integrations/connectors/cyops_utilities_3_3_0/patterns.ini.bk
Step 2: Update the file path pattern:
# vi /opt/cyops/configs/integrations/connectors/cyops_utilities_3_3_0/patterns.ini [Filepath] pattern: \b[A-Z]:\\[A-Za-z0-9-_\.\\]+\b
Step 3: Restart the uWSGI services:
# systemctl restart uwsgi.service
Note: Take a snapshot of the VM before making any changes to the system.