---
title: "File Post App Knowledge Base Article | ThreatConnect"
slug: "file-post-app"
description: "The File Post App is a utility that passes a binary to a Playbook for analysis, the results of which can be passed back to the App. This article describes how to configure and use the File Post App."
tags: ["Orchestration and Automation", "Analytical Tools"]
updated: 2024-03-18T15:18:31Z
published: 2024-03-18T15:18:31Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://knowledge.threatconnect.com/llms.txt
> Use this file to discover all available pages before exploring further.

# File Post App

## Overview

The File Post App uploads a file and posts it to a [WebHook Trigger](/v1/docs/playbooks-the-webhook-trigger) within a [Playbook](/v1/docs/playbooks). It can then receive a response from the Playbook. Essentially, it is a utility that passes a binary to a Playbook for analysis, the results of which can be passed back to the App.

## Before You Start

| Minimum Role(s) | - Organization role of Organization Administrator to [](https://knowledge.threatconnect.com/v1/docs/adding-app-profiles)[add the App profile](https://knowledge.threatconnect.com/v1/docs/adding-app-profiles) - Organization role of Standard User to create a Menu Space for the App profile and to upload a file for analysis using the File Post App |
| --- | --- |
| Prerequisites | An active Playbook with a WebHook Trigger; **TCM – File Post v1.0** App installed by a System Administrator |

## Playbook Example

To use the File Post App, you must first create a Playbook that contains a WebHook Trigger. If desired, the Playbook’s output can then be returned to the Trigger, based on the results of the [Playbook execution](/v1/docs/playbook-executions).

Figure 1 shows the example Playbook used in this article. This Playbook receives a file, unzips it, and uses ReversingLabs™ Playbook Apps to analyze it and determine whether it is a known threat. If it is, the Playbook returns a message stating that the file is malware, and it creates a Document and File Indicator in ThreatConnect. If not, it returns information from ReversingLabs containing an assessment of the file as goodware or unknown.

![Diagram Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/file-post-app-image-iahg0c02.png)

## Creating an App Profile and Menu Space

1. Copy the URL endpoint of the Playbook to which the binary is to be posted by navigating to the [**Playbooks**screen](/v1/docs/the-playbooks-screen), hovering the cursor over the row for the Playbook, and clicking the **Copy** ![Text, icon  Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/file-post-app-image-23mfw6bj.png) icon displayed to the right in the **Name**column.ImportantThe Playbook must be active for the **Copy**![Text, icon  Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/file-post-app-image-23mfw6bj.png) icon to be displayed and for the File Post App to function properly.
2. Follow the steps in [*Adding App Profiles*](/v1/docs/adding-app-profiles) to open the **App Profile** window. The **Profile**tab will be displayed (Figure 2). ![](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/file-post-app-image-z5inl1u0.png)
  - **Profile Name**: Enter a profile name for the App, such as “Analyze Suspicious File.” A good profile name provides information about the intended use case for the App. The profile name is what will display in a user’s **Spaces** dropdown menu. (See Figure 7.)
  - **Installed App**: Select **TCM - FilePost v1.0**.
  - Click the **Next** button.
3. The **Setup** tab of the **App Profile**window will be displayed (Figure 3). ![Graphical user interface  Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/file-post-app-image-f1hh2ego.png)
  - **URL**: Paste the URL endpoint that was copied in Step 1.
  - **Max File Size**: Enter the maximum file size that a user can upload to the App.
  - **Basic Auth Username**: If the Playbook to which the App is connecting requires basic authentication, enter the username. If no authentication is required, this field may be left blank.
  - **Basic Auth Password**: If the Playbook to which the App is connecting requires basic authentication, enter the password associated with the username in the **Basic Auth Username**field. If no authentication is required, this field may be left blank.
  - **Minutes to wait for playbook response**: Enter the maximum amount of time for the App to wait for a response before timing out.
  - Click the **Next** button.
4. The **Defaults** tab of the **App Profile**window will be displayed (Figure 4). ![Graphical user interface, website  Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/file-post-app-image-xcosj7rv.png)
  - A message will be displayed stating that there are no default parameters to configure.
  - Click the **Next**button.
5. The **Review** tab of the **App Profile**window will be displayed (Figure 5). ![](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/file-post-app-image-hafvjvr8.png)
  - Review the configuration of the App profile.
  - Click the **SAVE** button to save the App profile.
6. To create a Menu Space for the App, hover the cursor over **Spaces** on the top navigation bar and select **Add Menu Space**. The **Add App** window will be displayed (Figure 6). ![Graphical user interface, application  Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/file-post-app-image-9bp5wbgf.png)
  - **Select App**:****Select the App profile that you just created.
  - Click the **ADD** button.
7. The App profile will now be displayed when you hover the cursor over **Spaces** on the top navigation bar (Figure 7). ![Graphical user interface, application  Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/file-post-app-image-82byaz3i.png)

## Using the File Post App

1. Hover the cursor over **Spaces** on the top navigation bar and select the App profile created in the previous section (Figure 7). A window for the App will be displayed (Figure 8). To open the App window in a new browser tab, click **Open in New Tab** ![A close-up of a logo  Description automatically generated with medium confidence](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/file-post-app-image-6ye9lfqn.png) to the right of the App name in the **Spaces**menu. ![Graphical user interface, application, Teams  Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/file-post-app-image-p3u8fffx.png)
2. Click the **Select file to upload** button to select a file using your computer’s file manager. The selected file will be displayed in the App window (Figure 9). Note that you can select only one file for upload at a time. ![](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/file-post-app-image-wvprqfop.png)
  - Click the **Upload** button to upload the file to the Playbook. There may be a delay while the Playbook runs and analyzes the file.
  - To remove the file without uploading it, click the **X** next to the file or click the **Cancel** button.
3. If the upload completes, a green box confirming that the upload was successful will be displayed temporarily at the upper-right corner of the window, and the results of the analysis from the Playbook will be displayed in the **Response:**section. Figure 10 shows the results for a non-malicious file, whereas Figure 11 shows the results for a file that was determined to be malicious and saved in the ThreatConnect malware vault. ![Graphical user interface, text, application  Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/file-post-app-image-l2f192d2.png)

![Graphical user interface, text, application, email  Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/file-post-app-image-voonhhv6.png)
4. For files that were determined to be malicious and saved in the ThreatConnect malware vault, a **Click here** link will be displayed in the **Response:**section of the App window (Figure 11). Click this link to view the File Indicator in ThreatConnect.NoteThe content and functionality of the response, including the link to the File Indicator that is created in ThreatConnect, are generated by the Playbook, not by the File Post App. The App only passes the file to the Playbook and receives output from the Playbook.

---

*ThreatConnect® is a registered trademark of ThreatConnect, Inc. ReversingLabs™ is a trademark of ReversingLabs International GmbH.*

20067-01 v.04.C

## Related

- [Adding App Profiles](/adding-app-profiles.md)
- [Playbooks](/playbooks.md)