RSA Netwitness Packet and Logs - improve SSL usage, add commands argu… (

demisto#28397) * RSA Netwitness Packet and Logs - improve SSL usage, add commands argu… (demisto#27415) * RSA Netwitness Packet and Logs - improve SSL usage, add commands arguments suggestions, add noFile argument to netwitness-packets * Update RSANetWitnessPacketsAndLogs.yml add application/octet-stream in render * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update RSANetWitnessPacketsAndLogs.js * Update README.md * Update README.md * Update pack_metadata.json * Create 1_0_5.md * add credentials support * Add credentials support * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.js Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.js Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/ReleaseNotes/1_0_5.md Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update and rename 1_0_5.md to 1_0_6.md * revert release note using master * increase version * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.js Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * fix yml error reported by demisto-sdk and add breaking change file * add a . at the end of the line * fix error ci/cd pipeline * add feature in release note * add useSSL parameter in pack-ignore * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/ReleaseNotes/1_0_6.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: Pierre SOLER <9917674+Winultimatum@users.noreply.github.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: Pierre <Winultimatum@users.noreply.github.com> Co-authored-by: Pierre SOLER <9917674+Winultimatum@users.noreply.github.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
xsoar-contrib · Aug 2, 2023 · 10fbdc9 · 10fbdc9
1 parent 6dec9ce
commit 10fbdc9
Show file tree

Hide file tree

Showing 7 changed files with 280 additions and 80 deletions.
diff --git a/Packs/RsaNetWitnessPacketsAndLogs/.pack-ignore b/Packs/RsaNetWitnessPacketsAndLogs/.pack-ignore
@@ -2,4 +2,8 @@
 ignore=PA116
 
 [file:RSANetWitnessPacketsAndLogs_image.png]
-ignore=IM111
+ignore=IM111
+
+[known_words]
+renderToContext
+useSSL
diff --git a/.../RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md b/.../RsaNetWitnessPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/README.md
@@ -122,11 +122,14 @@
 <td style="width: 97px;">concentratorPort</td>
 <td style="width: 61px;">integer</td>
 <td style="width: 508px;">
-<p>Port to use with concentratorIP</p>
-<ul>
-<li>SSL: 54105</li>
-<li>Non-SSL: 50105</li>
-</ul>
+<p>Port to use with concentratorIP. 50105 (SSL/NON-SSL) for concentrator, 50103 (SSL/NON-SSL) for broker.</p>
+</td>
+</tr>
+<tr>
+<td style="width: 97px;">useSSL</td>
+<td style="width: 61px;">boolean</td>
+<td style="width: 508px;">
+<p>Send request in HTTPS instead of HTTP. By default the parameter is set to True but if your appliance is not configured to use SSL you can change it here.</p>
 </td>
 </tr>
 </tbody>
@@ -342,11 +345,14 @@
 <td style="width: 97px;">concentratorPort</td>
 <td style="width: 61px;">uint32 </td>
 <td style="width: 448px;">
-<p>Port to use with the concentratorIP parameter</p>
-<ul>
-<li>SSL: 56105</li>
-<li>Non-SSL: 50105</li>
-</ul>
+<p>Port to use with concentratorIP. 50105 (SSL/NON-SSL) for concentrator, 50103 (SSL/NON-SSL) for broker.</p>
+</td>
+</tr>
+<tr>
+<td style="width: 97px;">useSSL</td>
+<td style="width: 61px;">boolean</td>
+<td style="width: 508px;">
+<p>Send request in HTTPS instead of HTTP. By default the parameter is set to True but if your appliance is not configured to use SSL you can change it here.</p>
 </td>
 </tr>
 </tbody>
@@ -448,11 +454,14 @@
 <td style="width: 97px;">concentratorPort</td>
 <td style="width: 61px;">uint32 </td>
 <td style="width: 448px;">
-<p>Port to use with the concentratorIP parameter</p>
-<ul>
-<li>SSL: 56105</li>
-<li>Non-SSL: 50105</li>
-</ul>
+<p>Port to use with concentratorIP. 50105 (SSL/NON-SSL) for concentrator, 50103 (SSL/NON-SSL) for broker.</p>
+</td>
+</tr>
+<tr>
+<td style="width: 97px;">useSSL</td>
+<td style="width: 61px;">boolean</td>
+<td style="width: 508px;">
+<p>Send request in HTTPS instead of HTTP. By default the parameter is set to True but if your appliance is not configured to use SSL you can change it here.</p>
 </td>
 </tr>
 </tbody>
@@ -657,11 +666,14 @@
 <td style="width: 97px;">concentratorPort</td>
 <td style="width: 61px;">uint32</td>
 <td style="width: 448px;">
-<p>Port to use with the concentratorIP parameter</p>
-<ul>
-<li>SSL: 56105</li>
-<li>Non-SSL: 50105</li>
-</ul>
+<p>Port to use with concentratorIP. 50105 (SSL/NON-SSL) for concentrator, 50103 (SSL/NON-SSL) for broker.</p>
+</td>
+</tr>
+<tr>
+<td style="width: 97px;">useSSL</td>
+<td style="width: 61px;">boolean</td>
+<td style="width: 508px;">
+<p>Send request in HTTPS instead of HTTP. By default the parameter is set to True but if your appliance is not configured to use SSL you can change it here.</p>
 </td>
 </tr>
 <tr>
@@ -672,6 +684,13 @@
 <p>Examples: pcap, logs, logs (csv), logs (xml), or logs (json)</p>
 </td>
 </tr>
+<tr>
+<td style="width: 97px;">renderToContext</td>
+<td style="width: 61px;">boolean </td>
+<td style="width: 448px;">
+<p>If renderToContext is set to True and the render type is set to logs (json), the command will not create a file with the output. It will output to the context data.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <p> </p>
@@ -721,11 +740,14 @@
 <td style="width: 97px;">concentratorPort</td>
 <td style="width: 97px;">uint32</td>
 <td style="width: 448px;">
-<p>Port to use with the concentratorIP parameter</p>
-<ul>
-<li>SSL: 56105</li>
-<li>Non-SSL: 50105</li>
-</ul>
+<p>Port to use with concentratorIP. 50105 (SSL/NON-SSL) for concentrator, 50103 (SSL/NON-SSL) for broker.</p>
+</td>
+</tr>
+<tr>
+<td style="width: 97px;">useSSL</td>
+<td style="width: 61px;">boolean</td>
+<td style="width: 508px;">
+<p>Send request in HTTPS instead of HTTP. By default the parameter is set to True but if your appliance is not configured to use SSL you can change it here.</p>
 </td>
 </tr>
 </tbody>
@@ -772,11 +794,14 @@
 <td style="width: 138px;">concentratorPort</td>
 <td style="width: 63.5px;">uint32</td>
 <td style="width: 436.5px;">
-<p>Port to use with the concentratorIP parameter</p>
-<ul>
-<li>SSL: 56105</li>
-<li>Non-SSL: 50105</li>
-</ul>
+<p>Port to use with concentratorIP. 50105 (SSL/NON-SSL) for concentrator, 50103 (SSL/NON-SSL) for broker.</p>
+</td>
+</tr>
+<tr>
+<td style="width: 97px;">useSSL</td>
+<td style="width: 61px;">boolean</td>
+<td style="width: 508px;">
+<p>Send request in HTTPS instead of HTTP. By default the parameter is set to True but if your appliance is not configured to use SSL you can change it here.</p>
 </td>
 </tr>
 <tr>
@@ -922,11 +947,14 @@
 <td style="width: 97px;">concentratorPort</td>
 <td style="width: 61px;">uint32 </td>
 <td style="width: 448px;">
-<p>Port to use with the concentratorIP parameter</p>
-<ul>
-<li>SSL: 56105</li>
-<li>Non-SSL: 50105</li>
-</ul>
+<p>Port to use with concentratorIP. 50105 (SSL/NON-SSL) for concentrator, 50103 (SSL/NON-SSL) for broker.</p>
+</td>
+</tr>
+<tr>
+<td style="width: 97px;">useSSL</td>
+<td style="width: 61px;">boolean</td>
+<td style="width: 508px;">
+<p>Send request in HTTPS instead of HTTP. By default the parameter is set to True but if your appliance is not configured to use SSL you can change it here.</p>
 </td>
 </tr>
 </tbody>
@@ -1039,11 +1067,14 @@
 <td style="width: 97px;">concentratorPort</td>
 <td style="width: 61px;">uint32 </td>
 <td style="width: 455px;">
-<p>Port to use with the concentratorIP parameter</p>
-<ul>
-<li>SSL: 56105</li>
-<li>Non-SSL: 50105</li>
-</ul>
+<p>Port to use with concentratorIP. 50105 (SSL/NON-SSL) for concentrator, 50103 (SSL/NON-SSL) for broker.</p>
+</td>
+</tr>
+<tr>
+<td style="width: 97px;">useSSL</td>
+<td style="width: 61px;">boolean</td>
+<td style="width: 508px;">
+<p>Send request in HTTPS instead of HTTP. By default the parameter is set to True but if your appliance is not configured to use SSL you can change it here.</p>
 </td>
 </tr>
 </tbody>
@@ -1230,11 +1261,14 @@
 <td style="width: 97px;">concentratorPort</td>
 <td style="width: 61px;">uint32 </td>
 <td style="width: 448px;">
-<p>Port to use with the concentratorIP parameter</p>
-<ul>
-<li>SSL: 56105</li>
-<li>Non-SSL: 50105</li>
-</ul>
+<p>Port to use with concentratorIP. 50105 (SSL/NON-SSL) for concentrator, 50103 (SSL/NON-SSL) for broker.</p>
+</td>
+</tr>
+<tr>
+<td style="width: 97px;">useSSL</td>
+<td style="width: 61px;">boolean</td>
+<td style="width: 508px;">
+<p>Send request in HTTPS instead of HTTP. By default the parameter is set to True but if your appliance is not configured to use SSL you can change it here.</p>
 </td>
 </tr>
 </tbody>

diff --git a/...essPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.js b/...essPacketsAndLogs/Integrations/RSANetWitnessPacketsAndLogs/RSANetWitnessPacketsAndLogs.js
@@ -5,14 +5,15 @@ var RESPONSE_TYPES = {
     'xml': 'text/xml',
     'octet-stream': 'application/octet-stream'
 };
-var SSL_PORT = '56105';
-var NON_SSL_PORT = '50105';
+var API_REST_PORT = '50105';
 var LAST_HOURS = 'lastHours';
 var LAST_MINUTES = 'lastMinutes';
 var QUERY = 'query';
 var USER_NAME = params.user_creds ? params.user_creds.identifier : params.username;
+
 var PASSWORD = (params.user_creds || params).password;
 
+
 function fixUrl(base) {
     var url = base.trim();
     if (base.indexOf('http://') !== 0 && base.indexOf('https://') !== 0) {
@@ -33,18 +34,14 @@ function getUrl(currentUrl){
         // Check if port was provided, omit it if yes
         var match = args.concentratorIP.match(/(https{0,1}:\/\/?.*):/);
         urlToReturn = match ? match[1] : args.concentratorIP;
-        var port = args.concentratorPort;
-        if(port){
-            if(port === SSL_PORT){
-                urlToReturn = urlToReturn.indexOf('https://') === -1 ? 'https://' + urlToReturn : urlToReturn;
-            }
-            else{
-                urlToReturn = urlToReturn.indexOf('http://') === -1 ? 'http://' + urlToReturn : urlToReturn;
-            }
+        var port = args.concentratorPort || API_REST_PORT;
+        var useSSL = args.useSSL;
+
+        if(useSSL === "true"){
+            urlToReturn = urlToReturn.indexOf('https://') === -1 ? 'https://' + urlToReturn : urlToReturn;
         }
         else{
             urlToReturn = urlToReturn.indexOf('http://') === -1 ? 'http://' + urlToReturn : urlToReturn;
-            port = NON_SSL_PORT;
         }
 
         urlToReturn = urlToReturn + ":" + port;
@@ -511,7 +508,21 @@ function parseDownloadResponse(resp) {
             if(args && args.fileExt){
                 extension = args.fileExt;
             }
-            return createFileEntry(resp.Bytes, extension);
+            if (args.renderToContext === "true" && args.render === "application/json"){
+                var jsonstr = JSON.parse(resp.Body);
+                return {
+                    Type: entryTypes.note,
+                    Contents: jsonstr,
+                    ContentsFormat: formats.json,
+                    HumanReadable: jsonstr["logs"],
+                    ReadableContentsFormat: formats.json,
+                    EntryContext: {
+                        'NetWitness.Packets': jsonstr["logs"]
+                    }
+                };
+            } else{
+                return createFileEntry(resp.Bytes, extension);
+            }
         } catch (e) {
             return e;
         }