Skip to main content

File Utilities

Work with ZIP archives and files in your workflows using Torq’s file utility steps.

Updated over 2 weeks ago

Add File to Zip Archive

Adds a file to an existing ZIP archive.

Input

  • ZIP archive: reports.zip

  • File to add: summary.csv

Optional parameters

  • Password: The password to use to unzip the file.

  • Return raw data (Boolean): Whether to return the raw data or the Base64 encoded data. Useful when outputting to a file.

Output

Updated ZIP archive containing summary.csv

Remove File from Zip Archive

Extracts a specific file from a ZIP archive.

Input

  • ZIP archive: reports.zip

  • File name to extract: summary.csv

Optional parameters

Password: The password to use to unzip the file.

Output

Extracted file: summary.csv

List Zip Files

Returns a list of all file names inside a ZIP archive.

Input

ZIP archive: reports.zip

Output

[
  "summary.csv",
  "alerts.json",
  "readme.txt"
]

Extract File from Zip Archive

Removes a specific file from an existing ZIP archive.

Input

  • ZIP archive: reports.zip

  • File name to remove: readme.txt

Output

Updated ZIP archive without: readme.txt

Unzip File

Unzips an archive and extracts all files.

Input

ZIP archive: reports.zip

Optional parameter

Password: The password to use to unzip the file.

Output

Extracted files:

  • summary.csv

  • alerts.json

  • readme.txt

Zip File

Creates a ZIP archive from a file.

Input

File to zip: summary.csv

Optional parameters

  • Password: The password to use to zip the file.

  • Return raw data (Boolean): Whether to return the raw data or the Base64 encoded data. Useful when outputting to a file.

Output

ZIP archive: summary.zip containing summary.csv

Use case: Zip File

Use this workflow to securely attach suspicious or malicious files to a Torq Case. The workflow downloads the file from a tqfile URL, compresses it into a password-protected ZIP (default password: infected), and uploads the archive to the specified Case as an attachment.

For a detailed implementation, refer to the full workflow template available in Torq.

  1. Receive file and parameters: Configure the on-demand trigger to accept:

    • sample_tqfile_data (the tqfile object containing a file URL and filename)

    • case_id (the Case to attach to)

    • password (optional; defaults to infected)

    • overwrite_original_file_name (optional override for the ZIP filename)

  2. Download the suspicious sample: Add an HTTP request step to download the file from sample_tqfile_data.url. The step retrieves the content and stores it as a file object that can be passed into File Utilities.

  3. Determine the archive name:

    • If overwrite_original_file_name is provided, the workflow uses it as the ZIP name.

    • Otherwise, it uses the original filename from sample_tqfile_data.file_name and appends .zip.

  4. Create a password protected ZIP using Zip File utility: Add the Zip File utility step and configure it as follows:

    • File input: The downloaded sample from Step 2.

    • Archive name: The name determined above.

    • Password: Use the password input. If not supplied, password defaults to infected.

    • Output of Zip file: A new ZIP file object representing the protected archive.

      The Zip File utility compresses the sample into a .zip archive and encrypts it with the password, preventing accidental execution or scanning side effects when analysts download it.

  5. Attach the ZIP to the case: Use Add attachment to case to upload the ZIP output into the Case identified by case_id. The workflow returns the attachment object so downstream steps or a parent workflow (if this one is the nested workflow) can reference it.

Related Articles
File Usage in Torq Workflows
Return HTTP Responses as Files: Handling Large Outputs and Binary Content
Utils Utilities
Workflow Template: Attach a password protected archive to a Torq Case
Screenshot Utilities
Did this answer your question?