Update 'Server.Utills.BackupAzure' to upload to subdirectory (Velocid…

…ex#759) Currently all data is uploaded to the Azure Blob Storage in the same directory. However, if you run multiple hunts and let all of them upload this becomes a big mess. This PR allows you to upload everything into a sub-directory per flow, bundling the results of all hosts from the same hunt/flow in the same subdirectory.
predictiple · Jan 18, 2024 · e7ce732 · e7ce732
1 parent 56d4b49
commit e7ce732
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/content/exchange/artifacts/Server.Utils.BackupAzure.yaml b/content/exchange/artifacts/Server.Utils.BackupAzure.yaml
@@ -25,6 +25,11 @@ parameters:
    - name: RemoveDownloads
      type: bool
      description: If set, remove the flow export files after upload
+
+   - name: UploadSubdirectory
+     default: FALSE
+     type: bool
+     description: If set, upload exports to subirectory per flow
 
 sources:
   - query: |
@@ -38,13 +43,14 @@ sources:
              flow_id=FlowId, wait=TRUE) AS FlowDownload
       FROM watch_monitoring(artifact="System.Flow.Completion")
       WHERE Flow.artifacts_with_results =~ ArtifactNameRegex
-        
+    
       SELECT upload_azure(
       file=FlowDownload,
       accessor="fs",
       sas_url=sas_url,
-      name=format(format="Host %v %v %v.zip",
-                     args=[Fqdn, FlowId, timestamp(epoch=now())])
+      name=if(condition=UploadSubdirectory, 
+                then=format(format="%v/Host %v %v %v.zip",args=[FlowId, Fqdn, FlowId, timestamp(epoch=now())]),
+                else=format(format="Host %v %v %v.zip",args=[Fqdn, FlowId, timestamp(epoch=now())]))
       ) AS Upload
 
       FROM completions