Oh, and forgot to say my playbook also takes those files and uses them in other actions like submit to our sandbox for analysis

Thanks for the reply @John DePalma but can you please expatiate more?

Siemplify, on-prem connector, downloads the email to one folder, and any attachments to a different folder. Onto the on-prem connector. Not the cloud platform. IN the above line, you mean downloaded to the Siemplify platform itself in the path specified right?

Thus, I feel reasonably safe with having a server on my network full of potential malware. No services running on that server to open the attachments and no one besides myself can access the server anyway.

You mean the Siemplify platform here, right? or which server

The folder with attachments is locked to only allow the siemplify and admin account to have access.

Also can you expatiate how you attained this? When you said only Siemplify and Admin, you mean from the GUI so it can be picked up by the playbook right? Thanks

We use Siemplify in the Cloud where we have no access to the server backend.
So, I use the on-premises Siemplify Agent so that the Cloud Siemplify can communicate with some of our Internal only tools.
The agent is basically just a linux server with a Siemplify program running on it.
On that linux server is where I download to a specified path and this server can only be accessed via the admin or siemplify credentials I created on it.
SSH access only, nothing GUI.

Got it, thanks for elaborating on this.

Happy to help! Hopefully I clarified everything. Let me know if you have other questions!

Sure!