Menu Functions
      Back to home
      1. Online Help and Knowledge Base
      2. Menu Functions

      Blueprint Modifiers: Subscriber Provided Payloads

      Some modifiers require the subscriber to provide a payload. How do I provide a payload for a Blueprint Modifier if I need to?

      Some blueprints require that the subscriber (you) must provide the Payload. This is generally when the payload is very specific to your organization (such as an antivirus installation package that is designed specifically for your organization).

      There are four steps to providing your own payload:

      1. Generate the file that contains the required Payload information
      2. Get the SHA2 checksum for the payload file
      3. Host the Payload file somewhere public
      4. Add the URL and SHA2 to the modifier

      For this article, we will use the Sophos Endpoint blueprint as an example. All Blueprints with a subscriber-provided payload will follow these same instructions.

      STEP 1: Generate the file that contains the required Payload information

      To provide a payload, you must first determine what to include. Look at the NOTES on the Blueprint to see how to build your payload.

      Note: If the instructions do not specify a name for the payload, you can name the payload anything you'd like. For our example, we will simply use the name payload.zip

      As can be seen in the Sophos Endpoint example, this blueprint requires that the subscriber create a payload ZIP file called payload.zip that contains exactly one file: SophosSetup.exe (which is the organization-specific Sophos setup file provided by Sophos.)

      STEP 2: Get the SHA2 checksum for the payload file

      Next, find the SHA2 checksum for your payload file. Note: this is for the PAYLOAD file, not for any individual files within the payload. 

      In our example, you will generate the SHA2 of paylaod.zip file, not SophosSetup.exe.

      You can get the SHA2 of a file in several different ways:

      • Use PowerShell (our preferred method)
      • Use an Online SHA2 checksum detector (one such example here - no warranty or guarantee it will work)
      • Use a third-party tool (such as OpenHash - no warranty or guarantee it will work)

      Here's how to get a SHA2 has via a PowerShell prompt:

      check file hash value

      STEP 3: Host the Payload file somewhere public

      You will need to host the payload file somewhere that is publicly accessible. Because it is publicly accessible, it is best to not post anything confidential or secret inside the payload. Do not post PASSWORDS, LICENSE INFORMATION, or other secrets inside the payload!

      The payload should be hosted somewhere that does not require a username or password.

      If possible, we recommend hosting it on your organization's website. The URL for a file on your organization's website is generally available without a username and password.

      If you host it via Google Drive and make the file available to anyone, please know that Google throttles the number of anonymous downloads per hour a file can have. This can cause problems and is therefore not recommended.

      An example of hosting payload.zip on a school's website might be available at this URL:
      http://myschool.k12.st.us/files/payload.zip

      STEP 4: Add the URL and SHA2 to the modifier

      Use the SHA2 from STEP 2 and the URL from STEP 3 when filling out the blueprint.

      A: First, subscribe to the Blueprint 

      B: Next, click the Edit Blueprint link 

      C: Finally, add the SHA2 file and URL.

      You can now build the modifier as you normally would!