https://community.splunk.com/t5/Splunk-SOAR/Using-Splunk-Phantom-post-data-to-send-data-from-Phantom-back/m-p/473524#M230 <P>You can use format block for formatting data and that formatted data can be used to post in SPlunk</P> Tue, 10 Sep 2019 07:01:45 GMT ansusabu 2019-09-10T07:01:45Z https://community.splunk.com/t5/Splunk-SOAR/Using-Splunk-Phantom-post-data-to-send-data-from-Phantom-back/m-p/473523#M229 <P>Hi I am new to Splunk Phantom and have so far far</P> <UL> <LI>Triggered an alert in Splunk</LI> <LI>This send the data into Phantom</LI> <LI>Phantom then runs a playbook which queries some Carbon Black stuff</LI> <LI>I then want to send the results of this carbon black search back into Splunk</LI> </UL> <P>I can see that i can use the Splunk App in Phantom and use the postdata command.</P> <P>However i only seem to be able to sned back one value at a time, with no futher remarks.<BR />Is it possible to send back the complete object from Phantom into Splunk as a JSON object?</P> <P>For example you would have the original data you sent to Phantom and then the enhancement that you have got from running the playbook against the original data.</P> <P>The reason is that Splunk is the front end tool, and it would be more convienient to view any results in Splunk.</P> Sun, 07 Jun 2020 17:37:08 GMT https://community.splunk.com/t5/Splunk-SOAR/Using-Splunk-Phantom-post-data-to-send-data-from-Phantom-back/m-p/473523#M229 davidwaugh 2020-06-07T17:37:08Z https://community.splunk.com/t5/Splunk-SOAR/Using-Splunk-Phantom-post-data-to-send-data-from-Phantom-back/m-p/473524#M230 <P>You can use format block for formatting data and that formatted data can be used to post in SPlunk</P> Tue, 10 Sep 2019 07:01:45 GMT https://community.splunk.com/t5/Splunk-SOAR/Using-Splunk-Phantom-post-data-to-send-data-from-Phantom-back/m-p/473524#M230 ansusabu 2019-09-10T07:01:45Z