Solved: How to create a dashboard button that triggers a s...

ineedafleeb · ‎06-03-2019

Hey Guys

So I want to be able to create a button that has an input in it. I'm wondering if this is possible?

The idea is that you input an IP address and then it would go and tell your IPS/Firewall to block from this dashboard.

Thanks!

DavidHourani · ‎06-03-2019

Hi @ineedafleeb,

It is possible ! And quite simple if you can code a bit. All you have to do is build an advanced command, you can learn more about this here :
http://dev.splunk.com/view/python-sdk/SP-CAAAEU2

Instead of building a command that will run on the search results just build one that takes an IP as an input and then send it off to your IPS/Firewall to have the protocol, port or IP blocked.

Feel free to share your code once you're done if you need help reviewing or improving it.

Cheers,
David

View solution in original post

DavidHourani · ‎06-03-2019

Hi @ineedafleeb,

It is possible ! And quite simple if you can code a bit. All you have to do is build an advanced command, you can learn more about this here :
http://dev.splunk.com/view/python-sdk/SP-CAAAEU2

Instead of building a command that will run on the search results just build one that takes an IP as an input and then send it off to your IPS/Firewall to have the protocol, port or IP blocked.

Feel free to share your code once you're done if you need help reviewing or improving it.

Cheers,
David

How to create a dashboard button that triggers a shell/python script with input?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Join the Conversation