Solved: Phantom - Assign Container/Case to Self - Playbook

jamolson · ‎07-03-2019

I am working on automating some minor things and I want to add in a step to have the playbook assign the container or case to the user running the playbook.
I am currently using a rest call to get the last user who opened the current item but there are some issues with this.

Does anyone know if there is a more specific call to get the current user value in Phantom like Splunk can with

| rest /services/authentication/current-context | table username

1549359 · ‎07-07-2019

have used something like below in the playbook for the same

playbook_info = phantom.get_playbook_info()
phantom.set_owner(container, playbook_info[0]['effective_user_id']),I have used something below in my playbook.

playbook_info = phantom.get_playbook_info()
phantom.set_owner(container, playbook_info[0]['effective_user_id'])

View solution in original post

1549359 · ‎07-07-2019

have used something like below in the playbook for the same

playbook_info = phantom.get_playbook_info()
phantom.set_owner(container, playbook_info[0]['effective_user_id']),I have used something below in my playbook.

playbook_info = phantom.get_playbook_info()
phantom.set_owner(container, playbook_info[0]['effective_user_id'])

jamolson · ‎07-08-2019

Thank you very much, this is perfect.

Phantom - Assign Container/Case to Self - Playbook

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation