Solved: Phantom - Assign Container/Case to Self - Playbook

jamolson · ‎07-03-2019

I am working on automating some minor things and I want to add in a step to have the playbook assign the container or case to the user running the playbook.
I am currently using a rest call to get the last user who opened the current item but there are some issues with this.

Does anyone know if there is a more specific call to get the current user value in Phantom like Splunk can with

| rest /services/authentication/current-context | table username

1549359 · ‎07-07-2019

have used something like below in the playbook for the same

playbook_info = phantom.get_playbook_info()
phantom.set_owner(container, playbook_info[0]['effective_user_id']),I have used something below in my playbook.

playbook_info = phantom.get_playbook_info()
phantom.set_owner(container, playbook_info[0]['effective_user_id'])

View solution in original post

1549359 · ‎07-07-2019

have used something like below in the playbook for the same

playbook_info = phantom.get_playbook_info()
phantom.set_owner(container, playbook_info[0]['effective_user_id']),I have used something below in my playbook.

playbook_info = phantom.get_playbook_info()
phantom.set_owner(container, playbook_info[0]['effective_user_id'])

jamolson · ‎07-08-2019

Thank you very much, this is perfect.

Phantom - Assign Container/Case to Self - Playbook

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM