Solved: Re: Phantom - Assign Container/Case to Self - Play...

jamolson · ‎07-03-2019

I am working on automating some minor things and I want to add in a step to have the playbook assign the container or case to the user running the playbook.
I am currently using a rest call to get the last user who opened the current item but there are some issues with this.

Does anyone know if there is a more specific call to get the current user value in Phantom like Splunk can with

| rest /services/authentication/current-context | table username

1549359 · ‎07-07-2019

have used something like below in the playbook for the same

playbook_info = phantom.get_playbook_info()
phantom.set_owner(container, playbook_info[0]['effective_user_id']),I have used something below in my playbook.

playbook_info = phantom.get_playbook_info()
phantom.set_owner(container, playbook_info[0]['effective_user_id'])

View solution in original post

1549359 · ‎07-07-2019

have used something like below in the playbook for the same

playbook_info = phantom.get_playbook_info()
phantom.set_owner(container, playbook_info[0]['effective_user_id']),I have used something below in my playbook.

playbook_info = phantom.get_playbook_info()
phantom.set_owner(container, playbook_info[0]['effective_user_id'])

jamolson · ‎07-08-2019

Thank you very much, this is perfect.

Phantom - Assign Container/Case to Self - Playbook

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023