Splunk Enterprise Security

Phantom: How to update an artifact in a Custom Function


I'm looking to update an artifact in a custom function. The closest thing that's supported is being able to update a container, or delete/add artifacts which is not what we want to do (as the initial artifact must stay intact). 

Is there any workaround for updating artifacts in a CF, or are there any plans to include update_artifact into the supported Custom Function API commands?

Labels (2)
0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!