Splunk Enterprise Security

Phantom: How to update an artifact in a Custom Function

zyun
Explorer

I'm looking to update an artifact in a custom function. The closest thing that's supported is being able to update a container, or delete/add artifacts which is not what we want to do (as the initial artifact must stay intact). 

Is there any workaround for updating artifacts in a CF, or are there any plans to include update_artifact into the supported Custom Function API commands?

Labels (2)
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!