Splunk Enterprise Security

Playbook Having Issues executing

rupalekar
Explorer

Hi

For some reason none of my playbooks finish executing. They simply stay in a loop

Even if it is a simple test like:

Start--> Check if 1==1 --> End

This stays in loop (In GUI the playbook shows spinning icon next to it forever. No debug logs are generated)forever when run against any incidences/events. Any idea why?

This was created via GUI tool. Here's corresponding auto generated python code

"""
"""

import phantom.rules as phantom
import json
from datetime import datetime, timedelta

def on_start(container):
phantom.debug('on_start() called')

# call 'filter_1' block
filter_1(container=container)

return

def filter_1(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None):
phantom.debug('filter_1() called')

# collect filtered artifact ids for 'if' condition 1
matched_artifacts_1, matched_results_1 = phantom.condition(
    container=container,
    conditions=[
        ["1", "==", "1"],
    ],
    name="filter_1:condition_1")

# call connected blocks if filtered artifacts or results
if matched_artifacts_1 or matched_results_1:
    pass

return

def on_finish(container, summary):
phantom.debug('on_finish() called')
# This function is called after all actions are completed.
# summary of all the action and/or all detals of actions
# can be collected here.

# summary_json = phantom.get_summary()
# if 'result' in summary_json:
    # for action_result in summary_json['result']:
        # if 'action_run_id' in action_result:
            # action_results = phantom.get_action_results(action_run_id=action_result['action_run_id'], result_data=False, flatten=False)
            # phantom.debug(action_results)

return
0 Karma

rupalekar
Explorer

Any Guesses?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...