Splunk SOAR (f.k.a. Phantom)
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Calling Playbook in Custom Function

LowAnt
New Member
‎12-04-2023 01:21 PM

I want to run an Enrichment playbook inside a custom function. Looking to pass in a list of devices and call the playbook each time passing in a single deviceId at a time. What is the best way to do this?

Labels (2)
0 Karma
Reply

SOARt_of_Lost
Path Finder
‎01-17-2024 06:58 AM

Unfortunately, according to the documentation, calling a playbook from within a custom function is not supported. What you could do instead is move the custom function into the playbook, then call the playbook anywhere you would have put the custom function. As for calling the playbook once for each deviceID, if you're getting them from an artifact field, you can plug that field in, and SOAR will loop through each value for you.

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

The Splunk Community Dashboard Challenge is still happening, and it's not too late to enter for the week of ...

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...