Splunk SOAR (f.k.a. Phantom)

Can you call a phantom action from a different app?

gf13579
Communicator

The scenario is that I want to wrap around an existing app (ServiceNow) that make it easier for analysts to use manually - abstracting the sys_id values of teams and request types.

I see the docs say you can't call act() from a custom function. I'm guessing, based on a phenv python3; import phantom you can't call act from there either.

Labels (2)
0 Karma
1 Solution

gf13579
Communicator

Hi @phanTom  I don't actually want to call it from a custom function, I was just observing that you can't do that. I wanted to call another app's action from my custom app.

I realised I could've just done a POST against /rest/action_run from my custom app to achieve what I was trying to do.

View solution in original post

0 Karma

phanTom
SplunkTrust
SplunkTrust

@gf13579 can you expand a bit more on the use case and why you would want the phantom.act() call to be run from custom function?

Why not build something (list, etc) in the custom function and then pass it to an existing block where the phantom.act() call can be used?

It may be better to have a go at making a change to the app but as it's not been open-sourced yet you would need to request the source code from Support (If you are a customer). 

If this helped, please add a tick, and if i solved your problem (or as close as it could) please mark as a solution.

Thanks, phanTom

0 Karma

gf13579
Communicator

Hi @phanTom  I don't actually want to call it from a custom function, I was just observing that you can't do that. I wanted to call another app's action from my custom app.

I realised I could've just done a POST against /rest/action_run from my custom app to achieve what I was trying to do.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...