Splunk SOAR (f.k.a. Phantom)
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Create Ingest Action in Phanto App

jpferrero
Engager
‎10-22-2020 06:36 AM

Hello,

I'm trying to develop my first Phanto APP using the wizard. The integration is like a ticketing system and I want to implement an ingest action (on_poll). When I select this action and try to submit the App I get the following error:

jpferrero_0-1603373671283.png

What am I missing?

Thank yo very much.

Jose

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
‎10-22-2020 07:20 AM

@jpferrero the `on_poll` action is one you can't configure in the Wizard (still not sure why it's there tbh). 

I order to build one I would recommend building the barebones in the wizard then review some of the apps here (https://github.com/phantomcyber/phantom-apps/tree/next/Apps) to see how the on_poll action is setup and look to replicate and tweak to your needs. Apps I know of with on_poll are JIRA & Proofpoint. There are likely more but these are ones I have used as templates in the past. 

Hope this helps? If so please provide Karma & if it answers your issue, please mark as a solution. 

Thanks.

View solution in original post

Reply
Solved! Jump to solution

jpferrero
Engager
‎10-22-2020 08:36 AM

Thank you very much. I started coding the 'on-poll' function without using the wizard, but just to know if I was doing something wrong or was a Wizard related issue.

Reply
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
‎10-22-2020 07:20 AM

@jpferrero the `on_poll` action is one you can't configure in the Wizard (still not sure why it's there tbh). 

I order to build one I would recommend building the barebones in the wizard then review some of the apps here (https://github.com/phantomcyber/phantom-apps/tree/next/Apps) to see how the on_poll action is setup and look to replicate and tweak to your needs. Apps I know of with on_poll are JIRA & Proofpoint. There are likely more but these are ones I have used as templates in the past. 

Hope this helps? If so please provide Karma & if it answers your issue, please mark as a solution. 

Thanks.

Reply
Get Updates on the Splunk Community!

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

The Splunk Community Dashboard Challenge is still happening, and it's not too late to enter for the week of ...