Splunk SOAR (f.k.a. Phantom)

Create Ingest Action in Phanto App

jpferrero
Engager

Hello,

I'm trying to develop my first Phanto APP using the wizard. The integration is like a ticketing system and I want to implement an ingest action (on_poll). When I select this action and try to submit the App I get the following error:

jpferrero_0-1603373671283.png

What am I missing?

Thank yo very much.

Jose

Labels (1)
0 Karma
1 Solution

phanTom
SplunkTrust
SplunkTrust

@jpferrero the `on_poll` action is one you can't configure in the Wizard (still not sure why it's there tbh). 

I order to build one I would recommend building the barebones in the wizard then review some of the apps here (https://github.com/phantomcyber/phantom-apps/tree/next/Apps) to see how the on_poll action is setup and look to replicate and tweak to your needs. Apps I know of with on_poll are JIRA & Proofpoint. There are likely more but these are ones I have used as templates in the past. 

Hope this helps? If so please provide Karma & if it answers your issue, please mark as a solution. 

Thanks.

View solution in original post

jpferrero
Engager

Thank you very much. I started coding the 'on-poll' function without using the wizard, but just to know if I was doing something wrong or was a Wizard related issue.

phanTom
SplunkTrust
SplunkTrust

@jpferrero the `on_poll` action is one you can't configure in the Wizard (still not sure why it's there tbh). 

I order to build one I would recommend building the barebones in the wizard then review some of the apps here (https://github.com/phantomcyber/phantom-apps/tree/next/Apps) to see how the on_poll action is setup and look to replicate and tweak to your needs. Apps I know of with on_poll are JIRA & Proofpoint. There are likely more but these are ones I have used as templates in the past. 

Hope this helps? If so please provide Karma & if it answers your issue, please mark as a solution. 

Thanks.

Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...