Splunk SOAR (f.k.a. Phantom)

Finding the log when a auth-token is regenerated

New Member

I was wondering if anyone knew where I could find it either in the logs or even better the audit REST endpoint if an automation account regenerates it's auth-token.  


I've looked through the audit logs but I haven't seen an entry for it.  


Any leads or tips would be appreciated. 


Thank you

Labels (3)
0 Karma
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...