Hi,
We have recently switched from Phantom to SOAR and I'm trying to send our triggered alerts to SOAR.
The TA we are using is Splunk for SOAR Export
I have tested that from Splunk Enterprise to SOAR connect and it works.
But I keep getting the following error for one alert
11-04-2022 05:31:21.724 +1100 WARN sendmodalert [17285 AlertNotifierWorker-0] - action=sendtophantom - Alert action script returned error code=1
11-04-2022 05:31:21.724 +1100 INFO sendmodalert [17285 AlertNotifierWorker-0] - action=sendtophantom - Alert action script completed in duration=1394 ms with exit code=1
This question was also asked in alerting as well.
https://community.splunk.com/t5/Splunk-SOAR-f-k-a-Phantom/Unable-to-add-auth-token-or-add-phantom-in...
But I feel like it could be the wrong channel.