Splunk SOAR (f.k.a. Phantom)

I was wondering if any of you had a cheat sheet to make playbooks to help automate my job for beginners.

New Member

So pretty much,

-Grabs the list of all vulnerabilities from big fix and/or tenable
-get subnets of the modes we will need to pull vulnerabilities from BigFix
-Have the returned list filter out ones for specific modes or either have the program use another program that does that task

-After all the list are sent to their respected Actions well have the program run the DNS, whois, and BigFix FISMA ID query tools

After all these tasks are completed we would like for Phantom to create a report of the findings and send them to our distro list.

"it would be broken down into individual reports that we can use to add to a remedy ticket"

Labels (2)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...