Splunk SOAR (f.k.a. Phantom)

Phantom Custom Code Alarm

johnteo
Explorer

Hi guys I have been trying to make a alarm ring every time the playbook executes.

However, when trying to do it with Python in the VPE, and import error occurs when I try to import winsound (No module named winsound). I do not know how to resolve this error in the VPE.

Does the development environment here allow for the import of that module?

Labels (2)
Tags (1)
0 Karma
1 Solution

rplas
SplunkTrust
SplunkTrust

You'll need to install that module either via pip on your Phantom server or bundled into a Phantom app.

To install a package, log into the command line of your Phantom server and run phenv pip2.7 install {package} where {package} is just the name of the package you want to install. For example, phenv pip2.7 install winsound.

Then you should be able to import winsound in the global section of the playbook.

Sources:

View solution in original post

rplas
SplunkTrust
SplunkTrust

You'll need to install that module either via pip on your Phantom server or bundled into a Phantom app.

To install a package, log into the command line of your Phantom server and run phenv pip2.7 install {package} where {package} is just the name of the package you want to install. For example, phenv pip2.7 install winsound.

Then you should be able to import winsound in the global section of the playbook.

Sources:

rplas
SplunkTrust
SplunkTrust

However, I don't think this module will work as Phantom does not have access to your Windows environment.

rgresham_splunk
Splunk Employee
Splunk Employee

@johnteo Just remember... what @rplas says is correct here for a development environment. However, I would always use link text process to deploy in a production environment because, the playbooks would fail if you have a warm standby or clustered environment.

Regards,
Rob

0 Karma

johnteo
Explorer

Hi, I have returned to this problem again. I am able to install the package(playsound this time). However, if Phantom does not have access to my Windows Environment is it possible to play a sound from the mp3 file as I leave phantom running on the background?

0 Karma

johnteo
Explorer

May I know how to give Phantom access to the windows environment?

0 Karma

sam_splunk
Splunk Employee
Splunk Employee

Phantom runs on Linux, not Windows. You may be running Phantom on Linux on Windows (i.e. Phantom -> VirtualBox -> CentOS) but you'd need to get the underlying Linux system an audio device and driver. You cannot directly give it access to the windows audio subsystem.

You may be able to add a virtual sound device (if you're using vmware or virtualbox or the like) and then configure Linux to use that and play audio. If you get that working, you'll have to work out the right command(s) to play the sound and then build that into your playbook(s) (using something like ssh into the host).

Overall, this will be pretty complicated to do directly. Finding an API you can hit that plays a sound would likely be much easier.

0 Karma

johnteo
Explorer

Thank you for your response ghays, I appreciate it.

0 Karma

phantom_mhike
Path Finder

You could follow the advice I posted in your previous question and use slack or some other application to generate the sound alerts you are looking for.

0 Karma

ansusabu
Communicator

You have to install the module in your server first,then try to import the module in the global block.

johnteo
Explorer

After importing the module onto the server successfully, how do i make the sound play every time the playbook runs?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...