Splunk SOAR (f.k.a. Phantom)
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Possible for Splunk SOAR playbook tag on Artifact and not container?

bond_dev
Engager
‎03-14-2023 01:31 PM

Is there a method in which a playbook can be configured to add the tag to the artifact and not the whole container. We are running Splunk SOAR 5.0.1 on prem. 
The playbook logic works but the only issue is the entire container gets tagged. 

Labels (1)
Labels
0 Karma
Reply

kblaine
Explorer
‎04-01-2023 08:30 PM

There is an action for the phantom app to update artifact tags. I am not sure which version of the phantom app you are using but that may solve your problem if you add that to your playbook.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...