Splunk SOAR (f.k.a. Phantom)

SOAR Custom Function - check_cached_data- Does anyone know the status of Ian Forrest's Custom Function?

mark_wymer
Path Finder

Hi everyone,

I just watched an excellent demo / tutorial ( https://my.phantom.us/video/78/ ) by someone called Ian Forrest. During the video ( at about 45 minutes ) he demo's an excellent Custom Function that looks in the cached SOAR internals for the cached results from previous executions of a specific app/action.

He did mention that this was a 'work in progress' and I can't find this CF in Community Hub nor on Github anywhere. 

Does anyone know what the status of his Custom Function is?

Cheers,
Mark.

Labels (2)
0 Karma
1 Solution

phanTom
SplunkTrust
SplunkTrust

@mark_wymer hope you are well?! 

I was lucky enough to be on one of the calls and managed to get the CF off Ian at the time. It's still python 2.7 so may need a tweak but should give you an idea of the logic anyway. 

Unfortunately I can't seem to attach .tgz so I have pinged you a direct message for your email so I can send it to you. 

I would also say that I hope this capability will be available in future releases as a "baked in" capability but no idea if/when so in the mean time take a look and see if you can use the attached.

View solution in original post

0 Karma

phanTom
SplunkTrust
SplunkTrust

@mark_wymer hope you are well?! 

I was lucky enough to be on one of the calls and managed to get the CF off Ian at the time. It's still python 2.7 so may need a tweak but should give you an idea of the logic anyway. 

Unfortunately I can't seem to attach .tgz so I have pinged you a direct message for your email so I can send it to you. 

I would also say that I hope this capability will be available in future releases as a "baked in" capability but no idea if/when so in the mean time take a look and see if you can use the attached.

0 Karma

mark_wymer
Path Finder

Thanks for getting back to me Tom. I've dropped you a PM in return.

Cheers,
Mark.

0 Karma

adriaanvermaak
Observer

Hi There,

 

would you be able to share this custom function ? 

In need of utilising this function to stop re-checking previous actions.

Much appreciated

 

Adriaan

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...