Splunk SOAR (f.k.a. Phantom)
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Soar - Windows Remote Management - Custom Code in Run Script Shape

whill
New Member
‎04-05-2023 01:32 PM

Hello,

I'm trying to utilize the following script (at the bottom) in the 'Run Script' shape in the Windows Remote Management app in Splunk Soar. This shape errors out due to curly braces used in the while loop and if statement along with the parameter {0} which will represent a Windows service. 

What are my options to get around the use of this curly brace? I've thought about using the custom code section, but I'm unsure how to set the script_str parameter without touching non-custom code. Attached is a screenshot detailing what I have with the custom code idea.

2023-04-05 15_17_55-PB _ Windows Restart Service.png

Script to verify the status of a Windows service, looping to check every 30 seconds for 15 minutes:

$timeout = new-timespan -Minutes 15
$sw = [diagnostics.stopwatch]::StartNew()
$status
$success=0
while ($sw.Elapsed -lt $timeout -AND $success -eq 0){
$status = Get-Service "{0}" | select -ExpandProperty status
if ($status -contains "Stopped"){
$success = 1
}
start-sleep -seconds 30
}
write-output $success

Labels (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...