Splunk SOAR (f.k.a. Phantom)

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to add filed from raw data into artifacts

when the original syslog was forwarded to phantom, some key filed(like srcIP/dstIP) was missing artifact. these key...

by Engager in

quarantine device using ISE

After integration with ISE 2.4 successfully , I test action of quarantine for a device , phantoms shows it has been ...

by Engager in

Passing Variables Between Functions

I'm attempting to pass a variable/value between custom functions in a playbook. I've done this before without issue, ...

by Loves-to-Learn Lots in

phantom vault different filenames with same content have same vaultid

hi phantom team,I have a simple use case to rename a filename in vault.As its immutable, I copied the contents to vau...

by Path Finder in

Playbook stops in between without completing

Hi All, I am quite new to Phantom. I have written few plabooks which works perfectly as intended when run from the ...

by Explorer in

Bulk Resolution for Playbook Prompts?

Hi All, Is there a way to simultaneously/bulk respond to multiple notifications generated by prompt actions, or an ...

by Engager in

Email user and get response back

Hi, I am looking send an email to user with simple yes/no response which I can then use to handle the case. I k...

by Explorer in

Phantom Architecture Concern

Hi All, Good Day!! This is an Splunk Phantom Architecture question, which we are in the intial stage of building ...

by Engager in

Playbook multiple run on the same event

I am noticing for some of our events our playbooks run multiple times on the same event. How can I go about keeping t...

by Explorer in

change the status of incident on Splunk Phantom

Hi, I would like to know if we change the status of incident on Splunk Phantom, can we automatically notify user? ...

by New Member in

Phantom playbook

I am able to run an action (whois ip from whois app) successfuly. However, if i put this action as part of a playboo...

by Explorer in

Usage of the phantom action -> phantom app -> find artifacts action

Hi team, I'm using Phantom to create playbooks and I would like to know how the find artifact is used when I cr...

by New Member in

Phantom warm standby script username/password authentication

- Would you consider it a best practice to type a password into a prompt from a 3rd party script? - What if the 3rd...

by Engager in

Phantom Runner number of suggestions

Our Phantom's DECIDED process often crashes for performance reasons. We suspect this is caused by the low number of...

by Explorer in

Callback actions on container's status change

Hi, I would like to know if there is the possibility to automatically trigger a playbook when there is a change in ...

by Path Finder in

How can I encrypt the keystore partition of my Splunk Phantom deployment?

Introduction Splunk Phantom ingests objects from connected assets, such as your firewall, services like VirusTotal...

by Splunk Employee in

Active Directory/LDAP connection and authentication debug script

This article applies to Splunk Phantom versions 4.6 , 4.5 , 4.2 , 4.1 , 4.0 , 3.5 , 3.0 , 2.1 , 2.0 ...

by Splunk Employee in

Playbook run results in the "user parameter must be of type string" error

This article describes a workaround when you run a playbook and see the "user parameter must be of type string" error...

by Splunk Employee in

Avoid port conflicts when installing Splunk Phantom on a system with an existing Splunk universal forwarder

NOTE: These steps were verified using Phantom version 4.2.7532 and Splunk Universal Forwarder version 7.2.6. Networ...

by Splunk Employee in

Keeping accurate time on your Splunk Phantom virtual machine

In some cases, the Splunk Phantom virtual appliance can lose its time synchronization with the system time. For examp...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk SOAR (f.k.a. Phantom)

Discussions

How to add filed from raw data into artifacts

quarantine device using ISE

Passing Variables Between Functions

phantom vault different filenames with same content have same vaultid

Playbook stops in between without completing

Bulk Resolution for Playbook Prompts?

Email user and get response back

Phantom Architecture Concern

Playbook multiple run on the same event

change the status of incident on Splunk Phantom

Phantom playbook

Usage of the phantom action -> phantom app -> find artifacts action

Phantom warm standby script username/password authentication

Phantom Runner number of suggestions

Callback actions on container's status change

How can I encrypt the keystore partition of my Splunk Phantom deployment?

Active Directory/LDAP connection and authentication debug script

Playbook run results in the "user parameter must be of type string" error

Avoid port conflicts when installing Splunk Phantom on a system with an existing Splunk universal forwarder

Keeping accurate time on your Splunk Phantom virtual machine

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Ingest daemon troubleshooting: Where to look for t...

Why does Day-of-week decision won't return true?

(Phantom/SOAR) How to download a file that was cre...

Is there an api to delete phases/task from a workb...

Is there an api to delete workbooks?