Splunk SOAR (f.k.a. Phantom)
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

change the status of incident on Splunk Phantom

eye893
New Member
‎06-27-2021 08:59 PM

Hi,

I would like to know if we change the status of incident on Splunk Phantom, can we automatically notify user?

Screen Shot 2564-06-28 at 16.57.58.png

Labels (1)
Labels
0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎06-28-2021 08:52 AM

@eye893 yes but not simply, at present. 

The way to handle this at present is to persist the status of containers in a list somewhere (Splunk/Phantom/other). Then create a playbook that is run every x minutes using the timer app that will run through the list and check that each container still has the same status. If so it moves to the next, otherwise it <does something>. 

This would need custom code as it's not a simple thing to do at the moment. I believe this will be made simpler in the next large release of Phantom/Splunk SOAR. 

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...