Splunk SOAR
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Create Ingest Action in Phanto App

jpferrero
Engager
‎10-22-2020 06:36 AM

Hello,

I'm trying to develop my first Phanto APP using the wizard. The integration is like a ticketing system and I want to implement an ingest action (on_poll). When I select this action and try to submit the App I get the following error:

jpferrero_0-1603373671283.png

What am I missing?

Thank yo very much.

Jose

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
‎10-22-2020 07:20 AM

@jpferrero the `on_poll` action is one you can't configure in the Wizard (still not sure why it's there tbh). 

I order to build one I would recommend building the barebones in the wizard then review some of the apps here (https://github.com/phantomcyber/phantom-apps/tree/next/Apps) to see how the on_poll action is setup and look to replicate and tweak to your needs. Apps I know of with on_poll are JIRA & Proofpoint. There are likely more but these are ones I have used as templates in the past. 

Hope this helps? If so please provide Karma & if it answers your issue, please mark as a solution. 

Thanks.

View solution in original post

Reply
Solved! Jump to solution

jpferrero
Engager
‎10-22-2020 08:36 AM

Thank you very much. I started coding the 'on-poll' function without using the wizard, but just to know if I was doing something wrong or was a Wizard related issue.

Reply
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
‎10-22-2020 07:20 AM

@jpferrero the `on_poll` action is one you can't configure in the Wizard (still not sure why it's there tbh). 

I order to build one I would recommend building the barebones in the wizard then review some of the apps here (https://github.com/phantomcyber/phantom-apps/tree/next/Apps) to see how the on_poll action is setup and look to replicate and tweak to your needs. Apps I know of with on_poll are JIRA & Proofpoint. There are likely more but these are ones I have used as templates in the past. 

Hope this helps? If so please provide Karma & if it answers your issue, please mark as a solution. 

Thanks.

Reply
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...