Splunk SOAR
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Create Ingest Action in Phanto App

jpferrero
Engager
‎10-22-2020 06:36 AM

Hello,

I'm trying to develop my first Phanto APP using the wizard. The integration is like a ticketing system and I want to implement an ingest action (on_poll). When I select this action and try to submit the App I get the following error:

jpferrero_0-1603373671283.png

What am I missing?

Thank yo very much.

Jose

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
‎10-22-2020 07:20 AM

@jpferrero the `on_poll` action is one you can't configure in the Wizard (still not sure why it's there tbh). 

I order to build one I would recommend building the barebones in the wizard then review some of the apps here (https://github.com/phantomcyber/phantom-apps/tree/next/Apps) to see how the on_poll action is setup and look to replicate and tweak to your needs. Apps I know of with on_poll are JIRA & Proofpoint. There are likely more but these are ones I have used as templates in the past. 

Hope this helps? If so please provide Karma & if it answers your issue, please mark as a solution. 

Thanks.

View solution in original post

Reply
Solved! Jump to solution

jpferrero
Engager
‎10-22-2020 08:36 AM

Thank you very much. I started coding the 'on-poll' function without using the wizard, but just to know if I was doing something wrong or was a Wizard related issue.

Reply
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
‎10-22-2020 07:20 AM

@jpferrero the `on_poll` action is one you can't configure in the Wizard (still not sure why it's there tbh). 

I order to build one I would recommend building the barebones in the wizard then review some of the apps here (https://github.com/phantomcyber/phantom-apps/tree/next/Apps) to see how the on_poll action is setup and look to replicate and tweak to your needs. Apps I know of with on_poll are JIRA & Proofpoint. There are likely more but these are ones I have used as templates in the past. 

Hope this helps? If so please provide Karma & if it answers your issue, please mark as a solution. 

Thanks.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...