Splunk SOAR

SOAR Custom Function - check_cached_data- Does anyone know the status of Ian Forrest's Custom Function?

mark_wymer
Path Finder

Hi everyone,

I just watched an excellent demo / tutorial ( https://my.phantom.us/video/78/ ) by someone called Ian Forrest. During the video ( at about 45 minutes ) he demo's an excellent Custom Function that looks in the cached SOAR internals for the cached results from previous executions of a specific app/action.

He did mention that this was a 'work in progress' and I can't find this CF in Community Hub nor on Github anywhere. 

Does anyone know what the status of his Custom Function is?

Cheers,
Mark.

Labels (2)
0 Karma
1 Solution

phanTom
SplunkTrust
SplunkTrust

@mark_wymer hope you are well?! 

I was lucky enough to be on one of the calls and managed to get the CF off Ian at the time. It's still python 2.7 so may need a tweak but should give you an idea of the logic anyway. 

Unfortunately I can't seem to attach .tgz so I have pinged you a direct message for your email so I can send it to you. 

I would also say that I hope this capability will be available in future releases as a "baked in" capability but no idea if/when so in the mean time take a look and see if you can use the attached.

View solution in original post

0 Karma

phanTom
SplunkTrust
SplunkTrust

@mark_wymer hope you are well?! 

I was lucky enough to be on one of the calls and managed to get the CF off Ian at the time. It's still python 2.7 so may need a tweak but should give you an idea of the logic anyway. 

Unfortunately I can't seem to attach .tgz so I have pinged you a direct message for your email so I can send it to you. 

I would also say that I hope this capability will be available in future releases as a "baked in" capability but no idea if/when so in the mean time take a look and see if you can use the attached.

0 Karma

mark_wymer
Path Finder

Thanks for getting back to me Tom. I've dropped you a PM in return.

Cheers,
Mark.

0 Karma

adriaanvermaak
Observer

Hi There,

 

would you be able to share this custom function ? 

In need of utilising this function to stop re-checking previous actions.

Much appreciated

 

Adriaan

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...