Splunk SOAR- Crowdstrike sandbox download report

harishlnu · ‎07-24-2024

Hi Team,

Could you please help me on the logic on to download the crowdstrike sandboxed analysis report using Splunk soar.

Thanks in advance

Regards,

Harisha

Tom_Lundie · ‎07-24-2024

Hi Harisha,

There is an add-on on Splunkbase for this:

CrowdStrike OAuth API | Splunkbase

This SOAR Add-on allows you to download the reports. It might already be installed on your SOAR instance so feel free to check. The first thing you will need to do is configure an asset with the correct API credentials within the Crowdstrike app.

Once you have the app configured you can then implement actions within a playbook to do whatever you need. If you have any specific questions along the way then feel free to ask away!

harishlnu · ‎07-24-2024

@Tom_Lundie

Thanks for the response.

We have already configured in Splunk soar, and I am not able to download as CSV, Jason,PCAP,STIX.
But requirement is to get all results(including screenshot) as pdf.

Please let me know if you have any suggestion on this

Tom_Lundie · ‎07-24-2024

Hi,

If you are facing a specific error then please post it here. Otherwise if you just need general guidance then I would start with the documentation:

Create a new playbook in Splunk SOAR (Cloud) - Splunk Documentation

harishlnu · ‎07-24-2024

Hi @Tom_Lundie ,

I am checking is there anyways we can download sandboxing result as pdf.

Regards,

Harisha

Splunk SOAR- Crowdstrike sandbox download report

development

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?