Splunk Soar - Windows Remote Management - Custom C...

Splunk SOAR

Hello,

I'm trying to utilize the following script (at the bottom) in the 'Run Script' shape in the Windows Remote Management app in Splunk Soar. This shape errors out due to curly braces used in the while loop and if statement along with the parameter {0} which will represent a Windows service.

What are my options to get around the use of this curly brace? I've thought about using the custom code section, but I'm unsure how to set the script_str parameter without touching non-custom code. Attached is a screenshot detailing what I have with the custom code idea.

Script to verify the status of a Windows service, looping to check every 30 seconds for 15 minutes:

$timeout = new-timespan -Minutes 15
$sw = [diagnostics.stopwatch]::StartNew()
$status
$success=0
while ($sw.Elapsed -lt $timeout -AND $success -eq 0){
$status = Get-Service "{0}" | select -ExpandProperty status
if ($status -contains "Stopped"){
$success = 1
}
start-sleep -seconds 30
}
write-output $success

Get Updates on the Splunk Community!

Splunk Soar - Windows Remote Management - Custom Code in Run Script Shape

troubleshooting

using SOAR ⁄ Phantom

The OpenTelemetry Certified Associate (OTCA) Exam

From Manual to Agentic: Level Up Your SOC at Cisco Live

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Join the Conversation