- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello everyone,
I am currently working on creating a Splunk SOAR playbook that collects variables from a case and appends them to a Splunk Lookup file (CSV). Unfortunately, I have not been able to find any resources on this topic.
Has anyone had experience with this or can provide guidance?
Thank you for your support !
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i managed to fix this via Splunk App on Splunk SOAR , i ran a Custom SPL query that uses "outputlookup" to update an existing lookup file .
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i managed to fix this via Splunk App on Splunk SOAR , i ran a Custom SPL query that uses "outputlookup" to update an existing lookup file .
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Joei- I'm not sure if there is any direct connector for Splunk which updates lookup in Splunk. But here is an alternative you can try if you are a developer or someone in your team is a developer and can create a custom Python playbook in SOAR.
Splunk offers rest-endpoint to update the lookup which can be leveraged in Python SOAR Playbook to update the lookup.
I hope this helps!!! Kindly upvote if it does!!!
