Splunk SOAR

Discussions

Thread Info

Is there a way to set the starting/minimum ID for Events/Cases?

Hello, We're coming from another platform that we used to keep track of incidents. In order to keep things more co...

by Engager in

Delay in running multiple playbooks on the same event- Is there some way to configure SOAR to run these 2 playbooks?

Two independent playbooks performing different automation tasks are triggered by the same event. The expectation is t...

by Engager in

Wheel installation broken?

I'm currently building an app with Splunk SOAR and somehow the upload functionality for wheel files seems to be broke...

by Explorer in

Email ingestion from O365: Different artifacts generated from EWS and Graph apps?

Hi all, We use email ingestion as an input for several processes, mainly for phishing analysis. So far we are i...

by Explorer in

How do I try an action several times?

I have an action that I need a response from before the playbook can proceed, but the app is prone to occasionally ti...

by Engager in

Is there a way to automatically trigger SOAR playbook from S3 file added event?

Hello, Is there a way to have a playbook automatically trigger when a file is added to an S3 bucket in our AWS acc...

by New Member in

How do you achieve "for" loops?

Hi, We've been trying to use "for loop" logic within playbook app actions. Although, there seems to be no way to ac...

by Engager in

SOAR Cloud - Bulk Delete Containers through API?

Hey all,I'm trying to find a way to bulk delete containers via the API in SOAR Cloud.Had an issue where Splunk create...

by Path Finder in

How to delete malicious email in all the company users' mailboxes?

Hi all, is there a way to integrate with O365 and, given a malicious email (identified by subject and sender), sea...

by Path Finder in

Has anyone done a playbook for crowdstrike serves stopped?

Has anyone done a playbook for crowdstrike serves stopped? Basically querying splunk for host name, etc? If so can y...

by Explorer in

Can I convert Splunk SOAR playbook type input to automation?

Can I convert a playbook-type input to automation in Splunk SOAR (5.3.4)Thanks for helping.

by Engager in

Splunk Phantom Account Review- Can I talk to support to see why it's taking so long?

Hello, I'm trying to sign up for Splunk Phantom Community to download an OVA file for a college project but the revie...

by Loves-to-Learn in

Why am I getting this Error on automation - label?

Hi, I'm using the community edition of the SOAR, in that I created one label after creating that, I created a...

by Engager in

Call API to get results from prompt?

In a custom code block given the following psuedo code: def promptIpToBlock(action=None, success=None, container=N...

by Explorer in

Is there a way to automate tag creation on splunk phantom?

Is there a way to create/update/delete tags any other way than through "Administration Settings/Tags"? I was looking ...

by Explorer in

How to remap objects from an user ID to another after SAML integration?

Hi folks, We've been using Phantom for a while now and currently implementing SAML integration. The concerning part...

by Path Finder in

ES -> Adaptive Response -> Phantom Playbook -> event_id?

I need my Phantom playbook to be able to close a Splunk ES notable event when it's completed, this requires the event...

by Explorer in

How to decrypt the password from the asset, while developing a custom app?

Hi everyone, I'm looking for a solution here while playing around with the app builder on SOAR, and I could get th...

by Path Finder in

Replacement Characters appearing in emails sent from Splunk SMTP APP

My team uses playbooks to automate email alerts in Phantom. Some playbooks have been randomly sending emails with the...

by Engager in

How to handle Dynamic Assets in playbooks?

Just came across an interesting use case, and I'm wondering how people solve it. Phantom talks to an internal asset v...

by Path Finder in

Issues with network shares and WRM SOAR app

I'm trying to create a playbook that uses the Windows Remote Management app to take a file saved locally on a server ...

by Engager in

What do I do if my phantom community access expired?

I got the 'Phantom Community Edition - Access Granted' mail. But regi link was expired. I can't access. https:/...

by New Member in

Why has Phantom stop forward logs to the Splunk Enterprise?

I use "the Splunk Phantom Remote Search app" to connect the Phantom to the Splunk Enterprise, it works fine until aft...

by Explorer in

Splunk Phantom- How to monitor health of playbook?

Hi fellas, How can we fetch details of a playbook like action_run_id, playbook_run_id and status. We need to monitor ...

by New Member in

Is there a way to create a daily report for the amount of times when a particular playbook is ran?

by New Member in

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card! Hello there, Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Splunk SOAR

Discussions

Is there a way to set the starting/minimum ID for Events/Cases?

Delay in running multiple playbooks on the same event- Is there some way to configure SOAR to run these 2 playbooks?

Wheel installation broken?

Email ingestion from O365: Different artifacts generated from EWS and Graph apps?

How do I try an action several times?

Is there a way to automatically trigger SOAR playbook from S3 file added event?

How do you achieve "for" loops?

SOAR Cloud - Bulk Delete Containers through API?

How to delete malicious email in all the company users' mailboxes?

Has anyone done a playbook for crowdstrike serves stopped?

Can I convert Splunk SOAR playbook type input to automation?

Splunk Phantom Account Review- Can I talk to support to see why it's taking so long?

Why am I getting this Error on automation - label?

Call API to get results from prompt?

Is there a way to automate tag creation on splunk phantom?

How to remap objects from an user ID to another after SAML integration?

ES -> Adaptive Response -> Phantom Playbook -> event_id?

How to decrypt the password from the asset, while developing a custom app?

Replacement Characters appearing in emails sent from Splunk SMTP APP

How to handle Dynamic Assets in playbooks?

Issues with network shares and WRM SOAR app

What do I do if my phantom community access expired?

Why has Phantom stop forward logs to the Splunk Enterprise?

Splunk Phantom- How to monitor health of playbook?

Is there a way to create a daily report for the amount of times when a particular playbook is ran?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

accessing the asset's environment variables in the...

Working with multiple Automation Broker ?

Splunk SOAR EDU courses!

Infoblox DDI connectivity issue when testing

Best way to show search from 'run_query' within SO...