Splunk SOAR

Thread Info

How to install app from source code?

SOAR version 5.1.0.70187 on-prem installation. Can you please advise, how I can install a Python 2 app from the sourc...

by New Member in

How do I get a phantom user object from the API?

What's the api command to get the current logged-in user without specifying the user id. I want to type phantom.get_u...

by Explorer in

Splunk Soar Community Edition pending approval

Hello Splunk Team, I registered on the Splunk Soar community edition page two days ago, but still received no emai...

by New Member in

How to create Playbook trigger based on different labels?

Hi all, I am using Splunk SOAR Community Edition and have a general question on how to correctly trigger a playboo...

by Engager in

My phantom.us approval

Hello, I have signed up for my phantom us in order to get the ova and start testing. Unfortunately my account didn't...

by New Member in

Help understanding Splunk SOAR connectivity to indexers

I would like to understand how Splunk SOAR sends data to the indexer endpoints that are configured under Administrati...

by Path Finder in

When Output array of dictionaries from code block, receiving this error

When an array of dictionaries is assigned to the output variable of a code block, only the whole array can be used as...

by Loves-to-Learn in

Action Run Splunk Query Issues

I'm running into an issue where I have multiple artifacts that are being submitted as a Splunk query. Below is my cur...

by Explorer in

Splunk SOAR : Account lockout after multiple login attempts

Hi All, Is there any account lockout policy after multiple failed attempts in Splunk SOAR (on premise), i.e: The ...

by Engager in

Why are we experiencing this Error "authentication failure on Phantom 4.10"?

We are using Prompt with extended time to 4 days. We have discovered that when the time of running playbook is over t...

by New Member in

How to investigate and contain ransomware with Splunk enterprise?

HiDoes anyone have examples of how to use Splunk enterprise to investigate and contain ransomware?I would like to det...

by Explorer in

Is it possible to use Cyberark to rotate the Splunk SOAR admin account password?

Hi all, Does anyone know if it's possible to use Cyberark to rotate the Splunk SOAR admin account password? If ...

by Path Finder in

How to get app action result in a playbook?

Hi all,I have a stream of events which come in to SOAR.When the event is loaded in SOAR, a playbook runs against it a...

by Path Finder in

How to customize the Phantom dashboard time filters dropdown box?

How to customize the Phantom dashboard time filters dropdown box (see screenshot below)? For a Phantom instance, we...

by Path Finder in

Splunk Phantom community edition approval pending

Hi All, I had registered for Splunk Phantom community edition a few days back. However, I am yet to receive a confi...

by Observer in

Can deleted events be restored?

I read in another thread that events are not really "deleted" as such, but that they are simply marked in a way that ...

by Path Finder in

Could not find Phantom OVA from download link

Hi, I have registered successfully for phantom and also got a link to download phantom but could not find Phantom OVA...

by New Member in

Exception: Operation not permitted: '/opt/phantom/local_data/app_states ...

Using the app user interface introduced in 5.1.0.70187, when running the app from this interface, it fails saving sta...

by Engager in

Splunk Phantom Underprivileged Installation

Hi guys I tried installing Splunk Phantom as an underprivileged user as per the documentation: https://docs.splu...

by Explorer in

SOAR - Create File from Artifacts

Hi all, Does anyone know if it's possible to create a file from a field in an artifact? Scenario:We have an alert...

by Path Finder in

Phantom SOAR integration with Visual Studio Code

Hi Team, Do we have IntelliSense editor support in Phantom Playbook editor in the browser, OR can we integrate ...

by Engager in

REST query get executed from a playbook

Hi All, I am writing a playbook that sends an automated email when a case is opened in phantom. I know If you are ...

by Loves-to-Learn Lots in

Phantom Selected or Check Box Artifact

I have multiple artifacts and there is a check box beside it. Is there a datapath to access the currently selected ar...

by Observer in

Splunk SOAR Shared Services

When I try to create a Shared Services server (for a development environment), it prompts me for the password for the...

by Path Finder in

Splunk SOAR pending approval

Dear Splunk team I hope everything is well with you I am writing this post to...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk SOAR

Discussions

How to install app from source code?

How do I get a phantom user object from the API?

Splunk Soar Community Edition pending approval

How to create Playbook trigger based on different labels?

My phantom.us approval

Help understanding Splunk SOAR connectivity to indexers

When Output array of dictionaries from code block, receiving this error

Action Run Splunk Query Issues

Splunk SOAR : Account lockout after multiple login attempts

Why are we experiencing this Error "authentication failure on Phantom 4.10"?

How to investigate and contain ransomware with Splunk enterprise?

Is it possible to use Cyberark to rotate the Splunk SOAR admin account password?

How to get app action result in a playbook?

How to customize the Phantom dashboard time filters dropdown box?

Splunk Phantom community edition approval pending

Can deleted events be restored?

Could not find Phantom OVA from download link

Exception: Operation not permitted: '/opt/phantom/local_data/app_states ...

Splunk Phantom Underprivileged Installation

SOAR - Create File from Artifacts

Phantom SOAR integration with Visual Studio Code

REST query get executed from a playbook

Phantom Selected or Check Box Artifact

Splunk SOAR Shared Services

Splunk SOAR pending approval

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Is it possible to add line breaks or new lines whe...

Searching Indicators in SOAR

SOAR

How to find save_progress logs

Getting notification when App is down