Splunk SOAR

Ask a Question

Discussions

Thread Info

O365 Defender blocking

I am trying to create a playbook where the first step is a manual block an email address in the restricted users por...

by Observer in

Chaining action results and datapath issue

Hi, Say we have an action (lets call it Action1) that returns this under data: [{"type": "type1", "target": "targ...

by New Member in

O365 Integration for SOAR (Ingest emails?)

Hi all,Is there any app, method or guidance for ingesting emails directly form a O365 mailbox?So a use case for us wo...

by Engager in

Crowdstrike App in SOAR - Permissions?

Hey there, I am looking to Configure the Crowdstrike OAuth API app inside my SOAR instance. To connect to Crowdstri...

by Engager in

Pass format block data to subplaybook

Hi Team, I want to know if it is possible pass data present in a format block of one playbook to another playbook b...

by Explorer in

Deleting reports

How can you delete reports that have been created on the /reports page? I have administrator rights but can't see a...

by Explorer in

Phantom MISP - searching by info/name

I am trying to search for MISP events by their name, which is present in 'info' field. For this purpose I'm using 'ot...

by Explorer in

Phantom MISP "Run Query" action

I am attempting to use the "Run Query" action from the Phantom MISP app. PARAMETER REQUIRED DESCRIPTION TYPE CONT...

by New Member in

Phantom - McAfee ATD

I am trying to integrate McAfee ATD app in Phantom. I get the following error when I try to test the connectivity. Fi...

by New Member in

Splunk Phantom Community Edition Registration approval pending

Hello! I have a training with Splunk Phantom starting tomorrow morning and my approval is still pending. I need the O...

by New Member in

Phantom - Testing Connectivity no response

Hi All, I run the 'Testing Connectivity' on all Phantom apps and the response is as follows, showing no information (...

by Explorer in

Splunk Phantom - Get Email Gmail

Hi there! I have a splunk instance running in centos. In SOAR, I have implemented the APP connecting it through IMA...

by New Member in

Download files from Phantom case via REST API

Hello, I'm currently creating a Python script which takes a Splunk Phantom Case as input and creates an Incident Re...

by Explorer in

SAML SSO Intergration Phantom with Okta

Hi I am doing OKTA SAML integration with Phantom and getting the below error. SAML2 Authentication Error'NoneType' ...

by Loves-to-Learn Lots in

Splunk Phantom SAML SAML2 authentication error Signature missing for response

We were configuring our phantom instance for saml sso login and we are encountering the following error. SAML2 auth...

by Engager in

Phantom Version Dependency Check Failed - Installing App

Attempting to install VMRay 2.0 Phantom App but I'm getting "Phantom Version Dependency Check Failed" error message. ...

by New Member in

Getting failed to communicate with platform component: phantom_decided when try to save a playbook

Hello, I'm currently exploring Splunk Phantom or Splunk SOAR. When I try to create a new playbook or copy and save ...

by New Member in

Get container timeline history via REST

Hi. I need to extract container timeline events via the REST API in order to generate analyst, playbook and action ...

by Explorer in

How to add filed from raw data into artifacts

when the original syslog was forwarded to phantom, some key filed(like srcIP/dstIP) was missing artifact. these key...

by Engager in

quarantine device using ISE

After integration with ISE 2.4 successfully , I test action of quarantine for a device , phantoms shows it has been ...

by Engager in

Passing Variables Between Functions

I'm attempting to pass a variable/value between custom functions in a playbook. I've done this before without issue, ...

by Loves-to-Learn Lots in

phantom vault different filenames with same content have same vaultid

hi phantom team,I have a simple use case to rename a filename in vault.As its immutable, I copied the contents to vau...

by Path Finder in

Playbook stops in between without completing

Hi All, I am quite new to Phantom. I have written few plabooks which works perfectly as intended when run from the ...

by Explorer in

Bulk Resolution for Playbook Prompts?

Hi All, Is there a way to simultaneously/bulk respond to multiple notifications generated by prompt actions, or an ...

by Engager in

Phantom Architecture Concern

Hi All, Good Day!! This is an Splunk Phantom Architecture question, which we are in the intial stage of building ...

by Engager in

Get Updates on the Splunk Community!

Splunk SOAR

Discussions

O365 Defender blocking

Chaining action results and datapath issue

O365 Integration for SOAR (Ingest emails?)

Crowdstrike App in SOAR - Permissions?

Pass format block data to subplaybook

Deleting reports

Phantom MISP - searching by info/name

Phantom MISP "Run Query" action

Phantom - McAfee ATD

Splunk Phantom Community Edition Registration approval pending

Phantom - Testing Connectivity no response

Splunk Phantom - Get Email Gmail

Download files from Phantom case via REST API

SAML SSO Intergration Phantom with Okta

Splunk Phantom SAML SAML2 authentication error Signature missing for response

Phantom Version Dependency Check Failed - Installing App

Getting failed to communicate with platform component: phantom_decided when try to save a playbook

Get container timeline history via REST

How to add filed from raw data into artifacts

quarantine device using ISE

Passing Variables Between Functions

phantom vault different filenames with same content have same vaultid

Playbook stops in between without completing

Bulk Resolution for Playbook Prompts?

Phantom Architecture Concern

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

accessing the asset's environment variables in the...

Working with multiple Automation Broker ?

Splunk SOAR EDU courses!

Infoblox DDI connectivity issue when testing

Best way to show search from 'run_query' within SO...