Splunk SOAR

Community Activity

How to add filed from raw data into artifacts when the original syslog was forwarded to phantom, some key filed(like srcIP/dstIP) was missing artifact. these key... by Qingguo Engager in Splunk SOAR 07-30-2021 0 1	0	1
quarantine device using ISE After integration with ISE 2.4 successfully , I test action of quarantine for a device , phantoms shows it has been ... by Qingguo Engager in Splunk SOAR 07-29-2021 0 0	0	0
Passing Variables Between Functions I'm attempting to pass a variable/value between custom functions in a playbook. I've done this before without issue, ... by Mr Loves-to-Learn Lots in Splunk SOAR 07-23-2021 0 0	0	0
phantom vault different filenames with same content have same vaultid hi phantom team,I have a simple use case to rename a filename in vault.As its immutable, I copied the contents to vau... by sunilpanda023 Path Finder in Splunk SOAR 07-21-2021 0 0	0	0
Playbook stops in between without completing Hi All,I am quite new to Phantom. I have written few plabooks which works perfectly as intended when run from the deb... by shaquibk Explorer in Splunk SOAR 07-12-2021 0 2	0	2
Bulk Resolution for Playbook Prompts? Hi All,Is there a way to simultaneously/bulk respond to multiple notifications generated by prompt actions, or an adm... by PistolShrimp Engager in Splunk SOAR 07-06-2021 0 1	0	1
Phantom Architecture Concern Hi All,Good Day!!This is an Splunk Phantom Architecture question, which we are in the intial stage of building the Sp... by YeswanthReddy Engager in Splunk SOAR 06-30-2021 0 3	0	3
Playbook multiple run on the same event I am noticing for some of our events our playbooks run multiple times on the same event. How can I go about keeping t... by crayford Explorer in Splunk SOAR 06-29-2021 0 2	0	2
change the status of incident on Splunk Phantom Hi,I would like to know if we change the status of incident on Splunk Phantom, can we automatically notify user? by eye893 New Member in Splunk SOAR 06-28-2021 0 1	0	1
Phantom playbook I am able to run an action (whois ip from whois app) successfuly. However, if i put this action as part of a playboo... by brunofernandez Explorer in Splunk SOAR 06-14-2021 0 5	0	5
Usage of the phantom action -> phantom app -> find artifacts action Hi team, I'm using Phantom to create playbooks and I would like to know how the find artifact is used when I create a... by MimiThePrince New Member in Splunk SOAR 06-11-2021 0 1	0	1
Phantom warm standby script username/password authentication - Would you consider it a best practice to type a password into a prompt from a 3rd party script?- What if the 3rd pa... by bearcat Engager in Splunk SOAR 06-07-2021 1 0	1	0
Phantom Runner number of suggestions Our Phantom's DECIDED process often crashes for performance reasons.We suspect this is caused by the low number of ru... by PwC-Kimmy Explorer in Splunk SOAR 05-19-2021 0 1	0	1
Callback actions on container's status change Hi,I would like to know if there is the possibility to automatically trigger a playbook when there is a change in the... by drew19 Path Finder in Splunk SOAR 05-10-2021 0 5	0	5
How can I encrypt the keystore partition of my Splunk Phantom deployment? Introduction Splunk Phantom ingests objects from connected assets, such as your firewall, services like VirusTotal, M... by mconverse_splun Splunk Employee in Splunk SOAR 05-06-2021 0 0	0	0
Active Directory/LDAP connection and authentication debug script This article applies to Splunk Phantom versions 4.6 , 4.5 , 4.2 , 4.1 , 4.0 , 3.5 , 3.0 , 2.1 , 2.0 The Active Direct... by kevinh_splunk Splunk Employee in Splunk SOAR 04-23-2021 0 0	0	0
Playbook run results in the "user parameter must be of type string" error This article describes a workaround when you run a playbook and see the "user parameter must be of type string" error... by kevinh_splunk Splunk Employee in Splunk SOAR 04-23-2021 0 0	0	0
Avoid port conflicts when installing Splunk Phantom on a system with an existing Splunk universal forwarder NOTE: These steps were verified using Phantom version 4.2.7532 and Splunk Universal Forwarder version 7.2.6.Network p... by kevinh_splunk Splunk Employee in Splunk SOAR 04-23-2021 0 0	0	0
Keeping accurate time on your Splunk Phantom virtual machine In some cases, the Splunk Phantom virtual appliance can lose its time synchronization with the system time. For examp... by kevinh_splunk Splunk Employee in Splunk SOAR 04-22-2021 0 0	0	0
How to I use the REST API to create multiple assets in Splunk Phantom? This article provides an example of how to use the Splunk Phantom REST API to create multiple assets. This may be use... by kevinh_splunk Splunk Employee in Splunk SOAR 04-22-2021 0 0	0	0
phantom request Hello,I had just signed up for phantom - community edition and was wondering how long the request takes to be approve... by mratnan New Member in Splunk SOAR 04-21-2021 0 0	0	0
Install the latest Cisco ISE app in Splunk Phantom Team, Good day!I will need to install Cisco ISE in Splunk Phantom. I have the new instance of Splunk Phantom installe... by geinermiranda New Member in Splunk SOAR 04-21-2021 0 2	0	2
Phantom can't receive the events from splunk I installed the Phantom App for Splunk & CIM app.And connectivity testing between Splunk and Phantom is passed.I crea... by PwC-Kimmy Explorer in Splunk SOAR 04-14-2021 0 0	0	0
minimum requirements and partition configurations for phantom Hi, Anyone know the partitioning table needed for a clustered phantom installation. by edgarsilva01 Path Finder in Splunk SOAR 04-13-2021 0 0	0	0
Splunk community into Hyper-v Hi,Has anyone tried to mount the community ova on a Hyper-V?I have tried various methods of converting OVA (VMDK) to ... by makitos New Member in Splunk SOAR 04-12-2021 0 0	0	0