Splunk SOAR

Discussions

Thread Info

How to create loop in Phantom playbook to check for changes in container owner value?

I am wanting to kick off a playbook when the container owner value changes from NULL to Not NULL. So far I have creat...

by New Member in

C901

While compiling and installing the Splunk phantom Application which I have developed, I am getting an error with erro...

by Explorer in

How can I update function in Phantom to handle potential phish email message (getting body parsing error)?

When parsing the email message body for inclusion in the ticket in Jira, parsing fails on special characters or non-A...

by Explorer in

What is best practice for the HEC endpoint(s) for the "Phantom Remote Search" app in a clustered environment?

What is best practice for the HEC endpoint(s) for the "Phantom Remote Search" app in a clustered environment? Per t...

by Path Finder in

Markdown in add_task API function

Phantom 4.9 supports Markdown notes and it is possible to add markdown note using GUI. But how to use markdown with t...

by New Member in

Getting error when trying to check if IP is local and make two separate queries to the CrowdStrike app.

Hi everyone, It might me a silly question  The simplified case. 3 artifacts within the event with 3 dif...

by New Member in

Phantom | Splunk search does not appear in the result

Hi all, I created a playbook that runs a Splunk search query and I can see in the playbook's debugger and in the ev...

by Loves-to-Learn in

Phantom Add Artifact Error - source_data_identifier

Hello, whenever I try to add a new artifact I got the following error phantom.act(): 'add_artifact_1' cannot be run...

by Engager in

Phantom Decision Filter

Hello, I have a playbook that is currently in production and I don't want to randomly test it without asking the qu...

by New Member in

Is it impossible to use Phantom's ibackup on a warm standby server?

I've configured a pair of Phantom servers to use warm standby. As per the documentation, I ran ibackup.pyc --setup af...

by Communicator in

Splunk Phantom

Can one use Splunk phantom for auto-remediation? What real-life use cases are applicable to the use of Phantom?

by Observer in

How can I close a Notable from Phantom?

I'm trying to close a Notable in ES from Phantom. I'm using the update event action from the Splunk app (v1.3.41) but...

by Communicator in

New registration link to activate account with Phantom Community

Hi. My request to join the Phantom Community was approved, however the link I was provided has since expired and I ca...

by Engager in

How to troubleshoot playbook issue where the wrong raw log is being included in the ticket?

How can I Troubleshoot playbook issue where the wrong raw log is being included in the ticket.For example, where tick...

by Explorer in

FireEye HX integration with Phantom

I can't quarantine device by automation. Action "set quarantine approved" failed. Message:Er...

by New Member in

Why don't I see Splunk events for containers with Phantom-ingested emails?

If I try to search phantom container events by label, status or several other fields, I don't see events relating to ...

by Communicator in

Recommendations for naming conventions and organization of playbooks in Phantom?

I'm very new to Phantom. Can someone provide some guidance or advice for naming playbooks and what has worked or hasn...

by Engager in

Getting connectivity error about enabling cookie support when using Phantom Talos Intelligence App v1.0.1.

Dear All, I'm testing Splunk Phantom using the Community Edition to evaluate this product that seems great. Con...

by New Member in

About to install Splunk Phantom Community Edition

Good morning, I woud like to test Splunk Phantom Community Edition in my home lab. When I try to install it follow...

by Explorer in

Why might the LDAP Get Users action not return all members?

When I run Get Users against the group named G-SomeGroup it returns just 1 result. The group contains 3 members I c...

by Communicator in

How to create event for Okta in Phantom.

Hi, I am using Phantom to solve login issue in Okta. If a user is facing login issue in Okta, then I want to create a...

by New Member in

Problem: Trying to create auth tokens

Not sure why I get stuck with a "Loading" screen. Latest version of Splunk. What am I missing?

by New Member in

Phantom's builtin Splunk app errors out when updating Notable Events in ES

I just recently completed the Phantom Admin and Playbook Development training and am in the process of using what I'v...

by Explorer in

How to schedule a Phantom playbook to run at specific intervals?

I have completed Phantom playbook that I need to run every 5 minutes. I know that the Timer app can be used to schedu...

by Path Finder in

change index value based on the dropdown selection

So as per the Daily and Monthly selection index has to vary Daily = index1Monthly=index2 Thanks in Advance! ...

by Engager in

Get Updates on the Splunk Community!

Splunk SOAR

Discussions

How to create loop in Phantom playbook to check for changes in container owner value?

C901

How can I update function in Phantom to handle potential phish email message (getting body parsing error)?

What is best practice for the HEC endpoint(s) for the "Phantom Remote Search" app in a clustered environment?

Markdown in add_task API function

Getting error when trying to check if IP is local and make two separate queries to the CrowdStrike app.

Phantom | Splunk search does not appear in the result

Phantom Add Artifact Error - source_data_identifier

Phantom Decision Filter

Is it impossible to use Phantom's ibackup on a warm standby server?

Splunk Phantom

How can I close a Notable from Phantom?

New registration link to activate account with Phantom Community

How to troubleshoot playbook issue where the wrong raw log is being included in the ticket?

FireEye HX integration with Phantom

Why don't I see Splunk events for containers with Phantom-ingested emails?

Recommendations for naming conventions and organization of playbooks in Phantom?

Getting connectivity error about enabling cookie support when using Phantom Talos Intelligence App v1.0.1.

About to install Splunk Phantom Community Edition

Why might the LDAP Get Users action not return all members?

How to create event for Okta in Phantom.

Problem: Trying to create auth tokens

Phantom's builtin Splunk app errors out when updating Notable Events in ES

How to schedule a Phantom playbook to run at specific intervals?

change index value based on the dropdown selection

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Repost: Assign different Label with different use ...

Benefit of using Custom Functions vs Creating a Ap...

Assigning Alerts/Cases Across Teams with Restricte...

SOAR Automation

splunk soar run query action in splunk APP

Splunk SOAR

Are you a member of the Splunk Community?

Discussions