Splunk SOAR

Community Activity

Symantec Enpoint Protection 14 Phantom App While I was checking the SEP 14 Phantom app, 'test connectivity' was working fine, but when it comes to 'Scan endpoin... by ansusabu Communicator in Splunk SOAR 11-30-2020 1 3	1	3
AWS Guardduty App S3 Details Issue The AWS Gaurdduty app from Splunk is not pulling in S3 details, when they normally are included in Gaurdduty alerts.N... by splkphntmuser New Member in Splunk SOAR 10-23-2020 0 0	0	0
Create Ingest Action in Phanto App Hello,I'm trying to develop my first Phanto APP using the wizard. The integration is like a ticketing system and I wa... by jpferrero Engager in Splunk SOAR 10-22-2020 0 2	0	2
Shodan app for Phantom I am trying to configure the Shodan app for Phantom. In the account settings, the only field to set is the Shodan API... by AlexBryant Path Finder in Splunk SOAR 10-21-2020 0 0	0	0
Microsoft LDAP Phantom App Hi,We are trying to retrieve configuration both for AD and LDAP using the "Microsoft LDAP App" for Phantom using a ne... by danieldelacasa Explorer in Splunk SOAR 10-19-2020 1 5	1	5
How to run a playbook triggered by a Windows service information stopping? Hi, Here is my scenario: There are many Windows servers where the Windows service information is flowing to my Splunk... by barisaydogmusog Loves-to-Learn in Splunk SOAR 10-07-2020 0 1	0	1
Connectivity Issue between Splunk Phantom and Splunk Enterprise - runquery action doesn't return any data Hello everyone I need help with using Splunk App in Phantom.I am trying perform searches for Splunk in Phantom, every... by d4wc3k Path Finder in Splunk SOAR 09-29-2020 0 8	0	8
Phantom app for Dell Secure works? Is anyone working on a Phantom App for Dell Secure works? I was going to start trying to work through the Rest API fu... by tvwhipple New Member in Splunk SOAR 09-29-2020 0 4	0	4
Filtering via custom function return I'm attempting to use the address_in_network function to compare results of a Splunk query against a custom list, and... by alexgkirk Explorer in Splunk SOAR 09-23-2020 0 3	0	3
Accessing JSON object with dot in name I'm attempting to access a value returned from a previous block that performed a Splunk query, returning a field name... by alexgkirk Explorer in Splunk SOAR 09-21-2020 1 5	1	5
Phantom: Asset environment variables Once the asset environment variables have been created (mySpecificKey -> mySpecificValue), how do I access these valu... by nhammSplunk Explorer in Splunk SOAR 09-18-2020 1 5	1	5
Phantom integration with Microsoft LDAP I have a problem with integration of Phantom with Active Directory. When I try to test connectivity with "Microsoft L... by waleksandrowski New Member in Splunk SOAR 09-18-2020 0 10	0	10
Phantom 4.1 startup error Dear Team,I am karthik from prudential singapore, our Phantom UAT server suddenly goes down.when we attempt to restar... by karthikes New Member in Splunk SOAR 09-18-2020 0 2	0	2
Can you call a phantom action from a different app? The scenario is that I want to wrap around an existing app (ServiceNow) that make it easier for analysts to use manua... by gf13579 Communicator in Splunk SOAR 09-16-2020 0 2	0	2
How to create loop in Phantom playbook to check for changes in container owner value? I am wanting to kick off a playbook when the container owner value changes from NULL to Not NULL. So far I have creat... by fhq New Member in Splunk SOAR 09-16-2020 0 3	0	3
C901 While compiling and installing the Splunk phantom Application which I have developed, I am getting an error with erro... by chandraprathi Explorer in Splunk SOAR 09-16-2020 0 8	0	8
How can I update function in Phantom to handle potential phish email message (getting body parsing error)? When parsing the email message body for inclusion in the ticket in Jira, parsing fails on special characters or non-A... by brandylee1993 Explorer in Splunk SOAR 09-16-2020 0 1	0	1
What is best practice for the HEC endpoint(s) for the "Phantom Remote Search" app in a clustered environment? What is best practice for the HEC endpoint(s) for the "Phantom Remote Search" app in a clustered environment?Per the ... by jeffrey_berry Path Finder in Splunk SOAR 09-16-2020 0 1	0	1
Markdown in add_task API function Phantom 4.9 supports Markdown notes and it is possible to add markdown note using GUI. But how to use markdown with t... by Izzet New Member in Splunk SOAR 09-16-2020 0 1	0	1
Getting error when trying to check if IP is local and make two separate queries to the CrowdStrike app. Hi everyone, It might me a silly question  The simplified case. 3 artifacts within the event with 3 different IP add... by Izzet New Member in Splunk SOAR 09-16-2020 0 1	0	1
Phantom \| Splunk search does not appear in the result Hi all,I created a playbook that runs a Splunk search query and I can see in the playbook's debugger and in the event... by Augliv Loves-to-Learn in Splunk SOAR 09-16-2020 0 1	0	1
Phantom Add Artifact Error - source_data_identifier Hello, whenever I try to add a new artifact I got the following errorphantom.act(): 'add_artifact_1' cannot be run on... by linuts Engager in Splunk SOAR 09-16-2020 0 1	0	1
Phantom Decision Filter Hello,I have a playbook that is currently in production and I don't want to randomly test it without asking the quest... by tbrown110 New Member in Splunk SOAR 09-16-2020 0 1	0	1
Is it impossible to use Phantom's ibackup on a warm standby server? I've configured a pair of Phantom servers to use warm standby. As per the documentation, I ran ibackup.pyc --setup af... by gf13579 Communicator in Splunk SOAR 09-16-2020 0 3	0	3
Splunk Phantom Can one use Splunk phantom for auto-remediation?What real-life use cases are applicable to the use of Phantom? by rhugo Observer in Splunk SOAR 08-31-2020 0 1	0	1