Splunk SOAR

Community Activity

Markdown in add_task API function Phantom 4.9 supports Markdown notes and it is possible to add markdown note using GUI. But how to use markdown with t... by Izzet New Member in Splunk SOAR 09-16-2020 0 1	0	1
Getting error when trying to check if IP is local and make two separate queries to the CrowdStrike app. Hi everyone, It might me a silly question  The simplified case. 3 artifacts within the event with 3 different IP add... by Izzet New Member in Splunk SOAR 09-16-2020 0 1	0	1
Phantom \| Splunk search does not appear in the result Hi all,I created a playbook that runs a Splunk search query and I can see in the playbook's debugger and in the event... by Augliv Loves-to-Learn in Splunk SOAR 09-16-2020 0 1	0	1
Phantom Add Artifact Error - source_data_identifier Hello, whenever I try to add a new artifact I got the following errorphantom.act(): 'add_artifact_1' cannot be run on... by linuts Engager in Splunk SOAR 09-16-2020 0 1	0	1
Phantom Decision Filter Hello,I have a playbook that is currently in production and I don't want to randomly test it without asking the quest... by tbrown110 New Member in Splunk SOAR 09-16-2020 0 1	0	1
Is it impossible to use Phantom's ibackup on a warm standby server? I've configured a pair of Phantom servers to use warm standby. As per the documentation, I ran ibackup.pyc --setup af... by gf13579 Communicator in Splunk SOAR 09-16-2020 0 3	0	3
Splunk Phantom Can one use Splunk phantom for auto-remediation?What real-life use cases are applicable to the use of Phantom? by rhugo Observer in Splunk SOAR 08-31-2020 0 1	0	1
How can I close a Notable from Phantom? I'm trying to close a Notable in ES from Phantom. I'm using the update event action from the Splunk app (v1.3.41) but... by gf13579 Communicator in Splunk SOAR 08-19-2020 0 3	0	3
New registration link to activate account with Phantom Community Hi. My request to join the Phantom Community was approved, however the link I was provided has since expired and I ca... by brycekaline Engager in Splunk SOAR 08-18-2020 1 1	1	1
How to troubleshoot playbook issue where the wrong raw log is being included in the ticket? How can I Troubleshoot playbook issue where the wrong raw log is being included in the ticket.For example, where tick... by brandylee1993 Explorer in Splunk SOAR 08-05-2020 0 1	0	1
FireEye HX integration with Phantom I can't quarantine device by automation. Action "set quarantine approved" failed. Message:Error from server. Status ... by waleksandrowski New Member in Splunk SOAR 08-04-2020 0 0	0	0
Why don't I see Splunk events for containers with Phantom-ingested emails? If I try to search phantom container events by label, status or several other fields, I don't see events relating to ... by gf13579 Communicator in Splunk SOAR 07-29-2020 0 1	0	1
Recommendations for naming conventions and organization of playbooks in Phantom? I'm very new to Phantom. Can someone provide some guidance or advice for naming playbooks and what has worked or hasn... by willhart802 Engager in Splunk SOAR 07-23-2020 0 2	0	2
Getting connectivity error about enabling cookie support when using Phantom Talos Intelligence App v1.0.1. Dear All, I'm testing Splunk Phantom using the Community Edition to evaluate this product that seems great. Configuri... by LouisdesVaux New Member in Splunk SOAR 07-21-2020 0 0	0	0
About to install Splunk Phantom Community Edition Good morning, I woud like to test Splunk Phantom Community Edition in my home lab. When I try to install it following... by clopmz Explorer in Splunk SOAR 07-09-2020 1 4	1	4
Why might the LDAP Get Users action not return all members? When I run Get Users against the group named G-SomeGroup it returns just 1 result. The group contains 3 membersI can ... by gf13579 Communicator in Splunk SOAR 06-23-2020 0 0	0	0
How to create event for Okta in Phantom. Hi, I am using Phantom to solve login issue in Okta. If a user is facing login issue in Okta, then I want to create a... by prakashbesra New Member in Splunk SOAR 06-10-2020 0 1	0	1
Problem: Trying to create auth tokens Not sure why I get stuck with a "Loading" screen. Latest version of Splunk.What am I missing? by garciajd123 New Member in Splunk SOAR 06-10-2020 0 2	0	2
Phantom's builtin Splunk app errors out when updating Notable Events in ES I just recently completed the Phantom Admin and Playbook Development training and am in the process of using what I'v... by williamchenyp Explorer in Splunk SOAR 05-29-2020 0 2	0	2
change index value based on the dropdown selection So as per the Daily and Monthly selection index has to vary Daily = index1Monthly=index2 Thanks in Advance! <fieldset... by kavyakanne Engager in Splunk SOAR 05-17-2020 0 4	0	4
EWS for Office 365 encoding error "unknown encoding: windows-874" We're receiving this error from an email that it is unable to process Apr 30 16:34:37 splunk-phantom01-nonprod SPAWN[... by aocvy Engager in Splunk SOAR 05-04-2020 0 0	0	0
How to get incident details from Cherwell using Phantom playbook ? Phantom and Cherwell are integrated. I am planning to create a playbook that fetches the incident details assigned to... by mkrishnan Engager in Splunk SOAR 05-01-2020 0 1	0	1
Unable to configure additional Phantom App repo We want to deliver app updates to Phantom automated via git, we do not want to upload a new app each time one is upda... by aocvy Engager in Splunk SOAR 05-01-2020 0 3	0	3
Configuring App - Error - Missing required fields secrect,key Hi,I am installing an App and fill out the required information under Asset Info and Asset settings. Under Asset sett... by akg12106 New Member in Splunk SOAR 04-20-2020 0 4	0	4
Forwarding Splunk events to Phantom automatically Hi , I have integrated splunk with Phantom and can send the events to phantom by clicking on send to Phantom button. ... by rishma Explorer in Splunk SOAR 04-16-2020 0 6	0	6