Hello All! I'm just starting with Phantom and having a hard time creating "reusable code". To give an example, I have a sequence of 3 actions which will be commonly seen in my playbooks: 1. Format...
See more...
Hello All! I'm just starting with Phantom and having a hard time creating "reusable code". To give an example, I have a sequence of 3 actions which will be commonly seen in my playbooks: 1. Format a splunk query 2. Run the splunk query 3. Format the output to fit my needs based on an input parameter Since these same 3 steps are commonly seen in playbooks, it would make sense to put them into some reusable format. My first thought was to take the code for these 3 actions and put it in a custom function, but they don't allow calls to phantom.act, so that doesn't work. My second thought was a playbook, which could be used as a sub-playbook. However, sub-playbooks don't have inputs/outputs, so that's not a good option. If I did go the sub-playbook route, I could use something like "save_object", but that still requires me to do almost as much work within my playbook to give input to and get output of my "sub-playbook", which defeats the purpose. Did anyone else struggle with this? Is there something I'm missing that could help me with this use case?