I have a usecase configured in Splunk and we are getting multiple events in phantom at the same time. When I try to run a playbook, only one event runs an action block and the rest of the events t...
Hello,
I am trying to find a native solution in order to monitor the execution of a Phantom Playbook. In case one of the actions fail, or a specific message/data is returned by a custom function, d...
Due to some oddities of our environment, my team needs default fields in order to run some playbooks automatically. We've built these fields into the notable events which get sent over from Splunk. H...
...an run this playbook on all of the events in the source as I can only select 50 at a time. If someone could point me in the right direction to run this playbook on all of the events in the source t...
hello all! is there a default time that events (containers/cases) are stored in the SOAR server to approach to? and if so, can I change the time? @phanTom Thank you in advance
Using SOAR export app in Splunk, we are pulling certain alerts to SOAR. Depending on the ip, the artifacts are grouped to a single container. Now I need to create 1 ticket for each container using playbook...
Hi all, I have a stream of events which come in to SOAR. When the event is loaded in SOAR, a playbookruns against it automatically - and this calls an App action, which completes s...
Hi All, Is there a way to simultaneously/bulk respond to multiple notifications generated by prompt actions, or an admin override to dismiss prompts and allow a playbook to move on to a next s...
I have multiple artifacts and there is a check box beside it. Is there a datapath to access the currently selected artifact? Or perhaps a means to select it and ONLY runplaybook or actions on the s...