Due to some oddities of our environment, my team needs default fields in order to run some playbooks automatically. We've built these fields into the notable events which get sent over from Splunk. H...
I've created an alert inSplunk Enterprise and used the SplunkSOAR / Phantom plugin to call the action "RunaplaybookinSplunkSOAR". So far so good. Alert fires, it gets forwarded over to SOAR. SOAR...
I want to trigger aSplunkSOARplaybook to iterate through a list of hosts every hour and check if they are online in our EDR tool, and if they are online to display a message to the user via the E...
Is it possible to runaplaybook on demand, meaning a manual trigger by an analyst such as clicking aplaybook during a workbook step? I have a use case where I want to runaplaybook, but only f...
Hi Team, is it possible to update/enrich a notable after executing aplaybookinsplunksoarand that execution output must be attached in the Splunk notable. Example: Assume I h...
...check the debug log, I can see the loop checking against all of the artifacts in the container except for the one I am creating via custom function. We have multiple playbooks that do this, but t...
I installed the SplunkApp for SOAR Export app on Splunk, and I can see two alert options in manage alerts, namely 'RunPlaybookinSOAR' and 'Send to SOAR'. However, when I go to add an alert a...
I just recently completed the Phantom Admin and Playbook Development training and am in the process of using what I've learned to setup Phantom to be the SOAR platform for notable events generated in...
Has anyone else had problems connecting SOAR to CrowdStrike to ingest detections?
Our test connection is fine. We set the ingest to poll on a ten minute interval. We can see a succesful outbound c...
Hi, I'm trying SplunkSOAR Community Edition, and I'm having an issue with the Elasticsearch app. I'm attempting to configure the asset with my Elasticsearch instance. The test connectivity is g...