Hi There, Below is the logic I am trying to achieve: Perform enrichment on a list of host via information extraction using a Spunk's run query action. The resulting results will then be added as a...
Hi All,
We are running an Splunkaction - run query (search) on a Phantom playbook which is active on every event coming on to phantom. However, at times the action - run query (search) fails w...
I tried to run adaptive response actions from the Incident Review page inSplunk ES to send a notable event to SplunkPhantom, the notable event is sent but there is no artifact on the container t...
Hello, I am implementing some actionsin the S1 app for Splunk SOAR. All actions function independently, such as 'runaction', and some work within a playbook. However, one action, when attempted w...
Phantom version 4.1.94
Splunk version 6.6.5
SplunkPhantom App 2.5.23
ES version 4.7.1
When go to Splunk ES Notables, there also not able to see "Send to Phantom" actionin "Run Adaptive R...
InSplunk ES, under the alert actions for saved searches, there are 2 options for sending alerts to Phantom.
Send to PhantomRun Playbook inPhantom
For some reason the "Send to Phantom...
