I'm trying to use the SplunkApp for SOAR to forward logs and events from SOAR to Splunk Enterprise. The servers seem to be connected (test connectivity works) but the data (events, playbook runs e...
Hi,
I have a simple AWS environment, and want to createan EC2 instance with the SplunkSOAR (On-premises) AMI from the Amazon Marketplace running on it.
I am following these in...
I want to trigger aSplunkSOARplaybook to iterate through a list of hosts every hour and check if they are online in our EDR tool, and if they are online to display a message to the user via the E...
...witch, that goes against the nature of SOARand it's easy to miss something. It's easier to have aplaybookcreatean artifact with those fields we need. Unfortunately, the Artifact Dependency switch d...
Is it possible to run aplaybook on demand, meaning a manual trigger by an analyst such as clicking aplaybook during a workbook step? I have a use case where I want to run aplaybook, but only f...
Hi all, Does anyone know if it's possible to createa file from a field inan artifact? Scenario: We have an alert inSplunk SIEM that sends various bits of, tabulated, info to SOAR. One of the f...
Using SOAR export app inSplunk, we are pulling certain alerts to SOAR. Depending on the ip, the artifacts are grouped to a single container. Now I need to create 1 ticket for each container using playbook...
...sed by Event Forwarding process have the following additional field mappings defined: (Showing the Splunk fields mapped to the custom fields I created in Phantom)
event_id -> notableEventId s...
Hello, I'm currently exploring Splunk Phantom or SplunkSOAR. When I try to createanewplaybook or copy and save any existing playbook I'm getting the following error. Please advise. failed to c...
Has anyone else had problems connecting SOAR to CrowdStrike to ingest detections?
Our test connection is fine. We set the ingest to poll on a ten minute interval. We can see a succesful outbound c...