Hello,
We currently utilize the Windows Defender ATP v 3.6.0 app in our SplunkSOAR Cloud instance. I've discovered that the 'run query' action utilizes an outdated advancedqueries api e...
I've created an alert inSplunk Enterprise and used the SplunkSOAR / Phantom plugin to call the action "Run a playbook inSplunkSOAR". So far so good. Alert fires, it gets forwarded over to SOAR. SOAR...
Hello, I'm just having a bit of difficulty differentiating between Splunk Enterprise, ITSI, SOAR, UBA, and Enterprise Security. It seems like they all do similar things. Do they a...
Hi Team! I was under the impression (mistakenly most likely) that if we did not own SplunkSOAR (which we don't) that there would still be a limited amount of SOAR functionality available in P...
I installed the Splunk App for SOAR Export app on Splunk, and I can see two alert options in manage alerts, namely 'Run Playbook inSOAR' and 'Send to SOAR'. However, when I go to add an alert action...
Hi, I'm trying SplunkSOAR Community Edition, and I'm having an issue with the Elasticsearch app. I'm attempting to configure the asset with my Elasticsearch instance. The test connectivity is g...
I just recently completed the Phantom Admin and Playbook Development training and am in the process of using what I've learned to setup Phantom to be the SOAR platform for notable events generated in...
...bsp; You will be linked into the integrated SOAR UI in order to build playbooks and configure connectors. Most existing SOAR playbooks will work when run via Mission Control. SOAR Playbooks will need t...
...equired to set up an endpoint inside your network. If you have both Splunk Enterprise and Splunk Cloud Platform, you can runan on-premises search head to support searches that require alert actions. F...