I'm using the Cisco FireAMP app to return the trajectory of an endpoint, and the data includes a list of all running tasks/files. For my test there are 500 items returned, with 9 marked as 'M...
Hello! This is probably a simple question but I've been kind of struggling with it. I'm building out my first playbook which triggers off of new artifacts. The artifacts include fields for: type, v...
I've created app action 'my_action_name' which results I can collect inplaybook just fine. phantom.collect2(container=container, datapath=["my_action_name:action_result.data"], action results=r...
...he function, I'll need to call the function again to get the updated artifact object values. The closest thing I've seen to this is the phantom.collect() API call, in which you can specifyadatapath...
I basically have a long playbook consisting of sub-playbooks. I have 5 artifacts ina container I am using, where 4 will be dropped via 4 different decision actions and posted to a Confluent topic. T...
I'm trying to get at the results of a phantom.act() action run, more specifically the Splunk HTTP app "get file" action. Something as simple as: # inside a custom c...
I'm using Splunk SOAR 5.3.3. When I add 10 outputs for aplaybook, the warning text appear "Limit 10 outputs reached".
Can I extend the limits of output in my playbook?
Hello all, is there a way to automate playbook to work only on events with specific tag? I saw inplaybook settings an option to choose tag but it stills run on every event thank you inadvance&n...
I'm running into an issue where I have multiple artifacts that are being submitted as a Splunk query. Below is my current workflow: Extract domains from URL Format Splunk query as such: '|in...