Fairly new to writing playbooks within Phantom and so far havent found documentation for this yet: I'm trying to create an email notification (or something along those lines) whenever a playbook f...
I am working on automating some minor things and I want to add in a step to have the playbook assign the container or case to the user running the playbook.
I am currently using a rest call to g...
Hi. I need to extract container timeline events via the REST API in order to generate analyst, playbook and action timeline reports. The closest endpoint I can find is briefly mentioned in the REST...
...o have a REST query get executed from a playbook hitting the container endpoint and looking for "container_type": "case". Then you would just have a format block to populate the REST results a...
...ossible or not. I only see how to do it manually or with the rest api call app_status but no examples on how to use it within a playbook. Any help is appreciated!
Hi! We are on Splunk 7.2.0, and I am trying to automate setting up a Saved Search using an Ansible Playbook that would dump data into a Summary Index. What's odd is that I can get everything to w...
Hi
I'm running REST queries to retrieve containers that need to be reprocessed in function of the values of some of their artifacts values. My approach is querying the artifacts REST endpoint in t...
Hi, I am totally new to Splunk and phantom. Please help me with the below idea. I want to create a Phantom playbook that takes data from a splunk alert and then posts the data to a REST api. Is t...
I have a usecase configured in Splunk and we are getting multiple events in phantom at the same time. When I try to run a playbook, only one event runs an action block and the rest of the events t...