So assuming you have the Stix TAXII setup correctly you can see it by using the | `threat_group_intel` macros ... View more

Interesting! Which version of phantom are you running? Is it Python3 or 2? Did you move them to a pre staged class  from the application development template or did you create your own? ... View more

There are much simpler and effective ways to do this. Assuming you have ES.   Set up your asset configuration for splunk to point to ES .  You can send an event through either an automated action inside a saved search, phantom app with a saved search forwarding a specific event to an active playbook or even a adaptive response action.  All you need is to pass the ES Notable Event ID, Status and Integer and you should be able to do so.  The search provided does the job but here are other options worth considering.      ... View more

Hello Chandra,  I am not familiar with your specific error but I have encountered my set of issues with the Application Development portion. I believe this is an area that needs to be improved a bit more. That being said have you taken a look at the app development documentation. Breaking it down by section and maybe uncompiling one of the installed apps might give you an idea on what you are missing.  ... View more

Is there a clear answer for this? My use case is the following.    I want to call in an authentication header from the environment variable. Is this possible and if so how. There is not clear description here and the reference docs are not helpful.    Thanks,  ... View more