Activity Feed
- Posted Re: How to create notable manually with selected timestamp? on Splunk Enterprise Security. 10-22-2024 09:02 PM
- Posted Re: Is any Rest API or link for answer certain prompt ? on Splunk SOAR. 08-29-2024 06:21 AM
- Posted Is any Rest API or link for answer certain prompt ? on Splunk SOAR. 08-29-2024 05:56 AM
- Posted Prompt email with certain event on Splunk SOAR. 08-19-2024 08:01 PM
- Got Karma for Re: How to detect duplicate GUIDs on forwarders?. 04-28-2022 09:38 AM
- Posted Re: How to detect duplicate GUIDs on forwarders? on Deployment Architecture. 08-02-2021 12:33 AM
- Karma Re: how to export csv with BOM ? for ktc78. 02-07-2021 11:18 PM
- Karma Re: how to export csv with BOM ? for kichonei. 02-07-2021 11:18 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
10-22-2024
09:02 PM
You can use "rule_description" as the field for the above description.
... View more
08-29-2024
06:21 AM
Update. I have found I can use this API to approve. But still need username password or token T^T. curl -X POST -k -u "username:password" https://10.250.74.118:8443//rest/approval/15/responses -d "{\"responses\": [\"deny\"]}" But it showing the error that: {"failed": true, "message": "Invalid resolution. must be one of approve, deny, delegate"} Anyone know why?
... View more
08-29-2024
05:56 AM
All I learning for prompt is that I need to open broser and prompt with SOAR GUI. Is any Rest API or link available for answer prompt ? I want to pass some variable in the mail. If somebody click certain link, It will accept or reject the prompt for event "4" base on API automatically. It will reduce IT's workload!
... View more
Labels
- Labels:
-
using SOAR ⁄ Phantom
08-19-2024
08:01 PM
I have try to prompt with my email. To execute the requested action, deny or delegate, click here https://10.250.74.118:8443/approval/14. It need to enter the WEB UI and found the "certain" prompt. If I have 10000 prompt, I can not found the event related to the email rapidly. If it is possible that use rest api to post prompt decision to soar certain event?
... View more
Labels
- Labels:
-
using SOAR ⁄ Phantom
08-02-2021
12:33 AM
1 Karma
I think the SPL and the concept of Davidpaper are good. But for some reason, in my environment, it will not be able to reveal all the hidden problems. My SPL is as follows, I hope people with the same problem can give it a try. It fix my problem. index=_internal ClientSessionsManager | stats dc(hostname), values(hostname) by instanceId | sort - dc(hostname)
... View more
