×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
saiiman
Engager
Member since: ‎03-10-2022
‎07-05-2022
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎03-10-2022
View All

Is the Splunk SOAR Community Edition different tha...

by in Splunk SOAR
‎06-09-2022 07:12 AM
1 Karma
‎06-09-2022 07:12 AM
1 Karma
Hi all, I have been working with Splunk SOAR Community Edition for some time. Now I am wondering how the, is it called Enterprise Version?!, differs from the Community Version. Unfortunately I have not found any documentation on this. Could someone provide me with some information? Thanks a lot simon   ... View more

Re: Playbook trigger based on different labels

by in Splunk SOAR
‎05-05-2022 11:21 PM
‎05-05-2022 11:21 PM
Hi, your suggestion to flip the label fits for me. I think this is the most elegant solution to manage different types of alarms from one source. Thank you for your help. ... View more

How to create Playbook trigger based on different ...

by in Splunk SOAR
‎05-05-2022 02:49 AM
‎05-05-2022 02:49 AM
Hi all, I am using Splunk SOAR Community Edition and have a general question on how to correctly trigger a playbook. I am thinking of a scenario where an external alert from a SIEM like qRadar or Elastic should trigger a playbook. For example, a bruteforce alert should trigger a bruteforce playbook, a portscan alert should trigger a portscan playbook, and so on. Unfortunately, it is only possible to assign the same labels to all incoming SIEM alerts. Based on these labels a playbook is then executed. Is there any way to assign the labels based on the type (e.g. a field of the alarm) of the incoming alarm or to solve the difference between alarms in another way? As a workaround, I was thinking of a "general" playbook that distributes incoming alerts to specific playbooks. But is that really the best way to solve the problem? I'm looking forward to some ideas or hints. Thank you very much in advance. kind regards  simon ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-05-2022 04:21 AM
Karma from
View All