Activity Feed
- Posted Re: Filter/Decision block from within an Input playbook on Splunk SOAR. 01-17-2024 10:31 AM
- Posted Re: Filter/Decision block from within an Input playbook on Splunk SOAR. 01-17-2024 09:01 AM
- Posted Re: Filter/Decision block from within an Input playbook on Splunk SOAR. 01-17-2024 08:06 AM
- Posted Re: Filter/Decision block from within an Input playbook on Splunk SOAR. 01-17-2024 07:24 AM
- Posted Re: Is it possible to add custom fields to a splunk phantom container schema programmatically? on Splunk SOAR. 12-09-2023 02:34 PM
- Posted Filter/Decision block from within an Input playbook on Splunk SOAR. 12-09-2023 02:27 PM
Topics I've Started
Subject | Karma | Author | Latest Post |
---|---|---|---|
0 |
01-17-2024
10:31 AM
what you said doesnt make sense, in the end I can only choose one variable to return so all of the custom blocks must share the same variable, change it on -the-fly depends on the passed result. sure you can use a custom function e.g passthrough for that but that seems so unnecessary for such a simple task, thanks anyways I understand the only solutions arent quite built-in
... View more
01-17-2024
09:01 AM
I didnt quite understand what you mean, you are saying for example the input will return the OU of the domain computer and then in automation playbooks I filter it based on the value? if yes, that kinda defeats the purpose of input playbooks?
... View more
01-17-2024
08:06 AM
custom code block? we are talking about an app action it may vary and a custom code block is not suitable here without further interactions -_- also what if there are 10 different paths, filter/decision simply should result in what path was derived from the condition... just like in ansible
... View more
01-17-2024
07:24 AM
the filter/decision blocks doesnt have an output variable that tells you which route it took natively that you can use as a result...
... View more
12-09-2023
02:34 PM
Have you thought about using the container API? phantom.add_artifact(container=None, raw_data=None, cef_data=None, label=None, name=None,
severity=None, identifier=None, artifact_type=None,
field_mapping=None, trace=False, run_automation=False)
... View more
12-09-2023
02:27 PM
Hey, consider a scenario where you want to create a reusable input playbook that takes advantage of the condition blocks such as Filter&Decision. For example, an input playbook that receives an ip_hostname, then queries AD over LDAP to check whether the ip_hostname is in a specific OU. that would be easily achievable using Filter/Decision normally, but since its in an input playbook, I haven't seen any output parameters that u can then use as in a main playbook to find out whether the condition was true or false. Thanks in advance
... View more
Labels
- Labels:
-
development
-
using SOAR ⁄ Phantom