cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
JackTheRipper
Loves-to-Learn
Member since: ‎12-09-2023
‎01-17-2024
Community Statistics
Posts 6
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-09-2023
View All

Re: Filter/Decision block from within an Input pla...

by in Splunk SOAR (f.k.a. Phantom)
‎01-17-2024 10:31 AM
‎01-17-2024 10:31 AM
what you said doesnt make sense, in the end I can only choose one variable to return so all of the custom blocks must share the same variable, change it on -the-fly depends on the passed result. sure you can use a custom function e.g passthrough for that but that seems so unnecessary for such a simple task,  thanks anyways I understand the only solutions arent quite built-in  ... View more

Re: Filter/Decision block from within an Input pla...

by in Splunk SOAR (f.k.a. Phantom)
‎01-17-2024 09:01 AM
‎01-17-2024 09:01 AM
I didnt quite understand what you mean, you are saying for example the input will return the OU of the domain computer and then in automation playbooks I filter it based on the value? if yes, that kinda defeats the purpose of input playbooks? ... View more

Re: Filter/Decision block from within an Input pla...

by in Splunk SOAR (f.k.a. Phantom)
‎01-17-2024 08:06 AM
‎01-17-2024 08:06 AM
custom code block? we are talking about an app action it may vary and a custom code block is not suitable here without further interactions -_- also what if there are 10 different paths, filter/decision simply should result in what path was derived from the condition... just like in ansible ... View more

Re: Filter/Decision block from within an Input pla...

by in Splunk SOAR (f.k.a. Phantom)
‎01-17-2024 07:24 AM
‎01-17-2024 07:24 AM
the filter/decision blocks doesnt have an output variable that tells you which route it took natively that you can use as a result...  ... View more

Re: Is it possible to add custom fields to a splun...

by in Splunk SOAR (f.k.a. Phantom)
‎12-09-2023 02:34 PM
‎12-09-2023 02:34 PM
Have you thought about using the container API? phantom.add_artifact(container=None, raw_data=None, cef_data=None, label=None, name=None, severity=None, identifier=None, artifact_type=None, field_mapping=None, trace=False, run_automation=False)   ... View more

Filter/Decision block from within an Input playboo...

by in Splunk SOAR (f.k.a. Phantom)
‎12-09-2023 02:27 PM
‎12-09-2023 02:27 PM
Hey, consider a scenario where you want to create a reusable input playbook that takes advantage  of the condition blocks such as Filter&Decision.  For example, an input playbook that receives an ip_hostname, then queries AD over LDAP to check whether the ip_hostname is in a specific OU. that would be easily achievable using Filter/Decision normally, but since its in an input playbook, I haven't seen any output parameters that u can then use as in a main playbook to find out whether the condition was true or false.  Thanks in advance ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-17-2024 10:45 AM