Here is my scenario:
There are many Windows servers where the Windows service information is flowing to my Splunk enterprise. There is also a Phantom instance available.
I would like to run a playbook on phantom once a given service’s status is “stopped”.
Would you please share me if there a documentation or sample playbook to achieve it.
... View more