Hello,
I am trying to integrate Splunk and Resilient and faced with the following problem:
in adaptive response I have mapped all required and interesting fields to be send to Resilient. After event is triggered - only raw data comes to SOAR. I have checked no errors on splunk side.
On Resilient side there was error, but I have also fixed it - no luck
com.co3.domain.exceptions.FieldsRequiredException: The following fields are required: 'cs_cloud_url','cs_sensor_id'
com.ibm.resilient.common.domain.exceptions.Co3IllegalArgumentException: Incident name cannot be null/empty
Do you have any ideas why only raw data comes from splunk?
Thank you