Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Deleting Custom List Items

CS_
Path Finder
‎06-21-2022 06:28 AM

In a playbook, I have a decision tree.

If option A -> Check List -> If Value Exists in custom list -> Do Nothing

Else If Option b -> Check list -> If Value Exists in custom list -> Delete that list entry.

Checking in the SOAR Phantom app actions, I see several options for lists, but no option to "remove/delete listitem" (see attached pic)


How do I go about deleting items from a Custom List?

Thanks!

(SOAR Cloud 5.3.1)

 

 

Labels (2)
Preview file
28 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
‎06-21-2022 06:37 AM

@CS_ 

There is an API to perform this in a code block or custom function:

https://docs.splunk.com/Documentation/SOAR/current/PlaybookAPI/DataManagementAPI#delete_from_list 

Otherwise you can rebuild the list without the value(s) and then use set_list to overwrite: 

 https://docs.splunk.com/Documentation/SOAR/current/PlaybookAPI/DataManagementAPI#set_list 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
‎06-21-2022 06:37 AM

@CS_ 

There is an API to perform this in a code block or custom function:

https://docs.splunk.com/Documentation/SOAR/current/PlaybookAPI/DataManagementAPI#delete_from_list 

Otherwise you can rebuild the list without the value(s) and then use set_list to overwrite: 

 https://docs.splunk.com/Documentation/SOAR/current/PlaybookAPI/DataManagementAPI#set_list 

0 Karma
Reply
Solved! Jump to solution

CS_
Path Finder
‎06-21-2022 06:41 AM

@phanTomAs always, you've dropped the perfect answer. Many thanks!

I'll give this a try (from the first URL you provided)

phantom.delete_from_list(list_name=None, value=None, column=None, remove_all=False, remove_row=False)

 

Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...