Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

SOAR Custom Function - check_cached_data- Does anyone know the status of Ian Forrest's Custom Function?

mark_wymer
Path Finder
‎04-13-2022 12:29 AM

Hi everyone,

I just watched an excellent demo / tutorial ( https://my.phantom.us/video/78/ ) by someone called Ian Forrest. During the video ( at about 45 minutes ) he demo's an excellent Custom Function that looks in the cached SOAR internals for the cached results from previous executions of a specific app/action.

He did mention that this was a 'work in progress' and I can't find this CF in Community Hub nor on Github anywhere. 

Does anyone know what the status of his Custom Function is?

Cheers,
Mark.

Labels (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
‎04-13-2022 01:56 AM

@mark_wymer hope you are well?! 

I was lucky enough to be on one of the calls and managed to get the CF off Ian at the time. It's still python 2.7 so may need a tweak but should give you an idea of the logic anyway. 

Unfortunately I can't seem to attach .tgz so I have pinged you a direct message for your email so I can send it to you. 

I would also say that I hope this capability will be available in future releases as a "baked in" capability but no idea if/when so in the mean time take a look and see if you can use the attached.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
‎04-13-2022 01:56 AM

@mark_wymer hope you are well?! 

I was lucky enough to be on one of the calls and managed to get the CF off Ian at the time. It's still python 2.7 so may need a tweak but should give you an idea of the logic anyway. 

Unfortunately I can't seem to attach .tgz so I have pinged you a direct message for your email so I can send it to you. 

I would also say that I hope this capability will be available in future releases as a "baked in" capability but no idea if/when so in the mean time take a look and see if you can use the attached.

0 Karma
Reply
Solved! Jump to solution

mark_wymer
Path Finder
‎04-13-2022 03:14 AM

Thanks for getting back to me Tom. I've dropped you a PM in return.

Cheers,
Mark.

0 Karma
Reply
Solved! Jump to solution

adriaanvermaak
Observer
‎12-30-2022 02:45 AM

Hi There,

 

would you be able to share this custom function ? 

In need of utilising this function to stop re-checking previous actions.

Much appreciated

 

Adriaan

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...