Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

SOAR Custom Function - check_cached_data- Does anyone know the status of Ian Forrest's Custom Function?

mark_wymer
Path Finder
‎04-13-2022 12:29 AM

Hi everyone,

I just watched an excellent demo / tutorial ( https://my.phantom.us/video/78/ ) by someone called Ian Forrest. During the video ( at about 45 minutes ) he demo's an excellent Custom Function that looks in the cached SOAR internals for the cached results from previous executions of a specific app/action.

He did mention that this was a 'work in progress' and I can't find this CF in Community Hub nor on Github anywhere. 

Does anyone know what the status of his Custom Function is?

Cheers,
Mark.

Labels (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
‎04-13-2022 01:56 AM

@mark_wymer hope you are well?! 

I was lucky enough to be on one of the calls and managed to get the CF off Ian at the time. It's still python 2.7 so may need a tweak but should give you an idea of the logic anyway. 

Unfortunately I can't seem to attach .tgz so I have pinged you a direct message for your email so I can send it to you. 

I would also say that I hope this capability will be available in future releases as a "baked in" capability but no idea if/when so in the mean time take a look and see if you can use the attached.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
‎04-13-2022 01:56 AM

@mark_wymer hope you are well?! 

I was lucky enough to be on one of the calls and managed to get the CF off Ian at the time. It's still python 2.7 so may need a tweak but should give you an idea of the logic anyway. 

Unfortunately I can't seem to attach .tgz so I have pinged you a direct message for your email so I can send it to you. 

I would also say that I hope this capability will be available in future releases as a "baked in" capability but no idea if/when so in the mean time take a look and see if you can use the attached.

0 Karma
Reply
Solved! Jump to solution

mark_wymer
Path Finder
‎04-13-2022 03:14 AM

Thanks for getting back to me Tom. I've dropped you a PM in return.

Cheers,
Mark.

0 Karma
Reply
Solved! Jump to solution

adriaanvermaak
Observer
‎12-30-2022 02:45 AM

Hi There,

 

would you be able to share this custom function ? 

In need of utilising this function to stop re-checking previous actions.

Much appreciated

 

Adriaan

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...

Secure Your Future: Mastering Upgrade Readiness for Splunk 10

Spotlight: The Splunk Health Assistant Add-On  The Splunk Health Assistant Add-On is your ultimate companion ...

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team on ...