Splunk SOAR

playbook id changes all the time

meshorer
Path Finder

hi,

I see that playbooks ID keep changing all the time.

can anyone explain the reasons to it?

 

 

thank you,

 

Daniel

 

 

Labels (1)
0 Karma
1 Solution

phanTom
SplunkTrust
SplunkTrust

@meshorer Understood but I am just wondering that you mean by tracking as the system "tracks" them. 

Yes there is a rest call to find the name based on the id:

xxx/rest/playbook/<id>/name

If you need to find an ID based on the name then you can also:

xxx/rest/playbook?_filter_name="<name>"

-- Happy SOARing! Please mark as a solution for future readers if it resolved your issue. --

View solution in original post

0 Karma

phanTom
SplunkTrust
SplunkTrust

@meshorer whenever you update a playbook it will save with a different id to enable version control. 

Is something about it changing the id causing you some issues in automation (or other places)?

0 Karma

meshorer
Path Finder

@phanTom , thank you.

it is a bit difficult to keep track all the ID's, but I learned there is a rest query to get the name of the playbook from it's ID.

 

0 Karma

phanTom
SplunkTrust
SplunkTrust

@meshorer Understood but I am just wondering that you mean by tracking as the system "tracks" them. 

Yes there is a rest call to find the name based on the id:

xxx/rest/playbook/<id>/name

If you need to find an ID based on the name then you can also:

xxx/rest/playbook?_filter_name="<name>"

-- Happy SOARing! Please mark as a solution for future readers if it resolved your issue. --

0 Karma

meshorer
Path Finder

"tracks" meaning that I plan to monitor logs to fire an alert when for example a playbook fails to execute.
in that case, I would probably need to identify which is the failing playbook by it's ID.

I have posted a new question about it 🙂

thank you

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...