This field is shown when selecting custom functions inside the playbook editor. Python code that runs for the custom function when it is included in a playbook.ĭescriptive text for the custom function. This search uses REST function to query for. If you want to change the name and scm_id fields of the custom function, you need to create a copy. Splunk Phantom Playbook Integration If Splunk Phantom is also configured. Additional severity names can be defined by a Splunk Phantom administrator. Your organization might need additional levels of severity to match your business processes. Splunk Phantom ships with three predefined severity names: High, Medium, and Low. Supported methods are GET, POST, and DELETE. Because you can't update the fields, when you make a POST request, make sure to either match the name and scm_id fields in the request body, or don't include the name and scm_id fields in the request body in order for it to pass. You can manage the severities using REST. You can't update the name or scm_id fields of an existing custom function. This example JSON request shows creating the draft version of a non-draft custom function, and giving that draft version a different description.This request doesn't disable the current custom function, so it doesn't affect any playbooks using this custom function. Outputs are used for configuring downstream blocks from the custom function in the playbook editor. Inputs are used for configuring the custom function in the playbook editor. This message is used for the commit of the changed Python and metadata files to the connected repository. This field is required if the Python field is passed. This field displays when selecting custom functions inside the playbook editor. Python code that executes for the custom function when it is included in a playbook.ĭescriptive text for the custom function. This flag allows you to save invalid Python code while draft_mode is set to true. The ID for an existing repository on the system.įields for both creating and updating a custom function FieldĪ flag to mark a custom function as a draft version. The schedule just shows the correct start and end date.A unique name per repository that identifies the custom function. Please contact us if you want to know the exact teaching date and time of all the modules included in the path. The number of actual teaching days is shown as part of the price information but the modules included in the path are usually delivered over a period of 4 weeks as indicated in the schedule. It's a discounted offering including all the modules required for this path. Please Note: This is a Learning Path and NOT a course. This certification demonstrates an individual's knowledge and skills in installing and configuring a SOAR server and integrating it with Splunk, as well as planning, designing, creating, and debugging playbooks. These highly skilled individuals are proficient in complex SOAR solution development, and can integrate SOAR with Splunk as well as develop playbooks requiring custom coding and REST API usage. REST518.1Describe the capabilities of Phantom REST API18.2Use Django queries. Microsoft Security, Compliance & IdentityĪ Splunk SOAR Certified Automation Developer* installs, configures, and uses SOAR (formerly Phantom) servers and plans, designs, creates, and debugs basic playbooks for SOAR. View Splunk-Test-Blueprint-Phantom.pdf from IT SOC 301 at Ecole Nationale.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |