cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Izzet
New Member
Member since: ‎08-12-2020
‎09-23-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-12-2020
Activity Feed
View All

Markdown in add_task API function

by in Splunk SOAR
‎08-14-2020 05:58 AM
‎08-14-2020 05:58 AM
Phantom 4.9 supports Markdown notes and it is possible to add markdown note using GUI. But how to use markdown with the add_task API function? Like  phantom.add_task(container=None, name=None, owner=None, role=None, trace=False) By default it doesn't recognize markdown and just pastes a note as a raw text.  ... View more
Labels

Getting error when trying to check if IP is local ...

by in Splunk SOAR
‎08-12-2020 02:15 AM
‎08-12-2020 02:15 AM
Hi everyone, It might me a silly question 🙂 The simplified case. 3 artifacts within the event with 3 different IP addresses: 192.168.0.1 192.168.0.2 8.8.8.8 I'm trying to check if IP is local and make separate queries to the crowdstrike (it could be any other app).   Each query should use filter parameter local_ip:"{0}", so I'm using a Format gadget.       I'm getting  a error during the execution because "Format" function returns joined value: local_ip:"192.168.0.1, 192.168.0.2".  And then it launches crowdstrike app just ones with this filter. But it should be 2 different request with a separate IP address in each one. I tried to use as a filter parameter for the crowdstrike app: "format_2:formatted_data.*" - returns None "format_2:formatted_data" - returns "192.168.0.1, 192.168.0.2" as one string So, how to make 2 different requests here? Thanks. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-23-2020 01:35 PM