Splunk SOAR (f.k.a. Phantom)

I was wondering if any of you had a cheat sheet to make playbooks to help automate my job for beginners.

robgray8430
New Member

So pretty much,

-Grabs the list of all vulnerabilities from big fix and/or tenable
-get subnets of the modes we will need to pull vulnerabilities from BigFix
-Have the returned list filter out ones for specific modes or either have the program use another program that does that task

-After all the list are sent to their respected Actions well have the program run the DNS, whois, and BigFix FISMA ID query tools

After all these tasks are completed we would like for Phantom to create a report of the findings and send them to our distro list.

"it would be broken down into individual reports that we can use to add to a remedy ticket"

Labels (2)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...