• 日期: 2024-07-28
  • 标签: 常规

To get specific artifact data in Splunk Phantom using a playbook, follow these steps:

  1. Start by creating a new playbook in Splunk Phantom.

  2. Select the 'Artifact' action from the available actions list, and then choose the artifact type that you want to retrieve data for.

  3. In the 'Inputs' section of the Artifact action, add any filters or search criteria that you want to use to narrow down the data that you're retrieving.

  4. Next, add an 'Output' action to the playbook and select the type of output you want to use. This could be a notification, an email, or a log message.

  5. In the 'Inputs' section of the Output action, add any relevant data or information that you want to include in the output message.

  6. Save and run the playbook. The specific artifact data that you requested will be retrieved and displayed in the output message that you defined.

Splunk Phantom Playbook: Retrieving Specific Artifact Data

原文地址: https://www.cveoy.top/t/topic/n6sm 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录