Skip to content

sodle-splunk/obs-1425b-supplemental-materials

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

img

img

 
 

playbook

playbook

 
 

.gitignore

.gitignore

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

Repository files navigation

Splunk .conf23 - OBS1425B - SOARing Towards IT Excellence

Supplemental materials

Authors

.conf Talk Recording

https://conf.splunk.com/watch/conf-online.html?search=obs1425b#/

Example Playbook

Screenshot of Playbook

This playbook demonstrates the ability of Splunk SOAR to automatically handle a "Disk Full" episode from Splunk ITSI. It is designed to work with your orchestration layer (for example, Puppet or Ansible) to run commands on the affected host, to troubleshoot the alert condition.

Importing the playbook

  1. Compile the playbook into a tarball, by running:
make playbook
  1. In the SOAR UI, select "Playbooks" from the main menu and click the "Import playbook" button.

Import button

  1. Choose the build/obs1425b.tgz file that was generated by the build script, and upload it. Choose the source repo that you want to import it to (probably local, if this is a new SOAR instance).

Import dialog

  1. Find the newly-imported playbook in the list and open it. You can view this playbook in the Visual Playbook Editor, and adapt it to fit your needs.

Imported playbook

About

Example Splunk SOAR Playbook

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages