Setting appropriate approvals on assets can help to minimize this risk.Ī list of asset tags that help specify certain assets to be used for executing the action. For example, if you begin your deployment with a simple network-based topology and configure a perimeter firewall that supports block IP, and then add an active directory (AD) server which has an associated app that also reads block IP, that action is run on both the firewall and AD server.
If new assets or apps are added to the Splunk SOAR platform, they might run actions that you hadn't intended to run. If multiple apps provide the same action for the same product, the system automatically uses the latest installed app. If the asset is not specified, the action is run on all possible assets on which the action can be run. If the assets are configured with primary and secondary owners, the owners are required to approve an action before it can be run. Assets are a list of asset IDs, as specified when an asset is configured. If the user intends to take the action on a specific asset, it must be specified in this parameter. The name of the keys are specific to the action being taken.Ī list of assets on which the action is run. Actions include block IP, list VM, or file reputation that are supported by the apps installed on the platform.Ī list of dictionaries that contain the parameters expected by the action. The name of the action that the user intends to run.
Start_time=None, name=None, asset_type=None, Phantom.act(action, parameters=, assets=None, tags=None,Ĭallback=None, reviewer=None, handle=None,
0 kommentar(er)
