When creating your API Client in Cisco Threat Response it must have the following scopes
To get a verdict from Threat Response:
... | table <field> | threatresponse verdict = <field>
To get targets from Threat Response:
... | table <field> | threatresponse targets = <field>
To get verdicts of observables from multiple fields from Threat Response:
... | eval <new_field_name> = <first_field>." ".<second_field> | table <new_field_name> | threatresponse verdict=<new_field_name>
Fixed problem with selecting nonexistent values
Added support for new types of observables
Fixed problem with KeyError for 'end_time'
- Added response indexing
- Added Dashboards
- Added ```target``` command
- Added workflow action to open an Investigation in Threat Response
- Alerts uses when API client is missing a needed scope
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.