Without customizing container status within Phantom, what are the three types of status for a container?
Seventy can be set during ingestion and later changed manually. What other mechanism can change the severity or a container?
An active playbook can be configured to operate on all containers that share which attribute?
A filter block with only one condition configured which states: artifact.*.cef .sourceAddress !- , would permit which of the following data to pass forward to the next block?
A user has written a playbook that calls three other playbooks, one after the other. The user notices that the second playbook starts executing before the first one completes. What is the cause of this behavior?
When analyzing events, a working on a case, significant items can be marked as evidence. Where can ail of a case's evidence items be viewed together?
Which app allows a user to send Splunk Enterprise Security notable events to Phantom?
During a second test of a playbook, a user receives an error that states: 'an empty parameters list was passed to phantom.act()." What does this indicate?
When assigning an input parameter to an action while building a playbook, a user notices the artifact value they are looking for does not appear in the auto-populated list.
How is it possible to enter the unlisted artifact value?
What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?
A customer wants to design a modular and reusable set of playbooks that all communicate with each other. Which of the following is a best practice for data sharing across playbooks?
To limit the impact of custom code on the VPE, where should the custom code be placed?
Splunk user account(s) with which roles must be created to configure Phantom with an external Splunk Enterprise instance?
What metrics can be seen from the System Health Display? (select all that apply)
When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user discovers that they need to be able to run two different on_poll searches. How is this possible
When the Splunk App for SOAR Export executes a Splunk search, which activities are completed?
When writing a custom function that uses regex to extract the domain name from a URL, a user wants to create a new artifact for the extracted domain. Which of the following Python API calls will create a new artifact?