Name of the app
Splunk
Describe the bug
When configured to run a search in on_poll the containers/artifacts do not trigger active playbooks in the environment.
To Reproduce
Steps to reproduce the behavior:
- Install Splunk App 3.0.0 on SOAR cloud version 8.5.0.248
- Create a simple Active playbook with one action block (eg. add a comment)
- Set the playbook to Active
- Create a new asset for the Splunk App
- Configure it to run a search on poll (eg.
earliest=-1h index=notable | head)
- Confirm that your test playbook is Active
- Run the
poll now
- A new container should be created with an artifact
- Check the activity pane and confirm that the playbook was not started.
Expected behavior
Created artifacts should be set with run_automation=True
Screenshots
Active Playbook
playbook is not activated
Splunk SOAR Version (please complete the following information):
- Splunk Cloud: 8.5.0.248
- App Version : 3.0.0
Additional context
None
Name of the app
Splunk
Describe the bug
When configured to run a search in on_poll the containers/artifacts do not trigger active playbooks in the environment.
To Reproduce
Steps to reproduce the behavior:
earliest=-1h index=notable | head)poll nowExpected behavior
Created artifacts should be set with run_automation=True
Screenshots
Active Playbook
playbook is not activated
Splunk SOAR Version (please complete the following information):
Additional context
None