Splunk® Enterprise Security

Administer Splunk Enterprise Security

Create custom functions for Splunk SOAR playbooks

Use custom functions to expand the functionality of your playbooks. With custom functions and your Python skills, you can add to the kinds of processing performed in a playbook, such as applying string transformations, parsing a raw data input, or calling a third-party Python module. You can also customize the way custom functions can interact with the REST API. You can share custom functions across your team and across multiple playbooks to increase collaboration and efficiency.

To create custom functions, you must have Edit Code permissions.

See also

For details on creating and using custom functions, see Add custom code to your Splunk SOAR (Cloud) playbook with a custom function in the Build Playbooks with the Playbook Editor documentation.

Last modified on 14 June, 2024
Create custom lists for Splunk SOAR playbooks   Configure forwarders to send Splunk SOAR data to your Splunk deployment

This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters