A collection of files to store locally to develop your Splunk Phantom applications and playbooks in your favorite IDE. This enables fun quality-of-life features like linting, tool tips, type casting, and documentation, all within your IDE.
Plase the phantom folder inside the working directory for your app or playbook. When creating your tarball package, exclude it from the files:
tar --exclude "phantom" --exclude "encryption_helper.py" -czvf ".\phMy-App.tar.gz" ".\phMy-App"ActionResult classBaseConnector classVault classphantom.json?The content of this JSON is the output of the following code ran inside a phantom app:
from phantom import vault
from phantom.vault import Vault
import phantom.app as phantom
import phantom.rules as phanrules
from phantom.action_result import ActionResult
from phantom.base_connector import BaseConnector
def get_attributes(object: Any) -> dict:
output = {}
for o in dir(object):
if f"{o}".startswith("__"):
continue
attr = getattr(object, o)
if callable(attr):
try:
output[f"{o}"] = f"function{inspect.signature(attr)}"
except:
output[f"{o}"] = "uninspectable callable"
else:
output[f"{o}"] = f"({type(attr)}) {attr}"
return output
def get_phantom_contents() -> dict:
input = {
"phantom.app": phantom,
"phantom.rules": phanrules,
"phantom.vault": vault,
"ActionResult": ActionResult,
"BaseConnector": BaseConnector,
"Vault": Vault
}
output = {
"phantom.app": {},
"phantom.rules": {},
"BaseConnector": {},
"ActionResult": {},
"Vault": {}
}
for key, item in input.items():
output[key] = get_attributes(item)
return output