Publisher: Mhike
Connector Version: 1.0.18
Product Vendor: Mhike
Product Name: Runner
Product Version Supported (regex): ".*"
Minimum Product Version: 4.9.0
Runner schedules and executes playbooks based on generated schedule artifacts
This table lists the configuration variables required to operate Runner. These variables are specified when configuring a Runner asset in Splunk SOAR.
| VARIABLE | REQUIRED | TYPE | DESCRIPTION |
|---|---|---|---|
| https_port | optional | string | Splunk SOAR HTTPS port if your instance uses one other than 443 |
| playbook_limit | required | numeric | How many playbooks should be allowed to run per poll (default: 4) |
| cluster_base_url | optional | string | The base URL to use in a cluster environment |
| cluster_api_token | optional | password | An API token for a cluster environment |
| debug | optional | boolean | Print debugging statements to log |
test connectivity - Validate the asset configuration for connectivity using supplied configuration
schedule playbook - Create a schedule artifact for a playbook to run later
execute playbook - Execute the configured playbook immediately (Format: /)
clear scheduled playbooks - Remove all pending scheduled playbooks on a container
count runner artifacts - Returns a count of the matching runner artifacts in the current container
on poll - Execute scheduled playbooks if their delay period has expired. Smaller intervals will result in more accurate schedules
Validate the asset configuration for connectivity using supplied configuration
Type: test
Read only: True
No parameters are required for this action
No Output
Create a schedule artifact for a playbook to run later
Type: generic
Read only: False
This will add a specially formatted artifact to the container with the supplied details. This artifact will be created in a pending state. The polling action for this app will look for these pending artifacts and after the schedule time has elapsed, execute the specified playbook.
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| delay_purpose | required | A short comment on the purpose of the scheduled execution | string | |
| duration_unit | required | Units to be used for the delay duration | string | |
| delay_duration | required | How many units to delay before execution | numeric | |
| playbook | required | The playbook to execute after the delay (Format: /) | string | |
| playbook_scope | required | The scope to be applied to the playbook when executing | string | |
| artifact_id | optional | The ID of the artifact to run the playbook on (requires artifact scope) | numeric | |
| container_id | optional | The ID of the container to run the playbook on (requires a container scope) | numeric | |
| input_data | optional | An input dictionary to be used with the playbook (input playbooks only) | string |
| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
|---|---|---|---|
| action_result.parameter.delay_purpose | string | ||
| action_result.parameter.duration_unit | string | ||
| action_result.parameter.delay_duration | numeric | ||
| action_result.parameter.playbook | string | ||
| action_result.parameter.playbook_scope | string | ||
| action_result.parameter.artifact_id | numeric | ||
| action_result.parameter.container_id | numeric | ||
| action_result.parameter.input_data | string | ||
| action_result.status | string | success failed | |
| action_result.message | string | ||
| summary.total_objects | numeric | ||
| action_result.parameter.container_id | numeric | ||
| summary.total_objects_successful | numeric |
Execute the configured playbook immediately (Format: /)
Type: generic
Read only: False
This will execute the specified playbook and parameters immediately with no artifacts generated.
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| playbook | required | The playbook to execute | string | |
| playbook_scope | required | The scope to be applied to the playbook when executing. Container scopes are for containers other than the current container | string | |
| artifact_id | optional | The ID of the artifact to run the playbook on (requires artifact scope) | numeric | |
| container_id | optional | The ID of the container to run the playbook on (requires container scope) | numeric | |
| input_data | optional | A dictionary of parameters to be used with the target playbook (input playbooks only) | string |
| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
|---|---|---|---|
| action_result.parameter.playbook | string | ||
| action_result.parameter.playbook_scope | string | ||
| action_result.parameter.artifact_id | numeric | ||
| action_result.parameter.container_id | numeric | ||
| action_result.parameter.input_data | string | ||
| action_result.status | string | success failed | |
| action_result.message | string | ||
| summary.total_objects | numeric | ||
| summary.total_objects_successful | numeric |
Remove all pending scheduled playbooks on a container
Type: generic
Read only: False
This action is used to remove all pending schedule playbooks for a container. This is generally intended to be used to cancel execution if some exit criteria has been reached and any scheduled playbooks need to be suspended permanently.
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| cancellation_reason | required | A short comment on why the playbooks were cancelled | string | |
| container_id | optional | The ID of the container to cancel schedules for. If an ID is not provided, the current container is assumed | string |
| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
|---|---|---|---|
| action_result.parameter.cancellation_reason | string | ||
| action_result.parameter.container_id | string | ||
| action_result.status | string | success failed | |
| action_result.message | string | ||
| summary.total_objects | numeric | ||
| summary.total_objects_successful | numeric |
Returns a count of the matching runner artifacts in the current container
Type: generic
Read only: True
This action is used to determine how many times a specific sheculed playbook has been run in the given container. This is generally used to evaluate escape scenarios when using runner to perform loops and retries.
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| playbook_filter | optional | Optional filter to count only runner artifacts for the given playbook (Format: /) | string | |
| label_filter | optional | Optional filter to count only runner artifacts with the given label | string |
| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
|---|---|---|---|
| action_result.parameter.playbook_filter | string | ||
| action_result.parameter.label_filter | string | ||
| action_result.status | string | success failed | |
| action_result.message | string | ||
| summary.total_objects | numeric | ||
| summary.total_objects_successful | numeric | ||
| action_result.data.*.runner_artifact_count | numeric |
Execute scheduled playbooks if their delay period has expired. Smaller intervals will result in more accurate schedules
Type: generic
Read only: False
No parameters are required for this action
No Output