{"id":18708602,"url":"https://github.com/va1da5/phantom-http-cats","last_synced_at":"2025-11-09T10:30:24.370Z","repository":{"id":106645763,"uuid":"486345873","full_name":"va1da5/phantom-http-cats","owner":"va1da5","description":"Splunk SOAR (Phantom) application for providing a visual representation of HTTP status codes","archived":false,"fork":false,"pushed_at":"2022-04-29T19:13:31.000Z","size":24,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-12-28T07:31:39.238Z","etag":null,"topics":["phantom","python3","soar","splunk","splunk-phantom","splunk-soar"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/va1da5.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-04-27T20:46:28.000Z","updated_at":"2023-09-05T05:56:26.000Z","dependencies_parsed_at":null,"dependency_job_id":"e76e74b6-be21-4cf9-81bb-b2b26c24733f","html_url":"https://github.com/va1da5/phantom-http-cats","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/va1da5%2Fphantom-http-cats","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/va1da5%2Fphantom-http-cats/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/va1da5%2Fphantom-http-cats/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/va1da5%2Fphantom-http-cats/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/va1da5","download_url":"https://codeload.github.com/va1da5/phantom-http-cats/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239571586,"owners_count":19661165,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["phantom","python3","soar","splunk","splunk-phantom","splunk-soar"],"created_at":"2024-11-07T12:24:12.090Z","updated_at":"2025-11-09T10:30:24.324Z","avatar_url":"https://github.com/va1da5.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# HTTP Cats Splunk SOAR (Phantom) Application\n\n*Work in progress..*\n\n***Disclaimer**: The reversing of the product could be recognized as a breach of a license agreement and you should always consult with the vendor before decompiling binary files back into source code. Under no circumstances will I be held responsible or liable in any way for any claims, damages, losses, expenses, costs or liabilities whatsoever (including, without limitation, any direct or indirect damages for loss of profits, business interruption or loss of information) resulting or arising directly or indirectly from your use of or inability to use materials provided in this repository. You are responsible for your own\nactions.*\n\nHTTP Cats in a Splunk SOAR (Phantom) application meant for a demo integration purpose. The application currently covers the following topics:\n\n- Downloading binary files;\n- Placing files into Vault;\n- Using custom widget to represent data;\n- Showing file from Vault within the application's widget;\n\nThe application itself translates an HTTP response code into a visual representation using cat pictures from [https://http.cat](https://http.cat)\n\n## Preparation\n\nAll Python code within the Splunk Phantom instances are compiled to binary files. Therefore, an IDE cannot provide code completion and proper syntax highlighting. However, the following steps can be used to prepare the code for the IDE:\n\n\n```bash\npip install uncompyle6\ndecompiled_packages=~/.phantom-packages\n\nmkdir -p $decompiled_packages\n\nlibs=( /opt/phantom/lib3/ /opt/phantom/pycommon3/ );\nfor lib_path in \"${libs[@]}\"; do cd $lib_path; \\\n  for file in $(find . -name \"*.pyc\"); do uncompyle6 -o $decompiled_packages/${file::-1} $file; done; \\\ndone\n\n# or\n\nmake prepare\n```\n\n## Development\n\nSplunk Phantom (SOAR) application development could be done using a [community SOAR image](https://docs.splunk.com/Documentation/Phantom/4.10.7/Install/InstallOVA). Visual Studio Code has a capability to [use a remote server for development](https://code.visualstudio.com/docs/remote/ssh). Additionally, such setup supports most of the addons, such as [Pylance](https://github.com/microsoft/pylance-release). This gives a possibility to shorten the testing cycles and improve developer's morale. Because of that, most of the settings are tuned to be used within SOAR instance under user `phantom`.\n\n[`Makefile`](./Makefile) contains some useful commands to automate some of the development tasks\n\n```bash\n# prepare local environment\nmake prepare\n\n# install application in Splunk SOAR\nmake install\n\n# access application execution failure logs\nmake logs\n```\n\n\n## Fix SSH Connectivity Timeout Issue\n\n```bash\n# /etc/ssh/sshd_config\n\nRSAAuthentication yes\nPubkeyAuthentication yes\n\nGSSAPIAuthentication no\n\nClientAliveInterval 0\nClientAliveCountMax 3\n\nUseDNS no\n\n# Banner /etc/issue.net\n```\n\n## References\n\n- [Install Splunk Phantom as a virtual machine image](https://docs.splunk.com/Documentation/Phantom/4.10.7/Install/InstallOVA)\n- [Tutorial: Use the app wizard to develop an app framework](https://docs.splunk.com/Documentation/Phantom/4.10.7/DevelopApps/Tutorial)\n- [Tutorial: Use the Splunk SOAR (Cloud) app wizard to develop an app framework](https://docs.splunk.com/Documentation/SOAR/current/DevelopApps/Tutorial)\n- [A comprehensive guide to fixing slow SSH logins](https://jrs-s.net/2017/07/01/slow-ssh-logins/)\n- [VSCode Python settings reference](https://code.visualstudio.com/docs/python/settings-reference)\n- [SOAR Connector module development](https://docs.splunk.com/Documentation/Phantom/4.10.7/DevelopApps/Connector)\n- [Vault usage example - splunk-soar-connectors/endace](https://github.com/splunk-soar-connectors/endace)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fva1da5%2Fphantom-http-cats","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fva1da5%2Fphantom-http-cats","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fva1da5%2Fphantom-http-cats/lists"}