The Content Pack for SOAR System Logs replaces the Content Pack for Monitoring Phantom as a Service, which is now a legacy product. Splunk Phantom 4.10.7 is the final release of Splunk's Security Orchestration, Automation, and Response (SOAR) system to be called Splunk Phantom. All later versions are named Splunk SOAR (On-premises). For more information, see the Splunk SOAR (On-premises) documentation.
Release notes for the Content Pack for Monitoring Phantom as a Service
Version 1.0.1 of the Content Pack for Monitoring Phantom as a Service was released on October 29, 2020. The following sections explain the contents of the current and past releases.
Version 1.0.1
Version 1.0.1 includes support for the latest Splunk Enterprise and Splunk Phantom versions. It also includes Python 3 support for logs.
In the Splunk Phantom - Application service, an asterisk was added to the spawn Errors KPI:
`phantom_indexes` spawn* error:
The same change was made in the Splunk Phantom - Application deep dive.
Version 1.0.0
The following table describes the contents of BACKUP-CP-PHANTOM-1.0.0.zip:
| New feature or enhancement | Description |
|---|---|
| Services | The following Phantom services:
|
| Deep dives | The following Phantom-specific deep dives:
|
Additional resources
- For more information about this content pack, see About the Content Pack for Monitoring Phantom as a Service.
- To install and configure the content pack, see Install and configure the Content Pack for Monitoring Phantom as a Service.
Last modified on 13 December, 2021
| About the Content Pack for Monitoring Phantom as a Service | Data requirements for the Content Pack for Monitoring Phantom as a Service |
This documentation applies to the following versions of Content Pack for Monitoring Phantom as a Service: 1.0.1
Download manual
Feedback submitted, thanks!