Administer Splunk Phantom
Splunk Phantom is a world-class Security Orchestration, Automation, and Response (SOAR) system. The Splunk Phantom platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools together.
This manual is intended to be used by the person or team administering the Splunk Phantom system.
The following topics are discussed in this manual:
| Feature | Description |
|---|---|
| Company Settings | Information about your company, contacts, and your Splunk Phantom license. |
| Administration Settings | All the settings to configure the behavior and appearance of Splunk Phantom. |
| Product Settings | Settings for the Splunk Phantom product that apply to your deployment, such as clustering, multi-tenancy, and case management. |
| Event Settings | Settings to configure the organization, handling, and presentation. |
| User Management | Settings related to user accounts, permissions, and authentication. |
| Mobile | Enable or disable registered mobile devices. |
| System Health | Information and reports for monitoring the Splunk Phantom deployment. |
| Apps and Assets | How to add and configure apps and assets to provide actions in Splunk Phantom. |
| Backup and restore | Information and instructions for performing backup and restore operations. |
| Telemetry | Information about sharing data from Splunk Phantom. |
See also
- How can Splunk Phantom be installed? in Install and Upgrade Splunk Phantom.
- Use playbooks to automate analyst workflows in Splunk Phantom in Build Playbooks with the Visual Editor.
Last modified on 01 December, 2020
| Take a tour of Splunk Phantom and perform product onboarding when you log in for the first time |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7
Download manual
Feedback submitted, thanks!