Splunk® Content Packs for ITSI and IT Essentials Work

Splunk Content Packs for ITSI and IT Essentials Work

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

About the Content Pack for Monitoring Phantom as a Service

The Content Pack for Monitoring Phantom as a Service provides an ITSI-based approach to monitor the health of your Phantom server environment. Phantom is a security orchestration, automation, and response (SOAR) platform designed to help reduce the scale of your security operations. With Phantom, you can automate tasks, orchestrate workflows, and support a broad range of SOC functions including event and case management, collaboration, and reporting.

This content pack contains specific Key Performance Indicators (KPIs) for monitoring Phantom metrics. A separate content pack covers OS monitoring. Because each Phantom deployment includes an embedded copy of Splunk Enterprise with dedicated functionality tied to Phantom, a Splunk universal forwarder installed on the Phantom servers takes care of monitoring the Phantom environment.


On-premises installation

On-premises users currently need to download the embedded backup ZIP file from the installation steps in the documentation and restore it in ITSI using the backup/restore functionality. The Content Library will be made available to on-premises users in a future release. See the installation instructions for this content pack to access the ZIP file.

Contents

The Content Pack for Monitoring Phantom as a Service is a backup ZIP file of preconfigured ITSI objects, including services and KPIs, that you can restore to your own environment and tune for your specific needs. This content pack contains the following objects:

Two Phantom services:

  • Splunk Phantom - OS
  • Splunk Phantom - Application

Two deep dives:

  • Splunk Phantom - OS
  • Splunk Phantom - Application

Deployment requirements

Use the following table to determine ITSI version compatibility.

Content pack version ITSI version Phantom version Phantom Add-on version
1.0.1 4.7.0 or higher 4.9.0 or higher 1.0.1
1.0.0 4.4.0 - 4.6.2 4.6.0 - 4.8.0 1.0.0

Additional resources

Last modified on 11 October, 2021
PREVIOUS
Use the Content Pack for Monitoring Microsoft Windows
  NEXT
Release notes for the Content Pack for Monitoring Phantom as a Service

This documentation applies to the following versions of Splunk® Content Packs for ITSI and IT Essentials Work: current


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters