Content Pack for Monitoring Phantom as a Service

Content Pack for Monitoring Phantom as a Service

The Content Pack for SOAR System Logs replaces the Content Pack for Monitoring Phantom as a Service, which is now a legacy product. Splunk Phantom 4.10.7 is the final release of Splunk's Security Orchestration, Automation, and Response (SOAR) system to be called Splunk Phantom. All later versions are named Splunk SOAR (On-premises). For more information, see the Splunk SOAR (On-premises) documentation.

Release notes for the Content Pack for Monitoring Phantom as a Service

Version 1.0.1 of the Content Pack for Monitoring Phantom as a Service was released on October 29, 2020. The following sections explain the contents of the current and past releases.

Version 1.0.1

Version 1.0.1 includes support for the latest Splunk Enterprise and Splunk Phantom versions. It also includes Python 3 support for logs.

In the Splunk Phantom - Application service, an asterisk was added to the spawn Errors KPI:

`phantom_indexes` spawn* error:

The same change was made in the Splunk Phantom - Application deep dive.

Version 1.0.0

The following table describes the contents of BACKUP-CP-PHANTOM-1.0.0.zip:

New feature or enhancement Description
Services The following Phantom services:
  • Splunk Phantom - OS
  • Splunk Phantom - Application
Deep dives The following Phantom-specific deep dives:
  • Splunk Phantom - OS
  • Splunk Phantom - Application

Additional resources

Last modified on 13 December, 2021
About the Content Pack for Monitoring Phantom as a Service   Data requirements for the Content Pack for Monitoring Phantom as a Service

This documentation applies to the following versions of Content Pack for Monitoring Phantom as a Service: 1.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters