Content Pack for Monitoring Phantom as a Service

Content Pack for Monitoring Phantom as a Service

Acrobat logo Download manual as PDF


The Content Pack for SOAR System Logs replaces the Content Pack for Monitoring Phantom as a Service, which is now a legacy product. Splunk Phantom 4.10.7 is the final release of Splunk's Security Orchestration, Automation, and Response (SOAR) system to be called Splunk Phantom. All later versions are named Splunk SOAR (On-premises). For more information, see the Splunk SOAR (On-premises) documentation.
Acrobat logo Download topic as PDF

Use the Content Pack for Monitoring Phantom as a Service

After you complete the configuration steps described in Configure the Content Pack for Monitoring Phantom as a Service, you're ready to leverage the following objects included with the content pack:

Service Analyzer

After you set up your Phantom services, you can begin to monitor the health of your Phantom environment in the ITSI Service Analyzer. The Service Analyzer is the home page for ITSI and serves as your starting point for monitoring your services. Once you install the Content Pack for Monitoring Phantom as a Service, your Phantom services automatically appear on the Service Analyzer.

You can create a custom saved service analyzer view specifically filtered to your Phantom services. This functionality is especially important if you're monitoring other parts of your Splunk Enterprise environment in ITSI. The following image is an example of how the Phantom services look like when grouped together in the Service Analyzer tree view:

Phantom tree.png

For more information about the Service Analyzer, see Overview of the Service Analyzer in ITSI.

Deep dives

Deep dives are an investigative tool to help you identify and analyze issues in your IT environment. View KPI search results over time, zoom in on KPI search results, and visually correlate root cause. For more information about deep dives, see Overview of deep dives in ITSI.

The Content Pack for Monitoring Phantom as a Service contains the following preconfigured deep dives:

  • Splunk Phantom - OS to monitor your Phantom OS service and its corresponding KPIs.
  • Splunk Phantom - Application to view the Phantom application service and its corresponding KPIs.

To view the deep dives, click Deep Dives from the ITSI main menu.

Seeing No data on any of the error-based event lanes in a deep dive means there are no errors. If errors do occur, click the Events lane to see log events at that time.

Last modified on 14 September, 2022
PREVIOUS
Install and configure the Content Pack for Monitoring Phantom as a Service
 

This documentation applies to the following versions of Content Pack for Monitoring Phantom as a Service: 1.0.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters