Log in to the Splunk Phantom web interface
Perform the following tasks to log in to the Splunk Phantom web interface after installation is complete.
- Using a web browser, go to the IP address you assigned to Splunk Phantom.
- If you installed Splunk Phantom as an unprivileged user, log in to Splunk Phantom's web interface at the custom HTTPS port.
https://<ip address or hostname>:<your https port>
The custom HTTPS port for unprivileged OVA or AMI based installations is 9999. However, the UI is still accessible on port 443.
- If you installed Splunk Phantom from the AWS Marketplace, get the public IP address for the instance from the EC2 Management Console and the full AWS instance ID for the EC2 instance. Log in to the Splunk Phantom web interface by using the public IP address.
- If you installed Splunk Phantom as an unprivileged user, log in to Splunk Phantom's web interface at the custom HTTPS port.
- Log in using the default credentials. Use admin as the username and password as the password. If you installed Splunk Phantom from the AWS Marketplace, use admin as the username and the full AWS instance ID as the password.
AWS requires about 20 min to complete the setup. Once the setup is complete, you can use your full AWS instance ID as the password. Attempting to login before that will result in a login error as Splunk Phantom has yet to change the password for your instance.
- Change the admin user's password:
- Click the user name admin, then select Account Settings.
- Click the Change Password tab.
- Type the current password.
- Type a new password.
- Type a new password a second time to confirm.
- Click Change Password.
Log in to Splunk Phantom using SSH
To SSH into the Splunk Phantom instance perform the following steps:
- Open a terminal window.
- SSH to your Splunk Phantom instance's operating system
ssh phantom@<hostname or IP address of Splunk Phantom>
.
Remote SSH is disabled for the root user. The accounts user and phantom have sudo permissions. You can use the account user to administer the operating system.
In order to log in to the operating system of your AMI-based Splunk Phantom install using SSH, use the user id phantom
. If you need root access, use sudo su -
.
Opening TCP port 443 on unprivileged deployments
If you have installed an unprivileged deployment of Splunk Phantom, TCP port 443 is inaccessible. This is because root privileges are required to open port 443. If you would like HTTPS traffic to be forwarded from the port you defined during install to port 443, follow these steps:
- SSH to the Splunk Phantom instance with the user account phantom. ssh phantom@<Splunk Phantom hostname or IP address>
- Elevate to root. sudo su -
- Configure port forwarding using the port_forward tool. <PHANTOM_HOME>/bin/phenv port_forward configure
Install Splunk Phantom as an unprivileged user | About Splunk Phantom clusters |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7
Feedback submitted, thanks!