Splunk® Phantom (Legacy)

Administer Splunk Phantom

Splunk Phantom 4.10.7 is the final release of Splunk's Security Orchestration, Automation, and Response (SOAR) system to be called Splunk Phantom. All later versions are named Splunk SOAR (On-premises). For more information, see the Splunk SOAR (On-premises) documentation.

Configure Google Maps for visual geolocation data

The MaxMind app provides a geolocate_IP action that uses Google Maps functionality to show a world map with a marker indicating the approximate location of the IP under investigation. You must provide a Google Maps API key to enable this functionality. See the Google Maps Javascript API site for more information about obtaining a Google Maps API key.

After obtaining an API key, perform the following steps:

  1. From the Main Menu, select Administration.
  2. Select Administration Settings > Google Maps.
  3. Enter your API key into the field.
  4. Click Save Changes.

With a proper API key applied, MaxMind Geolocate IP displays a map with searches.

The MaxMind app is updated periodically with the Splunk Phantom product. If you want to update the MaxMind app's database more frequently, see the instructions on the MaxMind website in the article MaxMind updates. The MaxMind database is stored in the directory /opt/phantom/apps/maxmind_[app id]

Last modified on 31 March, 2020
Configure search in Splunk Phantom   Run playbooks in parallel with vertical scaling

This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters