Splunk Phantom 4.10.7 is the final release of Splunk's Security Orchestration, Automation, and Response (SOAR) system to be called Splunk Phantom. All later versions are named Splunk SOAR (On-premises). For more information, see the Splunk SOAR (On-premises) documentation.

Overview of cases
Containers can be promoted to cases. You can use cases to consolidate information from multiple containers.
- Cases have phases and tasks, which are organized into workbooks to track and manage all the actions taken.
- Tasks can have playbooks and actions associated with them, allowing you to automate these actions. Automating actions allows Splunk Phantom to be used to track policy and compliance, and to fulfill documentation requirements.
Last modified on 19 October, 2020
PREVIOUS Overview of containers |
NEXT Create cases in Splunk Phantom |
This documentation applies to the following versions of Splunk® Phantom: 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7
Feedback submitted, thanks!