Splunk® Phantom (Legacy)

Use Splunk Phantom

Splunk Phantom 4.10.7 is the final release of Splunk's Security Orchestration, Automation, and Response (SOAR) system to be called Splunk Phantom. All later versions are named Splunk SOAR (On-premises). For more information, see the Splunk SOAR (On-premises) documentation.

Overview of cases

Containers can be promoted to cases. You can use cases to consolidate information from multiple containers.

  • Cases have phases and tasks, which are organized into workbooks to track and manage all the actions taken.
  • Tasks can have playbooks and actions associated with them, allowing you to automate these actions. Automating actions allows Splunk Phantom to be used to track policy and compliance, and to fulfill documentation requirements.
Last modified on 19 October, 2020
Overview of containers   Create cases in Splunk Phantom

This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters