Splunk® Phantom (Legacy)

Use Splunk Phantom

Splunk Phantom 4.10.7 is the final release of Splunk's Security Orchestration, Automation, and Response (SOAR) system to be called Splunk Phantom. All later versions are named Splunk SOAR (On-premises). For more information, see the Splunk SOAR (On-premises) documentation.

Create Executive Summary reports and view all reports in Splunk Phantom

View all reports created or generated in Splunk Phantom on the Reporting page. You can perform the following actions on this page:

  • View all reports available in your Splunk Phantom instance.
  • View only Event reports, which are reports generated inside a container.
  • View only Case reports, which are reports generated inside a case.
  • View and create Executive Summary reports. You can only create Executive Summary reports on this page. See Create an Executive Summary report in Splunk Phantom.

View reports in Splunk Phantom

Perform the following tasks to view reports in Splunk Phantom:

  1. From the Main Menu, select Reporting. Reports that are generated on-demand appear in the Generated Reports section, and reports that are scheduled for a specific time or interval appear in the Scheduled Reports section.
  2. (Optional) Filter the reports you see on this page by selecting the All Types drop-down list.
    • Select Executive Summary to view only Executive Summary reports on this page.
    • Select Event Report to view only reports created inside a container.
    • Select Case Report to view only reports created inside a case.
  3. (Optional) Click on any column header to sort the table. For example, click on Report Name to sort the reports in the table by report name.

Create an Executive Summary report in Splunk Phantom

Perform the following tasks to create an Executive Summary report in Splunk Phantom.

  1. From the Main Menu, select Reporting.
  2. Click + Report to create a new report.
  3. Give the report a name.
  4. The report Type is Executive Summary. This is the only type of report you can create on this page.
  5. If multi-tenancy is enabled on your system, select a tenant. Only reports pertaining to the selected tenants are displayed.
  6. Select a Source.
  7. In the Period field, select the period of time you want the report to cover.
  8. In the Schedule field, select when or how often you want the report to be run.
    • Select Run Now to run the report immediately after it is saved. View the report in the Generated Reports section of the Reporting page.
    • Select another option such as Daily, Weekly, Bi-Weekly, Monthy, or Quarterly to schedule an interval for running the report. Specify a starting date in the Starting On field, which appears when you select any option other than Run Now. View the report in the Scheduled Reports section of the Reporting page.
  9. Click Save.
Last modified on 08 September, 2020
View the list of configured playbooks in Splunk Phantom   Create custom lists for use in Splunk Phantom playbooks

This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters