Overview of cases
Containers can be promoted to cases. You can use cases to consolidate information from multiple containers.
- Cases have phases and tasks, which are organized into workbooks to track and manage all the actions taken.
- Tasks can have playbooks and actions associated with them, allowing you to automate these actions. Automating actions allows Splunk Phantom to be used to track policy and compliance, and to fulfill documentation requirements.
View or edit the Python code in Splunk Phantom playbooks | Create cases in Splunk Phantom |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7
Feedback submitted, thanks!